1
Download Cisco Access Registrar 3.5 Specifications
Transcript
Catalyst 4500 Series Switch
Cisco IOS Command Reference
Release IOS XE 3.3.0XO(15.1(1)XO)
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL_28738-01
THE SPECIFICATIONS AND INFORMA TION REGARDING TH E PRODUCT S IN TH IS MA NUAL A RE SUBJECT TO CH ANGE WITHOU T NOT ICE. AL L
STAT EM ENT S, INFORMA TIO N, AND RECOM MEN DATIONS IN THIS MANUA L ARE BEL IE VED T O BE ACCURATE BU T ARE PRESE NTE D WIT HOUT
WA RRAN TY OF AN Y KIN D, E XPRESS OR IMPLIED. USE RS MUST T AKE F ULL RE SPONSIBILITY FOR TH EIR APPL ICAT ION O F ANY PRODUCT S.
THE SOFTWARE L ICEN SE AND L IM ITE D WARRA NTY FO R T HE ACCOMPA NYIN G PRODUCT ARE SET FORT H IN T HE INFORMAT ION PACKET T HAT
SHIPPE D WIT H THE PRO DUCT AND A RE INCORPORAT ED HE REIN BY THIS RE FEREN CE . IF YOU A RE UNABLE TO L OCATE T HE SO FTWARE LICENSE
OR LIMIT ED WARRANT Y, CON TACT Y OUR CISCO REPRESE NTAT IVE FOR A COPY.
The Cisco i mplementation of T CP header compression is an adaptation of a progra m developed by the Unive rsity of Ca lifornia, Berke ley (UCB) as part of U CB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Rege nts of the University of California .
NOT WITHST ANDING ANY O THE R WARRANT Y HERE IN, AL L DOCUM ENT F ILE S AND SOFT WARE OF TH ESE SUPP LIE RS ARE PROVID ED “A S IS” WIT H
ALL FAULT S. CISCO AND T HE ABOV E-N AME D SUPPLIERS DISCL AIM ALL WARRANT IE S, EXPRESSE D OR IM PLIE D, IN CL UDING, WITH OUT
LIMIT ATION, TH OSE OF M ERCHANT ABILITY , FITNE SS FOR A PARTICU LAR PURPOSE A ND NONINFRIN GEME NT O R ARISING FROM A COURSE OF
DEA LIN G, USAGE , O R T RA DE PRACTICE.
IN NO E VENT SHALL CISCO OR ITS SUPPL IE RS BE L IABLE FOR A NY INDIRECT, SPECIAL, CONSE QUEN TIA L, OR INCID ENT AL DAM AGES, INCL UDING,
WITH OUT LIMIT ATION, LOST PROFIT S OR LOSS OR DAM AGE TO DAT A ARISING OUT OF THE USE OR INABILIT Y T O U SE T HIS MAN UAL, EVE N IF CISCO
OR IT S SU PPLIERS HAVE BE EN AD VISE D OF THE POSSIBILITY OF SUCH DA MAGE S.
CCV P, the Cisco logo, and We lcome to the H uman Network are trademarks of Cisc o Systems, Inc .; Changing t he Way We Work, Live, Play, a nd Lea rn is a service ma rk of
Cisc o Systems, Inc.; and Ac cess Re gistrar, Aironet, Catalyst, CCDA, CCDP, CCIE , CCIP , CCNA, CCNP, CCSP, Cisco, the Cisco Ce rtified Inte rnetwork Expe rt logo,
Cisc o IOS, Cisco Press, Cisco Syste ms, Cisco Systems Capital, the Cisco Systems logo, Cisco U nity, E nte rprise/Solver, EtherChanne l, EtherFast, E the rSwitc h, Fa st Step,
Foll ow Me Browsing, FormShare, G igaD rive, H omeL ink, Inte rnet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readine ss Score card, iQuic k Study,
LightStrea m, Linksys, M eetingPlace, MGX , Ne tworkers, Networking Aca de my, Ne twork Registra r, PIX, ProConnect, Scri ptShare, SM ARTnet, StackWise, T he Faste st Way
to Inc rea se Your Internet Quotient, and TransPath a re registere d tradema rks of Cisco Syst ems, Inc. and/or its affiliate s in the United States and c erta in other countries.
All other t rademarks mentione d in this document or We bsite are the property of their respective owne rs. T he use of t he word partner does not imply a partnership relationship
be tween Cisco a nd any other company. (0711R)
Catalyst 4500 Serie s Switch Cisc o IOS Command Ref ere nc e
Copyright © 1999–2011 Cisco Syste ms, Inc. All rights rese rved
CH AP T E R
Catalyst 4500 Series IOS
Commands
A Commands
aaa accou nting dot1x d efault start-stop group radiu s
aaa accou nting system defau lt start-stop group rad iusclear mac-ad dress-table
access-group mode
access-list hardware cap ture mode
access-list hardware entries
access-list hardware region
action
ap ply
an cp clien t serv er
an cp mode client
ap ply
arp access -list
attach mo dule
au then tication contro l-direction
au then tication critical recovery delay
au then tication event
au then tication fallback
au then tication host-mode
au then tication open
au then tication order
au then tication period ic
au then tication port-control
au then tication priority
au then tication timer
au then tication violation
au to q os classify
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-1
Chapter
au to q os classify p olice
au to q os srnd 4
au to q os trust
au to q os video
au to q os voip
au to q os voip cisco-softphone
au to-sy nc
C Commands
call-home (global con figuratio n)
call-home req ues t
call-home send
call-home send alert-g roup
call-home test
ch ann el-gro up
ch ann el-pro toco l
cisp enable
class-map
clear counters
clear errdisab le
clear hw-modu le slot password
clear interface gig abitethern et
clear interface vlan
clear ip access-template
clear ip arp inspectio n log
clear ip arp inspectio n statistics
clear ip dhcp snoop ing binding
clear ip dhcp snoop ing database
clear ip dhcp snoop ing database statistics
clear ip igmp group
clear ip mfib counters
clear ip mfib fastdrop
clear ip wccp
clear lacp counters
clear nmsp statistics
clear mac-add ress-table dynamic
clear pagp
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-2
Chapter
clear port-security
clear pppo e intermediate-agen t statistics
clear qos
clear vlan cou nters
clear vmps statistics
co ntrol-plane
co unter
D Commands
debug ad jacen cy
debug backu p
debug co ndition interface
debug co ndition standby
debug co ndition vlan
debug dot1x
debug etherchn l
debug interface
debug ip dhcp s noopin g even t
debug ip dhcp s noopin g p acket
debug ip verify sou rce packet
debug ipc
debug lacp
debug monitor
debug nmsp
debug nv ram
debug pagp
debug platform p acket protocol lacp
debug platform p acket protocol pagp
debug pm
debug port-secu rity
debug pppoe intermediate-ag ent
debug redund ancy
debug spanning-tree
debug spanning-tree b ackbon efast
debug spanning-tree switch
debug spanning-tree u plinkfast
debug sw-vlan
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-3
Chapter
debug sw-vlan ifs
debug sw-vlan n otificatio n
debug sw-vlan v tp
debug udld
debug vqpc
define in terface-range
deny
diagnostic fpga soft-error recover
diagnostic monitor action
diagnostic start
dot1x auth-fail max-attempts
dot1x auth-fail v lan
dot1x credentials (glob al co nfigu ration)
dot1x critical
dot1x critical eapol
dot1x critical recovery delay
dot1x critical vlan
dot1x control-d irectio n
dot1x gu est-vlan
dot1x gu est-vlan supplican t
dot1x ho st-mod e
dot1x initialize
dot1x mac-auth-bypass
dot1x max-reau th-req
dot1x max-req
dot1x po rt-con trol
dot1x re-authenticate
dot1x re-authentication
dot1x sy stem-au th-control
dot1x timeout
duplex
E Commands
erase
errd isab le detect
errd isab le recovery
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-4
Chapter
F Commands
flowcon trol
H Commands
hardware statistics
hw-module beacon
hw-module power
hw-module system max-queue-limit
I Commands
instance
interface
interface po rt-channel
interface rang e
interface vlan
ip admis sion pro xy http refresh-all
ip arp inspectio n filter vlan
ip arp inspectio n limit (interface)
ip arp inspectio n lo g-bu ffer
ip arp inspectio n trust
ip arp inspectio n validate
ip arp inspectio n v lan
ip arp inspectio n v lan log ging
ip cef load-sharing algorithm
ip dhcp snoopin g
ip dhcp snoopin g b inding
ip dhcp snoopin g d atabase
ip dhcp snoopin g in formatio n option
ip dhcp snoopin g in formatio n option allow-untru sted
ip dhcp snoopin g limit rate
ip dhcp snoopin g trust
ip dhcp snoopin g v lan
ip device trackin g maximum
ip igmp filter
ip igmp max-groups
ip igmp pro file
ip igmp query-interval
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-5
Chapter
ip igmp snoop ing
ip igmp snoop ing report-sup pression
ip igmp snoop ing vlan
ip igmp snoop ing vlan explicit-tracking
ip igmp snoop ing vlan immediate-leave
ip igmp snoop ing vlan mrouter
ip igmp snoop ing vlan static
ip local-pro xy-arp
ip mfib fastdrop
ip source binding
ip sticky -arp
ip verify header vlan all
ip verify so urce
ip verify un icast source reachable-viaip wccp
ip wccp check serv ices all
ip wccp group -listen
ip wccp red irect
p wccp red irect exclu de in
ipv6 mld snoo ping
ipv6 mld snoo ping las t-listener-q uery-cou nt
ipv6 mld snoo ping las t-listener-q uery-interval
ipv6 mld snoo ping listen er-message-supp ression
ipv6 mld snoo ping ro bustness-variable
ipv6 mld snoo ping tcn
ipv6 mld snoo ping vlan
issu ab ortversion
issu accep tversion
issu co mmitversion
redun dan cy config-sync mismatched-commands
issu loadversion
issu ru nversion
issu set rollback -timer
L Commands
l2protocol-tu nnel
l2protocol-tu nnel cos
l2protocol-tu nnel drop-thresh old
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-6
Chapter
l2protocol-tu nnel sh utdown-thresh old
lacp port-p riority
lacp system-p riority
lldp tlv-s elect power-management
logging even t trunk-status global (glob al configu ration)
logging even t link -status global (glo bal configuration)
logging even t trunk-status global (glob al configu ration)
logging even t link -status global (glo bal configuration)
logging even t link -status (in terface co nfigu ration)
logging even t trunk-status (interface con figuratio n)
M Commands
match
mac access-list extended
mac-add ress-table agin g-time
mac-add ress-table dynamic group protocols
mac ad dress-table learning vlan
mac-add ress-table notificatio n
mac-add ress-table static
macro apply cisco-d esk to p
macro apply cisco-p hone
macro apply cisco-router
macro apply cisco-switch
macro auto device
macro auto execute (built-in function)
macro auto execute (remotely-defined trigger)
macro auto execute (user-defined fun ction )
macro auto glo bal processin g
macro auto mac-address-group
macro auto mon ito r
macro auto process in g
macro auto sticky
macro g lobal apply cisco-glo bal
macro g lobal apply sys tem-cp p
macro g lobal d escrip tion
main -cpu
match
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-7
Chapter
match flow ip
md ix auto
media-typ e
mo de
mo nitor cap ture {access-list | class-map}
mo nitor cap ture [clear | export]
mo nitor cap ture [interface | v lan | control-plane]
mo nitor cap ture file location buffer-size
mo nitor cap ture limit
mo nitor cap ture mycap match
mo nitor cap ture start
mo nitor session
mtu
O Commands
N Commands
name
P Commands
pagp learn-meth od
pagp po rt-prio rity
p assive-interface
p ermit
p olicy-map
port-ch ann el load-b alance
p ort-ch ann el standalone-disable
port-security mac-add ress
p ort-security mac-add ress sticky
p ort-security max imu m
p ower dc inp ut
p ower efficient-ethernet auto
p ower inline
p ower inline cons umption
power inline four-pair forced
power redun dan cy-mode
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
-8
OL_28738-01
Chapter
power inlin e police
power red undancy -mod e
pppo e intermediate-ag ent (global)
pppo e intermediate-ag ent (interface)
pppo e intermediate-ag ent (interface vlan-range)
pppo e intermediate-ag ent format-ty pe (global)
pppo e intermediate-ag ent limit rate
pppo e intermediate-ag ent trust
pppo e intermediate-ag ent vendor-tag strip
prio rity
private-vlan
private-vlan mapp ing
private-vlan synchro nize
Q Commands
qos account layer-all en capsulation
qos account layer2 encapsu latio n
qos tru st
queue-limit
R Commands
redun dan cy
redun dan cy fo rce-switchover
redun dan cy reload
remote lo gin module
remote-span
renew ip d hcp s nooping d atabase
reset
revision
S Commands
service-policy (interface con figuratio n)
service-policy (po licy-map class)
service-policy input (con trol-plane)
ses sion module
set
set cos
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-9
Chapter
set dscp
set preced ence
set qos-gro up
sh ape (in terface co nfiguration)
sh ell trig ger
sh ow monitor capture
sn mp ifindex clear
sn mp ifindex persist
sn mp-server enable traps
sn mp-server ifindex persist
sn mp-server ifindex persist co mpress
sn mp trap mac-n otification change
sp ann ing-tree backbonefast
sp ann ing-tree bpd ufilter
sp ann ing-tree bpd uguard
sp ann ing-tree cost
sp ann ing-tree etherchan nel gu ard misco nfig
sp ann ing-tree exten d s ystem-id
sp ann ing-tree guard
sp ann ing-tree link-type
sp ann ing-tree loop guard default
sp ann ing-tree mode
sp ann ing-tree mst
sp ann ing-tree mst co nfigu ration
sp ann ing-tree mst fo rward-time
sp ann ing-tree mst hello-time
sp ann ing-tree mst max -age
sp ann ing-tree mst max -ho ps
sp ann ing-tree mst ro ot
sp ann ing-tree pathcost metho d
sp ann ing-tree portfast (interface con figuration mode)
sp ann ing-tree portfast bpdu filter default
sp ann ing-tree portfast bpdu guard default
sp ann ing-tree portfast default
sp ann ing-tree port-p riority
sp ann ing-tree uplin kfast
sp ann ing-tree vlan
sp eed
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
-10
OL_28738-01
Chapter
storm-control
storm-control b roadcas t include multicast
switchport
switchport access vlan
switchport auto state exclude
switchport block
switchport mode
switchport port-secu rity
switchport private-vlan asso ciation tru nk
switchport private-vlan host-asso ciation
switchport private-vlan mapp ing
switchport private-vlan trunk allowed vlan
switchport private-vlan trunk n ative vlan tag
switchport trun k
switchport vlan mappin g
system mtu
Show Commands
show access-g roup mo de interface
show adjacency
show ancp mu lticast
show arp access-list
show authentication
show auto install status
show auto qos
show boo tflash:
show boo tvar
show cab le-diagnostics tdr
show call-home
show cdp neighbors
show class -map
show diagno stic content
show diagno stic result modu le
show diagno stic result modu le tes t
show diagno stic result modu le tes t 2
show diagno stic result modu le tes t 3
show dot1 x
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-11
Chapter
sh ow environment
sh ow errd isable detect
sh ow errd isable recovery
sh ow eth erch ann el
sh ow flowcon trol
sh ow idprom
sh ow interfaces
sh ow interfaces cap abilities
sh ow interfaces counters
sh ow interfaces descriptio n
sh ow interfaces link
sh ow interfaces mtu
sh ow interfaces private-v lan mapping
sh ow interfaces status
sh ow interfaces switchp ort
sh ow interfaces trans ceiver
sh ow interfaces trunk
sh ow ip arp inspectio n
sh ow ip arp inspectio n lo g
sh ow ip cef vlan
sh ow ip dhcp s noopin g
sh ow ip dhcp s noopin g b inding
sh ow ip dhcp s noopin g d atabase
sh ow ip igmp interface
sh ow ip igmp pro file
sh ow ip igmp snoopin g
sh ow ip igmp snoopin g membership
sh ow ip igmp snoopin g mrouter
sh ow ip igmp snoopin g vlan
sh ow ip interface
sh ow ip mfib
sh ow ip mfib fastdrop
sh ow ip mroute
sh ow ip source binding
sh ow ip verify sou rce
sh ow ip wccp
sh ow ipc
sh ow ipv6 mld snoop ing
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
-12
OL_28738-01
Chapter
show ipv6 mld sno oping mrouter
show ipv6 mld sno oping qu erier
show ipv6 sn ooping coun ters
show issu cap ability
show issu clien ts
show issu comp-matrix
show issu endpo ints
show issu entities
show issu fsm
show issu message
show issu negotiated
show issu rollback-timer
show issu sessions
show issu state
show l2protocol-tunnel
show lacp
show mab
show mac access-group interface
show mac-address-tab le address
show mac-address-tab le aging-time
show mac-address-tab le count
show mac-address-tab le dynamic
show mac-address-tab le interface
show mac address-table learning
show mac-address-tab le multicast
show mac-address-tab le notification
show mac-address-tab le protocol
show mac-address-tab le static
show mac-address-tab le vlan
show macro au to mac-addres s-group
show macro au to d evice
show macro au to in terface
show macro au to mo nitor clien ts
show macro au to mo nitor device
show macro au to mo nitor typ e
show modu le
show monito r
show nmsp
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-13
Chapter
sh ow pagp
sh ow policy-map
sh ow policy-map co ntro l-plane
sh ow policy-map interface
sh ow policy-map interface vlan
sh ow port-secu rity
sh ow power
sh ow power inline police
sh ow qos
sh ow pppoe intermediate-ag ent interface
sh ow qos
sh ow qos aggregate policer
sh ow qos dbl
sh ow qos interface
sh ow qos map s
sh ow redund ancy
sh ow redund ancy config-sync
sh ow run ning-co nfig
sh ow slavebootflash:
sh ow slaveslot0:
sh ow slot0:
sh ow spanning-tree
sh ow spanning-tree mst
sh ow storm-control
sh ow system mtu
sh ow tech-suppo rt
sh ow udld
sh ow vlan
sh ow vlan access-map
sh ow vlan coun ters
sh ow vlan d ot1q tag n ative
sh ow vlan g rou p
sh ow vlan in ternal us age
sh ow vlan mappin g
sh ow vlan mtu
sh ow vlan p rivate-vlan
sh ow vlan remote-span
sh ow vmps
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
-14
OL_28738-01
Chapter
show vtp
T Commands
test cab le-diagnostics tdr
traceroute mac
traceroute mac ip
trus t
tx-q ueu e
U Commands
udld (global configuration mo de)
udld (interface configu ration mode)
udld reset
unidirectional
username
V Commands
verify
vlan (VLAN Database mod e)
vlan access-map
vlan configuratio n
vlan d atabase
vlan d ot1q tag n ative
vlan filter
vlan g rou p
vlan in ternal allocatio n p olicy
vmps reconfirm (glo bal config uration)
vmps reconfirm (privileged EXEC)
vmps retry
vmps server
vtp (g lobal configuration mod e)
vtp client
vtp domain
vtp password
vtp pruning
vtp server
vtp transparent
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
-15
Chapter
v tp v 2-mo de
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
-16
OL_28738-01
C ON TE N TS
Preface
xxi
Audience
xxi
Cisco IOS Software Documentation
Organization
Notices
xxi
xxi
Related Documentation
Conventions
xxii
xxii
xxiii
Obtaining Documentation and Submitting a Service Request
Command-Line Interface
Getting Help
1-2
1-5
Using the CLI String Search
1-6
1-6
Saving Configuration Changes
show platform Commands
1-11
1-11
Cisco IOS Commands for the Catalyst 4500 Series Switches
#macro keywords
access-group mode
2-9
access-list hardware region
2-5
2-11
2-8
2-12
2-13
ancp client port identifier
ancp client server
2-15
ancp mode client
2-16
apply
2-4
2-6
access-list hardware capture mode
access-list hardware entries
action
2-1
2-2
aaa accounting dot1x default start-stop group radius
aaa accounting system default start-stop group radius
active
1-xxv
1-1
1-1
How to Find Command Options
Understanding Command Modes
Using the No and Default Forms of Commands
2-14
2-17
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
iii
Contents
arp access-list 2-18
attach module
2-19
authentication control-direction
2-20
authentication critical recovery delay
authentication event
2-25
authentication host-mode
authentication open
2-22
2-23
authentication fallback
2-26
2-28
authentication order 2-29
authentication periodic 2-30
authentication port-control
authentication priority
2-31
2-33
authentication timer 2-35
authentication violation
2-37
auto qos classify 2-39
auto qos classify police
auto qos srnd4
2-43
2-47
auto qos trust
2-51
auto qos video
auto qos voip
2-55
2-59
auto qos voip cisco-softphone
auto-sync
bandwidth
2-61
2-66
2-67
call-home (global configuration) 2-70
call-home request 2-73
call-home send
2-75
call-home send alert-group
call-home test
2-78
channel-group
2-79
channel-protocol
cisp enable
class
2-76
2-81
2-83
2-84
class-map
2-87
clear counters
2-89
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
iv
OL-28738 -01
Conten ts
clear errdisable
2-90
clear hw-module slot password
clear interface gigabitethernet
clear interface vlan
2-91
2-92
2-93
clear ip access-template
2-94
clear ip arp inspection log
2-95
clear ip arp inspection statistics
clear ip dhcp snooping binding
clear ip dhcp snooping database
2-96
2-97
2-99
clear ip dhcp snooping database statistics
clear ip igmp group
2-101
clear ip igmp snooping membership
clear ip mfib counters
2-105
2-106
clear lacp counters
2-107
clear mac-address-table
2-108
clear mac-address-table dynamic
clear nmsp statistics
clear pagp
2-103
2-104
clear ip mfib fastdrop
clear ip wccp
2-110
2-111
2-112
clear port-security
2-113
clear pppoe intermediate-agent statistics
clear qos
control-plane
counter
2-115
2-116
clear vlan counters
2-117
clear vmps statistics
dbl
2-100
2-118
2-119
2-121
2-123
debug adjacency
debug backup
2-124
2-125
debug condition interface
debug condition standby
debug condition vlan
debug dot1x
2-126
2-127
2-129
2-131
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
v
Contents
debug etherchnl
2-132
debug interface
2-134
debug ipc
2-135
debug ip dhcp snooping event
2-136
debug ip dhcp snooping packet
debug ip verify source packet
debug lacp
2-137
2-138
2-139
debug monitor 2-140
debug nmsp
2-141
debug nvram
2-142
debug pagp
2-143
debug platform packet protocol lacp
debug platform packet protocol pagp
debug pm
2-144
2-145
2-146
debug port-security
2-147
debug pppoe intermediate-agent
2-148
debug redundancy 2-150
debug spanning-tree
2-151
debug spanning-tree backbonefast 2-153
debug spanning-tree switch
2-154
debug spanning-tree uplinkfast 2-156
debug sw-vlan
2-157
debug sw-vlan ifs
2-158
debug sw-vlan notification
debug sw-vlan vtp
debug udld
2-162
debug vqpc
2-164
define interface-range
deny
2-160
2-161
2-165
2-166
destination address
2-168
destination message-size-limit bytes
2-169
destination preferred-msg-format 2-170
destination transport-method
2-171
diagnostic fpga soft-error recover 2-172
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
vi
OL-28738 -01
Conten ts
diagnostic monitor action
diagnostic start
2-173
2-174
dot1x auth-fail max-attempts
dot1x auth-fail vlan
2-175
2-176
dot1x control-direction
2-177
dot1x credentials (global configuration)
dot1x critical
2-180
2-181
2-182
dot1x guest-vlan
2-183
dot1x guest-vlan supplicant
dot1x host-mode
2-187
2-188
2-189
2-190
dot1x port-control
2-191
dot1x re-authenticate
2-193
dot1x re-authentication
2-194
dot1x system-auth-control
dot1x timeout
duplex
2-184
2-184
dot1x initialize
dot1x mac-auth-bypass
dot1x max-reauth-req
dot1x max-req
2-195
2-196
2-198
epm access control
erase
2-178
2-179
dot1x critical eapol
dot1x critical recovery delay
dot1x critical vlan
2-200
2-201
errdisable detect
errdisable recovery
flowcontrol
2-204
2-206
2-209
hardware statistics
hw-module beacon
hw-module power
2-212
2-213
2-214
hw-module system max-queue-limit
instance
interface
2-215
2-216
2-219
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
vii
Contents
interface port-channel
interface range
interface vlan
2-221
2-222
2-224
ip admission proxy http refresh-all
ip arp inspection filter vlan
2-225
2-226
ip arp inspection limit (interface)
2-228
ip arp inspection log-buffer 2-230
ip arp inspection trust 2-232
ip arp inspection validate
ip arp inspection vlan
2-233
2-235
ip arp inspection vlan logging
2-237
ip cef load-sharing algorithm
2-239
ip device tracking maximum
ip dhcp snooping
2-241
2-242
ip dhcp snooping binding
2-243
ip dhcp snooping database
2-244
ip dhcp snooping information option
2-246
ip dhcp snooping information option allow-untrusted
ip dhcp snooping limit rate
ip dhcp snooping trust
2-248
2-249
2-250
ip dhcp snooping vlan
2-251
ip dhcp snooping vlan information option format-type circuit-id string
2-253
ip igmp filter 2-255
ip igmp max-groups
ip igmp profile
2-256
2-257
ip igmp query-interval 2-258
ip igmp snooping
2-260
ip igmp snooping report-suppression
ip igmp snooping vlan
ip igmp snooping vlan static
ip local-proxy-arp
ip mfib fastdrop
2-262
2-264
ip igmp snooping vlan explicit-tracking
ip igmp snooping vlan immediate-leave
ip igmp snooping vlan mrouter
2-265
2-266
2-267
2-269
2-270
2-271
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
viii
OL-28738 -01
Conten ts
ip multicast multipath
ip source binding
ip sticky-arp
2-272
2-274
2-275
ip verify header vlan all
ip verify source
2-277
2-278
ip verify unicast source reachable-via
ip wccp
2-280
2-281
ip wccp check services all
ip wccp group-listen
ip wccp redirect
2-284
2-286
2-288
p wccp redirect exclude in
ipv6 mld snooping
2-290
2-291
ipv6 mld snooping last-listener-query-count
ipv6 mld snooping last-listener-query-interval
2-293
2-295
ipv6 mld snooping listener-message-suppression
ipv6 mld snooping robustness-variable
ipv6 mld snooping tcn
issu loadversion
issu runversion
2-301
2-303
2-304
2-306
2-308
2-310
issu set rollback-timer
l2protocol-tunnel
2-311
2-312
l2protocol-tunnel cos
2-313
l2protocol-tunnel drop-threshold
2-314
l2protocol-tunnel shutdown-threshold
lacp port-priority
2-297
2-298
2-300
ipv6 mld snooping vlan
issu abortversion
issu acceptversion
issu commitversion
2-315
2-317
lacp system-priority
2-318
lldp tlv-select power-management
2-319
logging event link-status global (global configuration)
logging event link-status (interface configuration)
2-320
2-321
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
ix
Contents
logging event trunk-status global (global configuration)
logging event trunk-status (interface configuration)
mab
2-323
2-324
2-326
mac access-list extended
2-327
mac-address-table aging-time
2-330
mac-address-table dynamic group protocols
mac address-table learning vlan
2-331
2-334
mac-address-table notification
mac-address-table static
2-336
2-338
macro apply cisco-desktop
macro apply cisco-phone
2-339
2-341
macro apply cisco-router 2-343
macro apply cisco-switch
macro auto device
2-345
2-347
macro auto execute (built-in function)
2-349
macro auto execute (remotely-defined trigger)
macro auto execute (user-defined function)
macro auto global processing
macro auto mac-address-group
2-352
2-353
2-355
2-357
macro auto monitor 2-358
macro auto processing
2-359
macro auto sticky 2-361
macro global apply cisco-global
macro global apply system-cpp
macro global description
main-cpu
match
match flow ip
mdix auto
2-367
2-370
2-374
media-type
mode
2-362
2-363
2-364
2-365
2-366
match (class-map configuration)
2-376
2-377
monitor capture {access-list | class-map}
monitor capture [clear | export]
2-379
2-380
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
x
OL-28738 -01
Conten ts
monitor capture [interface | vlan | control-plane]
monitor capture file location buffer-size
monitor capture limit
mtu
2-381
2-382
2-385
monitor capture mycap match
monitor capture start
monitor session
2-386
2-388
2-393
2-398
name
2-399
nmsp
2-400
nmsp attachment suppress
pagp learn-method
pagp port-priority
permit
2-407
police
2-409
2-402
2-403
passive-interface
2-404
police (percent)
police rate
2-401
2-413
2-415
police (two rates)
policy-map
2-417
2-421
port-channel load-balance
2-423
port-channel standalone-disable
port-security mac-address
2-424
2-425
port-security mac-address sticky
port-security maximum
power dc input
power efficient-ethernet auto
power inline
2-426
2-427
2-428
2-429
2-430
power inline consumption
2-432
power inline four-pair forced
power inline logging global
power inline police
2-433
2-434
2-435
power redundancy-mode
2-437
pppoe intermediate-agent (global)
2-439
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
xi
Contents
pppoe intermediate-agent (interface)
2-440
pppoe intermediate-agent (interface vlan-range)
2-441
pppoe intermediate-agent format-type (global) 2-442
pppoe intermediate-agent format-type (interface) 2-444
pppoe intermediate-agent format-type (interface vlan-range)
pppoe intermediate-agent limit rate
pppoe intermediate-agent trust
2-445
2-446
2-447
pppoe intermediate-agent vendor-tag strip
priority
2-448
2-449
private-vlan
2-451
private-vlan mapping
2-455
private-vlan synchronize
profile
2-457
2-458
qos account layer-all encapsulation
qos account layer2 encapsulation
qos trust
2-460
2-461
2-463
queue-limit
2-465
redundancy
2-467
redundancy config-sync mismatched-commands
redundancy force-switchover
redundancy reload
2-468
2-470
2-471
remote login module
remote-span
2-472
2-473
renew ip dhcp snooping database
rep admin vlan
2-474
2-475
rep block port 2-476
rep lsl-age-timer
2-479
rep preempt delay
2-480
rep preempt segment
2-481
rep segment 2-482
rep stcn
reset
revision
2-485
2-486
2-487
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xii
OL-28738 -01
Conten ts
service-policy (interface configuration)
service-policy (policy-map class)
2-488
2-491
service-policy input (control-plane)
session module
set
2-493
2-495
2-497
set cos
set dscp
2-499
2-501
set precedence
2-504
set qos-group
2-507
shape (class-based queueing)
2-508
shape (interface configuration)
shell trigger
2-510
2-511
show access-group mode interface
show adjacency
2-516
2-517
2-518
show auto install status
show auto qos
2-513
2-514
show ancp multicast
show arp access-list
show authentication
2-523
2-524
show bootflash:
show bootvar
2-525
2-527
show cable-diagnostics tdr
show call-home
2-528
2-530
show cdp neighbors
show class-map
2-535
2-538
show diagnostic content
2-540
show diagnostic result module
2-542
show diagnostic result module test
2-546
show diagnostic result module test 2
2-548
show diagnostic result module test 3
2-550
show dot1x
2-552
show environment
2-556
show errdisable detect
show errdisable recovery
2-559
2-560
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
xiii
Contents
show etherchannel 2-561
show flowcontrol
show idprom
2-565
2-567
show interfaces 2-573
show interfaces capabilities 2-576
show interfaces counters
2-580
show interfaces description
show interfaces link
2-583
show interfaces mtu
2-584
2-582
show interfaces private-vlan mapping
show interfaces status
show interfaces trunk
2-588
2-590
2-595
show ip arp inspection
2-597
show ip arp inspection log
show ip cef vlan
2-600
2-601
show ip dhcp snooping
2-602
show ip dhcp snooping binding
2-603
show ip dhcp snooping database
show ip igmp interface
show ip igmp profile
2-606
2-608
2-609
show ip igmp snooping
2-610
show ip igmp snooping membership
show ip igmp snooping mrouter
show ip igmp snooping vlan
show ip interface
show ip mfib
2-614
2-616
2-617
2-618
2-621
show ip mfib fastdrop
show ip mroute
show ip wccp
2-623
2-624
show ip source binding
show ip verify source
show ipc
2-585
2-586
show interfaces switchport
show interfaces transceiver
2-629
2-630
2-632
2-639
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xiv
OL-28738 -01
Conten ts
show ipv6 snooping counters
show ipv6 mld snooping
2-641
2-642
show ipv6 mld snooping mrouter
2-644
show ipv6 mld snooping querier
show issu capability
show issu clients
2-645
2-647
2-649
show issu comp-matrix
show issu endpoints
show issu entities
show issu fsm
2-651
2-655
2-656
2-657
show issu message
2-658
show issu negotiated
2-659
show issu rollback-timer
show issu sessions
show issu state
2-666
show mab
2-669
2-660
2-661
2-662
show l2protocol-tunnel
show lacp
2-664
show mac access-group interface
2-671
show mac-address-table address
2-672
show mac-address-table aging-time
show mac-address-table count
2-674
2-675
show mac-address-table dynamic
2-676
show mac-address-table interface
show mac address-table learning
2-678
2-680
show mac-address-table multicast
2-681
show mac-address-table notification
show mac-address-table protocol
show mac-address-table static
show mac-address-table vlan
2-683
2-685
2-687
2-689
show macro auto mac-address-group
show macro auto device
show macro auto interface
2-691
2-692
2-693
show macro auto monitor clients
2-694
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
xv
Contents
show macro auto monitor device
show macro auto monitor type
show module
2-695
2-697
2-700
show monitor 2-702
show monitor capture
2-704
show monitor capture file
show nmsp
2-710
show pagp
2-713
show policy-map
2-706
2-715
show policy-map control-plane
show policy-map interface
2-716
2-719
show policy-map interface vlan
show port-security
show power
2-722
2-724
2-730
show power inline police
2-738
show pppoe intermediate-agent interface
show qos
2-739
2-741
show qos aggregate policer
show qos dbl
2-742
2-743
show qos interface
2-744
show qos maps 2-745
show redundancy 2-747
show redundancy config-sync
show running-config
2-752
show shell functions
2-754
2-750
show shell triggers 2-755
show slavebootflash:
show slaveslot0:
show slot0:
2-756
2-758
2-760
show spanning-tree
2-762
show spanning-tree mst
show storm-control
show system mtu
show tech-support
show udld
2-766
2-768
2-770
2-771
2-773
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xvi
OL-28738 -01
Conten ts
show vlan
2-776
show vlan access-map
show vlan counters
2-779
2-780
show vlan dot1q tag native
show vlan group
2-781
2-782
show vlan internal usage
show vlan mapping
show vlan mtu
2-783
2-784
2-785
show vlan private-vlan
2-786
show vlan remote-span
show vmps
show vtp
2-788
2-789
2-790
snmp ifindex clear
2-793
snmp ifindex persist
2-794
snmp-server enable traps
2-795
snmp-server ifindex persist
2-797
snmp-server ifindex persist compress
snmp trap mac-notification change
source-interface
2-798
2-799
2-800
source-ip-address
2-801
spanning-tree backbonefast
spanning-tree bpdufilter
2-802
2-803
spanning-tree bpduguard
spanning-tree cost
2-805
2-806
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree guard
2-807
2-810
spanning-tree loopguard default
spanning-tree mode
spanning-tree mst
2-808
2-809
spanning-tree link-type
2-811
2-812
2-813
spanning-tree mst configuration
2-814
spanning-tree mst forward-time
2-816
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
xvii
Contents
spanning-tree mst hello-time
2-817
spanning-tree mst max-age
2-818
spanning-tree mst max-hops
2-819
spanning-tree mst root 2-820
spanning-tree pathcost method
2-821
spanning-tree portfast (interface configuration mode)
spanning-tree portfast bpdufilter default
2-822
2-824
spanning-tree portfast bpduguard default 2-825
spanning-tree portfast default
spanning-tree port-priority
2-826
2-827
spanning-tree uplinkfast 2-828
spanning-tree vlan
speed
2-830
2-832
storm-control
2-835
storm-control broadcast include multicast
subscribe-to-alert-group all
2-837
2-838
subscribe-to-alert-group configuration
subscribe-to-alert-group diagnostic
2-839
2-841
subscribe-to-alert-group environment 2-843
subscribe-to-alert-group inventory
subscribe-to-alert-group syslog
switchport
2-845
2-847
2-849
switchport access vlan
2-851
switchport autostate exclude
switchport block
2-854
switchport mode
2-855
2-853
switchport port-security 2-860
switchport private-vlan association trunk 2-865
switchport private-vlan host-association
switchport private-vlan mapping
2-867
2-869
switchport private-vlan trunk allowed vlan
switchport private-vlan trunk native vlan tag
2-872
2-875
switchport trunk 2-876
switchport vlan mapping
system mtu
2-879
2-881
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xviii
OL-28738 -01
Conten ts
test cable-diagnostics tdr
traceroute mac
2-882
2-884
traceroute mac ip
trust
2-887
2-889
tx-queue
2-891
udld (global configuration mode)
2-893
udld (interface configuration mode)
udld reset
verify
2-895
2-897
unidirectional
username
2-898
2-899
2-900
vlan (VLAN Database mode)
vlan access-map
2-902
2-905
vlan configuration
vlan database
2-906
2-908
vlan dot1q tag native
vlan filter
2-910
2-911
vlan group
2-912
vlan internal allocation policy
2-913
vmps reconfirm (global configuration)
vmps reconfirm (privileged EXEC)
vmps retry
2-917
vtp domain
2-921
vtp password
2-922
2-923
vtp server
2-924
vtp transparent
vtp v2-mode
A
Abbreviations
2-919
2-920
vtp pruning
A PP E N D I X
2-914
2-915
2-916
vmps server
vtp (global configuration mode)
vtp client
2-925
2-926
A-1
I ND EX
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL-28738 -01
xix
Contents
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xx
OL-28738 -01
Preface
This preface d escrib es the aud ience, organ ization, and conventions of th is p ublication , and prov ides
info rmation on how to obtain related do cumentation.
Cisco do cumentation and add itional literature are available in a CD-ROM p ackage, wh ich ship s with
your prod uct. The Documen tation CD-ROM, a memb er of the Cisco Connection Family, is updated
monthly. Therefore, it migh t be more u p to d ate than printed do cumentation. To order add itional co pies
of the Documentation CD-ROM, co ntact your local sales representative or call customer service. Th e
CD-ROM package is availab le as a single p ackage o r as an an nual su bscription .
Audience
This pub lication is for experienced network administrators wh o are resp onsible for configuring an d
main tainin g Cataly st 4 500 series switches.
Cisco IOS Software Documentation
In addition to the info rmation prov ided in this pu blication, you might need to refer to the Cisco IOS
documentatio n set. The Cisco IOS software d ocu mentation is divided into n in e modules and two master
indexes. Each mod ule consists of two books : a con figuratio n guide and a correspo nding comman d
reference. Chapters in a config uration guid e describe pro toco ls, config uration tasks, and Cisco IOS
software functionality an d contain comprehensive configuration examples . Chapters in a comman d
reference p rovid e complete co mmand sy ntax in formatio n. Each con figuratio n guide can be used in
co njunction with its co rresp onding command referen ce.
Organization
This pub lication is organized as follows:
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
xxi
Pre face
Chapter
Title
Chapter 1
Command-Line Interface Describes the Catalys t 45 00 series switch
CLI.
Description
Chapter 2
Cisco IOS Commands for Lists all Catalys t 45 00 series Cisco IOS
th e Catalyst 450 0 Series co mmand s alphabetically and prov ides
Switches
detailed info rmation on each co mmand .
Appendix A
Abbreviations
Defines the acronyms us ed in this
publication.
Related Documentation
The Catalys t 45 00 series Cisco IOS do cumentation set in clud es these pu blications:
Note
•
Cata lyst 450 0 S eries Switch Installation Guide
•
Catalyst 450 0 Serie s Sw it ch Sup ervisor En gin e Installation Note
•
Cata lyst 450 0 S eries Switch Cisco IOS S oftware Configura tio n Guide
•
Cata lyst 450 0 S eries Switch Cisco IOS S ystem Messa ge Gu ide
•
Release Notes for Catalyst 4500 Series Switch Softwa re
Access the Catalyst 45 00 Series Switch documen tation library at th e URL
h ttp://www.cisco.com/go/cat4500/d ocs
Other documents in th e Cisco IOS documentatio n set include:
•
Cisco IOS Release 1 2.4 Con figuratio n Guides
•
Cisco IOS Release 1 2.4 Command References
For in formatio n abo ut MIBs, refer to this URL:
h ttp://www.cisco.com/pub lic/sw-cen ter/netmgmt/cmtk/mib s.sh tml
Conventions
This documen t u ses these conventions:
Table 1
Convention
Command Syntax Guide
Descriptio n
boldface
Commands and key words.
ita lic
Command inpu t that is supplied by you.
[
]
{x | x | x }
Keywo rds or arguments that appear within squ are brackets are optio nal.
A choice o f key words (rep resen ted by x) app ears in braces s eparated by
vertical b ars. You must select on e.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xxii
OL_28738-01
Preface
Table 1
Command Syntax Guide
Co nvention
Description
^ o r Ctrl
Represen t the key labeled Control. For example, when yo u read ^D or
Ctrl-D, you sh ould hold down the Control key while you p ress the D key.
Examples o f information displayed on the screen.
screen font
boldface screen fo nt
Examples o f information that y ou must en ter.
<
>
Non printin g characters, su ch as pas swords, appear in an gled b rackets.
[
]
Default respon ses to system pro mp ts appear in square brackets.
Notes use th is convention:
Note
Means reade r tak e not e. Notes contain helpful su ggestions or references to material not covered in th e
publication.
Cautio ns use this conven tion:
Caution
M eans reader be c are ful . In this situation, y ou might do something that could res ult in equipment
damage or loss of data.
Notices
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product inclu des so ftware develop ed by the OpenSSL Project fo r use in the OpenSSL To olkit
(http ://www.openssl.org /).
This product inclu des cry ptograp hic software written by Eric Yo ung ([email protected]).
This product inclu des so ftware written by Tim Hud son (tjh @crypts oft.com).
License Issues
The Op enSSL to olkit stays un der a dual licen se, i.e. bo th the conditions of the OpenSSL License and the
orig inal SSLeay license ap ply to the toolk it. See below for the actual license texts. Actually both licenses
are BSD-style Open Sou rce licen ses. In case of any license issues related to OpenSSL please con tact
[email protected].
OpenSSL License:
Copyright © 19 98-2 007 The OpenSSL Project. All rig hts reserved.
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
xxiii
Pre face
Redistribution and use in so urce an d bin ary forms, with or without mo dificatio n, are permitted provided
th at the followin g cond itions are met:
1.
Redistributions of so urce code must retain the co pyrig ht notice, this lis t of con ditions and the
followin g d isclaimer.
2.
Redistributions in bin ary fo rm must rep rod uce the ab ove copyright notice, th is lis t o f condition s, and
th e following disclaimer in the documentatio n and/or oth er materials provided with the distribution.
3.
All advertis in g materials men tio ning features or u se of th is so ftware must display the followin g
acknowledgment: “Th is product includes so ftware d eveloped by the OpenSSL Pro ject for use in the
OpenSSL Toolkit (http://www.op enss l.org/)”.
4.
The names “Op en SSL Toolkit” and “OpenSSL Project” must not be u sed to endorse or pro mote
p rodu cts d eriv ed fro m this software witho ut prio r written permissio n. For written permission, please
contact o pen [email protected].
5.
Products derived fro m this software may no t b e called “OpenSSL” nor may “OpenSSL” appear in
th eir n ames withou t prior written permission o f the OpenSSL Project.
6.
Redistributions of any fo rm whatsoever must retain the fo llowing ackn owledgment:
“This product includes so ftware developed b y the Open SSL Project fo r u se in the OpenSSL To olkit
(http://www.o pen ssl.org/ )”.
THIS SOFTWARE IS PROVIDED BY THE Op enSSL PROJECT “AS IS”' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
NO EVENT SHALL THE Op enSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREM ENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
This product includes cry ptograp hic software written by Eric Young (eay@cry ptsoft.com). This produ ct
in clud es software written by Tim Hudso n ([email protected]).
Original SSLeay License:
Cop yrigh t © 1995 -199 8 Eric Youn g (eay @cryp ts oft.com). All righ ts reserved.
This package is an SSL implementatio n written by Eric Young (eay@cry ptsoft.com).
The implementatio n was written so as to confo rm with Netscap es SSL.
This library is free for commercial and non-co mmercial use as long as th e fo llowing condition s are
adhered to. The following con ditions apply to all code foun d in this distribution , be it the RC4 , RSA,
lh ash, DES, etc., code; n ot ju st the SSL cod e. The SSL d ocu mentation included with th is distribution is
covered by the same copyright terms ex cept that the holder is Tim Hudso n ([email protected]).
Cop yrigh t remains Eric Yo ung’s, an d as such any Copy righ t no tices in th e code are not to be removed.
If this package is used in a product, Eric Yo ung should be given attributio n as the author o f the parts of
th e library used. Th is can be in the form o f a textual message at pro gram startup or in do cumentation
(online or textual) provided with the p ackage.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xxiv
OL_28738-01
Preface
Obtaining Documentation and Submitting a Service Reque st
Redis tribution an d use in source and binary forms, with or withou t modification, are permitted provid ed
that the following conditions are met:
1.
Redis tribution s o f source co de must retain the copyright notice, this list of condition s and the
following disclaimer.
2.
Redis tribution s in binary fo rm must repro duce th e above copyright no tice, this list of co nditions and
the fo llowing disclaimer in the do cumentation and /or other materials provided with th e distribu tio n.
3.
All ad vertising materials mentioning features or use o f this software mus t dis play the following
acknowled gement:
4.
If you include any Wind ows specific co de (or a d erivative thereof) from the app s d irecto ry
(applicatio n code) you must include an acknowledg ement: “Th is produ ct inclu des software written
by Tim Hudson ([email protected])”.
“This pro duct includes crypto graphic software written by Eric You ng (eay @cryp tsoft.com)”.
The word ‘cryp tograph ic’ can be left out if the rou tines from the library b eing us ed are not
cryptog raphy-related .
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIM ED. IN NO
EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The licen se an d distribution terms for any pub licly available version o r d erivative of this code cannot be
ch ang ed. i.e. this code can not simply be co pied and pu t under an other d istributio n license [including the
GNU Pu blic License].
Obtaining Documentation and Submitting a Service Request
Fo r info rmation on obtaining do cumentation, submitting a s ervice request, and gatherin g additio nal
info rmation, see the monthly Wh at’s New in Cisco Prod uct Documenta tio n, which also lists all new and
revised Cisco techn ical documen tation , at:
http://www.cisco.com/en/US/d ocs/g eneral/whats new/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentatio n as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS Version 2.0.
Ca talyst 4500 Series Switch Cisco IOS Comma nd Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
xxv
Pre face
Obtaining Documentation and Submitting a Service Request
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
xxvi
OL_28738-01
CH AP T E R
1
Command-Line Interface
This chap ter provid es information for un derstanding and using the Cisco IOS command-line in terface
(CLI) on the Catalyst 4500 series switch. This chap ter in clud es the following sections :
•
Getting Help, p age 1-1
•
How to Find Command Option s, page 1 -2
•
Und erstan ding Command Modes, page 1-5
•
Using th e No and Default Fo rms of Commands , page 1-6
•
Using th e CLI Strin g Search, p age 1-6
•
Saving Configuration Changes, pag e 1-11
Fo r an overview of the Catalys t 45 00 series switch Cisco IOS config uration, refer to the Catalyst 45 00
Series Switch Cisco IOS Software Con figu ration Guid e.
Getting Help
To disp lay a lis t of commands that you can use within a command mode, enter a q uestion mark (? ) at
the sy stem prompt. You als o can display keyword s and arguments for each co mmand with this
co ntext-sensitive help feature.
Table 1 -1 lists co mmand s y ou can enter to g et help that is specific to a command mode, a command, a
key word, or an argu ment.
Table 1-1
Getting Help
Command
Purpose
abbreviated-co mma nd-entry?
abbreviated-co mma nd-entry<Tab>
?
co mma nd ?
co mma nd keyword ?
Displays a list of commands that begin with a
particular ch aracter strin g. (Do not leave a space
between the command and question mark.)
Completes a p artial comman d n ame.
Lists all commands fo r the command mode.
Lists all keywords for the command. Leave a space
between the command and the q ues tio n mark.
Lists all argu ments for the keyword . Leave a space
between the keyword and the question mark.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
OL_28738-01
1-1
Chapter 1
Command-Line In terface
How to Find Command Options
How to Find Command Options
This section provides an examp le of h ow to d isplay s yntax for a co mmand . The syntax can consist of
o ptional o r required k eywords . To d isplay keywo rds for a command, enter a question mark (?) at the
command prompt or after entering part of a comman d followed by a sp ace. The Catalyst 4500 series
switch software disp lays a list of available key words along with a b rief des cription of the keyword s. Fo r
example, if you are in global con figuratio n mode and want to see all the keyword s for the arap
command, you en ter ara p ?.
Tab le 1-2 sh ows examples of how you can us e th e question mark (?) to assist yo u in enterin g commands
and also guides you through entering the following co mmand s:
Table 1-2
•
interfa ce gigabitethernet 1/1
•
channel-group 1 mode a uto
How to Find Command Options
Co mmand
Purpo se
Switch> enable
Password: <password>
Switch#
En ter the ena ble co mmand and
password to access p rivileged EXEC
commands.
Yo u are in priv ileged EXEC mo de
when the pro mpt changes to Switch#.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
En ter global configuration mo de.
Yo u are in glob al co nfigu ration mode
when th e prompt changes to
Switch(config)#.
Switch(config)# interface gigabitethernet ?
<1-9> GigabitEthernet interface number
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)#
En ter interface co nfiguration mode by
specifyin g th e Gig abit Eth ernet
interface that you want to config ure
usin g the interface gigabitethernet
glo bal config uration comman d.
En ter a ? to display what you must
enter next o n th e comman d lin e. In
this examp le, you must en ter an
interface number from 1 to 9 in th e
format mod ule-number/port-numb er.
Yo u are in interface configuration
mod e wh en the promp t changes to
Switch(config-if)#.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
1-2
OL_28738-01
Chapter 1
Command-Line Interface
How to Find Command Options
Table 1-2
How to Find Command Options (continued)
Command
Purpose
Switch(config-if)#?
Interface configuration commands:
access-expression Build a bridge boolean access expression
apollo
Apollo interface subcommands
appletalk
Appletalk interface subcommands
arp
Set arp type (arpa, probe, snap) or timeout
backup
Modify backup parameters
bandwidth
Set bandwidth informational parameter
bgp-policy
Apply policy propogated by bgp community string
bridge-group
Transparent bridging interface parameters
carrier-delay
Specify delay for interface transitions
cdp
CDP interface subcommands
channel-group
Etherchannel/port bundling configuration
clns
CLNS interface subcommands
cmns
OSI CMNS
custom-queue-list Assign a custom queue list to an interface
decnet
Interface DECnet config commands
default
Set a command to its defaults
delay
Specify interface throughput delay
description
Interface specific description
dlsw
DLSw interface subcommands
dspu
Down Stream PU
exit
Exit from interface configuration mode
fair-queue
Enable Fair Queuing on an Interface
flowcontrol
Configure flow operation.
fras
DLC Switch Interface Command
help
Description of the interactive help system
hold-queue
Set hold queue depth
ip
Interface Internet Protocol config commands
ipx
Novell/IPX interface subcommands
isis
IS-IS commands
iso-igrp
ISO-IGRP interface subcommands
Enter a ? to display a list of all the
interface configu ration comman ds
available for the Gigab it Eth ernet
interface.
.
.
.
Switch(config-if)#
Switch(config-if)# channel-group ?
group channel-group of the interface
Switch(config-if)#channel-group
Enter the command that y ou want to
con figure for the con troller. In this
example, the channel-group
command is used.
Enter a ? to display wh at you must
enter next on the command line. In
this example, you mus t enter the
group keyword .
Becau se a <cr> is not disp layed, it
indicates that you mu st enter more
information to comp lete th e
command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
OL_28738-01
1-3
Chapter 1
Command-Line In terface
How to Find Command Options
Table 1-2
How to Find Command Options (continued)
Co mmand
Purpo se
Switch(config-if)# channel-group ?
<1-256> Channel group number
After you enter the g roup keyword ,
enter a ? to display wh at you must
enter next o n th e comman d lin e. In
this examp le, you must enter a channel
group nu mber from 1 to 2 56.
Switch(config-if)#channel-group
Because a <cr> is not displayed, it
ind icates that you must enter more
information to complete the
command.
Switch(config-if)# channel-group 1 ?
mode Etherchannel Mode of the interface
Switch(config-if)#
After you enter the channel gro up
nu mber, en ter a ? to display what y ou
must enter n ext on the command lin e.
In this example, you mu st enter the
mode keyword.
Because a <cr> is not displayed, it
ind icates that you must enter more
information to complete the
command.
Switch(config-if)# channel-group 1 mode ?
auto
Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on
Enable Etherchannel only
Switch(config-if)#
After you enter the mode keywo rd,
enter a ? to display wh at you must
enter next o n th e comman d lin e. In
this example, yo u must enter the auto,
desirable, or on keyword.
Because a <cr> is not displayed, it
ind icates that you must enter more
information to complete the
command.
Switch(config-if)# channel-group 1 mode auto ?
<cr>
Switch(config-if)#
In this example, the auto keyword is
entered. After yo u enter the auto
keyword, en ter a ? to display what you
must enter n ext on the comman d line.
Because a <cr> is displayed, it
ind icates that y ou can press Return to
complete the command. If add itional
keywords are lis ted, you can enter
more keywo rds or p ress Return to
complete the command.
Switch(config-if)# channel-group 1 mode auto
Switch(config-if)#
In this example, pres s Return to
complete the command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
1-4
OL_28738-01
Chapter 1
Command-Line Interface
Understanding Command Modes
Understanding Command Modes
The Cis co IOS u ser interface on the Catalyst 4500 series switch has many different modes. Th e
co mmand s that are available to you depen d on wh ich mode you are currently in . You can obtain a list of
co mmand s available for each command mode b y enterin g a question mark (?) at the system p romp t.
Wh en you s tart a ses sion on the Catalyst 450 0 series switch , y ou begin in user mode, often called EXEC
mode. Only a limited su bset of the commands are available in EXEC mode. In ord er to h ave access to
all comman ds, y ou must enter privileg ed EXEC mode. No rmally, you must enter a password to en ter
privileged EXEC mod e. From privileged EXEC mod e, you can enter any EXEC command o r en ter
global con figuratio n mode. Most EXEC commands are one-time commands, such as show commands,
which show the current status of a given item, and clear commands, which clear cou nters or interfaces .
The EXEC commands are no t saved acros s reboots of the Catalyst 4500 series switch.
The con figuratio n modes p rovide a way for you to make changes to the ru nning config uration. Wh en
you save chan ges to the con figuratio n, the ch ang es remain intact when the Catalyst 4500 series switch
reboo ts . From glob al config uration mode, y ou can en ter in terface co nfigu ration mode, sub interface
co nfiguration mode, and other protocol-specific modes.
ROM-mon itor mo de is a separate mo de used when th e Catalyst 4500 series switch cannot bo ot properly.
If your Cataly st 4 500 series switch or acces s server does n ot find a valid system image when it is
booting , or if its configuratio n file is co rrupted at startup , the s ystem might enter ROM-mon itor mode.
Table 1 -3 provides a summary of the main command mod es.
Table 1-3
Command
Mode
Summary of Main Command Modes
Acc ess Me th od
Promp t
Exit Method
User EXEC
mod e
Lo g in.
Switch>
Use th e logo ut command.
Privileged
EXEC mode
Fro m u ser EXEC mode,
enter the enable EXEC
command.
Switch#
To exit to us er EXEC mode, enter the disable
command.
Global
config uration
mod e
Fro m p rivileg ed EXEC
mod e, enter the
configure terminal
privileged EXEC
command.
Switch(config)#
To exit to p rivileged EXEC mo de, enter the exit or
end command or p ress Ctrl-Z.
Interface
config uration
mod e
Fro m g lo bal
config uration mode,
enter by specifying an
interface with an
interface command.
Switch(config-if)#
To exit to global config uration mode, enter the exit
command.
To enter global con figuratio n mode, enter the
config ure terminal privileged EXEC command.
To enter interface config uration mode, enter an
interface configu ration co mmand .
To exit to privileg ed EXEC mode, enter the exit
command or press Ctrl-Z.
To enter subin terface configu ration mode, specify a
subinterface with the interfa ce command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
OL_28738-01
1-5
Chapter 1
Command-Line In terface
Using the No and Default Forms of Commands
Table 1-3
Summary of Main Command Modes (continued)
Co mmand
Mode
Access Method
Prompt
Subinterface
co nfiguration
From interface
co nfiguration mode,
specify a sub interface
with an interface
co mmand .
Switch(config-subif)#
To exit to g lo bal co nfiguration mod e, enter the exit
command.
ROM mo nitor
From priv ileged EXEC
mode, enter the relo ad
EXEC command. Pres s
the Break key du ring the
first 60 secon ds while the
system is bo oting.
Rommon>
To exit ROM-mo nitor mod e, you must reload the
image by entering th e boot command. If yo u u se
the boo t command withou t specifying a file o r any
oth er b oot instruction s, the system b oots from the
default Flash image (the first image in onb oard
Flash memory). Otherwise, you can instruct the
sy stem to boot from a sp ecific Flash imag e (u sing
the bo ot system fla sh filen ame command).
Exit Method
To enter p rivileg ed EXEC mode, enter the end
command or press Ctrl-Z.
For more information on command modes, refer to the “Usin g the Co mmand Lin e Interface” chap ter of
th e Configuratio n Funda mentals Configuration Guide.
Using the No and Default Forms of Commands
Almost every configuration comman d has a no form. In general, enter the no form to d isab le a function.
Use the command without the keyword no to reenable a disabled function or to enable a function that is
d isabled by default. For example, IP ro uting is enabled by default. To disab le IP routing, specify the
no ip routing comman d and sp ecify ip routing to reenable it. This publication pro vides the co mplete
sy ntax for the co nfigu ration co mmand s and describes what the no fo rm of a command does.
Some con figuratio n commands have a default form. The default form of a co mmand retu rns the
command settin g to its default setting s. Most comman ds are disabled by default, so th e default form is
th e same as the no form. However, some comman ds are enabled by default, with variables set to certain
d efault values. In th ese cases, the default form of the command enables the co mmand and returns its
variables to their defau lt values.
Using the CLI String Search
The pattern in the command outp ut is referred to as a s tring. The CLI strin g search feature allows you to
search or filter any show or more comman d o utput an d allows y ou to s earch and filter at --More-p rompts . This feature is useful when yo u n eed to so rt though large amoun ts of output, or if you want to
exclude o utput that y ou do not need to see.
With th e search function, you can begin unfiltered ou tput at the first line that contains a regular
express ion you specify. Yo u can th en specify a max imu m of one filter per command or start a n ew search
from the --More-- prompt.
A reg ular exp ression is a pattern (a phrase, number, or more co mplex pattern) s oftware uses to match
against show or more co mmand ou tput. Regular ex pression s are case sens itive and allow for complex
matching requirements. Examples of simple regular exp ressions are Serial, misses, an d 138. Examples
o f co mplex regu lar expres sions are 00 210..., ( is ), an d [Oo ]utpu t.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
1-6
OL_28738-01
Chapter 1
Command-Line Interface
Using the CLI String Search
You can p erform three typ es of filtering:
•
Use the begin keyword to beg in o utput with the line that co ntain s a specified regular expressio n.
•
Use the include keywo rd to include o utput lines th at contain a specified regu lar expres sion.
•
Use the exclude keywo rd to ex clud e outp ut lin es that con tain a sp ecified regular expression .
You can th en search th is filtered o utput at the --More-- prompts.
Note
The CLI string search fun ction does n ot allow you to search or filter back ward thro ugh previous output;
filtering cannot be sp ecified using HTTP access to the CLI.
Regular Expressions
A regular expressio n can be a s ingle character th at matches the same sing le character in the command
outpu t or multiple characters th at match the same multiple characters in the co mmand o utput. This
section describes how to create both single-character patterns an d mu ltiple-ch aracter patterns and how
to create mo re complex regular expression s u sing multipliers, altern ation , anchorin g, and parentheses.
Single-Character Patterns
The simples t regu lar expression is a single character that match es the same single character in th e
co mmand ou tput. You can use any letter (A-Z, a-z) o r digit (0 -9) as a sing le-ch aracter pattern. You can
also u se other keyboard characters (such as ! or ~) as sin gle-character patterns, but certain key board
ch aracters have special meaning when u sed in regu lar expres sions. Table 1-4 lists the keyboard
ch aracters that h ave s pecial meaning.
Table 1-4
Ch aracter
.
*
+
?
^
Characters with Special Meaning
Sp ecial Mean in g
Matches any sin gle character, in clud ing white space.
Matches 0 or more sequences of th e pattern.
Matches 1 or more sequences of th e pattern.
Matches 0 or 1 occu rrences of the p attern .
Matches the beginnin g of the s tring.
$
Matches the end of th e strin g.
_ (underscore)
Matches a comma (,), left brace ({), right brace (}), left parenthesis ( ( ),
righ t parenth esis ( ) ), the beg inning of th e strin g, the end of th e strin g, or a
space.
To enter th ese special characters as s ingle-character patterns, remove the sp ecial meanin g by preceding
each character with a backslash (\). These ex amples are sin gle-character pattern s matchin g a dollar s ig n,
an un derscore, and a plus sign, respectively.
\$ \_ \+
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
OL_28738-01
1-7
Chapter 1
Command-Line In terface
Using the CLI String Search
You can specify a ran ge of single-character patterns to match against command outp ut. For example,
y ou can create a reg ular expression that match es a string co ntain ing o ne of th e fo llowing letters: a, e, i,
o , or u. One and only one of these characters must exist in the string for pattern matching to su cceed. To
sp ecify a range of single-character patterns, enclose th e single-character patterns in s quare b rack ets
([ ]). For example,
[aeiou]
matches any one of the five vowels of the lowercase alp hab et, while
[abcdABCD]
matches any one of the first four letters of the lower- or uppercase alphabet.
You can simplify ranges by enterin g only the end poin ts o f the ran ge separated by a dash (-). Simplify
th e previou s ran ge as follows:
[a-dA-D]
To ad d a dash as a sin gle-character pattern in your range, include an other dash an d p recede it with a
b ackslash:
[a-dA-D\-]
You can als o include a righ t square bracket (]) as a s ingle-character pattern in y our range. To do so, enter
th e fo llowing:
[a-dA-D\-\]]
The previo us example matches any one of the first four letters of the lower- o r uppercase alphabet, a
d ash, or a righ t squ are bracket.
You can reverse the matching o f th e range by inclu ding a caret (^) at the start of the range. Th is ex ample
matches any letter except the ones listed:
[^a-dqsv]
This example matches anythin g excep t a right squ are bracket (]) or the letter d:
[^\]d]
Multiple-Character Patterns
When creating regu lar expressions, you can also specify a pattern co ntain ing multiple characters. Yo u
create mu ltiple-ch aracter regu lar exp ressions b y joining letters, digits, or key board characters that do not
h ave sp ecial mean ing. For example, a4% is a multiple-character regular ex pression . Put a back slash in
fro nt o f the k eybo ard characters that h ave sp ecial mean ing when you want to remove th eir s pecial
meaning.
With multip le-ch aracter patterns, order is important. The regular expression a4 % matches the character
a followed by a 4 fo llowed by a % sign. If the string does not have a4%, in that order, pattern matchin g
fails. This multiple-character regular ex pression :
a.
u ses the special meaning of th e period character to match th e letter a followed by any single character.
With th is example, the strings ab, a!, or a2 are all valid match es for the reg ular exp ression.
You can remove the special meaning of th e period character by puttin g a backslash in front of it. In the
followin g expression:
a \.
o nly the string a. matches this regular ex pression.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
1-8
OL_28738-01
Chapter 1
Command-Line Interface
Using the CLI String Search
You can create a mu ltiple-character regular expressio n con tainin g all letters , all dig its, all keybo ard
ch aracters, or a combin ation of letters , digits, an d o ther keyb oard characters. These examples are all
valid regu lar expres sions:
telebit 3 107 v32 bis
Multipliers
You can create more complex regular exp ressions to match multiple occurrences o f a specified regular
exp ression by using some special ch aracters with you r sin gle- and multiple-character patterns. Table 1-5
lists the special characters that specify “multip les” of a reg ular expression.
Table 1-5
Special Characters Used as Multipliers
Ch aracter
Description
*
Matches 0 or more sing le- o r multiple-character p attern s.
+
Matches 1 or more sing le- o r multiple-character p attern s.
?
Matches 0 or 1 occu rrences of the s ingle- or multip le-character patterns.
This examp le matches any nu mber of occurren ces of the letter a, includin g n one:
a*
This pattern requires th at at leas t on e letter a in the string is matched:
a+
This pattern matches the string bb or b ab:
ba?b
This string matches any nu mb er of asterisks (* ):
\**
To use multipliers with multip le-ch aracter patterns, y ou en close the p attern in parentheses. In the
following ex ample, th e pattern matches any nu mber of the multiple-character string ab :
(ab)*
As a more co mplex ex ample, th is pattern matches o ne or more instances of alphanumeric pairs (but not
none; that is, an empty strin g is no t a match):
([A-Za-z][0-9])+
The order for matches usin g multipliers (*, +, or ?) is to put the lon gest con struct first. Nested constructs
are match ed from ou tside to inside. Co ncatenated constructs are matched beg inning at the left side of
the co nstru ct. Thus, the regular ex pression matches A9 b3, but n ot 9Ab3 b ecau se the letters are specified
before the numbers .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
OL_28738-01
1-9
Chapter 1
Command-Line In terface
Using the CLI String Search
Alternation
Alternation allows you to specify altern ative p atterns to match against a string. You sep arate the
alternative patterns with a vertical bar (|). Exactly one of the altern atives can match the string. For
example, the reg ular exp ression
codex | telebit
matches the string codex or the string telebit, but not bo th codex an d telebit.
Anchoring
You can match a reg ular exp ression pattern ag ainst the beg inning or th e end of the string . That is, yo u
can sp ecify that the beginning or end of a strin g contains a specific pattern. You “anchor” these regu lar
express ions to a portion of th e strin g using the sp ecial characters s hown in Table 1-6.
Table 1-6
Special Characters Used for Anchoring
Character
Descriptio n
^
Matches the beginning of the string.
$
Matches the en d of the s tring.
This regular ex pression match es a string only if th e string starts with abcd :
^a bcd
In co ntrast, th is express ion is in a range th at matches an y s ingle letter, as lo ng as it is n ot the letters a,
b , c, or d :
[^abcd]
With th is example, the reg ular exp ression matches a string that ends with .12:
$ \.12
Con trast th ese an cho ring characters with the special character und erscore (_). Th e und ersco re matches
th e beg inning of a string (^), th e end of a string ($), p aren theses ( ), space ( ), braces { }, comma (,), or
u nderscore (_). With th e un derscore character, you can specify that a p attern exist anywhere in the string.
For example:
_ 1300_
matches any string that has 13 00 somewhere in the string. The string ’s 13 00 can be preceded b y o r en d
with a space, brace, comma, o r undersco re. For examp le:
{1 300_
matches the regular ex pression , but 2130 0 and 13 000 do not.
Using the u nderscore character, y ou can replace long regular express ion lists, such as th e fo llowing:
^1 300$ ^130 0(space) (s pace)13 00 {1300 , ,1300 , {13 00} ,1 300, (13 00
with
_ 1300_
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
1-10
OL_28738-01
Chapter 1
Command-Line Interface
Saving Configuration Changes
Parentheses for Recall
As shown in the “Multipliers” section o n page 1-9, you use parentheses with mu ltiple-character regular
exp ressions to multiply the occurrence of a pattern. You can also use p aren theses aroun d a single- or
multiple-character p attern to remember a pattern for use elsewhere in the regu lar expression.
To create a regu lar expression that recalls a previous pattern, you use parentheses to indicate a
remembered specific pattern and a back slash (\) followed by an integ er to reu se the remembered pattern.
The integer sp ecifies the occurren ce of the parentheses in the reg ular exp ression pattern. If yo u have
more than o ne remembered pattern in your reg ular exp ression, then \1 ind icates the first remembered
pattern, \2 ind icates the second remembered pattern, and so on .
This regular expressio n uses parenth eses fo r recall:
a(.)bc(.)\1\2
This regular expressio n matches an a followed by any character (call it character 1), fo llowed by b c
followed by any ch aracter (character 2), followed by character 1 again, followed by ch aracter 2 ag ain.
So, the regular ex pression can match aZb cTZT. The software remembers that character 1 is Z and
ch aracter 2 is T and then uses Z an d T again later in the regular exp ression.
Saving Configuration Changes
To save your con figuratio n changes to y our startu p configuration so that they will not be lo st if th ere is
a system reload or power o utag e, en ter th e fo llowing comman d:
Switch# copy system:running-config nvram:startup-config
Building configuration...
It might take a min ute or two to save th e configu ration. After th e configu ration has b een saved, the
following outpu t appears:
[OK]
Switch#
On most platfo rms, th is s tep saves the con figuratio n to NVRAM . On the Class A Flash file sy stem
platforms, this s tep saves the configuration to th e location specified by the CONFIG_FILE environ ment
variab le. The CONFIG_FILE environment variab le defaults to NVRAM.
show platform Commands
You sho uld use th ese commands on ly when you are work ing directly with your technical sup port
representative, while troub lesh ooting a problem. Do not use th ese commands un less yo ur techn ical
suppo rt representative asks you to do so.
Note
The sho w pla tfo rm commands are not des cribed in this do cument.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
OL_28738-01
1-11
Chapter 1
Command-Line In terface
show platform Commands
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.5(0)XO
1-12
OL_28738-01
CH AP T E R
2
Cisco IOS Commands for the Catalyst 4500 Series
Switches
This chap ter con tains an alph ab etical listing of Cis co IOS commands for the Catalyst 4500 series
switches. For information about Cisco IOS commands that are not included in this pub lication, refer to
Cisco IOS Release 12.2 co nfigu ration guides an d command referen ces at this URL:
http://www.cisco.com/en/US/p rodu cts/sw/iosswrel/ps183 5/pro ducts_product_indices_list.html
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-1
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
#macro keywords
#macro keywords
To specify the help string for the macro key words, us e the #macro keywords command.
# macro keywords [keyword1] [keyword2] [keyword3]
Syntax Description
keyword 1
keyword 2
keyword 3
Defaults
(Optio nal) Specifies a keywo rd that is needed while applying a macro to an
in terface.
(Optio nal) Specifies a keywo rd that is needed while applying a macro to an
in terface.
(Optio nal) Specifies a keywo rd that is needed while applying a macro to an
in terface.
This command has no default setting s.
Command Modes
Global configuratio n mo de
Usage Guidelines
If y ou do not specify th e mandatory key words for a macro, the macro is to be considered invalid and fails
when yo u attempt to apply it. By entering the #macro key words command, yo u will receive a message
in dicating wh at you need to in clud e to mak e the s yntax valid.
Examples
This example s hows how to specify the h elp string fo r key words asso ciated with a macro named test:
Switch(config)# macro name test
macro name test
Enter macro commands one per line. End with the character '@'.
#macro keywords $VLAN $MAX
swichport
@
Switch(config)# int gi1/1
Switch(config-if)# macro apply test ?
WORD Keyword to replace with a value e.g $VLAN, $MAX
<cr>
<< It is shown as help
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-2
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
#ma cro keywords
Related Commands
Co mmand
macro a pply cisco -desktop
macro apply cisco-phone
Description
Enables th e Cisco-recommended features an d s etting s that are
suitable for connecting a switch port to a stan dard desktop.
Enables th e Cisco-recommended features an d s etting s that are
suitable for connectin g a switch port to a s tand ard des ktop an d a
Cisco IP ph one.
macro a pply cisco -router
Enables th e Cisco-recommended features an d s etting s that are
suitable for connecting a switch port to a ro uter.
macro a pply cisco -switch
Enables th e Cisco-recommended features an d s etting s that are
suitable for connecting a switch port to anoth er switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-3
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
aaa accounting dot1x default start-stop group radius
aaa accounting dot1x default start-stop group radius
To en able accounting for 80 2.1X au then tication sessions, use th e aaa accounting dot1x default
start-sto p group radius command. To disable accou nting, use the no form of this command.
a aa accounting dot1 x defa ult start-stop g roup radius
no aaa accounting dot1x default start-stop group radius
Syntax Description
This command has no arguments or keywo rds.
Defaults
Accoun ting is d isab led.
Command Modes
Usage Guidelines
Global configuratio n mo de
8 02.1X accountin g requires a RADIUS s erver.
This command enables the Auth entication, Authorization, an d Accou nting (AAA) client’s accoun ting
feature to fo rward 802 .1X upd ate and watchdog packets from the 80 2.1 X sup plicant (workstation client)
to the au then tication (RADIUS) server. (Watchdo g p ackets are defined as EAPOL-LOGON,
EAPOL-LOGOFF, an d EAPOL-INTERIM messag es.) Successful auth en tication an d auth orizatio n of
th e supplicant by the authenticatio n serv er is required before th ese p ackets are con sidered valid and are
forwarded. When the client is reauthenticated, an interim-upd ate accounting no tice is sent to the
accou nting server.
Examples
This example s hows how to config ure 802.1X accoun ting:
Switch(config)# aaa accounting dot1x default start-stop group radius
Note
Related Commands
The RADIUS authenticatio n s erver must be properly configured to accep t and log upd ate or watchdog
p ackets fro m the AAA client.
Command
Descriptio n
aaa acco unting system default Receives th e session termination mess ages after the switch
start-sto p group radius
reboots.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-4
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
aaa accounting system default start-stop group radius
aaa accounting system default start-stop group radius
To receive the session termination messages after the switch reboots , use the aaa a ccounting system
default start-stop group radius co mmand . To d isable accounting , use the no fo rm of this command.
aaa accounting sy stem default start-sto p group radius
no aaa accounting system default start-stop group radius
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Acco unting is disabled.
Command Modes
Usage Guidelines
Glob al co nfigu ration mode
802.1X accou nting requires th e RADIUS server.
This comman d enables the AAA client’s accou nting feature to forward 80 2.1 X update and watchdog
packets from the 80 2.1 X supplicant (wo rkstation client) to the authentication (RADIUS) server.
(Watch dog packets are d efin ed as EAPOL-LOGON, EAPOL-LOGOFF, and EAPOL-INTERIM
mess ages.) Successfu l authentication and autho rizatio n of th e supplicant by the authenticatio n server is
required before th ese packets are consid ered valid and are forwarded. Wh en th e client is reauthenticated,
an interim-upd ate accounting no tice is sent to the accou nting server.
Examples
This examp le shows how to g enerate a logoff after a switch reb oots:
Switch(config)# aaa accounting system default start-stop group radius
Note
Related Commands
The RADIUS au then tication server must be p rop erly con figured to accept an d lo g u pdate or watchdo g
packets from the AAA clien t.
Co mmand
Description
aaa accounting dot1x default
start-stop group radius
Enables acco unting for 802 .1X auth entication ses sions.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-5
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
access-group mode
access-group mode
To specify the ov erride modes (for example, VACL o verrides PACL) an d th e non -override modes (for
example, merg e o r strict mod e), use th e a cces s-group mode command. To return to preferred port mode,
u se the no form of th is command.
acces s-group mode {prefer { port | vlan} | merge}
no access-gro up mo de {prefer {port | vlan} | merge}
Syntax Description
prefer po rt
prefer vlan
merge
Specifies that the PACL mo de take precedence if PACLs are configured. If no
PACL features are configu red on the p ort, other features ap plicable to th e
interface are merged and applied on the interface.
Specifies that the VLAN-based ACL mode tak e preceden ce. If no VLAN-based
ACL featu res are configu red on the po rt’s VLAN, the PACL features on the po rt
are applied.
Merges applicable ACL features before they are programmed into the hardware.
Defaults
PACL override mo de
Command Modes
Interface configuration mode
Usage Guidelines
On the Layer 2 interface, prefer p ort, prefer VLAN, and merge modes are suppo rted. A Layer 2 interface
can have one IP ACL applied in either direction (one in bound and one outbo und).
Examples
This example s hows how to make the PACL mod e on the switch take effect:
(config-if)# access-group mode prefer port
This example s hows how to merge app licable ACL features:
(config-if)# access-group mode merge
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-6
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
access-group mode
Related Commands
Co mmand
show access-group mode
interface
show ip interfa ce (refer to
Cisco IOS documen tation )
show ma c access-gro up
interface
Description
Displays the ACL configuration o n a Layer 2 interface.
Displays the IP interface configu ration.
Displays the ACL configuration o n a Layer 2 interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-7
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
access-list hardware capture mode
access-list hardware capture mode
To s elect the mode o f capturing con trol packets, use th e access-list hardware ca pture mode command.
a cces s-list hardware capture mode {global | v lan}
Syntax Description
g loba l
v lan
Defaults
The control packets are glob ally cap tured.
Specifies the capture of con trol packets glob ally on all VLANs.
Specifies the capture of con trol packets on a s pecific VLAN.
Command Modes
Global configuratio n mo de
Usage Guidelines
Befo re configuring the capture mode, it is bes t to examin e and modify y our configuration to glob ally
d isable features such as DHCP sno oping or IGMP snoo ping, and ins tead en able them on sp ecific
VLANs.
When ch ang ing to path managed mo de, be aware that control traffic may be brid ged in hardware or
d ropp ed initially until the p er-vlan CAM en tries are programmed in hardware.
You must ens ure that any access contro l co nfiguration on a member port or VLAN do es n ot deny or drop
th e co ntro l packets from being fo rwarded to the CPU for the features which are en ab led on the VLAN.
If control packets are not permitted then the specific feature do es not function.
Examples
This example s hows how to config ure the switch to captu re con trol packets on VLANs that are
configured to enab le captu ring control packets:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# access-list hardware capture mode vlan
Switch(config)# end
Switch#
This example s hows how to config ure the switch to captu re control packets globally across all VLANs
(using a static ACL):
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# access-list hardware capture mode global
Switch(config)# end
Switch#
This example s hows an other way to con figure the switch to capture control packets globally acro ss all
VLANs:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# no access-list hardware capture mode vlan
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-8
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
access-list hardware en tries
access-list hardware entries
To des ig nate how ACLs are programmed in to the switch h ardware, use the access-list hardware entries
co mmand .
access-list hardwa re entries { packed | sca ttered}
Syntax Description
packed
sca ttered
Defaults
Command Modes
Usage Guidelines
Directs the software to u se th e first entry with a matching mask when selecting
an entry fro m th e ACL TCAM for programming th e ACEs in an ACL.
Directs the software to use the first entry with a free mask when selecting an
entry from the ACL TCAM for prog ramming the ACEs in an ACL.
The ACLs are programmed as packed .
Glob al co nfigu ration mode
Two ty pes of hardware reso urces are used when ACLs are programmed: entries an d masks. If one o f
these resources is consu med, no add itional ACLs can be pro grammed into the hardware. If the mask s are
co nsumed, but the entries are available, ch ang e the p rog ramming alg orithm from packed to scattered
to make the masks availab le. This action allows additional ACLs to be programmed into the h ardware.
The g oal is to use TCAM resources mo re efficiently; th at is, to min imize the number of mas ks p er ACL
en tries. To comp are TCAM u tilization wh en usin g th e scattered or packed alg orith ms, use the
show platform ha rdware acl sta tistics utilization brief command. To change th e alg orith m from
packed to scattered, use the access-list hardware entries command.
Examples
This example s hows how to program ACLs into the hardware as p acked. After they are p rogrammed, yo u
will need 89 percent of the mask s to program on ly 4 9 percent of th e ACL entries.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# access-list hardware entries packed
Switch(config)# end
Switch#
01:15:34: %SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch# show platform hardware acl statistics utilization brief
Entries/Total(%) Masks/Total(%)
----------------- --------------Input Acl(PortAndVlan) 2016 / 4096 ( 49)
460 / 512 ( 89)
Input Acl(PortOrVlan)
6 / 4096 ( 0)
4 / 512 ( 0)
Input Qos(PortAndVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Input Qos(PortOrVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Acl(PortAndVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Acl(PortOrVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Qos(PortAndVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Qos(PortOrVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
L4Ops: used 2 out of 64
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-9
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
access-list hardware entries
Switch#
This example shows how to reserve space (scatter) between ACL entries in the hardware. The
number of masks required to program 49 percent of the entries has decreased to 49 percent.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# access-list hardware entries scattered
Switch(config)# end
Switch#
01:39:37: %SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch# show platform hardware acl statistics utilization brief
Entries/Total(%) Masks/Total(%)
----------------- --------------Input Acl(PortAndVlan) 2016 / 4096 ( 49)
252 / 512 ( 49)
Input Acl(PortOrVlan)
6 / 4096 ( 0)
5 / 512 ( 0)
Input Qos(PortAndVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Input Qos(PortOrVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Acl(PortAndVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Acl(PortOrVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Qos(PortAndVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
Output Qos(PortOrVlan)
0 / 4096 ( 0)
0 / 512 ( 0)
L4Ops: used 2 out of 64
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-10
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
acce ss-list hardware region
access-list hardware region
To mod ify the b alance between TCAM regions in hard ware, use the access -list hardware region
co mmand .
access-list hardwa re region { feature | qos} { input | output} balance {bal-num}
Syntax Description
feature
qos
Sp ecifies adju stment of region balan ce for ACLs.
Sp ecifies adju stment of region balan ce for QoS.
input
Sp ecifies adju stment of region balan ce for in put ACL and QoS.
output
Sp ecifies adju stment of region balan ce for o utput ACL an d QoS.
balance bal-num
Sp ecifies relative s izes of the PandV and PorV regions in the TCAM; valid
values are b etween 1 and 9 9.
Defaults
The defau lt reg ion balance for each TCAM is 50 .
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
PandV is a TCAM regio n containing entries which mask in both the port and VLAN tag p ortion s of th e
flow label.
PorV is a TCAM region containing entries which mas k in either the port or VLAN tag po rtion of the
flow label, but not both .
A balan ce o f 1 allo cates the minimum number of PandV reg ion entries and the maximu m nu mber of
PorV reg ion entries. A balance of 99 allocates the maximum numb er o f PandV region en tries and the
minimum number of PorV region entries. A balance of 5 0 allocates eq ual numb ers of Pand V and PorV
region entries in the specified TCAM.
Balances for the fou r TCAMs can b e modified independently.
Examples
This examp le shows how to enable th e MAC notificatio n trap when a MAC ad dress is add ed to a p ort:
Switch# configure terminal
Switch(config)# access-list hardware region feature input balance 75
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-11
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
action
action
To specify an actio n to b e taken when a match occu rs in a VACL, use the action co mmand . To remove
an action clau se, use th e no form o f this co mmand .
a ction { drop | fo rward}
no actio n {drop | forward}
Syntax Description
drop
Sets the action to drop packets.
forward
Sets the action to forward packets to their destination.
Defaults
This command has no default setting s.
Command Modes
VLAN access-map mo de
Usage Guidelines
In a VLAN access map , if at least one ACL is configu red for a pack et type (IP or MAC), th e default
action for the packet type is drop (deny).
If an ACL is not con figured fo r a p acket type, the default action for the packet type is forward (p ermit).
If an ACL for a pack et ty pe is configured an d the ACL is empty o r undefined, the configured action will
b e applied to the packet type.
Examples
This example s hows how to define a drop action:
Switch(config-access-map)# action drop
Switch(config-access-map)#
This example s hows how to define a forward action:
Switch(config-access-map)# action forward
Switch(config-access-map)#
Syntax Description
Command
match
Descriptio n
Specifies a match clause by selectin g one o r more ACLs for a
VLAN access-map sequence.
show v lan access -map
v lan access-map
Displays the contents of a VLAN access map.
Enters VLAN access-map co mmand mod e to create a VLAN
access map .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-12
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
active
active
To enable the des tinatio n p rofile, use the active command.
active
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Examples
cfg-call-h ome-profile
By defau lt the profile is enabled up on creation .
This examp le shows how to enable th e destination pro file:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# active
Related Commands
Co mmand
Description
destination address
destina tion preferred-msg -format
Config ures the d estination e-mail add ress or URL to which
Call Ho me mes sages will be s ent.
Config ures a maximum des tinatio n message size for th e
destinatio n profile.
Config ures a preferred message format.
destination transport-method
Enables th e messag e transp ort method.
destina tion messag e-size-limit bytes
profile
Enters profile call-h ome configuration sub mode
subscribe-to-alert-g roup a ll
Subscribes to all available alert grou ps.
subscribe-to-alert-g roup configuration Subscribes this destinatio n p rofile to the Con figuratio n
alert group .
subscribe-to-alert-g roup diag no stic
Subscribes this destinatio n p rofile to the Diag nostic alert
group.
subscribe-to-alert-g roup env ironment
Subscribes th is destination profile to the Environment alert
group.
subscribe-to-alert-g roup inventory
Subscribes this destinatio n p rofile to the Inven tory alert
group.
Subscribes this d estin ation pro file to the Sy slog alert group.
subscribe-to-alert-g roup s yslog
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-13
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ancp client port identifier
ancp client port identifier
To create a map ping fo r an ANCP client to iden tify an in terface on wh ich ANCP sho uld start or stop a
mu lticast s tream, use th e ancp client port identifier co mmand .
a ncp client po rt identifier identifying name vlan vlan numb er interface interface
Syntax Description
Defaults
id entifier n ame
Identifier u sed by the ANCP server to specify an in terface memb er o f a VLAN.
vlan number
in terface
VLAN identifier.
Interface member o f this VLAN.
This command has no default setting s.
Command Modes
Global configuratio n mo de
Usage Guidelines
The ANCP server can use either the DHCP option 82 circuit ID o r an id entifier created with this
commandto identify the port. Use o nly o ne of the two methods; do n ot interchange them. If you use the
DHCP option 82, the port id entifier used by the ANCP server shou ld be (in h ex) 0x01 06000 4[v lan][in tf].
For example, VLAN 19 and interface Fast Ethernet 2 /3 will prov ide 0x0 10600 04001 30203 . If you use
th e port id entifier, however, use the exact strin g p rovid ed on the CLI.
Note
Examples
This command is availab le only after yo u set the b ox in ANCP client mode with the ancp mode client
configuration command.
This ex amp le shows how to identify interface FastEthern et 7 /3 on VLAN 10 with the string NArmstrong:
Switch# ancp client port identifier NArmstrong vlan 10 interface FastEthernet 7/3
Related Commands
Command
Descriptio n
ancp mode client
Sets th e router to become an ANCP client.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-14
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ancp client server
ancp client server
To set the IP address of the remote ANCP server, u se the a ncp client server comman d.
ancp client server ip addr of ser ver interface interface
Syntax Description
ipadd r o f server
interface
Defaults
This comman d has no default settings.
IP address of the ANCP server th e client must connect with TCP.
Interface to use for th e connectio n.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
The interface can be the d irect interface con nected towards the ANCP serv er (if o nly on e) or a loo pback
interface if several interfaces are available for co nnecting to the server and p rop er routing is set. (An IP
ad dress must b e configured o n this interface an d it should not be in shu tdown state.) Alo ng with the a ncp
mode client command, the ancp client s erver command is requ ired in order to activate th e ANCP client.
Once y ou enter this command, th e ANCP clien t tries to connect to the remote serv er.
Examples
This examp le shows how to in dicate to the ANCP client the IP add ress of the ANCP server it n eeds to
co nnect to:
Switch# ancp client server 10.1.2.31 interface FastEthernet 2/1
Related Commands
Co mmand
ancp mo de client
Description
Sets the router to become an ANCP client.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-15
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ancp mode client
ancp mode client
To set the rou ter to b ecome an ANCP client, use th e ancp mo de client comman d.
ancp mode client
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Global configuratio n mo de
Usage Guidelines
To fully activate ANCP, the ad ministrator must also set the ANCP server IP address to which th e ANCP
client mu st conn ect.
Examples
This example s hows how to set th e ro uter to become an ANCP clien t:
Switch# ancp mode client
Related Commands
Command
Descriptio n
a ncp client server
Displays multicast streams activated b y ANCP.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-16
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
app ly
apply
To implement a new VLAN database, increment the config uration numb er, save the configuration
number in NVRAM, and propagate the con figuratio n numb er througho ut the administrative domain, use
the apply co mmand .
apply
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
VLAN config uration mod e
Usage Guidelines
The apply command implements the con figuratio n changes that yo u made after you entered VLAN
database mode an d uses them for the runnin g co nfigu ration. This command keep s you in VLAN database
mode.
You can not use this command when the s witch is in the VTP client mode.
You can verify that th e VLAN databas e chan ges occurred b y enterin g th e show vlan co mmand fro m
privileged EXEC mod e.
Examples
This examp le shows how to imp lement the propos ed new VLAN database an d to recog nize it as the
cu rrent databas e:
Switch(config-vlan)# apply
Switch(config-vlan)#
Related Commands
Co mmand
Description
ex it (refer to Cisco IOS
documentatio n)
Closes an active terminal session by logging o ff the switch.
reset
Leaves the propos ed new VLAN datab ase but remain s in VLAN
co nfiguration mode and resets the propo sed new datab ase to be
identical to the VLAN d atabase currently implemented.
Displays VLAN information .
Shuts down VLAN switch ing.
show vlan
shutdown vlan (refer to Cisco
IOS do cumentation)
vtp (g lobal config uration
mode)
Modifies the n ame of a VTP con figuratio n s torage file.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-17
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
arp access-list
arp access-list
To define an ARP access list or add claus es at the en d of a predefined lis t, use the arp access -list
command.
a rp access-list name
Syntax Description
n ame
Defaults
This command has no default setting s.
Sp ecifies the access con trol list name.
Command Modes
Global configuratio n mo de
Examples
This example s hows how to define an ARP acces s list named s tatic-ho sts:
Switch(config)# arp access-list static-hosts
Switch(config)#
Related Commands
Command
deny
Descriptio n
Den ies an ARP packet based on matches against the DHCP
b indings.
ip arp inspectio n filter vlan
Permits ARPs from hosts that are config ured fo r static IP when
DAI is enabled an d to defin e an ARP acces s list and app lies it to
a VLAN.
permit
Permits an ARP packet based on matches against the DHCP
b indings.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-18
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
attach module
attach module
To remotely connect to a sp ecific module, use the attach module configuration command.
attach module mod
Syntax Description
mod
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Target mod ule for the command.
Privileg ed EXEC mode
This comman d app lies only to the Access Gateway Mod ule on Catalys t 45 00 series switch es.
The valid valu es fo r mod depend on the chassis th at are us ed. For example, if you have a Catalyst 4 506
ch assis, valid values for the mo dule are from 2 to 6. If y ou have a 4507 R chas sis, valid values are from
3 to 7.
Wh en yo u execute the attach module mod co mmand , the promp t changes to Gateway#.
This comman d is identical in the resulting actio n to the session module mod and the remote log in
module mod co mmand s.
Examples
This examp le shows how to remotely log in to an Access Gateway Mod ule:
Switch# attach module 5
Attaching console to module 5
Type 'exit' at the remote prompt to end the session
Gateway>
Related Commands
Co mmand
remote login module
Description
Remotely connects to a sp ecific module.
ses sion module
Logs in to the s tand by superviso r engine u sing a virtual conso le.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-19
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication control-direction
authentication control-direction
To ch ang e the p ort control to un idirectional or bidirectional, us e the a uthentication control-direction
command in interface config uration mode. To return to th e default settin g, use the no form of this
command.
authentication control-direction { both | in}
no authenticatio n control-directio n
Syntax Description
both
in
Command Default
both
Enab les bidirectional co ntro l on the port.
Enab les unid irection al control o n th e port.
Command Modes
Interface configuration mode
Usage Guidelines
The authentication control-direction command replaces the followin g d ot1x command , which is
d eprecated in Cisco IOS Release 12 .2 (50)SG and later releas es:
dot1x control-direction {both | in}
The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that
restricts u nauthorized dev ices from con necting to a LAN through p ublicly accessible ports .
IEEE 8 02.1X controls network access by creating two d istinct virtual access points at each po rt. One
access point is an u nco ntrolled port; th e other is a controlled port. All traffic through the single p ort is
available to b oth access poin ts. IEEE 80 2.1X au then ticates each user device that con nects to a switch
p ort and assigns the port to a VLAN before making available any services that are o ffered by th e switch
o r the LAN. Until the device authenticates, 802.1X access control allows only Ex tens ible Authentication
Protocol (EAP) over LAN (EAPOL) traffic through the port to which the device connects. After
authenticatio n s ucceed s, normal traffic can p ass through th e port.
•
Unidirectional state—When y ou co nfigure a port as unidirectional with the
dot1x control-direction interface configuration command, th e port changes to the spannin g-tree
forwarding state.
When the un idirectional controlled p ort is en ab led, the connected ho st is in sleep ing mode o r
p ower-d own state. The host does not exchange traffic with oth er d evices in the network. If the h ost
conn ected to the unid irectio nal port that cannot send traffic to the network , th e h ost can only receive
traffic fro m o ther devices in the network.
•
Bidirection al state—When you config ure a port as bidirectional with the do t1x control-directio n
in terface co nfiguration command, the p ort is access-controlled in both d irection s. In this state, the
switch p ort sends only EAPOL.
Using the both keywo rd or using the no form of th is command ch an ges the port to its bidirectional
d efault setting.
Setting the po rt as b id irectio nal enables 80 2.1 X au then tication with Wake-on-LAN (WoL).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-20
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auth entication control-direction
You can verify you r settin gs by entering the show authentication privileg ed EXEC co mmand .
Examples
The following example shows how to enable unid irectio nal control:
Switch(config-if)# authentication control-direction in
Switch(config-if)#
The following example shows how to enable bidirection al contro l:
Switch(config-if)# authentication control-direction both
Switch(config-if)#
The following example shows how to return to the default settings:
Switch(config-if)# no authentication control-direction
Switch(config-if)#
Related Commands
Co mmand
show authentication
Description
Displays Au then tication Manag er information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-21
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication critical recovery delay
authentication critical recovery delay
To co nfigure th e 802.1X critical auth entication parameters, use the authenticatio n critical recovery
delay co mmand in glo bal config uration mode. To return to th e default settin gs, us e the no form of th is
command.
a uthentication critical reco very delay millisecond s
no authenticatio n critical recovery delay
Syntax Description
millisecond s
Command Default
1 0000 millisecon ds
Specifies the reco very delay period in millisecon ds to wait to reinitialize a
critical p ort wh en an unavailable RADIUS server b ecomes available. The
rang is 1 to 10 000 millisecond s.
Command Modes
Global configuratio n mo de
Usage Guidelines
The authentication critical recovery dela y comman d replaces the fo llowing d ot1x command, which is
d eprecated in Cisco IOS Release 12 .2 (50)SG and later releas es:
dot1x critica l recovery delay milliseco nds
You can verify your settings by entering the show authentication priv ileged EXEC command.
Examples
This example s hows how to set th e recovery delay period that the switch waits to rein itialize a critical
p ort wh en an unavailable RADIUS server b ecomes available:
Switch(config)# authentication critical recovery delay 1500
Switch(config)#
Related Commands
Command
show authentication
Descriptio n
Displays Authenticatio n Manager information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-22
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication event
authentication event
To co nfigu re the actio ns for authentication events, use th e authentication event interface config uration
co mmand . To return to the defau lt settings, use th e no form of this comman d.
authentication event fail [retry count ] action [autho rize vla n vlan | next-method}
authentication event server {alive action reinitia lize | dea d action authorize [vlan vla n] | voice
| dead action reinitialize [vlan vlan ]}}
authentication event no-respons e action authorize vlan vla n]}
no authentication event {fail} | {s erver {alive | dead}} | {no-response}
Syntax Description
Command Default
fail
Specifies the behavior when an authentication fails due to b ad us er
creden tials.
retry count
(Optional) Specifies the number of times to retry failed au then tications.
Rang e is 0 to 5. Default is 2.
fail actio n autho rize
vlan vlan
Wh en auth entication fails du e to wrong us er creden tials, authorizes the po rt
to a particular VLAN.
fail action
next-method
Specifies that the required actio n for an au then tication event moves to the
nex t authenticatio n method .
server alive action
reinitialize
server dea d actio n
authorize [v la n vlan |
voice
server dea d actio n
reinitialize vla n vlan
no-response action
authorize
Config ures the authenticatio n, au thorization, and acco unting (AAA) server
alive actions as rein itialize all autho rized clients for authentication events.
Config ures the AAA server dead actions to authorize data or voice clients
for the authentication even ts.
Config ures the AAA server dead actions to reinitialize all authorized data
clients fo r authentication events.
Wh en the client does n ot sup port 802 .1x , au thorizes the p ort to a p articu lar
VLAN.
The defau lt settings are as follows:
•
The cou nt is 2 by default.
•
The current auth entication method is retried indefinitely (an d fails each time) until the AAA server
becomes reachable.
Command Modes
Interface con figuration mode
Usage Guidelines
The authentica tion event fa il command replaces the followin g 8 02.1X commands, which are
deprecated in Cis co IOS Release 12.2(5 0)SG and later releases:
•
[no] dot1x auth-fa il max-attempts count
•
[no] dot1x auth-fa il vla n vlan
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-23
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication event
The authentication ev ent fail command is su pported only for 802.1X to sign al au th en tication failures.
By default, th is failu re ty pe cau ses the auth entication metho d to b e retried. You can configure eith er to
autho rize the po rt in th e co nfigured VLAN o r to failover to the next auth entication metho d. Op tionally,
y ou can specify the nu mber of authentication retries b efore performin g th is action.
The authentication event server co mmand replaces th e fo llowing 802 .1 X commands , wh ich are
d eprecated in Cisco IOS Release 12 .2 (50)SG and later releas es:
•
[no] dot1x critical
•
[no] dot1x critical vlan vla n
•
[no] dot1x critical recover action initialize
The authentication event server co mmand sp ecifies the behavior when th e AAA server beco mes
u nreachable, po rts are autho rized in the specified VLAN.
The authenticatio n server alive actio n command specifies the action to be taken o nce th e AAA s erver
b ecomes reachable again.
You can verify your settings by entering the show authentication priv ileged EXEC command.
The authentication event no-response command replaces the followin g 802.1X command, which is
d eprecated in Cisco IOS Release 12 .2 (50)SG and later releas es:
•
[no] dot1x guest-v lan vlan
The authentication event no-response command specifies the action to be taken when the clien t d oes
n ot s upport 802.1X.
Examples
The following example shows how to specify that when an au then tication fails due to b ad user
credentials, the pro cess ad vances to th e next authenticatio n metho d:
Switch(config-if)# authentication event fail action next-method
Switch(config-if)#
The fo llowing ex ample s hows how to sp ecify the AAA server alive actions as reinitialize all au th orized
clients for auth entication events:
Switch(config-if)# authentication event server alive action reinitialize
Switch(config-if)#
The following example shows how to specify the AAA server dead actions that auth orize the port for
authenticatio n events:
Switch(config-if)# authentication event server dead action authorize
Switch(config-if)#
The following example shows how to specify the conditio ns when a client doesn't sup port 80 2.1 X to
autho rize the port for authentication events :
Switch(config-if)# authentication event authentication event no-response action authorize
vlan 10
Switch(config-if)#
Related Commands
Command
Descriptio n
show authentication
Displays Authenticatio n Manager information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-24
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication fallback
authentication fallback
To enable Web Auth fallback and to specify th e fallb ack profile to u se when failing over to WebAu th, use
the authentication fallback interface command. To return to the default setting , use the no form of this
co mmand .
authentication fallback pro file
Syntax Description
profile
Command Default
Disabled
Command Modes
Interface con figuration mode
Usage Guidelines
Name to use when failing over to WebAuth (maximum of 20 0 characters).
By defau lt, if 80 2.1 X times ou t and if MAB fails, WebAuth is enabled.
The authentication fallback command replaces th e fo llowing dot1x command, which is deprecated in
Cisco IOS Release 12.2(50)SG and later releases:
[no] dot1x fallba ck profile
The Webau th fallback feature allows yo u to h ave those clien ts that do no t have an 80 2.1X su pplicant and
are no t managed devices to fall back to the WebAuth meth od.
You can verify you r settin gs with the show authentication privileged EXEC comman d.
Examples
This example shows h ow to enable WebAuth fallback an d specify the fallback pro file to use when failin g
over to WebAuth:
Switch(config-if)# authentication fallback fallbacktest1
Switch(config-if)#
This examp le shows how to d isable WebAuth fallback :
Switch(config-if)# no authentication fallback fallbacktest1
Switch(config-if)#
Related Commands
Co mmand
show authentication
Description
Displays Au then tication Manag er information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-25
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication host-mode
authentication host-mode
To define th e classification of a ses sion that will be used to app ly th e acces s-po licies in h ost-mo de
configuration , use the authentication host-mode command in in terface co nfigu ration mode. To return
to the default s etting s, use the no fo rm of this command.
authentication hos t-mode { single-ho st | multi-auth | multi-domain | multi-host} [open]
[no] authentication host-mode {single-host | multi-auth | multi-doma in | multi-host} [open]
Syntax Description
single-hos t
Specifies the session as an interface s essio n, and allows one client o n the
port o nly. This is the default host mode when enab ling 802.1X.
multi-auth
Specifies the session as a MAC-b ased session. Any number o f clients are
allowed on a port in data do main and only on e client in voice domain, but
each one is requ ired to auth enticate separately.
Specifies the session based on a comb inatio n of MAC address and d omain ,
with the restriction that o nly one M AC is allowed p er d omain .
Specifies the sessio n as an interface sessio n, bu t allows mo re than o ne client
on the p ort.
multi-do main
multi-ho st
o pen
(Optional) Configures the host-mo de with o pen p olicy on the port.
Command Default
This command has no default setting s.
Command Modes
Interface configuration mode
Usage Guidelines
Single-host mode classifies the session as an interface s essio n (fo r ex ample, o ne MAC per interface).
Only one client is allowed o n the p ort, and any po licies that are downlo aded for the client are app lied to
th e who le port. A security v iolation is triggered if more than one client is detected.
Mu lti-hos t mod e classifies the session as an interface session , but the difference with this hos t-mode is
th at it allows more than one client to attach to th e port. Only the first client that is detected on the p ort
will b e authenticated and the rest will inherit the s ame access as th e first client. The policies th at are
d ownloaded for the first client will be applied to the whole p ort.
Mu lti-domain mo de classifies th e session based on a combination of MAC ad dress and d omain , with th e
restriction that on ly one MAC is allowed per do main. The domain in th e switching enviro nmen t refers
to the VLAN, an d th e two sup ported domains are th e DATA domain an d th e voice domain. Only on e
client is allowed on a p articu lar do main. So, only two clients (MACs) per port are sup ported. Each one
is required to authenticate s eparately. Any po licies that are downloaded for the clien t will be app lied fo r
th at client’s MAC/IP o nly and will not affect the oth er on th e s ame port. The clients can be authenticated
u sing different methods (such as 802 .1 X for PC, MAB for IP pho ne, or vice versa). No restriction exists
o n th e authentication order.
The on ly caveat with the above statement is that web-b ased authentication is only available for data
d evices because a user is probably operating the device an d HTTP capability exists. Also, if web -based
authenticatio n is configured in MDA mode, the only form of enforcement for all types of devices is
d ownloadable ACLs (dACL). The restrictio n is in place because VLAN assignment is not s upported fo r
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-26
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication host-mode
web-based authentication. Furthermore, if you use d ACLs for data dev ices and n ot for vo ice d evices,
when the user’s data falls back to webauth, vo ice traffic is affected by the ACL that is applied b ased on
the fallback p olicy. Th erefore if webauth is con figured as a fallback on an MDA en abled port, dACL is
the on ly supported enforcemen t method.
Multi-auth mo de classifies the session as a MAC-based. No limit ex ists fo r the numb er of clients allowed
on a po rt data domain. Only one client is allowed in a voice do main and each one is requ ired to
au then ticate separately. Any policies that are downloaded for the client are applied fo r that clien t’s MAC
or IP on ly and do no t affect others on the same port.
The optional pre-auth entication open access mode allows y ou to gain netwo rk access b efore
au then tication is performed .This is primarily req uired for th e PXE boot scenario , but n ot limited to just
that us e case, where a device n eeds to access the network b efore PXE times o ut and downloads a
bootable image possibly containing a s upplican t.
The con figuratio n related to this featu re is attached to the ho st-mod e configu ration whereby the
host-mode itself is sign ificant for the control plane, wh ile the o pen access co nfiguration is sig nifican t
for the data p lane. Open-access co nfigu ration has absolu tely no bearing o n th e session classification.
The host-mode configuration still co ntrols this. If the open-access is d efined for sing le-host mode, the
port still allows only one MAC address. The po rt forwards traffic from the start and is only restricted by
what is configured on the port. Such configurations are indepen den t of 802.1X. So, if there is no form
of access -restrictio n config ured o n the po rt, the client devices h ave full access on the configu red VLAN.
You can verify you r settin gs with the show authentication privileged EXEC comman d.
Examples
This examp le shows how to d efine the classification of a session th at are u sed to apply the
access-policies u sing the ho st-mod e configu ration:
Switch(config-if)# authentication host-mode single-host
Switch(config-if)#
Related Commands
Co mmand
show authentication
Description
Displays Au then tication Manag er information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-27
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication open
authentication open
To en able open access on this po rt, u se the authentication open co mmand in interface con figuratio n
mo de. To disable open access on this port, us e the no form of th is command.
authentication open
no authenticatio n open
Syntax Description
This command has no arguments or keywo rds.
Command Default
Disabled.
Command Modes
Interface configuration mode
Usage Guidelines
Open Access allows clients or devices to gain n etwork access before authentication is performed.
You can verify your settings with th e show authentication priv ileged EXEC command.
This command overrides th e authentication host-mode session-typ e open glob al configu ration mode
command fo r the p ort only.
This command op erates per-p ort rather than glob ally.
Examples
The following example shows how to en able open access to a po rt:
Switch(config-if)# authentication open
Switch(config-if)#
The following example shows how to en able open access to a po rt:
Switch(config-if)# no authentication open
Switch(config-if)#
Related Commands
Command
Descriptio n
show authentication
Displays Authenticatio n Manager information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-28
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication order
authentication order
To specify the ord er in which authenticatio n metho ds should be attempted for a client on an interface,
use th e authentication order command in interface configuration mod e. To return to the default
settin gs, us e the no form of th is command.
authentication order meth od1 [method2] [method 3]
no authentication order
Syntax Description
method1
Authentication method to be attempted . The valid values are as follows:
•
•
dot1x—Adds the d ot1x au then tication method.
mab—Add s th e MAB authentication method.
• webauth—Adds the WebAuth auth en tication meth od.
(Option al) Authentication method to be attempted. The valid values are as
follows:
method2
method3
•
dot1x—Adds the d ot1x au then tication method.
•
mab—Add s th e MAB authentication method.
•
webauth—Adds the WebAuth auth en tication meth od.
Command Default
The defau lt o rder is dot1x , MAB, then WebAuth.
Command Modes
Interface con figuration mode
Usage Guidelines
Once you enter th e authentica tion o rder command, only th ose methods explicitly listed will run . Each
meth od may be en tered on ly o nce in the run list and no method s may be entered after you enter the
webauth k eyword .
Auth entication metho ds are applied in th e config ured (o r default) order until authentication succeeds.
Fo r au then tication fails, failov er to the nex t authenticatio n method o ccurs (subject to the con figuration
of authentication even t handlin g).
You can verify you r settin gs with the show authentication privileg ed EXEC co mmand .
Examples
The following example shows how to specify the order in which authenticatio n method s s hould be
attempted for a client on an interface:
Switch(config-if)# authentication order mab dot1x webauth
Switch(config-if)#
Related Commands
Co mmand
show authentication
Description
Displays Au then tication Manag er information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-29
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication periodic
authentication periodic
To en able reauthentication for this port, us e the authentication periodic co mmand in interface
configuration mod e. To disable reau th en tication fo r this port, use the no fo rm of this comman d.
authentication periodic
no authentication periodic
Syntax Description
This command has no arguments or keywo rds.
Command Default
Disabled.
Command Modes
Interface configuration mode
Usage Guidelines
The reauthenticatio n p eriod can be set using th e authentication timer comman d.
You can verify your settings by entering the show authentication priv ileged EXEC command.
Examples
The following example shows how to en able reau then tication fo r this port:
Switch(config-if)# authentication reauthentication
Switch(config-if)#
The following example shows how to disable reauthentication for th is po rt:
Switch(config-if)# no authentication reauthentication
Switch(config-if)#
Related Commands
Command
Descriptio n
authentication timer
Con figures the au then tication timer.
show authentication
Displays Authenticatio n Manager information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-30
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication port-control
authentication port-control
To config ure the po rt-co ntrol value, use th e authentication port-control command in interface
co nfiguration mode. To return to the default setting, use th e no form of this comman d.
authentication port-control [auto | force-authorized | fo rce-una uthorized]
no authentication port-control
Syntax Description
auto
force-a uthorized
force-unauthorized
Command Default
(Optional) Enables 802.1X port-b ased authenticatio n and cau ses the port to
beg in in th e unauthorized state.
(Optional) Dis ables 802.1X o n th e interface and cau ses the port to change
to the authorized state with out any authentication exchange req uired. The
port tran smits and receives normal traffic without 802.1X-based
au then tication of the client. The force-autho rized keyword is th e default.
(Optional) Denies all access th rou gh this interface by fo rcing the p ort to
ch ang e to the u nau thorized state, ig norin g all attempts by the client to
au then ticate.
force-a uthorized
Command Modes
Interface con figuration mode
Usage Guidelines
The following guidelines app ly to Ethernet s witch n etwork mod ules:
•
The 802.1X protocol is supported o n Layer 2 s tatic-access ports.
•
You can u se the a uto key word only if the port is not config ured as on e of th e fo llowing types:
– Trun k po rt—If you try to enable 802 .1X on a trunk p ort, an erro r message appears, and 8 02.1X
is no t enab led. If you try to change the mod e of an 802.1X-enabled po rt to tru nk, the po rt mo de
is not changed.
– EtherChannel port—Before enab ling 802.1X o n th e port, yo u mu st first remove it fro m the
EtherChannel. If yo u try to en able 802.1X o n an Eth erChan nel or on an active port in an
EtherChannel, an error message appears, and 8 02.1X is no t enab led. If you enab le 802.1X on a
not-yet active port of an Eth erChan nel, the p ort does not join the EtherChannel.
– Switch Po rt Analy zer (SPAN) destinatio n port—You can enab le 80 2.1X on a port that is a SPAN
destinatio n p ort; however, 80 2.1 X is d isab led until the port is removed as a SPAN d estination.
You can enable 8 02.1X on a SPAN s ource p ort.
To glo bally disable 802.1X on the dev ice, yo u must d isab le it on each p ort. There is no global
co nfiguration co mmand for this task.
You can verify you r settin gs with the show authentication privileged EXEC comman d.
The auto keyword allows y ou to sen d and receive only Extensib le Auth entication Protocol over LAN
(EAPOL) frames through the port. The auth entication pro cess begins when the link state o f the p ort
transition s from down to u p or wh en an EAPOL-start frame is received . The system requests th e id entity
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-31
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication port-control
o f the client and begins relaying authentication messages between the clien t and the authenticatio n
server. Each clien t attemp ting to access the network is uniq uely identified by the system throug h th e
client’s MAC address .
Examples
The following example shows that the auth entication statu s o f the client PC will be determined by the
authenticatio n p rocess:
Switch(config-if)# authentication port-control auto
Switch(config-if)#
Related Commands
Command
show authentication
Descriptio n
Displays Authenticatio n Manager information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-32
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
authen tication priority
authentication priority
To specify the prio rity of authenticatio n method s o n an interface, use the authentication priority
co mmand in interface con figuratio n mo de. To retu rn to the d efau lt settings, use the no form of this
co mmand .
authentication priority method1 [method2] [method3]
no authentication priority
Syntax Description
method1
Authentication method to be attempted . The valid values are as follows:
•
•
method2
method3
dot1x—Adds the d ot1x au then tication method.
mab—Add s th e MAB authentication method.
• webauth—Adds the Webauth authentication method.
(Option al) Authentication method to be attempted. The valid values are as
follows:
•
dot1x—Adds the d ot1x au then tication method.
•
mab—Add s th e MAB authentication method.
•
webauth—Adds the Webauth authentication method.
Command Default
The defau lt o rder is dot1x , MAB, then webau th.
Command Modes
Interface con figuration mode
Usage Guidelines
Config uring p riorities for authentication methods allows a hig her prio rity method (n ot currently
run ning) to in terrup t an au then tication in progress with a lower prio rity method. Alternatively, if th e
client is already authenticated, an interrupt fro m a hig her p riority method can cau se a client, which was
previous ly authenticated using a lower priority method, to reau then ticate.
The d efau lt priority of a meth od is equivalent to its po sition in th e order o f execution list. If you do not
co nfigure a priority, the relative prio rities (highest first) are d ot1x, MAB and then webauth. If y ou enter
the authentication o rder comman d, the default p riorities are the same as the configured order.
You can verify you r settin gs with the show authentication privileged EXEC comman d.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-33
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication priority
Examples
The following example shows how to specify the priority in which authenticatio n metho ds should be
attempted for a client on an interface:
Switch(config-if)# authentication priority mab dot1x webauth
Switch(config-if)#
Related Commands
Command
authentication order
show authentication
Descriptio n
Specifies th e order in which auth entication meth ods sho uld be attempted for
a client on an in terface.
Displays Authenticatio n Manager information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-34
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication timer
authentication timer
To con figure the authentication timer, use the authentication timer command in interface configuration
mode. To return to the default s etting s, use the no fo rm of this comman d.
authentication timer {{inactivity value} | {reauthenticate {server | va lue}} | {restart value}}
no authentication timer {{inactivity value} | { reauthenticate value} | {restart value}}
Syntax Description
ina ctivity value
Specifies the amoun t of time in seco nds th at a h ost is allowed to be inactive
before being authorized. Rang e is 1 to 6 5535. Default is Off.
Th e inactivity value sh ould be less than the reauthenticate timer
value, but co nfigu ring the inactivity valu e high er th an the
reauthenticate timer value is n ot cons idered an error.
Specifies that the reau thentication perio d value for th e client sho uld be
obtained from th e authentication, au thorization, and accou nting (AAA)
server as Session-Timeo ut (RADIUS Attribute 2 7).
Note
reauthenticate server
reauthenticate va lu e
Specifies the amount of time in second s after which an automatic
reauthentication is initiated. Rang e is 1 to 65535 . Default is 3600.
resta rt valu e
Specifies the amount of time in second s after which an attempt is made to
au then ticate an unauthorized port. Range is 1 to 655 35. Default is Off.
Command Default
The default settings are as follows:
• ina ctivity value—Off.
Command Modes
Interface con figuration mode
Usage Guidelines
Note
•
reauthenticate va lu e— 3600
•
resta rt valu e—Off
Reauthentication o nly occurs if it is enabled o n the interface.
You shou ld change the d efault valu es of this command only to adjust fo r unusual circumstances such as
unreliable lin ks or specific behavioral problems with certain clients or auth entication servers.
During the in activity period, the Ethernet s witch n etwork mod ule do es not accept o r initiate any
au then tication requests. If y ou want to p rovid e a faster resp onse time to the user, enter a number less
than th e default.
The reauthentica te keyword affects the behavior o f the Ethernet switch n etwork mod ule only if y ou
have en abled period ic reauthentication with the authentication reauthentication glob al co nfigu ration
co mmand .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-35
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication timer
Examples
The fo llowing example shows how to sp ecify that the reauthenticatio n perio d value fo r th e client sho uld
b e obtained from the authentication, authorization, and accou nting (AAA) server as Session-Timeo ut
(RADIUS Attribute 2 7):
Switch(config-if)# authentication timer reauthenticate server
Switch(config-if)#
Related Commands
Command
show authentication
Descriptio n
Displays Authenticatio n Manager information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-36
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auth entication violation
authentication violation
Use the authentication vio lation interface configuration command to con figure the violation mode:
restrict, shutdown, and replace.
In single-ho st mode, a security violation is trigg ered when mo re than on e d evice are d etected on the data
vlan. In multidomain auth entication mode, a security vio lation is trig gered when more than o ne device
are detected on the d ata or voice VLAN.
Security v iolatio n cannot be triggered in multiplehost or mu ltiauth entication mode.
authentication violation { restrict | shutdown | replace}
no a uthentication violation {restrict | shutdown | replace}
Syntax Description
restrict
Generates a sy slog erro r when a v iolation error o ccurs.
shutdown
Error dis ables the [virtual] port on which an unexpected MAC add ress
o ccurs.
Replaces the existing ho st with the new host, instead of errordisabling or
restricting the p ort.
Defaults
Shut down the port. If the restrict keywo rd is co nfigu red, the port d oes no t sh utdown.
replace
Command Modes
Interface con figuration
Usage Guidelines
Wh en a new h ost is seen in single or multip le- do main modes, replace mode tears down the old session
an d authenticates the n ew ho st.
Examples
This examp le shows how to configure violation mode shutdown on a switch:
Switch# configure terminal
Switch(config)# authentication violation shutdown
A port is error-disabled when a secu rity violation triggers on shutd own mode. The following sy slog
mess ages displays:
%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface <interface name>, new
MAC address <mac-address> is seen.
%PM-4-ERR_DISABLE: security-violation error detected on <interface name>, putting
<interface name> in err-disable state
Related Commands
Co mmand
Description
authentication
co ntro l-direction
authentication event
Config ures the po rt mode as unidirection al or b idirectio nal.
Sets the action for specific authentication events.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-37
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
authentication violation
Command
Descriptio n
authentication
fallback
authentication
host-mode
authentication open
Con figures a p ort to use web authentication as a fallback method for clients
th at do not supp ort IEEE 80 2.1x auth entication.
Sets th e authorization manager mode on a port.
Enab les or disab les open acces s o n a port.
authentication order
Sets th e order of authentication method s u sed on a port.
authentication
periodic
Enab les or disab les reauthentication o n a port.
authentication
port-control
Enab les manual control of the port autho rizatio n state.
authentication
priority
Adds an authentication metho d to th e port-priority list.
authentication timer
Con figures the timeo ut and reauthenticatio n p arameters for an
8 02.1x-enabled port.
show authentication
Displays info rmation ab out auth entication man ager even ts on th e switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-38
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos classify
auto qos classify
To gen erate a QoS configuration for an untrusted interface, use the auto qos classify interface comman d.
auto qos cla ssify
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Interface con figuration mode
Usage Guidelines
This comman d gen erates a QoS configuration for untrusted interfaces . It places a service-policy to
classify the traffic coming from untrusted des ktops or d evices and marks them acco rdin gly. The
service-policies g enerated do not police.
Global Level Commands Generated
The global templates are defined in A, B, C.
A. Template fo r ACLs an d app lication classes used by th e auto qos classify command.
ip access-list extended AutoQos-4.0-ACL-Multimedia-Conf
permit udp any any range 16384 32767
ip access-list extended AutoQos-4.0-ACL-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-ACL-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
ip access-list extended AutoQos-4.0-ACL-Bulk-Data
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq 22
permit tcp any any eq smtp
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq pop3
permit tcp any any eq 995
permit tcp any any eq 1914
ip access-list extended AutoQos-4.0-ACL-Scavenger
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-39
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos classify
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any range 6881 6999
permit tcp any any eq 11999
permit tcp any any range 28800 29100
ip access-list extended AutoQos-4.0-ACL-Default
permit ip any any
class-map match-any AutoQos-4.0-VoIP-Data
match dscp ef
match cos 5
class-map match-all AutoQos-4.0-VoIP-Data-Cos
match cos 5
class-map match-any AutoQos-4.0-VoIP-Signal
match dscp cs3
match cos 3
class-map match-all AutoQos-4.0-VoIP-Signal-Cos
match cos 3
class-map match-all AutoQos-4.0-Multimedia-Conf-Classify
match access-group name AutoQos-4.0-ACL-Multimedia-Conf
class-map match-all AutoQos-4.0-Signaling-Classify
match access-group name AutoQos-4.0-ACL-Signaling
class-map match-all AutoQos-4.0-Transaction-Classify
match access-group name AutoQos-4.0-ACL-Transactional-Data
class-map match-all AutoQos-4.0-Bulk-Data-Classify
match access-group name AutoQos-4.0-ACL-Bulk-Data
class-map match-all AutoQos-4.0-Scavenger-Classify
match access-group name AutoQos-4.0-ACL-Scavenger
class-map match-all AutoQos-4.0-Default-Classify
match access-group name AutoQos-4.0-ACL-Default
AutoQos-4 .0-VoIP-Data-Cos and Au to Qos-4.0-VoIP-Sig nal-Cos are needed to h and le instances wh en
y ou con nect an IP p hone to an interface and call the a uto qos voip cisco-phone command on that
in terface. In this situation, th e input serv ice policy on th e interface mus t match Vo IP and sig nalin g
p ackets solely on their CoS markin gs. Th is is because s witching ASICs on Cisco IP Phones are limited
to on ly remarking the Co S bits of Vo IP and the signaling traffic. Matching DSCP markings results in a
security vu lnerability because a user who se PC was connected to an IP phone co nnected to a switch
would be able to remark DSCP mark ings of traffic arising from th eir PC to dscp ef usin g the NIC on their
PC. Th is cau ses incorrect p lacement of non real-time traffic in th e prio rity queue in th e egress direction.
B. Template fo r the a uto qos class ify comman d in put service-policy
policy-map AutoQos-4.0-Classify-Input-Policy
class AutoQos-4.0-Multimedia-Conf-Classify
set dscp af41
set cos 4
set qos-group 34
class AutoQos-4.0-Signaling-Classify
set dscp cs3
set cos 3
set qos-group 16
class AutoQos-4.0-Transaction-Classify
set dscp af21
set cos 2
set qos-group 18
class AutoQos-4.0-Bulk-Data-Classify
set dscp af11
set cos 1
set qos-group 10
class AutoQos-4.0-Scavenger-Classify
set dscp cs1
set cos 1
set qos-group 8
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-40
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos classify
class AutoQos-4.0-Default-Classify
set dscp default
set cos 0
C. Template for egress q ueu e classes along with th e SRND4 output policy that uses th e egress classes to
allo cate 8 queues. This template is requ ired by all SRND4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because police comman ds execu ted in policy map configuration mod e do not allow the remarking of
qos-gro ups fo r traffic flows that exceed defined rate limits, yo u must con figure
Auto Qos-4.0-Scavenger-Queue to match either qos-grou p 7 or d scp af11 . Wh en you enter the auto qos
cla ssify po lice command, traffic flows th at violate the defined rate limit are remark ed to cs1 but retain
their orig inal qo s-group clas sification becau se qos-groups can not be remark ed as an exceed action.
However, because Auto Qos-4.0-Scavenger-Queue is d efined before all o ther qu eues in the output policy
map , remarked packets fall into it, despite retainin g th eir o rigin al qos-group lab els.
policy-map AutoQos-4.0-Output-Policye
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
Interface Lev el Commands Generated
For Fa/Gig Ports:
Switch(config-if)# service-policy input AutoQos-4.0-Classify-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-41
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos classify
Examples
This example shows how to generate a QoS con figuratio n for the u ntrus ted interface gigabitethernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos classify
Related Commands
Command
auto qos trust
a uto qo s v oip cisco-so ftphone
Descriptio n
Gen erate QoS co nfigu rations fo r trus ted interfaces.
Gen erate QoS co nfigu ration for interfaces connected to PCs
runnin g the Cisco IP SoftPhone app lication and marks police
traffic coming fro m su ch interfaces.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-42
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos classify police
auto qos classify police
To po lice traffic form an untrusted interface, use th e auto qos classify police interface command.
auto qos cla ssify police
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Interface con figuration mode
This comman d gen erates a QoS configuration for untrusted interfaces . It places a service-policy to
classify the traffic arriving from these untrusted desktops or d evices and marks them acco rdin gly. The
generated serv ice-p olicies police and eith er mark-down or drop pack ets.
Global Level Commands Generated
Auto QoS srn4 commands, on ce applied to an interface, generate o ne or more of the fo llowing templates
(A, B, and C) at th e glob al configu ration level. Typically, a command generates a series o f class-map s
that eith er match on ACLs or o n DSCP or CoS values to differentiate traffic into app lication classes. An
input policy is generated that matches the generated classes, sets qos -groups on th e classes, an d in some
cases, polices th e clas ses to a set bandwidth. (A qos-group is merely a numerical tag that allows different
ap plication classes to be treated as one unit. Outside the switch ’s context, it has no significance.)
Furthermore, eight eg ress-queue class -maps are generated, match ing the qo s-group s set in the inpu t
policy. The actual egress outpu t p olicy assigns a q ueu e to each one o f these eight egress-qu eue
class-map s.
The commands generate th e fo llowing templates as needed. For examp le, on initial use of the a new
co mmand , glob al co nfigu rations that d efine the eigh t qu eue egress service-policy are generated
(template C, below). Sub sequ ently, a uto qos commands applied to o ther interfaces do no t g enerate
temp lates for egress queuing becau se all auto qos commands rely on the same eight queue mod el after
migration, an d they will have already been generated fro m the first u se of th e comman d.
The global templates are defined in A, B, C.
A. Template fo r ACLs an d app lication classes used by th e auto qos classify police command
ip access-list extended AutoQos-4.0-ACL-Multimedia-Conf
permit udp any any range 16384 32767
ip access-list extended AutoQos-4.0-ACL-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-ACL-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-43
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos classify police
permit tcp any any eq 1630
permit udp any any eq 1630
ip access-list extended AutoQos-4.0-ACL-Bulk-Data
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq 22
permit tcp any any eq smtp
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq pop3
permit tcp any any eq 995
permit tcp any any eq 1914
ip access-list extended AutoQos-4.0-ACL-Scavenger
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any range 6881 6999
permit tcp any any eq 11999
permit tcp any any range 28800 29100
ip access-list extended AutoQos-4.0-ACL-Default
permit ip any any
class-map match-any AutoQos-4.0-VoIP-Data
match dscp ef
match cos 5
class-map match-all AutoQos-4.0-VoIP-Data-Cos
match cos 5
class-map match-any AutoQos-4.0-VoIP-Signal
match dscp cs3
match cos 3
class-map match-all AutoQos-4.0-VoIP-Signal-Cos
match cos 3
class-map match-all AutoQos-4.0-Multimedia-Conf-Classify
match access-group name AutoQos-4.0-ACL-Multimedia-Conf
class-map match-all AutoQos-4.0-Signaling-Classify
match access-group name AutoQos-4.0-ACL-Signaling
class-map match-all AutoQos-4.0-Transaction-Classify
match access-group name AutoQos-4.0-ACL-Transactional-Data
class-map match-all AutoQos-4.0-Bulk-Data-Classify
match access-group name AutoQos-4.0-ACL-Bulk-Data
class-map match-all AutoQos-4.0-Scavenger-Classify
match access-group name AutoQos-4.0-ACL-Scavenger
class-map match-all AutoQos-4.0-Default-Classify
match access-group name AutoQos-4.0-ACL-Default
AutoQos-4 .0-VoIP-Data-Cos an d Au toQos -4.0-VoIP-Signal-Cos are needed to handle the case in which
a user co nnects an IP phone to an interface and calls the auto qos voip cisco-phone command on that
in terface. In this situation, th e input serv ice policy on th e interface mus t match Vo IP and sig nalin g
p ackets so lely on their CoS markings becaus e switching ASICs on Cisco IP ph ones are limited to only
remarking the CoS bits o f VoIP an d sig nalin g traffic. Match ing DSCP marking s wo uld cause a security
v ulnerability b ecau se user whose PC was co nnected to an IP phone conn ected to a switch wo uld b e able
to re-mark DSCP markings of traffic arising from their PC to dscp ef using the NIC on their PC. Th is
p laces no n real-time traffic in the priority queue in the egress d irectio n.
B. Template fo r the in put service-policy of the auto qos cla ssify police comman d
policy-map AutoQos-4.0-Classify-Police-Input-Policy
class AutoQos-4.0-Multimedia-Conf-Classify
set dscp af41
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-44
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos classify police
set cos 4
set qos-group 34
police cir 5000000 bc 8000
exceed-action drop
class AutoQos-4.0-Signaling-Classify
set dscp cs3
set cos 3
set qos-group 16
police cir 32000 bc 8000
exceed-action drop
class AutoQos-4.0-Transaction-Classify
set dscp af21
set cos 2
set qos-group 18
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Bulk-Data-Classify
set dscp af11
set cos 1
set qos-group 10
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Scavenger-Classify
set dscp cs1
set cos 1
set qos-group 8
police cir 10000000 bc 8000
exceed-action drop
class AutoQos-4.0-Default-Classify
set dscp default
set cos 0
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
C. Template for egress q ueu e classes along with th e SRND4 output policy that uses th e egress classes to
allo cate eight queues. Th is template is required by th e four SRND4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Auto Qos-4.0-Scavenger-Queue must be config ured to match eith er q os-grou p 7 o r dscp af11 to
accomodate for the fact that police co mmand s executed in po licy map config uration mode d o n ot allow
the remarkin g of qos-groups for traffic flows that exceed defined rate limits . After en tering th e auto qos
cla ssify police comman d, traffic flows that v iolate the defin ed rate limit are remarked to cs1 but retain
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-45
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos classify police
th eir o riginal qos-gro up classification because qos-grou ps canno t be remarked as an exceed actio n.
However, becau se AutoQos-4 .0 -Scavenger-Queue is defined b efore all other queues in the ou tput po licy
map, remarked p ackets fall into it, des pite retaining their original q os-g rou p labels.
policy-map AutoQos-4.0-Output-Policye
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
Interface Level Commands Generated
For Fa/Gig Ports:
Switch(config-if)#
service-policy input AutoQos-4.0-Classify-Police-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
Examples
This example s hows how to police traffic fro m an untrusted interface gigabitethernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos classify police
Switch(config-if)# do sh run interface gigabitethernet1
Interface gigabitethernet1
auto qos classify police
service-policy input AutoQos-4.0-Classify-Police-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
Related Commands
Command
a uto qo s v oip cisco-so ftphone
Descriptio n
Gen erates QoS configu ration fo r interfaces connected to PCs
runnin g the Cisco IP SoftPhone app lication and mark police
traffic coming fro m su ch interfaces.
a uto qo s classify
auto qos s rnd4
Gen erates a QoS configuration for an untrusted in terface.
Gen erates QoS configu rations based o n s olution referen ce
n etwo rk design 4.0.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-46
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos srnd4
auto qos srnd4
To generate QoS config urations based on so lution reference network design 4.0 , use the auto qos srnd4
global command.
auto qos srnd4
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Glob al co nfigu ration
Usage Guidelines
This comman d is generated when any n ew auto-QoS co mmand is configu red on an in terface.
Auto Qos SRND4 commands, when ap plied to an interface, generate one or more of th e following
temp lates (A and B) at th e global co nfiguration level.
Typ cally, a command gen erates a series of class-maps that either match on ACLs or on DSCP and CoS
valu es to differen tiate traffic in to applicatio n classes. An inp ut po licy is also generated, wh ich matches
the generated classes, sets qos-gro ups on the classes , and in some cases, polices the classes to a set
bandwid th. (A qo s-group is a n umerical tag that allows d ifferent ap plication classes to be treated as o ne
unit. It has n o s ig nifican ce outside the context o f the switch in which it was set.) Furthermore, eight
egress-q ueu e class-map s are generated , matchin g th e qos-groups set in th e input po licy. The actual
egress o utput policy assig ns a queue to each of the eight eg ress-q ueu e class-maps.
Auto Qos srnd4 co mmand s o nly generate a templates as n eeded. For example, the first time yo u use a
new s rnd4 command, global configuratio ns th at define the eight queue egress serv ice-p olicy are
generated (template B below). Subsequently, auto qos commands ap plied to oth er in terfaces do not
generate temp lates for egress q ueu ing because all au to-QoS commands rely on the same eigh t qu eu e
models after mig ration, and th ey will have alread y b een generated from the firs t use of the co mmand .
For interfa ces with auto qos voip trust enabled
—Global Level Commands Generated
The global templates are defined in A and B (b elow).
A. This temp late of application classes is used by the auto-QoS video cts, auto qos video ip-camera,
an d auto qos trust co mmand s. Th is template class also includes th e inpu t serv ice-p olicy for the auto
qos video cts, a uto qos video ip-camera, and auto qos trust commands. Because these three comman ds
are the only ones that u se Au toQos-4.0-Inp ut-Policy, it makes sense to inclu de that policy in the same
temp late th at defines the applicatio n classes u sed by the previous three co mmand s.
class-map match-any AutoQos-4.0-VoIP
match dscp ef
match cos 5
class-map match-all AutoQos-4.0-Broadcast-Vid
match dscp cs5
class-map match-all AutoQos-4.0-Realtime-Interact
match dscp cs4
class-map match-all AutoQos-4.0-Network-Ctrl
match dscp cs7
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-47
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos srnd4
class-map match-all AutoQos-4.0-Internetwork-Ctrl
match dscp cs6
class-map match-any AutoQos-4.0-Signaling
match dscp cs3
match cos 3
class-map match-all AutoQos-4.0-Network-Mgmt
match dscp cs2
class-map match-any AutoQos-4.0-Multimedia-Conf
match dscp af41
match dscp af42
match dscp af43
class-map match-any AutoQos-4.0-Multimedia-Stream
match dscp af31
match dscp af32
match dscp af33
class-map match-any AutoQos-4.0-Transaction-Data
match dscp af21
match dscp af22
match dscp af23
class-map match-any AutoQos-4.0-Bulk-Data
match dscp af11
match dscp af12
match dscp af13
class-map match-all AutoQos-4.0-Scavenger
match dscp cs1
The AutoQo s-4.0-Signaling and AutoQos-4 .0-VoIP classes must match on CoS to handle the situation
when an IP pho ne is connected to an interface. (Cisco IP p hones are only capab le of re-markin g Co S
bits, not DSCP.)
policy-map AutoQos-4.0-Input-Policy
class AutoQos-4.0-VoIP
set qos-group 32
class AutoQos-4.0-Broadcast-Vid
set qos-group 32
class AutoQos-4.0-Realtime-Interact
set qos-group 32
class AutoQos-4.0-Network-Ctrl
set qos-group 16
class AutoQos-4.0-Internetwork-Ctrl
set qos-group 16
class AutoQos-4.0-Signaling
set qos-group 16
class AutoQos-4.0-Network-Mgmt
set qos-group 16
class AutoQos-4.0-Multimedia-Conf
set qos-group 34
class AutoQos-4.0-Multimedia-Stream
set qos-group 26
class AutoQos-4.0-Transaction-Data
set qos-group 18
class AutoQos-4.0-Bulk-Data
set qos-group 10
class AutoQos-4.0-Scavenger
set qos-group 8
B. This template fo r egress queue classes (along with the SRND4 o utput policy ) allocates eig ht qu eues.
This template is requ ired by all SRND4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-48
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos srnd4
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because the police commands executed in policy map configuration mode do not allow the re-marking
of qo s-group s for traffic flows that exceed defined rate limits, you shou ld con figure
Auto Qos-4.0-Scavenger-Queue to match either qos-grou p 7 or d scp af11 . Wh en you enter the auto qos
cla ssify police comman d, traffic flows that v iolate the defin ed rate limit are remarked to cs1 but retain
their orig inal qo s-group clas sificatio because such grou ps canno t be re-marked as an exceed action.
However, because Auto Qos-4.0-Scavenger-Queue is d efined before all o ther qu eues in the output policy
map , re-marked p ackets fall into it, desp ite retaining their original q os-g roup labels.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
—Interface Level Co mmands Generated
For Fa/Gig Ports:
If Lay er 2 in terface:
Switch(config-if)# no service-policy input AutoQos-VoIP-Input-Cos-Policy
no service-policy output AutoQos-VoIP-Output-Policy
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
If Lay er 3 in terface:
Switch(config-if)# no service-policy input AutoQos-VoIP-Input-Dscp-Policy
no service-policy output AutoQos-VoIP-Output-Policy
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-49
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos srnd4
Fo r interfaces with auto qos voip cisco-phone enabled
—Glo ba l Level Commands Generated
The glo bal templates defined in A an d B (above).
—Interface Level Comma nds Genera ted
For Fa/Gig Ports:
Switch(config-if)# no qos trust device cisco-phone
no service-policy input AutoQos-VoIP-Input-Cos-Policy
no service-policy output AutoQos-VoIP-Output-Policy
qos trust device cisco-phone
service-policy input AutoQos-4.0-Cisco-Phone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
Examples
To generate Qo S config urations based o n solution reference network d esig n 4 .0 , do the following:
Switch# auto qos srnd4
Related Commands
Command
auto qos trust
Descriptio n
Gen erate QoS co nfigu rations fo r trus ted interfaces.
a uto qo s v oip cisco-so ftphone
Gen erate QoS co nfigu ration for interfaces connected to PCs
runnin g the Cisco IP SoftPhone app lication and marks police
traffic coming fro m su ch interfaces.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-50
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos tru st
auto qos trust
To generate QoS configuration s for trusted interfaces, use th e auto qos trust interface command.
auto qos trust
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Interface con figuration mode
Global Level Commands Generated
After you ap ply auto -QoS srnd4 commands to an interface, they gen erate one o r more of the following
temp lates (A and B) at th e global co nfiguration level. Typically, a command generates a series of
class-map s that either match o n ACLs or on DSCP or CoS values to differen tiate traffic into ap plication
classes. An input policy is g enerated, which matches th e generated clas ses, sets qo s-group s o n th e
classes, and in some cases, polices th e classes to a set b and width. (A q os-g rou p is simply a numerical
tag that allows d ifferent ap plication classes to be treated as one u nit. Outsid e the switch’s context, it h as
no sign ificance.) Additio nally, eigh t egress-queue class-map s are generated, matching the qos-groups set
in the inp ut p olicy. Th e actual egress o utput policy assig ns a queue to each of thes e eight class-maps.
The command only generates temp lates as needed. For examp le, o n first use of a new comman d, glob al
co nfigurations that define the eight queue egress service-po licy are generated. Subs equ ently, auto-QoS
co mmand s applied to other interfaces do n ot g enerate templates for egress queuing. This is because all
au to-qo s co mmand s rely on the same eight queue models after migration , and they will have already been
generated from the first use of the co mmand .
The global templates defin ed in A and B.
A. Template of application classes u sed by the auto qos trust command
This template also in clud es the in put service-policy for the auto qos video cts, a uto qos v ideo
ip-camera, and auto qos trust co mmand s. Becau se th ese three commands are the only o nes that use the
Auto Qos-4.0-Inpu t-Policy, y ou should include that po licy in the template that defines the ap plication
classes used by th e command s.
class-map match-any AutoQos-4.0-VoIP
match dscp ef
match cos 5
class-map match-all AutoQos-4.0-Broadcast-Vid
match dscp cs5
class-map match-all AutoQos-4.0-Realtime-Interact
match dscp cs4
class-map match-all AutoQos-4.0-Network-Ctrl
match dscp cs7
class-map match-all AutoQos-4.0-Internetwork-Ctrl
match dscp cs6
class-map match-any AutoQos-4.0-Signaling
match dscp cs3
match cos 3
class-map match-all AutoQos-4.0-Network-Mgmt
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-51
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos trust
match dscp cs2
class-map match-any AutoQos-4.0-Multimedia-Conf
match dscp af41
match dscp af42
match dscp af43
class-map match-any AutoQos-4.0-Multimedia-Stream
match dscp af31
match dscp af32
match dscp af33
class-map match-any AutoQos-4.0-Transaction-Data
match dscp af21
match dscp af22
match dscp af23
class-map match-any AutoQos-4.0-Bulk-Data
match dscp af11
match dscp af12
match dscp af13
class-map match-all AutoQos-4.0-Scavenger
match dscp cs1
The AutoQo s-4.0-Signaling and AutoQos-4 .0-VoIP classes must also match on CoS to h and le the case
when an IP p hone is conn ected to an interface. (Cisco IP phones are o nly cap able of remark ing CoS bits,
n ot DSCP.)
policy-map AutoQos-4.0-Input-Policy
class AutoQos-4.0-VoIP
set qos-group 32
class AutoQos-4.0-Broadcast-Vid
set qos-group 32
class AutoQos-4.0-Realtime-Interact
set qos-group 32
class AutoQos-4.0-Network-Ctrl
set qos-group 16
class AutoQos-4.0-Internetwork-Ctrl
set qos-group 16
class AutoQos-4.0-Signaling
set qos-group 16
class AutoQos-4.0-Network-Mgmt
set qos-group 16
class AutoQos-4.0-Multimedia-Conf
set qos-group 34
class AutoQos-4.0-Multimedia-Stream
set qos-group 26
class AutoQos-4.0-Transaction-Data
set qos-group 18
class AutoQos-4.0-Bulk-Data
set qos-group 10
class AutoQos-4.0-Scavenger
set qos-group 8
B. Temp lates for egress queue clas ses and the srnd4 o utput p olicy that uses the egress classes to allocate
eight queues. This template is req uired by all srnd4 comman ds.
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-52
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos tru st
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because police comman ds execu ted in policy map configuration mod e do not allow the remarking of
qos-gro ups fo r traffic flows that exceed defined rate limits, AutoQo s-4.0-Scaven ger-Queue must be
co nfigured to match either qo s-group 7 or dscp af11. When the auto qo s classify po lice command
executes, traffic flows that violate th e defined rate limit are remarked to cs1 but retain their original
qos-gro up classificatio n. Th is is because qos -groups cann ot be remarked as an exceed action. However,
because AutoQos-4 .0 -Scavenger-Queue is defined befo re all other queues in th e outp ut p olicy map,
remarked packets will fall in to it, despite retaining their original qos-gro up lab els.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
Interface Lev el Commands Generated
For Fa/Gig Ports:
Switch(config-if)# service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
Examples
This examp le shows how to p olice traffic from an un trusted interface gig abitethern et1/1 :
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos trust
Switch(config-if)# do sh running interface interface-id
interface FastEthernet2/1
auto qos trust
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
Related Commands
Co mmand
auto qos voip cisco-softphone
Description
Generates QoS configuration for interfaces con nected to PCs
run ning the Cisco IP SoftPho ne application and mark po lice
traffic co ming from such in terfaces.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-53
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos trust
Command
Descriptio n
a uto qo s classify
auto qos s rnd4
Gen erates a QoS configuration for an untrusted in terface.
Gen erates QoS configu rations based o n s olution referen ce
n etwo rk design 4.0.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-54
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos video
auto qos video
To generate QOS con figuratio n for cisco-telepresence or cisco-camera interfaces (conditio nal trust
thro ugh CDP), use the auto qos video interface config uration comman d.
auto qos video { cts | ip-camera }
Syntax Description
cts
ip-camera
Defaults
This comman d has no default settings.
Command Modes
Interface con figuration mode
Usage Guidelines
Trust the QoS mark in g of Cisco Telep resen ce device.
Trust the QoS mark in g of Cisco v ideo su rveillan ce camera.
The auto qos v ideo command trusts an interface only if Cisco TelePresence is detected. Else, the po rt is
untrusted.
Global Level Commands Generated
Wh en au to-Qos srnd4 co mmand s are applied to an interface, they generate one or more of the following
temp lates at the g lobal configuration level. Typ ically, a comman d gen erates a series of clas s-maps that
eith er match on ACLs or on DSCP (or Co S) values to differen tiate traffic into ap plication classes. An
input policy is als o generated, which matches the generated class es, s ets qos-groups on the classes, and
in some cases, p olices th e classes to a set b and width. (A qos-gro up is simply a nu merical tag th at allows
different application classes to b e treated as one u nit. Outside th e switch’s contex t, it has no
significance.) Furthermore, eig ht egress-queue class-maps are gen erated, which match the q os-g rou ps
set in th e input policy. Th e actual egress output policy assigns a queue to each of the eigh t eg ress-q ueue
class-map s.
The srnd 4 commsands generate th e temp lates only as n eeded. For example, on first u se of the new
co mmand , glob al co nfigu rations that d efine the eigh t qu eue egress service-policy are generated .
Subsequently, au to-QoS commands applied to o ther interfaces do no t generate templates for egress
queuing. This is because all au to-QoS commnd s rely o n th e same eight queue mod el after migration ,
already generated on first us e of th e co mmand .
The global templates defin ed in A and B.
A. Template of application classes u sed by the auto qos video command
This template also in clud es the in put service-policy for the auto qos video cts, a uto qos v ideo
ip-camera, and auto qos trust co mmand s. Becau se th ese three commands are the only o nes that use the
Auto Qos-4.0-Inpu t-Policy, we advise th at you include that po licy in the same template that defines the
ap plication classes used by the commands.
class-map match-any AutoQos-4.0-VoIP
match dscp ef
match cos 5
class-map match-all AutoQos-4.0-Broadcast-Vid
match dscp cs5
class-map match-all AutoQos-4.0-Realtime-Interact
match dscp cs4
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-55
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos video
class-map match-all AutoQos-4.0-Network-Ctrl
match dscp cs7
class-map match-all AutoQos-4.0-Internetwork-Ctrl
match dscp cs6
class-map match-any AutoQos-4.0-Signaling
match dscp cs3
match cos 3
class-map match-all AutoQos-4.0-Network-Mgmt
match dscp cs2
class-map match-any AutoQos-4.0-Multimedia-Conf
match dscp af41
match dscp af42
match dscp af43
class-map match-any AutoQos-4.0-Multimedia-Stream
match dscp af31
match dscp af32
match dscp af33
class-map match-any AutoQos-4.0-Transaction-Data
match dscp af21
match dscp af22
match dscp af23
class-map match-any AutoQos-4.0-Bulk-Data
match dscp af11
match dscp af12
match dscp af13
class-map match-all AutoQos-4.0-Scavenger
match dscp cs1
The AutoQo s-4.0-Signaling and AutoQos-4 .0-VoIP classes must also match on CoS to the case where
an IP phon e is con nected to an interface. (Cisco IP phon es are o nly capable o f remarking CoS bits, n ot
DSCP.)
policy-map AutoQos-4.0-Input-Policy
class AutoQos-4.0-VoIP
set qos-group 32
class AutoQos-4.0-Broadcast-Vid
set qos-group 32
class AutoQos-4.0-Realtime-Interact
set qos-group 32
class AutoQos-4.0-Network-Ctrl
set qos-group 16
class AutoQos-4.0-Internetwork-Ctrl
set qos-group 16
class AutoQos-4.0-Signaling
set qos-group 16
class AutoQos-4.0-Network-Mgmt
set qos-group 16
class AutoQos-4.0-Multimedia-Conf
set qos-group 34
class AutoQos-4.0-Multimedia-Stream
set qos-group 26
class AutoQos-4.0-Transaction-Data
set qos-group 18
class AutoQos-4.0-Bulk-Data
set qos-group 10
class AutoQos-4.0-Scavenger
set qos-group 8
B. Template for egress queue clas ses and th e srn d4 o utput policy that u ses the egress classes to allocate
eight queues. This template is req uired by all srnd co mmand s:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-56
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos video
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
match dscp cs1
Because police comman ds execu ted in policy map configuration mod e do not allow the remarking of
qos-gro ups fo r traffic flows that exceed defined rate limits, AutoQo s-4.0-Scaven ger-Queue must be
co nfigured to match either qo s-group 7 or dscp af11. When the auto qo s classify po lice command has
been executed, traffic flows th at v iolate the defined rate limit are remarked to cs1 bu t retain their original
qos-gro up classification because qo s-group s cann ot be remarked as an ex ceed action . However, b ecause
Auto Qos-4.0-Scavenger-Queue is d efin ed before all other qu eues in the ou tput policy map, remarked
packets will fall in to it, despite retaining th eir o riginal qos-gro up lab els.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
Interface Lev el Commands Generated
For Fa/Gig Ports:
Switch(config-if)# service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
Examples
This examp le shows how to g enerate a QoS configu ration on the cisco-telepresence interface
gigabiteth ernet1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos video cts
Switch(config-if)# do sh running interface gigabitethernet1/1
interface interface-id
auto qos video cts
qos trust device cts
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-57
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos video
end
This example s hows how to generate QoS configuration for the cisco-camera in terface
g igab itethern et1/1 :
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos video ip-camera
Switch(config-if)# do sh running interface interface-id
interface interface-id
auto qos video ip-camera
qos trust device ip-camera
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
Related Commands
Command
auto qos trust
Descriptio n
Gen erates QoS configu rations fo r tru sted interfaces.
auto qos s rnd4
Gen erates QoS configu rations based o n s olution referen ce
n etwo rk design 4.0.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-58
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos voip
auto qos voip
To au tomatically config ure qu ality of service (auto-QoS) fo r vo ice over IP (VoIP) with in a Qo S domain,
use the a uto qos voip interface configuration comman d. To change the auto-QoS con figuratio n settings
to the standard QoS d efaults , use the no form of this comman d.
auto qos voip {cisco-phone | trust}
no auto qos voip {cisco-phone | trust}
Syntax Description
cisco-pho ne
Generates a Qo S config uration fo r Cisco IP p hone in terfaces (cond itional trust
through CDP). The CoS labels of incoming p ackets are tru sted on ly when a
telep hone is detected.
trust
Conn ects the interface to a trus ted switch or router and automatically con figures
QoS for VoIP. Th e CoS and DSCP labels of incoming p ackets are tru sted.
Defaults
Au to -Qo S is disabled on all interfaces
Command Modes
Interface con figuration mode
Usage Guidelines
Use this command to con figure a Qo S that is appropriate for VoIP traffic within the Qo S domain, wh ich
includes t h e switch, the interio r of the network, and the edge dev ices that can classify incoming traffic
for QoS.
App ly the cisco-phone keywo rd on those ports (at the edge o f the network) that are co nnected to Cisco
IP phon es. The s witch d etects th e telepho ne through Cisco Discovery Pro toco l (CDP) and tru sts th ose
CoS labels in p ackets th at are receiv ed from the telephon e.
App ly th e trust keyword on those ports th at are con nected to th e interior of the network . Ass ume that
the traffic h as alread y b een classified by the other ed ge devices . So , the Co S/DSCP lab els in these
packets are trusted.
Wh en yo u enable th e auto-QoS feature o n th e specified in terface, th ese actions automatically occur:
•
QoS is globally enabled (qos glob al config uration comman d).
•
DBL is en abled glob ally (qos dbl global configuration command).
•
Wh en yo u enter the auto qos voip cisco-phone interface co nfiguration command, the trusted
boun dary feature is enabled. It u ses the Cisco Discovery Protocol (CDP) to detect the presence or
ab sen ce o f a Cisco IP phone. When a Cisco IP phone is detected, the in gress classification on the
specific interface is set to trust the CoS lab el that is received in the p acket becau se some older
phon es do not mark DSCP. Wh en a Cisco IP phone is absent, the ingress classification is set to not
trus t the CoS label in the packet.
•
Wh en you enter th e auto qos voip trust in terface configuration co mmand , th e in gress clas sification
on the sp ecified interface is set to trust the CoS label that is received in the packet provided the
specified interface is configured as Lay er 2 (and is set to trust DSCP if the in terface is con figured
as Layer 3).
You can enable auto-QoS on static, dynamic-access, voice VLAN access, an d trunk po rts.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-59
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos voip
To display the QoS configuration that is auto matically generated when au to-QoS is enabled , enab le
d ebug ging (b efore you enable auto-QoS) with th e debug auto qos privileged EXEC command.
To disab le au to-QoS on an interface, use th e no auto qos voip in terface con figuratio n command. When
y ou enter this command, th e switch enab les standard QoS and chan ges the au to-QoS s ettings to the
standard QoS defau lt settings for that interface. This action will n ot change any glo bal config uration
p erformed b y auto-Qo S; the global configuration remains the same.
Examples
This example sh ows how to enable auto -Qo S and to trust the CoS an d DSCP labels that are received in
th e incoming packets wh en the switch or ro uter that is connected to Gigabit Ethernet interface 1 /1 is a
trusted device:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos voip trust
This example s hows how to enab le auto-QoS and to trust the CoS lab els that are received in in co min g
p ackets when th e device co nnected to Fast Ethernet interface 2/1 is detected as a Cisco IP phon e:
Switch(config)# interface fastethernet2/1
Switch(config-if)# auto qos voip cisco-phone
This example s hows how to display the QoS con figuratio n th at is au tomatically g enerated when
auto-Qo S is en abled on an interface:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface gigabitethernet3/10
Switch(config-if)#auto qos voip trust
Switch(config-if)#
1d03h: service-policy input AutoQos-VoIP-Input-Cos-Policy
1d03h: service-policy output AutoQos-VoIP-Output-Policy
Switch(config-if)#intface gigabitethernet3/11
Switch(config-if)#auto qos voip
cisco-phone
Switch(config-if)#
1d03h: qos trust device cisco-phone
1d03h: service-policy input AutoQos-VoIP-Input-Cos-Policy
1d03h: service-policy output AutoQos-VoIP-Output-Policy
Switch(config-if)#end
Switch#
You can verify your settings by entering the show auto qos interface command.
Related Commands
Command
Descriptio n
debug auto qos (refer to Cisco Debu gs Auto Qo S.
IOS documentatio n)
qos trust
show a uto qos
Sets th e trusted state o f an interface.
Displays the automatic quality of service (auto-QoS)
configuration that is app lied.
show qos
Displays QoS info rmation.
show qos interface
Displays queuein g information.
show qos maps
Displays QoS map information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-60
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos voip cisco-softphone
auto qos voip cisco-softphone
To generate QoS configuration for interfaces co nnected to PCs running the Cisco IP SoftPh one
ap plication and mark police traffic coming from such interfaces, use the auto qos vo ip interface
co nfiguration co mmand .
auto qos voip cisco-softphone
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Interface con figuration mode
Usage Guidelines
Ports config ured with auto qos voip comman d are considered untrusted.
Global Level Commands Generated
After auto-QoS srnd 4 commands are app lied to an interface, they gen erate o ne or more of the fo llowing
temp lates (A, B, and C) at the global co nfiguration level. Typically, a command generates a series of
class-map s that either match on ACLs o r on DSCP (or CoS) values to d ifferentiate traffic into applicatio n
classes. An input policy is also generated , wh ch match es the gen erated classes, sets qos-groups on the
classes, and in some cases, polices th e classes to a set b and width. (A q os-g rou p is a numerical tag th at
allows d ifferent applicatio n classes to be treated as o ne un it. Ou tside the switch’s co ntext, it h as no
significance.) Fu rthermo re, eigh t egres s-qu eue class -maps are generated , matching the qo s-group s set in
the inp ut policy. The actu al eg ress output policy as signs a queue to each o f these eight class-maps .
The commands generate temp lates on ly as needed. For example, on first u se of a new commnand, g lobal
co nfigurations that define the eight queue egress service-po licy are generated. Subs equ ently, auto-QoS
ap plied to oth er in terfaces do not generate templates fo r eg ress queuing. This is because all au to -QoS
co mmand s rely o n th e same eight queue mod els after migratio n, already been generated fro m the first
use o f the n ew comman d.
The global template is defined by A, B, an d C.
A. Template fo r ACLs an d app lication classes used by th e auto qos voip cis co-softphone comman d
ip access-list extended AutoQos-4.0-ACL-Multimedia-Conf
permit udp any any range 16384 32767
ip access-list extended AutoQos-4.0-ACL-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-ACL-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-61
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos voip cisco-softphone
ip access-list extended AutoQos-4.0-ACL-Bulk-Data
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq 22
permit tcp any any eq smtp
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq pop3
permit tcp any any eq 995
permit tcp any any eq 1914
ip access-list extended AutoQos-4.0-ACL-Scavenger
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any range 6881 6999
permit tcp any any eq 11999
permit tcp any any range 28800 29100
ip access-list extended AutoQos-4.0-ACL-Default
permit ip any any
class-map match-any AutoQos-4.0-VoIP-Data
match dscp ef
match cos 5
class-map match-all AutoQos-4.0-VoIP-Data-Cos
match cos 5
class-map match-any AutoQos-4.0-VoIP-Signal
match dscp cs3
match cos 3
class-map match-all AutoQos-4.0-VoIP-Signal-Cos
match cos 3
class-map match-all AutoQos-4.0-Multimedia-Conf-Classify
match access-group name AutoQos-4.0-ACL-Multimedia-Conf
class-map match-all AutoQos-4.0-Signaling-Classify
match access-group name AutoQos-4.0-ACL-Signaling
class-map match-all AutoQos-4.0-Transaction-Classify
match access-group name AutoQos-4.0-ACL-Transactional-Data
class-map match-all AutoQos-4.0-Bulk-Data-Classify
match access-group name AutoQos-4.0-ACL-Bulk-Data
class-map match-all AutoQos-4.0-Scavenger-Classify
match access-group name AutoQos-4.0-ACL-Scavenger
class-map match-all AutoQos-4.0-Default-Classify
match access-group name AutoQos-4.0-ACL-Default
AutoQos-4 .0-VoIP-Data-Cos and Au to Qos-4.0-VoIP-Sig nal-Cos handles th ose instances when a user
conn ects an IP ph one to an interface and en ters th e auto qos voip cis co-phone co mmand on th at
in terface. In this situation, th e input serv ice policy on th e interface mus t match Vo IP and sig nalin g
p ackets based solely on their CoS markin gs becau se switching ASICs on Cisco IP Phon es are limited to
o nly remarking the CoS bits of VoIP and signaling traffic. Matching DSCP markings wo uld result in a
security vu lnerability because a user who se PC was connected to an IP phone co nnected to a switch
would be able to remark DSCP markings of traffic arriv ing from th eir PC to DSCP ef u sing the NIC o n
th eir PC. This results in incorrectly placin g n on real-time traffic in the prio rity queue in th e eg ress
d irection .
B. Template fo r the a uto qos voip cisco-so ftphone command inpu t serv ice-p olicy
policy-map AutoQos-4.0-Cisco-Softphone-Input-Policy
class AutoQos-4.0-VoIP-Data
set dscp ef
set cos 5
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-62
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos voip cisco-softphone
set qos-group 32
police cir 128000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-VoIP-Signal
set dscp cs3
set cos 3
set qos-group 16
police cir 32000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Multimedia-Conf-Classify
set dscp af41
set cos 4
set qos-group 34
police cir 5000000 bc 8000
exceed-action drop
class AutoQos-4.0-Signaling-Classify
set dscp cs3
set cos 3
set qos-group 16
police cir 32000 bc 8000
exceed-action drop
class AutoQos-4.0-Transaction-Classify
set dscp af21
set cos 2
set qos-group 18
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Bulk-Data-Classify
set dscp af11
set cos 1
set qos-group 10
police cir 10000000 bc 8000
exceed-action set-dscp-transmit cs1
exceed-action set-cos-transmit 1
class AutoQos-4.0-Scavenger-Classify
set dscp cs1
set cos 1
set qos-group 8
police cir 10000000 bc 8000
exceed-action drop
class AutoQos-4.0-Default-Classify
set dscp default
set cos 0
C. Template fo r egress qu eue classes and the srnd4 outpu t policy that uses th e egress clas ses to allocate
eig ht q ueu es. This template is required by all srnd4 commands:
class-map match-all AutoQos-4.0-Priority-Queue
match qos-group 32
class-map match-all AutoQos-4.0-Control-Mgmt-Queue
match qos-group 16
class-map match-all AutoQos-4.0-Multimedia-Conf-Queue
match qos-group 34
class-map match-all AutoQos-4.0-Multimedia-Stream-Queue
match qos-group 26
class-map match-all AutoQos-4.0-Trans-Data-Queue
match qos-group 18
class-map match-all AutoQos-4.0-Bulk-Data-Queue
match qos-group 10
class-map match-any AutoQos-4.0-Scavenger-Queue
match qos-group 8
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-63
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto qos voip cisco-softphone
match dscp cs1
Because the police commands executed in po licy map configuration mo de do no t allow remarkin g o f
q os-g roup s for traffic flows that exceed defined rate limits, Auto Qos-4.0-Scavenger-Queue must be
configured to match either qos-group 7 or dscp af11 . When the auto qos classify police command has
b een executed, traffic flows that violate the defined rate limit are remarked to cs1 but retain their origin al
q os-g roup classification because qos-groups cannot be remarked as an exceed action. However, because
AutoQos-4 .0-Scavenger-Queue is defined before all other queues in the outpu t po licy map, remark ed
p ackets will fall into it, d esp ite retaining their original q os-g roup labels.
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Scavenger-Queue
bandwidth remaining percent 1
class AutoQos-4.0-Priority-Queue
priority
police cir percent 30 bc 33 ms
conform-action transmit exceed-action drop
class AutoQos-4.0-Control-Mgmt-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Conf-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Multimedia-Stream-Queue
bandwidth remaining percent 10
class AutoQos-4.0-Trans-Data-Queue
bandwidth remaining percent 10
dbl
class AutoQos-4.0-Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
Interface Level Commands Generated
For Fa/Gig Ports:
Switch(config-if)#
service-policy input AutoQos-4.0-Cisco-Softphone-Input-Policy
service-policy input AutoQos-4.0-Output-Policy
Examples
This examp le s hows h ow to gen erate QoS co nfigu ration for interfaces Gigabit Eth ernet 1/1 conn ected to
a PC that is runnin g th e Cisco IP SoftPhone app lication:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# auto qos voip cisco-softphone
Switch(config-if)# do sh running interface gigabitethernet1/1
interface gigabitethernet1/1
auto qos voip cisco-phone
qos trust device cisco-phone
service-policy input AutoQos-4.0-Cisco-Phone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-64
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
auto qos voip cisco-softphone
Related Commands
Co mmand
auto qos voip cisco-softphone
Description
Generate QoS configuration for interfaces con nected to PCs
run ning the Cisco IP SoftPho ne application and marks po lice
traffic co ming from such in terfaces.
auto qos cla ssify
auto qos cla ssify police
Generate a QoS con figuratio n for an untrusted interface.
Police traffic form an un trusted interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-65
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
auto-sync
auto-sync
To enable automatic synchro nization o f the configu ration files in NVRAM , us e the auto-sync co mmand .
To disable automatic syn chronization, u se the no form of th is command.
auto-sync {startup-config | config -regis ter | bootvar | standa rd}
no auto -sync {startup-config | config-register | bootvar | sta ndard}
Syntax Description
Defaults
startup-config
config-register
Specifies automatic syn ch ronization of the startup config uration.
Specifies automatic syn ch ronization of the co nfiguration register co nfiguration.
boo tvar
standard
Specifies automatic syn ch ronization of the BOOTVAR configuration .
Specifies auto matic synchronizatio n of the s tartup config uration, BOOTVAR, an d
configuration reg is ters.
Standard automatic syn chronization of all configuration files
Command Modes
Usage Guidelines
Examples
Redund ancy main -cpu mode
If you enter the no auto-s ync sta ndard command, no au tomatic synchronization s occur.
This example s hows how (from the default co nfigu ration) to enable automatic syn chronization of the
configuration reg is ter in the main CPU:
Switch# config terminal
Switch (config)# redundancy
Switch (config-r)# main-cpu
Switch (config-r-mc)# no auto-sync standard
Switch (config-r-mc)# auto-sync configure-register
Switch (config-r-mc)#
Related Commands
Command
Descriptio n
redundancy
Enters the red undancy configuratio n mo de.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-66
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
band width
bandwidth
To specify or modify the min imu m bandwidth p rovid ed to a class b elon ging to a po licy map attached to
a phy sical p ort, use the bandwidth policy-map class co mmand . To return to th e default setting , use th e
no form o f this co mmand .
bandwidth {ba ndwidth-kb ps | percent percen t | remaining percent p ercent}
no bandwidth
Syntax Description
band wid th-kbps
Amoun t of ban dwidth in kb ps assig ned to the class. The ran ge is 32 to
16000 000.
percent percent
Percentage of available ban dwidth assign ed to the p aren t class. Th e
range is 1 to 100 .
Percentage of remainin g b and width assigned to p aren t class. Th e range
is 1 to 10 0. This command is su pported only when prio rity q ueu ing class
is configured, an d th e prioity queuing class is not rate-limited.
rema ining percent percent
Defaults
No bandwidth is specified.
Command Modes
Policy-map class con figuratio n mo de
Usage Guidelines
Use the bandwidth command only in a policy map attached to a physical po rt.
The bandwidth command specifies the minimum ban dwidth for traffic in that class wh en there is traffic
co ngestion in the switch. If the switch is not congested , the class receives mo re b and width than you
specify with this comman d.
Wh en queuin g class is configured with out any explicit b and width config uration, since the q ueu e is not
guaranteed any minimum bandwid th, this qu eue will get a share o f an y u nallo cated b and width on the
port.
If th ere is no unallocated ban dwidth for the new qu eue or if the unallocated ban dwidth is not sufficient
to meet the minimum config urable rate fo r all qu eues which do not have any exp licit bandwid th
co nfiguration, th en the policy association is rejected .
These res trictions ap ply to the bandwidth command :
•
Examples
If the percent keyword is used, the sum of the class ban dwidth p ercentages within a sing le policy
map cannot exceed 10 0 percen t. Percentag e calculations are based on the bandwidth available on the
port.
•
The amou nt o f bandwidth con figured sh ould be larg e enough to accommod ate Layer 2 o verhead.
•
A policy map can h ave all th e class ban dwidth s specified in either k bps or in percentages, but not a
mix of both .
This example shows how to set the minimum bandwid th to 2 000 k bps for a class called silver-class . The
class already exists in the switch configuration :
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-67
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
bandwidth
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map polmap6
Switch(config-pmap)# class silver-class
Switch(config-pmap-c)# bandwidth 2000
Switch(config-pmap-c)# end
This example s hows how to guarantee 3 0 p ercent of th e bandwidth for class 1 and 25 percent of the
b and width fo r class2 when CBWFQ is configured . A policy map with two clas ses is created and is then
attached to a ph ysical port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# bandwidth percent 50
Switch(config-pmap-c)# exit
Switch(config-pmap)# class class2
Switch(config-pmap-c)# bandwidth percent 25
Switch(config-pmap-c)# exit
Switch(config-pmap)# end
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# service-policy input policy1
Switch(config-if)# end
This example s hows how bandwidth is guaranteed if low-laten cy queueing (LLQ) an d b and width are
configured. In this example, LLQ is enabled in a class called vo ice1.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# bandwidth remaining percent 50
Switch(config-pmap-c)# exit
Switch(config-pmap)# class class2
Switch(config-pmap-c)# bandwidth remaining percent 25
Switch(config-pmap-c)# exit
Switch(config-pmap)# class voice1
Switch(config-pmap-c)# priority
Switch(config-pmap-c)# exit
Switch(config-pmap)# end
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# service-policy output policy1
Switch(config-if)# end
You can verify your settings by entering the show policy -map privileg ed EXEC command .
Related Commands
Command
class
dbl
policy-map
Descriptio n
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
Enab les active qu eue managemen t on a tran smit qu eue used by a
class o f traffic.
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-68
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
band width
Co mmand
Description
priority
Enables th e strict priority qu eue (low-laten cy queueing [LLQ])
an d to give priority to a class o f traffic belong ing to a policy map
attached to a physical po rt.
Creates a serv ice policy that is a quality of serv ice (QoS) policy
within a policy map.
Enables traffic sh apin g a class o f traffic in a p olicy map attached
to a phy sical port.
Displays information about the policy map.
service-policy (policy-map
cla ss)
shape (class-based queueing )
show policy -map
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-69
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
call-home (global configuration)
call-home (global configuration)
To en ter call h ome config uration submo de, use th e call-home command in global configuration mo de.
call-ho me
Syntax Description
This command has no arguments or keywo rds.
Command Default
This command has no default setting s.
Command Modes
Global configuratio n mo de
Usage Guidelines
Once you en ter the call-ho me command, the p romp t chan ges to Switch (cfg-call-ho me)#, and you have
access to the call home co nfigu ration co mmand s as follows:
•
a lert-group—Enables or disab les an alert group. See th e alert-group command.
•
conta ct-email-addr email-a ddres s—Assig ns the system contact’s e-mail ad dress. You can enter up
to 12 8 alph anu meric characters in e-mail add ress format with n o s paces.
•
contract-id a lphanu meric— Specifies th e customer contract id entification for Cisco
AutoNotification . You can enter up to 64 alphanumeric characters. If you inclu de spaces, you must
enclose y our entry in q uotes (“ ”).
•
copy profile source-profile target-profile— Creates a new destinatio n profile (targ et-profile) with
th e same configu ration settings as the existin g p rofile (s ource-p ro file).
•
custo mer-id na me—Provid es customer id entification for Cisco AutoNo tify. You can enter u p to 256
alphanumeric ch aracters. If you include sp aces, you mus t enclose yo ur entry in qu otes (“ ”).
•
default—Sets a command to its defau lts.
•
exit—Exits call home co nfigu ration mode and returns to global co nfiguration mode.
•
mail-server {ipv4-address | name} priority prio rity— Assign s the custo mer’s e-mail s erver address
and relative priority. You can en ter an IP address or a fu lly q ualified do main name (FQDN), an d
assign a priority from 1 (hig hest) to 100 (lowest).
•
no—Neg ates a comman d o r set its defaults.
You can define backup e-mail servers by repeatin g the mail-server command and entering different
priority numbers .
•
phone-number +phone-numb er — Specifies th e pho ne numb er of the con tact p erson. The
p hone-n umber value must beg in with a plu s (+) prefix, and may contain only dashes (-) and
n umbers. You can enter up to 16 characters. If you include sp aces, you mus t enclose y our entry in
q uotes (“ ”).
•
profile n ame—Enters call-ho me profile configuration mo de. See th e profile comman d.
•
rate-limit threshold —Co nfigures the call-home messag e rate-limit thresh old; valid values are from
1 to 60 messages per minu te.
•
sender {from | reply-to} email-address—Specifies the call-home mes sage sen der’s e-mail
addresses. You can en ter up to 128 alph anu meric characters in e-mail address fo rmat with no spaces.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-70
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
call-home (global configura tion)
Examples
•
site-id alph anumeric—Specifies the site identificatio n for Cisco Au to Notify. You can enter up to
256 alphanumeric characters. If yo u in clud e spaces, you must enclo se you r en try in quo tes (“ ”).
•
street-address street-a ddress —Sp ecifies the street ad dress fo r the RMA p art sh ipmen ts. Yo u can
en ter u p to 2 56 alph an umeric characters. If you include spaces, y ou must enclose your entry in
quotes (“ ”).
•
vrf—Specifies the VPN routing or forwardin g in stan ce n ame; limited to 32 characters .
This examp le show how to configure the contact in formatio n:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# call-home
Switch(cfg-call-home)# contact-email-addr [email protected]
Switch(cfg-call-home)# phone-number +1-800-555-4567
Switch(cfg-call-home)# street-address “1234 Picaboo Street, Any city, Any state, 12345”
Switch(cfg-call-home)# customer-id Customer1234
Switch(cfg-call-home)# site-id Site1ManhattanNY
Switch(cfg-call-home)# contract-id Company1234
Switch(cfg-call-home)# exit
Switch(config)#
This examp le shows how to configure the call-ho me messag e rate-limit thresho ld:
Switch(config)# call-home
Switch(cfg-call-home)# rate-limit 50
This examp le shows how to set the call-home mess age rate-limit threshold to the default s etting :
Switch(config)# call-home
Switch(cfg-call-home)# default rate-limit
This examp le shows how to create a n ew destination profile with the same configuration settings as an
exis tin g profile:
Switch(config)# call-home
Switch(cfg-call-home)# copy profile profile1 profile1a
This example shows how to config ure the general e-mail parameters, including a primary and secondary
e-mail server:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# call-home
Switch(cfg-call-home)# mail-server smtp.example.com priority 1
Switch(cfg-call-home)# mail-server 192.168.0.1 priority 2
Switch(cfg-call-home)# sender from [email protected]
Switch(cfg-call-home)# sender reply-to [email protected]
Switch(cfg-call-home)# exit
Switch(config)#
This examp le shows how to sp ecify Mg mtVrf as the vrf name where the call-ho me email mess age is
forward ed :
Switch(cfg-call-home)# vrf MgmtVrf
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-71
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
call-home (global configuration)
Related Commands
Command
a lert-group (refer to Cisco
IOS documentatio n)
profile (refer to Cisco IOS
d ocu mentation)
show call-ho me
Descriptio n
Enab les an alert group.
Enters call-home profile co nfigu ration mode.
Displays call home configuration information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-72
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
call-home reque st
call-home request
To sub mit information abou t yo ur system to Cis co for repo rt an d analysis information from the Cisco
Outp ut Interpreter to ol, us e the call-home request comman d in p rivileged EXEC mode. An analysis
report is sent by Cisco to a con figured contact e-mail ad dress.
call-home request { output-analysis “show-co mma nd” | co nfig-sa nity | bugs-list |
co mmand-reference | product-advisory} [profile name] [cco id user-id ]
Syntax Description
output-analysis
“show-co mma nd”
co nfig-sa nity
bugs-list
co mmand-reference
product-advis ory
Send s th e outpu t of the sp ecified CLI show command fo r an alys is. Th e
show command must be contained in q uotes (“ ”).
Specifies the ty pe of report requ ested. Based on th is keyword, the ou tp ut of
a pred etermin ed set of comman ds such as the show running-co nfig a ll,
show version, and show module (s tand alon e) o r show mo dule s witch all
(VS sys tem) commands, is sent to Cisco for analysis.
profile name
(Optional) Specifies an existing p rofile to which the request is sent. If no
pro file is specified, the request is sent to the Cisco TAC profile.
ccoid user-id
(Optional) Specifies the identifier o f a registered Smart Call Home us er. If
a user-id is specified, the resulting analysis report is sent to the e-mail
ad dress o f the registered u ser. If no u ser-id is specified, th e report is sent to
the contact e-mail add ress of the device.
Command Default
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
The recip ient profile does n ot n eed to be enabled for th e call-home request. Th e profile s hould specify
the e-mail ad dress where the transport g ateway is configured so that th e requ est messag e can be
forward ed to the Cis co TAC and the us er can receive the reply from the Smart Call Ho me service.
Based on the k eyword specifyin g the type of rep ort requ ested, th e fo llowing information is returned in
respon se to the request:
•
Examples
co nfig-sa nity—Information on best practices as related to the cu rrent running configuration .
•
bugs-list—Known bugs in the running vers ion and in the cu rrently applied features.
•
co mmand-reference—Reference lin ks to all co mmand s in the run ning configu ration.
•
product-advis ory —Produ ct Security In cident Respon se Team (PSIRT) notices , End of Life (EOL)
or En d of Sales (EOS) notices, or field n otices (FN) that may affect devices in your network .
This examp le shows a request for analysis of a user-specified show command:
Switch# call-home request output-analysis "show diagnostic result module all" profile TG
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-73
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
call-home request
Related Commands
call-ho me (global configura tion)
call-ho me s end
call-ho me s end a lert-group
Enters call home con figuratio n mo de.
Sends a CLI co mmand to be executed , with the co mmand outp ut
to b e sent by e-mail.
Sends a sp ecific alert group messag e.
service ca ll-home (refer to Cisco
IOS documentatio n)
Enables or disables Call Home.
show call-ho me
Displays call-home configuration information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-74
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
call-home send
call-home send
To execute a CLI command an d e-mail the command outpu t, use the call-home send command in
privileged EXEC mod e.
ca ll-home send “cli-command ” { ema il ema il-add r [service-number SR] | service-number SR}
Syntax Description
“cli-command ”
email email-addr
service-number SR
Command Default
Command Modes
Usage Guidelines
Specifies a CLI command to be executed. The command outpu t is sent by
e-mail.
Specifies the e-mail ad dress to which the CLI co mmand outpu t is sent. If no
e-mail ad dress is specified, th e command output is sent to the Cisco TAC at
[email protected].
Specifies an active TAC case nu mber to which the command output
pertains. This n umber is req uired on ly if n o e-mail add ress (or a TAC e-mail
ad dress) is specified, and will appear in th e e-mail su bject line.
This comman d has no default settings.
Privileg ed EXEC mode
This comman d causes th e specified CLI co mmand to be executed on th e system. The specified CLI
co mmand must be enclosed in qu otes (“”), and can be any run or show command, includin g commands
for all modu les.
The command outp ut is then sent by e-mail to the sp ecified e-mail address . If no e-mail addres s is
specified, th e co mmand outpu t is s ent to the Cisco TAC at [email protected]. The e-mail is sent in long
text format with the s ervice number, if specified, in the sub ject line.
Examples
This examp le shows how to send a CLI comman d and have the co mmand ou tput e-mailed:
Switch# call-home send "show diagnostic result module all" email [email protected]
Related Commands
ca ll-home (g lobal configuration)
Enters call ho me config uration mode.
ca ll-home send alert-g roup
Send s a specific alert g rou p message.
service call-home (refer to Cisco
IOS do cumentation)
Enables or disables Call Home.
show ca ll-home
Disp lays call-home con figuratio n information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-75
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
call-home send alert-group
call-home send alert-group
To sen d a specific alert grou p message, us e the call-home s end alert-group comman d in p rivileg ed
EXEC mode.
call-ho me s end a lert-group {configuration | dia gnostic module nu mber | inventory} [pro file
p rofile-na me]
Syntax Description
Command Default
configuration
diagnos tic module
n umber
Sends the configuration alert-gro up message to th e destination profile.
Sends the d iagn ostic alert-grou p message to th e destination pro file for a
sp ecific module n umber.
inventory
profile p rofile-na me
Sends the inventory call-h ome message.
(Optio nal) Sp ecifies the name of the destination profile.
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
When you enter the mod ule numb er, you can enter the n umber of the module.
If you do not specify the pro file profile-name, the messag e is sent to all subscrib ed destination profiles.
Only the configuration , diagnostic, and inventory alert groups can be man ually sent. The d estination
p rofile need no t b e subscribed to the alert group.
Examples
This example s hows how to send the configuration alert-grou p message to th e destination pro file:
Switch# call-home send alert-group configuration
This example s hows how to send the d iagn ostic alert-g rou p message to the destinatio n profile for a
sp ecific module n umber:
Switch# call-home send alert-group diagnostic module 3
This example s hows how to send the d iagn ostic alert-g rou p message to all destin ation profiles fo r a
sp ecific module n umber:
Switch# call-home send alert-group diagnostic module 3 profile Ciscotac1
This example s hows how to send the inventory call-h ome messag e:
Switch# call-home send alert-group inventory
Related Commands
call-ho me (global configura tion)
call-ho me test
Enters call home con figuratio n mo de.
Sends a call-ho me tes t message that you define.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-76
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
call-home send alert-group
service call-home (refer to Cisco
IOS do cumentation)
Enables or disables Call Home.
show ca ll-home
Disp lays call-home con figuratio n information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-77
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
call-home test
call-home test
To manually send a Call Ho me test mess age, use the call-home test command in privileged EXEC mo de.
call-ho me test [“test-message”] profile p rofile-na me
Syntax Description
“test-message”
profile p rofile-na me
Command Default
This command has no default setting s.
(Optio nal) Test message text.
Specifies the name of th e destination pro file.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
This command sends a test mess age to the specified d estin ation profile. If yo u enter test message text,
y ou must enclose the text in q uotes (“”) if it contains spaces. If y ou do not en ter a mess age, a default
message is sent.
Examples
This example s hows how to manually s end a Call Home test message:
Switch# call-home test “test of the day” profile Ciscotac1
Related Commands
call-ho me (global
configuration)
call-ho me s end
a lert-group
Enters call ho me co nfigu ration mode.
Send s a specific alert group message.
service call-home (refer to Enables o r disables Call Home.
Cisco IOS do cumentation)
show call-ho me
Displays call-home con figuratio n in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-78
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
chann el-group
channel-group
To assign and co nfigure an EtherCh ann el interface to an EtherChannel group, u se the channel-group
co mmand . To remove a channel gro up config uration from an interface, u se th e no form of this comman d.
channel-group number mode {active | on | a uto [non-silent]} | {passive | des irable [non-silent]}
no channel-group
Syntax Description
number
mode
Specifies the channel-gro up number; valid values are from 1 to 64.
Specifies the EtherChannel mode o f the interface.
active
on
En ables LACP unconditionally.
Forces the port to channel withou t PAgP.
auto
Places a port in to a passive negotiating state, in which th e port respond s to PAgP
packets it receives bu t do es not initiate PAg P packet negotiation.
(Option al) Used with the auto or d esirab le mode when traffic is exp ected fro m the
oth er d evice.
non-silent
passive
desirable
En ables LACP only if an LACP device is detected .
Places a port into an active n ego tiating state, in which the port initiates negotiations
with o ther ports by sendin g PAgP p ackets.
Defaults
No channel group s are as signed.
Command Modes
Interface con figuration mode
Usage Guidelines
You do no t h ave to create a p ort-ch ann el interface before ass ig ning a ph ysical interface to a channel
gro up. If a port-channel interface has not b een created, it is auto matically created when the first physical
interface for the channel gro up is created.
If a specific chan nel nu mber is u sed for the PAgP-enabled interfaces of a ch ann el group, that same
ch ann el number cannot be u sed for configurin g a chan nel that has LACP-enabled interfaces or vice
versa.
You can also create port channels b y enterin g th e interface port-channel command. This will create a
Layer 3 p ort channel. To change the Layer 3 port channel into a Layer 2 port chan nel, us e the switchpo rt
co mmand before you assign p hysical interfaces to the channel group . A po rt channel cannot be ch ang ed
from Layer 3 to Lay er 2 o r vice versa when it contains member ports.
You do not h ave to disable the IP add ress th at is assigned to a phy sical interface th at is part of a chan nel
gro up, bu t we recommend that yo u do so.
Any co nfigu ration o r attribute chan ges that yo u make to the port-channel interface are p ropagated to all
interfaces within the same channel g roup as the p ort chan nel (for example, config uration changes are
also propagated to the physical interfaces that are not p art of the port chan nel, but are part of the channel
gro up).
You can create in on mode a usable Eth erChan nel by connecting two port g rou ps together.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-79
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
channel-group
Caution
Examples
Do not en able Layer 3 add resses o n th e phys ical EtherChannel in terfaces. Do not assign bridge group s
o n th e phys ical EtherChannel interfaces because it creates loo ps.
This example s hows how to add Gigabit Ethern et interface 1/1 to the EtherChannel group that is
sp ecified by port-channel 45 :
Switch(config-if)# channel-group 45 mode on
Creating a port-channel interface Port-channel45
Switch(config-if)#
Related Commands
Command
interfa ce po rt-channel
show interfa ces po rt-channel
(refer to Cisco IOS
d ocu mentation)
Descriptio n
Accesses or creates a port-channel in terface.
Displays the information about the Fast EtherChannel.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-80
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
channel-protocol
channel-protocol
To enable LACP or PAgP on an interface, use the channel-protocol command. To disable the p roto cols,
use th e no form o f this co mmand .
channel-protocol {lacp | pagp}
no channel-protocol { lacp | pagp}
Syntax Description
lacp
pagp
Enables LACP to manag e chan nelin g.
Enables PAgP to manage channeling.
Defaults
pagp
Command Modes
Interface con figuration mode
Usage Guidelines
You can also select the protocol using the channel-gro up comman d.
If th e interface b elon gs to a ch ann el, the no fo rm of this command is rejected .
All ports in an Eth erChan nel must use the same protocol; you cannot ru n two p rotocols on one mod ule.
PAgP and LACP are not comp atible; both ends of a channel must use the same protocol.
You can manually configure a switch with PAgP on on e s ide and LACP on th e o ther side in the on mode.
You can change the protocol at any time, but th is change causes all exis ting EtherChannels to reset to
the default chan nel mod e fo r the n ew protocol. You can use the channel-protocol comman d to restrict
any one fro m selecting a mode th at is not ap plicable to th e selected p rotocol.
Config ure all ports in an EtherChannel to o perate at the same sp eed an d d uplex mod e (full duplex only
for LACP mode).
Fo r a complete list o f guidelines, refer to th e “Co nfiguring EtherChan nel” section of the Catalyst 4 500
Series Switch Cisco IOS Software Con figu ration Guid e.
Examples
This examp le shows how to select LACP to manage channeling on the interface:
Switch(config-if)# channel-protocol lacp
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-81
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
channel-protocol
Related Commands
Command
channel-group
show etherchannel
Descriptio n
Assigns and co nfigu res an Eth erChan nel interface to an
EtherChannel g rou p.
Displays EtherChannel info rmation fo r a channel.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-82
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
cisp enable
cisp enable
Use the cisp enable global co nfigu ration co mmand to enable Client Information Signalling Proto col
(CISP) o n a switch.
cisp enable
no cisp enable
Syntax Description
cisp ena ble
Defaults
Non e
Command Modes
Glob al co nfigu ration
Usage Guidelines
You mu st en able the CISP protocol (with the global cisp enable command) on b oth the au thenticator an d
supplicant switch. The CISP pro toco l is crucial b ecau se it co nveys the client in formatio n from th e
supplicant switch to th e authenticator switch th ereby p rovidin g access fo r the clients of the supplican t
switch thro ugh the authenticator switch.
Examples
En able CISP.
This examp le shows how to enable CISP:
switch(config)# cisp enable
Related Commands
Co mmand
dot1x credentials (glo ba l
co nfiguration)
show cis p (I OS command)
Description
Co nfigures a pro file on a supplicant switch.
Displays CISP in formatio n for a specified interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-83
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
class
class
To specify the name o f the class whose traffic policy y ou want to create or chang e, use the clas s
p olicy-map configuration command. To delete an existing class from a p olicy map, u se the no form of
th is command.
class cla ss-n ame
no class class-n ame
Syntax Description
Defaults
class-name
Name o f the p redefined traffic class fo r which you want to configu re o r modify a
traffic po licy. The class was previously created throug h th e class-map
class-map-name glob al config uration comman d.
No classes are defined; ex cept for the clas s-default.
Command Modes
Usage Guidelines
Policy-map config uration mode
Before using the class command, you must create a class map for matchin g packets to the clas s by u sing
th e cla ss-map global configuration command. You also must use the po licy-ma p glo bal config uration
command to identify the policy map and to enter po licy-map configuration mod e. After sp ecify ing a
p olicy map , you can con figure a traffic policy for new classes or modify a traffic p olicy fo r any ex is ting
classes in that policy map. The class n ame that yo u sp ecify with the class co mmand in the policy map
ties the characteristics for that class (its policy) to the class map and its match criteria, as con figured
th roug h th e cla ss-map glo bal configu ration co mmand . You attach the policy map to a port by using the
service-po licy (interface co nfiguration) config uration comman d.
After yo u enter the clas s command, th e switch enters policy-map class config uration mode, and these
configuration commands are available:
•
•
bandwidth Specifies or modifies the minimum ban dwidth provided to a class b elon ging to a policy
map. For more info rmation, s ee th e bandwidth command.
dbl En ables d ynamic buffer limiting for traffic hitting th is class. For details on dbl parameters refer
to the show qos dbl co mmand .
•
exit Exits policy -map class co nfigu ration mode and retu rns to policy-map config uration mode.
•
no Retu rns a command to its default s etting.
•
police Configures a s ingle-rate policer, an aggregate p olicer, or a two-rate traffic policer that us es
th e committed information rate (CIR) and the peak information rate (PIR) for a class of traffic. The
p olicer specifies the b and width limitatio ns and the actio n to take when the limits are exceed ed. For
mo re info rmation, see th e police command. For more information abou t the two-rate p olicer, see th e
police (two rates) an d the police (percent) command.
•
priority En ab les the strict priority q ueue for a class o f traffic. For more in formatio n, see the priority
command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-84
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
class
•
service-policy (policy-map class) Creates a service p olicy as a quality of serv ice (QoS) policy
within a policy map (called a h ierarchical service policy). For more information, see the
service-policy (policy-map class) command. This command is effective on ly in a hierarchical
policy map attached to an interface.
•
set Classifies IP traffic by setting a class of service (Co S), a Differentiated Services Code Point
(DSCP) or IP-precedence in the packet. For more information , see the set command.
•
shape (class-based queueing) Sets the tok en bucket committed in formatio n rate (CIR) in a policy
map . For more information, see the shape (class-ba sed queueing) command.
•
trust Defin es a trust state fo r a traffic class . For more information, see the trust command.
The switch supports up to 256 classes, inclu ding the d efault class , in a po licy map . Packets th at fail to
meet any of the matchin g criteria are class ified as members of the default traffic class. You co nfigure the
default traffic class by specifying class-defa ult as the class name in the class policy-map class
co nfiguration command. You can manipulate the default traffic class (for examp le, set po licies to police
or to shape it) just like any other traffic class, but you cann ot d elete it.
To return to policy-map configuration mode, use the exit comman d. To retu rn to privileged EXEC mode,
use th e end co mmand .
Examples
This examp le shows how to create a p olicy map called p olicy 1. When attach ed to an in gress port, the
policy matches all the inb ound traffic defined in class1 , sets the IP DSCP to 10 , and polices the traffic
at an average rate of 1 Mbp s and bursts of 20 KB. Traffic exceeding the p rofile is marked d own to a
Traffic exceeding the pro file is marked down to a DSCP value obtained from the po liced-DSCP map and
then s ent.
Switch# configure terminal
Switch(config)# class-map class1
Switch(config-cmap)# exit
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# set ip dscp 10
Switch(config-pmap-c)# police 1000000 20000 exceed-action policed-dscp-transmit
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastethernet1/0/4
Switch(config-if)# service-policy input policy1
Switch#
You can verify you r settin gs by entering the show policy-map privileged EXEC comman d.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-85
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
class
Related Commands
Command
bandwidth
class-ma p
dbl
police
Descriptio n
Specifies or modifies the minimum b and width prov ided to a class
b elon ging to a policy map attached to a phy sical port.
Creates a class map to be used for matching packets to the class
whose name you specify and to enter class-map co nfiguration
mo de.
Enab les active qu eue managemen t on a tran smit qu eue used by a
class o f traffic.
Con figures the Traffic Policin g feature.
police (percent)
Con figures traffic p olicing o n th e basis of a p ercentage o f
b and width available on an interface.
police rate
policy-map
Con figures sin gle- or dual-rate policer.
Creates a policy map that can be attached to multiple po rts to
sp ecify a service policy an d to enter policy-map config uration
mo de.
priority
Enab les the strict p riority queue (low-latency queuein g [LLQ])
and to g ive p riority to a class of traffic belonging to a policy map
attached to a ph ysical port.
Attaches a policy map to an interface.
service-po licy (interface
configuration)
service-po licy (po licy-ma p
class)
Creates a service po licy that is a q uality o f service (QoS) po licy
within a po licy map .
set
Marks IP traffic by setting a class of serv ice (CoS), a
Differen tiated Services Code Poin t (DSCP), o r IP-preced ence in
th e packet.
shape (class-bas ed queueing)
Enab les traffic shaping a class of traffic in a policy map attached
to a physical po rt.
Displays info rmation ab out the po licy map .
show policy-map
trust
Defines a trust state for traffic clas sified th rou gh the class
p olicy-map configuration command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-86
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
class-map
class-map
To create a class map to be us ed fo r matching packets to the class wh ose name you specify and to enter
class-map config uration mode, use th e cla ss-map g lobal config uration command . To delete an existing
class map and to return to global con figuratio n mo de, use th e no form of this comman d.
cla ss-map [ma tch-all | ma tch-any] class-ma p-na me
no class-ma p [match-all | match-any] class-map-name
Syntax Description
match-all
match-any
cla ss-map-name
(Op tional) Perform a logical-AND of all matching u nder this class map . All
criteria in the class map must be matched.
(Op tional) Perform a logical-OR of the matchin g statemen ts u nder this class
map. One or more criteria in the class map must be match ed.
Name of the class map.
Defaults
No class maps are defin ed.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Use this command to specify the n ame of the class for which you want to create o r modify class-map
match criteria and to enter class -map config uration mo de. Packets are checked against the match criteria
co nfigured for a class map to decide if the packet belong s to that class. If a packet match es the specified
criteria, the packet is consid ered a member of the class and is forward ed according to the quality o f
service (QoS) sp ecificatio ns set in the traffic p olicy.
If neither th e ma tch-all nor th e match-any keyword is specified, the default is match-all.
After you en ter th e class-map co mmand , the s witch enters clas s-map con figuration mode, and these
co nfiguration co mmand s are availab le:
•
Examples
description Describ es the class map (up to 200 characters). Th e show class-map priv ileged EXEC
co mmand dis play s th e description and the n ame of the class map.
•
ex it Exits from Qo S class-map con figuratio n mo de.
•
match Configures classification criteria. For mo re in formatio n, see the match (clas s-map
co nfiguration) comman d.
•
no Removes a match statement from a class map.
This ex ample s hows how to con figure the class map called clas s1 with o ne match criterion , which is an
access list called 103 :
Switch# configure terminal
Switch(config)# access-list 103 permit any any dscp 10
Switch(config)# class-map class1
Switch(config-cmap)# match access-group 103
Switch(config-cmap)# exit
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-87
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
class-map
This example s hows how to delete the class1 class map:
Switch# configure terminal
Switch(config)# no class-map class1
Switch#
You can verify your settings by entering the show cla ss-map p rivileged EXEC command .
Related Commands
Command
Descriptio n
class
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
Defines th e match criteria for a class map.
match (class-map
configuration)
policy-map
Creates a policy map that can be attached to multiple po rts to
sp ecify a service policy an d to enter policy-map config uration
mo de.
show class-ma p
Displays class map information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-88
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear counters
clear counters
To clear the interface counters, use the clea r counters co mmand .
clear counters [{FastEthernet interface_nu mber} | {GigabitEthernet interface_ numb er } |
{null interface_n umber} | {port-channel number } | {vla n vlan_id}]
Syntax Description
Defaults
FastEthernet in terfa ce_number
(Optional) Specifies the Fast Ethernet interface; valid values
are fro m 1 to 9.
GigabitEthernet interface_number
(Optional) Specifies the Gigabit Eth ernet in terface; valid values
are fro m 1 to 9.
null interface_n umber
port-channel number
(Optional) Specifies the null interface; the valid valu e is 0.
(Optional) Specifies the channel interface; valid values are
from 1 to 64.
vlan vlan _id
(Optional) Specifies the VLAN; valid values are from 1 to
4096 .
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
This comman d clears all the current interface coun ters from all the interfaces unless you specify an
interface.
Note
Examples
This co mmand does n ot clear the counters that are retrieved using SNMP, but o nly th ose seen wh en you
en ter th e show interface counters command.
This examp le shows how to clear all the interface co unters:
Switch# clear counters
Clear "show interface" counters on all interfaces [confirm] y
Switch#
This examp le shows how to clear th e counters on a specific interface:
Switch# clear counters vlan 200
Clear "show interface" counters on this interface [confirm]y
Switch#
Related Commands
Co mmand
Description
show interface counters (refer Displays interface coun ter in formatio n.
to Cis co IOS d ocumen tation)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-89
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear errdisable
clear errdisable
To re-enable error-disabled VLANs on an interface, use th e clear errdisa ble co mmand .
clear errdisable interface { n ame} vlan [range]
Syntax Description
interfa ce name
Specifies the interface of the VLAN(s) to recover.
v lan
ran ge
Specifies all VLANs o n th e interface b e recovered.
(Optional) Specifies the VLAN range to be recovered.
Defaults
This command has no default setting s.
Command Modes
Global configuratio n mo de
Usage Guidelines
If a VLAN range is n ot s pecified, all VLANs on the specified interface are re-en abled. The clear
errdisable command recovers the disabled VLANs on an interface.
Clearing the error-d isabled state from a virtual p ort does not chan ge the link state of the physical po rt,
and it do es not affect other VLAN p orts on the phys ical po rt. It do es post an event to STP, an d sp ann ing
tree goes thro ugh its normal process of bringin g th at VLAN po rt to the appropriate blocking or
forwarding state.
Examples
This example s hows how to re-en able a rang e of d isabled VLANs on an interaface:
Switch# clear errdisable interface ethernet2 vlan 10-15
Switch#
Related Commands
Command
Descriptio n
errdisable detect
Enab les error-disable detection .
show errdisable detect
show interfa ces sta tus
Displays the error-disable detectio n s tatus.
Displays the interface s tatus or a list of interfaces in
error-disabled state.
Enab les port security on an interface.
switchport po rt-security
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-90
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
cle ar hw-module slot password
clear hw-module slot password
To clear the password on an intellig ent line modu le, u se the clear hw-module slo t pa ssword comman d.
clear hw-module slot slo t_num password
Syntax Description
slot_nu m
Defaults
The pas sword is no t cleared .
Slo t o n a line mod ule.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
You on ly n eed to ch ang e the p assword o nce unless the passwo rd is reset.
Examples
This examp le shows how to clear th e passwo rd from slot 5 on a line module:
Switch# clear hw-module slot 5 password
Switch#
Related Commands
Co mmand
hw-module power
Description
Turn s the power off on a slo t o r line mod ule.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-91
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear interface gigabitethernet
clear interface gigabitethernet
To clear the h ardware logic from a Gigabit Ethern et IEEE 802 .3 z interface, use the clea r interface
g igabitethernet co mmand .
Note
This command do es not increment interface resets as dis play ed with th e show interface
g igabitethernet mo d/port command.
clear interface g igabitethernet mod /port
Syntax Description
mod/po rt
Defaults
This command has no default setting s.
Command Modes
Examples
Number of th e modu le an d port.
Priv ileged EXEC mo de
This example s hows how to clear the hardware logic from a Gigabit Ethernet IEEE 80 2.3z interface:
Switch# clear interface gigabitethernet 1/1
Switch#
Related Commands
Command
Descriptio n
show interfa ces sta tus
Displays the interface s tatus.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-92
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear interface vlan
clear interface vlan
To clear the hardware log ic from a VLAN, use the clea r interface vla n comman d.
clear interface vlan numb er
Syntax Description
number
Defaults
This comman d has no default settings.
Numb er o f the VLAN interface; valid values are from 1 to 4094 .
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to clear th e hard ware lo gic from a sp ecific VLAN:
Switch# clear interface vlan 5
Switch#
Related Commands
Co mmand
show interfaces status
Description
Displays the interface status.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-93
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear ip access-template
clear ip access-template
To clear the statistical information in access lists , use the clea r ip access -template command .
clear ip access-template access-list
Syntax Description
a cces s-list
Defaults
This command has no default setting s.
Number of th e acces s list; valid values are from 10 0 to 19 9 for an IP exten ded access
list, an d from 2 000 to 2699 for an exp and ed ran ge IP exten ded access list.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to clear the statistical information for an access list:
Switch# clear ip access-template 201
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-94
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear ip arp inspection log
clear ip arp inspection log
To clear the statu s o f the lo g bu ffer, use the clear ip arp inspection log command.
clear ip arp inspection log
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Examples
Privileg ed EXEC mode
This examp le shows how to clear th e contents of the log buffer:
Switch# clear ip arp inspection log
Switch#
Related Commands
Co mmand
Description
arp access-list
Defines an ARP access list or add s clauses at the end of a
predefined list.
Displays the status of the log buffer.
show ip arp inspection lo g
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-95
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear ip arp inspection statistics
clear ip arp inspection statistics
To clear the d ynamic ARP inspectio n s tatistics, us e the clear ip arp inspection sta tistics command.
clear ip arp ins pection sta tistics [vlan vlan-range]
Syntax Description
v lan vlan-range
Defaults
This command has no default setting s.
Command Modes
Examples
(Optional) Specifies the VLAN range.
Priv ileged EXEC mo de
This example s hows how to clear the DAI statistics fro m VLAN 1 and how to verify the removal:
Switch# clear ip arp inspection statistics vlan 1
Switch# show ip arp inspection statistics vlan 1
Vlan
---1
Forwarded
--------0
Dropped
------0
Vlan
---1
DHCP Permits
-----------0
ACL Permits
----------0
Vlan
Dest MAC Failures
-------------------1
0
Switch#
Related Commands
Command
a rp access-list
DHCP Drops
---------0
ACL Drops
---------0
Source MAC Failures
------------------0
IP Validation Failures
---------------------0
clear ip arp ins pection log
Descriptio n
Defines an ARP access list or adds claus es at the en d of a
p redefined list.
Clears the status of th e log buffer.
show ip arp inspectio n log
Displays the status of the log buffer.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-96
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear ip dhcp snoop ing binding
clear ip dhcp snooping binding
To clear the DHCP snoo ping bindin g, us e the clear ip dhcp snooping binding co mmand .
clear ip dhcp snooping binding [*] [ip-ad dress ] [vlan vlan_nu m] [interface interface_ num]
Syntax Description
Defaults
Command Modes
Usage Guidelines
*
ip-a ddress
(Op tional) Clears all DHCP snoop ing binding entries.
(Op tional) IP ad dress fo r the DHCP snoopin g b inding entries.
vlan vlan _num
(Op tional) Specifies a VLAN.
interface interface_ num
(Op tional) Specifies an interface.
This comman d has no default settings.
Privileg ed EXEC mode
These commands are mainly used to clear DHCP sno oping bind ing entries.
DHCP snoo ping is enabled on a VLAN o nly if both the global snoopin g and the VLAN sno oping are
en abled.
Examples
This examp le shows how to clear all the DHCP s noop bind ing en tries:
Switch# clear ip dhcp snooping binding *
Switch#
This examp le shows how to clear a specific DHCP sno op bindin g entry:
Switch# clear ip dhcp snooping binding 1.2.3.4
Switch#
This examp le shows how to clear all the DHCP s noop bind ing en tries o n th e Gig abitEthernet interface
1/1:
Switch# clear ip dhcp snooping binding interface gigabitEthernet 1/1
Switch#
This examp le shows how to clear all the DHCP s noop bind ing en tries o n VLAN 40:
Switch# clear ip dhcp snooping binding vlan 40
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-97
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear ip dhcp snooping binding
Related Commands
Command
ip dhcp snooping
Descriptio n
Globally enables DHCP snoo ping.
ip dhcp snooping binding
Sets up and g enerates a DHCP bind ing co nfiguration to
restore binding s across reb oots.
ip dhcp snoo ping informa tion option
Enab les DHCP op tion 82 data insertio n.
ip dhcp snooping trust
ip dhcp snoo ping vlan
show ip dhcp s noo ping
Enab les DHCP sn ooping on a trusted VLAN.
Enab les DHCP sn ooping on a VLAN or a group o f VLANs.
Displays the DHCP sn ooping configuration.
show ip dhcp s nooping binding
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-98
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear ip dh cp snooping database
clear ip dhcp snooping database
To clear the DHCP bind in g database, use the clea r ip dhcp snooping da tabase command .
clear ip dhcp snooping database
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Examples
Privileg ed EXEC mode
This examp le shows how to clear th e DHCP bin ding database:
Switch# clear ip dhcp snooping database
Switch#
Related Commands
Co mmand
Description
ip dhcp snooping
Glob ally enables DHCP sn ooping .
ip dhcp snooping binding
Sets up and generates a DHCP b inding config uration to
restore bind ings across reboots.
Enables DHCP option 82 data in sertion.
Enables DHCP snoop in g on a trusted VLAN.
ip dhcp snooping info rmatio n option
ip dhcp snooping trust
ip dhcp snooping v lan
Enables DHCP snoop ing on a VLAN o r a group of VLANs.
show ip dhcp snooping
show ip dhcp snooping binding
Displays the DHCP snoop ing con figuratio n.
Displays the DHCP snoop ing binding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-99
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear ip dhcp snooping database statistics
clear ip dhcp snooping database statistics
To clear the DHCP binding databas e statistics, use th e clear ip dhcp snooping database statistics
command.
clear ip dhcp snooping databas e sta tistics
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to clear the DHCP bindin g d atabase:
Switch# clear ip dhcp snooping database statistics
Switch#
Related Commands
Command
ip dhcp snooping
Descriptio n
Globally enables DHCP snoo ping.
ip dhcp snooping binding
Sets up and g enerates a DHCP bind ing co nfiguration to
restore binding s across reb oots.
ip dhcp snoo ping informa tion option
ip dhcp snooping trust
Enab les DHCP op tion 82 data insertio n.
Enab les DHCP sn ooping on a trusted VLAN.
ip dhcp snoo ping vlan
Enab les DHCP sn ooping on a VLAN or a group o f VLANs.
show ip dhcp s noo ping
show ip dhcp s nooping binding
Displays the DHCP sn ooping configuration.
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-100
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear ip igmp group
clear ip igmp group
To delete the IGMP group cache entries, use th e clear ip igmp g roup command.
clear ip igmp group [{fas tethernet mod /port} | {GigabitEthernet mo d/port } | {host_ name |
group_a ddress } {Loopback interface_number} | {null interface_number} |
{port-channel number } | {vla n vlan_id }]
Syntax Description
fas tethernet
mod /port
(Optional) Specifies the Fast Ethernet interface.
(Optional) Nu mber of the module and po rt.
GigabitEthernet
host_n ame
(Optional) Specifies the Gigabit Ethernet interface.
(Optional) Ho stname, as defined in the DNS h osts tab le or with the
ip host command.
group_a ddress
(Optional) Ad dress of the multicast group in fo ur-part, d otted
notation.
(Optional) Specifies the lo opback in terface; valid values are from 0
to 2,1 47,483,647 .
(Optional) Specifies the n ull in terface; the valid valu e is 0.
(Optional) Sp ecifies the channel interface; valid valu es are from 1 to
64.
Loopback interface_n umber
null interface_n umber
port-channel number
vlan vlan _id
Defaults
(Optional) Specifies the VLAN; valid values are from 1 to 4 094.
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
The IGMP cache con tains a lis t of the multicast group s o f which hosts on the directly con nected LAN
are members.
Examples
This examp le shows how to clear th e entries for a specific group fro m the IGMP cache:
To delete all the en tries from th e IGMP cache, enter the clear ip igmp group command with no
arguments.
Switch# clear ip igmp group 224.0.255.1
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-101
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear ip igmp group
This example s hows how to clear the IGMP group cache entries fro m a specific interface:
Switch# clear ip igmp group gigabitethernet 2/2
Switch#
Related Commands
Command
ip host (refer to Cisco IOS
d ocu mentation)
show ip igmp groups (refer to Cis co IOS
d ocu mentation)
show ip igmp interface
Descriptio n
Defines a static host name-to-add ress mapp ing in the hos t
cache.
Displays the multicast group s with receivers that are
d irectly connected to the rou ter and that were learned
th roug h Internet Group Manag ement Pro toco l (IGMP), use
th e show ip ig mp groups command in EXEC mode.
Displays the information about the IGMP-interface status
and config uration.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-102
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clea r ip igmp snooping membership
clear ip igmp snooping membership
To clear the exp licit host-tracking datab ase, u se the clear ip igmp snooping membership command.
clear ip igmp snooping memb ership [v lan vlan_id]
Syntax Description
vlan vlan _id
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Examples
(Optional) Sp ecifies a VLAN; valid values are from 1 to 10 01 and fro m 1006 to 409 4.
Privileg ed EXEC mode
By defau lt, the explicit host tracking database maintains a maximum of 1-KB entries. After yo u reach
this limit, no additional en tries can be created in the database. To create more entries, you will need to
delete th e datab ase with the clear ip igmp snooping statistics vlan co mmand .
This examp le shows how to d isplay th e IGMP sn ooping statistics for VLAN 25:
Switch# clear ip igmp snooping membership vlan 25
Switch#
Related Commands
Co mmand
Description
ip igmp snoo ping v lan explicit-tracking Enables p er-VLAN explicit host tracking.
show ip igmp snooping membership
Displays hos t membership information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-103
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear ip mfib counters
clear ip mfib counters
To clear the g lobal MFIB counters and the cou nters for all active MFIB routes, u se the clear ip mfib
counters command.
clear ip mfib co unters
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to clear all th e active MFIB routes and glo bal counters:
Switch# clear ip mfib counters
Switch#
Related Commands
Command
Descriptio n
show ip mfib
Displays all active Mu lticast Forwarding In formatio n Base
(MFIB) routes.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-104
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
c lear ip mfib fastdrop
clear ip mfib fastdrop
To clear all the MFIB fast-dro p entries , use the clea r ip mfib fastdrop co mmand .
clear ip mfib fastdrop
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Examples
Privileg ed EXEC mode
If new fast-dropped packets arrive, the new fas t-drop entries are created .
This examp le shows how to clear all the fast-drop en tries:
Switch# clear ip mfib fastdrop
Switch#
Related Commands
Co mmand
Description
ip mfib fastdrop
Enables M FIB fas t drop.
show ip mfib fastdrop
Displays all currently active fast-drop en tries and shows
whether fast drop is enabled.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-105
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear ip wccp
clear ip wccp
To remove Web Cache Commu nication Pro toco l (WCCP) statistics (co unts) maintained o n th e switch
for a particular service, use the clear ip wccp command in privileged EXEC mode.
clear ip wccp [vrf vrf-name {web-cache | s ervice-number}] [web-cache | service-nu mber]
Syntax Description
web-ca che
(Optio nal) Directs the router to remove statistics for th e web cache
service.
(Optio nal) Number of the cache s ervice to be removed. The n umber
can be from 0 to 99.
service-numb er
Defaults
No default b ehavior o r valu es.
Command Modes
Priv ileged EXEC (#)
Usage Guidelines
Use the show ip wccp and show ip wccp detail commands to display WCCP statistics.
Use the clear ip wccp comman d to clear the WCCP counters for all WCCP serv ices in all VRFs.
Examples
The following example shows how to clear all statistics associated with the web cache serv ice:
Switch# clear ip wccp web-cache
Related Commands
Command
ip wccp
Description
Enables s upport of the specified WCCP service for participation in a serv ice
gro up.
show ip wccp
Displays glob al statistics related to the WCCP.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-106
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear lacp counters
clear lacp counters
To clear the statis tics fo r all the interfaces belong in g to a specific chan nel group, use th e clear lacp
co unters co mmand .
clear lacp [chann el-group] counters
Syntax Description
cha nnel-group
Defaults
This comman d has no default settings.
(Optio nal) Ch ann el-group number; valid values are fro m 1 to 64.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If you do not specify a channel g rou p, all channel gro ups are cleared.
Examples
This examp le shows how to clear th e statistics for a s pecific gro up:
If you en ter th is command fo r a channel g rou p th at contains members in PAg P mode, th e comman d is
ignored .
Switch# clear lacp 1 counters
Switch#
Related Commands
Co mmand
show lacp
Description
Displays LACP info rmation.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-107
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear mac-address-table
clear mac-address-table
To clear the g lobal counter entries from the Lay er 2 M AC address table, use the clea r
mac-address-table command .
clear ma c-address-table {dynamic [{address mac_ addr } | {interfa ce interface}] [vlan vlan_ id] |
notification}
Syntax Description
Defaults
dynamic
a ddress ma c_a ddr
Specifies dynamic entry ty pes .
(Optional) Specifies the MAC address .
interfa ce interfa ce
v lan vlan_id
(Optional) Sp ecifies the interface and clears th e entries as sociated with it; valid
valu es are Fa stEthernet and GigabitEthernet.
(Optional) Specifies the VLANs; valid values are from 1 to 4094.
notification
Specifies MAC change notificatio n global coun ters.
This command has no default setting s.
Command Modes
Usage Guidelines
Priv ileged EXEC mo de
Enter the clear mac-address-table dynamic command with no arg umen ts to remove all d ynamic entries
fro m the tab le.
The clear mac-address-table notification command o nly clears the global counters which are d isplay ed
with sho w mac-address -table notification command. It does not clear the global coun ters and the
h istory table o f the CISCO-MAC-NATIFICATION-MIB.
Examples
This example s hows how to clear all th e dyn amic Lay er 2 entries for a sp ecific interface (g i1/1):
Switch# clear mac-address-table dynamic interface gi1/1
Switch#
This example s hows how to clear the MAC addres s n otification coun ters:
Switch# clear mac-address-table notification
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-108
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear mac-address-table
Related Commands
Co mmand
clear mac-a ddress-ta ble dy na mic
mac-addres s-table aging-time
Description
Clears the dynamic address entries from th e Layer 2 MAC
ad dress tab le.
Config ures the aging time for entries in the Lay er 2 table.
mac-addres s-table notification
Enables M AC address no tification on a switch.
main-cpu
Enters the main CPU su bmode and man ually syn chronizes
the configuration s on two superviso r engines.
Displays the information abo ut the MAC-add ress table.
Enables SNMP no tifications .
show ma c-address-table address
snmp-server enable traps
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-109
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear mac-address-table dynamic
clear mac-address-table dynamic
To clear the d ynamic address entries from the Layer 2 MAC ad dress tab le, use the clear
mac-address-table dynamic command.
clear mac-address-table dynamic [{address mac_addr} | {interface interface}] [v la n vlan_id ]
Syntax Description
a ddress ma c_a ddr
interfa ce interfa ce
(Optional) Specifies the MAC address .
(Optional) Sp ecifies the interface and clears th e entries as sociated with it; valid
valu es are Fa stEthernet and GigabitEthernet.
v lan vlan_id
(Optional) Specifies the VLANs; valid values are from 1 to 4094.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
Enter the clear mac-address-table dynamic command with no arg umen ts to remove all d ynamic entries
fro m the tab le.
Examples
This example s hows how to clear all th e dyn amic Lay er 2 entries for a sp ecific interface (g i1/1):
Switch# clear mac-address-table dynamic interface gi1/1
Switch#
Related Commands
Command
Descriptio n
mac-address-table aging-time
Con figures the ag ing time fo r entries in th e Layer 2 table.
main-cpu
Enters the main CPU submod e an d manually synchronizes
th e co nfigu rations on two sup ervisor eng ines.
show mac-address-ta ble address
Displays the information about the MAC-address table.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-110
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear nmsp statistics
clear nmsp statistics
To clear the Network Mobility Services Pro toco l (NMSP) statistics , use the clea r nmsp sta tistics
co mmand . This command is available only wh en you r switch is run ning the cry ptograp hic (en crypted)
software image.
clear nmsp statistics
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
No default is defined.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to clear NMSP statistics:
Switch# clear nmsp statistics
Switch#
You can verify that in formatio n was deleted by entering the show nmsp statistics comman d.
Related Commands
Co mmand
Description
show nmsp
Display s th e NMSP info rmation.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-111
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear pagp
clear pagp
To clear the p ort-ch ann el information, use th e clear pa gp command.
clear pagp {group-number | counters }
Syntax Description
g rou p-n umber
counters
Defaults
This command has no default setting s.
Channel-gro up number; valid values are from 1 to 64.
Clears traffic filters.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to clear the port-channel information for a specific group:
Switch# clear pagp 32
Switch#
This example s hows how to clear all th e port-channel traffic filters:
Switch# clear pagp counters
Switch#
Related Commands
Command
show pag p
Descriptio n
Displays info rmation ab out the po rt ch ann el.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-112
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
c lear port-sec urity
clear port-security
To delete all co nfigu red s ecure ad dresses o r a specific dynamic or sticky secu re addres s on an interface
from the MAC ad dress table, use th e clear po rt-security command.
clear port-security dynamic [addres s mac-addr [vlan vla n-id]] | [interface interface-id] [vlan
access | voice]
Syntax Description
dynamic
address mac-ad dr
Deletes all the dynamic secure MAC addres ses.
(Optional) Deletes the specified secu re M AC address .
vlan vlan -id
(Optional) Deletes the specified secu re M AC address from the specified
VLAN.
(Optional) Deletes the secure MAC add resses on the specified ph ysical port
or po rt ch ann el.
interface interface-id
vlan access
vlan voice
Defaults
(Optional) Deletes the secure MAC ad dresses from access VLANs .
(Optional) Deletes the secure MAC ad dresses from vo ice VLANs.
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If you en ter th e clear port-s ecurity all command, the switch removes all the dynamic secu re MAC
ad dresses from th e MAC add ress tab le.
Note
You can clear sticky and static secu re MAC add resses one at a time with the no switchport port-security
mac-addres s command.
If you en ter th e clear port-s ecurity dy namic interfa ce interfa ce-id command, th e switch removes all
the dy namic secure MAC addresses on an interface from the MAC ad dress tab le.
Examples
This examp le shows how to remove all the dynamic secure ad dresses from th e MAC add ress table:
Switch# clear port-security dynamic
This examp le shows how to remove a dy namic secure addres s fro m the MAC address table:
Switch# clear port-security dynamic address 0008.0070.0007
This examp le shows how to remove all the dynamic secure ad dresses learned on a s pecific interface:
Switch# clear port-security dynamic interface gigabitethernet0/1
You can verify that th e information was deleted by en tering the show port-security command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-113
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear port-security
Related Commands
Command
show port-security
Descriptio n
Displays info rmation ab out the po rt-security setting .
switchport po rt-security
Enab les port security on an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-114
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear pppoe intermediate-agent statistics
clear pppoe intermediate-agent statistics
To clear PPPoE Intermediate Ag en t statistics (packet counters), use the clear pppoe intermediate-agent
sta tistics command.
clear ppoe intermediate-agent statistics
Syntax Description
This comman d has no argu ments .
Defaults
This comman d has no default settings.
Command Modes
Examples
Privileg ed EXEC mode
This examp le shows how to clear PPPoE Intermed iate Agent statistics:
Switch# clear pppoe intermediate-agent statistics
Related Commands
Co mmand
show pppoe
intermediate-agent interface
Description
Displays PPPoE Intermediate Agen t statistics (packet co unters).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-115
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear qos
clear qos
To clear the g lobal and per-interface aggregate QoS counters, use the clear qos co mmand .
clear qos [a ggregate-policer [na me] | interface {{fastethernet | GigabitEthernet}
{mod/interface}} | vlan {vla n_num} | port-channel {numb er }]
Syntax Description
a ggregate-policer name
interfa ce
fastethernet
(Optional) Specifies an agg regate policer.
(Optional) Specifies an interface.
(Optional) Specifies the Fast Ethernet 802.3 interface.
Gig abitEthernet
(Optional) Specifies the Gigabit Ethern et 802.3z interface.
mod/interface
(Optional) Number of the module and in terface.
v lan vlan_n um
port-channel n umber
(Optional) Specifies a VLAN.
(Optional) Specifies the chann el interface; valid values are fro m 1 to 64.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
When you enter the clea r qos co mmand , the way that the coun ters work is affected and the traffic that
is no rmally restricted could be fo rwarded for a short period of time.
The clea r qos command resets the interface QoS policy coun ters. If no interface is specified, the clear
qos command resets the QoS policy cou nters for all interfaces.
Examples
This example s hows how to clear the global and per-interface aggregate QoS cou nters for all the
p rotocols:
Switch# clear qos
Switch#
This example s hows how to clear the specific protocol aggreg ate QoS cou nters fo r all the interfaces:
Switch# clear qos aggregate-policer
Switch#
Related Commands
Command
Descriptio n
show qos
Displays QoS info rmation.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-116
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
clear vlan counters
clear vlan counters
To clear the software-cached co unter values to start from zero again for a sp ecified VLAN or all existing
VLANs, use th e clear vlan counters command.
clear vlan [vlan-id ] co unters
Syntax Description
vla n-id
Defaults
This comman d has no default settings.
(Optional) VLAN n umber; see the “Usage Guidelines” section for valid values .
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If y ou do not specify a vlan-id value; th e software-cached counter values for all the existing VLANs are
cleared.
Examples
This examp le shows how to clear th e software-cach ed counter values for a specific VLAN:
Switch# clear vlan 10 counters
Clear "show vlan" counters on this vlan [confirm] y
Switch#
Related Commands
Co mmand
show vlan counters
Description
Displays VLAN coun ter in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-117
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
clear vmps statistics
clear vmps statistics
To clear the VMPS statistics , use the clea r vmps statis tics command.
clear vmps statistics
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Examples
Priv ileged EXEC mo de
This example shows how to clear the VMPS statistics:
Switch# clear vmps statistics
Switch#
Related Commands
Command
Descriptio n
show v mps
Displays VMPS in formatio n.
v mps reco nfirm (privileged EXEC)
Changes the recon firmation interval for the VLAN Query
Protocol (VQP) client.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-118
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
control-plane
control-plane
To enter co ntro l-plane configuration mo de, which allows users to ass ociate o r modify attributes or
parameters (such as a service policy) that are associated with the con trol plane o f the d evice, use th e
co ntro l-plane comman d.
co ntro l-plane
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Default service po lice system-cp p-p olicy is attach ed.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
After you en ter th e control-plane command, you can define co ntrol plane s ervices fo r your rou te
pro cessor. For example, you can associate a service po licy with the control plane to p olice all traffic that
is destin ed to the con trol plane.
Examples
These examples show how to co nfigure trusted hosts with sou rce addresses 10.1.1.1 an d 1 0.1 .1 .2 to
forward Telnet packets to the con trol plane without constraint, while allowing all remaining Telnet
packets to be po liced at the s pecified rate:
Switch(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Allow 10.1.1.2 trusted host traffic.
Switch(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
! Rate limit all other Telnet traffic.
Switch(config)# access-list 140 permit tcp any any eq telnet
! Define class-map “telnet-class.”
Switch(config)# class-map telnet-class
Switch(config-cmap)# match access-group 140
Switch(config-cmap)# exit
Switch(config)# policy-map control-plane
Switch(config-pmap)# class telnet-class
Switch(config-pmap-c)# police 32000 1000 conform transmit exceed drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
! Define aggregate control plane service for the active Route Processor.
Switch(config)# macro global apply system-cpp
Switch(config)# control-plane
Switch(config-cp)# service-police input system-cpp-policy
Switch(config-cp)# exit
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-119
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
control-plane
Related Commands
Command
class
class-ma p
match access-group (refer to
th e Cisco IOS Release 1 2.2
Comman d Referen ce)
Descriptio n
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
Creates a class map to be used for matching packets to the class
whose name you specify and to enter class-map co nfiguration
mo de.
Con figures the match criteria for a class map o n th e basis of the
sp ecified access control list (ACL).
policy-map
Creates a policy map that can be attached to multiple po rts to
sp ecify a service policy an d to enter policy-map config uration
mo de.
service-po licy (interface
configuration)
Attaches a policy map to an interface.
show policy-map
control-pla ne
Displays the co nfigu ration either of a class or of all classes for th e
p olicy map of a control plane.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-120
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
c ounter
counter
To assign counters to a Lay er 3 interface, u se the counter in terface co mmand . To remo ve a counter
ass ignment, use the no fo rm of this command.
co unter {ipv 4 | ipv6 | ipv4 ipv6 sepa rate}
no counter
Syntax Description
Defaults
ipv 4
ipv 6
Enables collectio n of IPv4 statistics o nly.
Enables collectio n of IPv6 statistics o nly.
ipv 4 ipv 6 separate
Enables co llection of IPv 4 an d IPv6 statistics and d isplay s them individually.
Not enabled
Command Modes
Usage Guidelines
Interface con figuration
Enterin g th e counter co mmand without keywords displays the statistics as a su m.
The total numb er o f switch ports that can po sses s tran smit and receive co unters is 4092.
Wh en yo u change a Layer 3 port assign ed with a co unter to a Layer 2 port, the hardware counters are
cleared. This action is similar to enterin g the no co unter command.
Examples
The following example shows how to enable counters on interface VLAN 1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface vlan 1
Switch(config-if)# counter ipv4
Switch(config-if)# end
Switch#
00:17:15: %SYS-5-CONFIG_I: Configured from console by console
Switch# show run interface vlan 1
Building configuration...
Current configuration : 63 bytes
!
interface Vlan1
ip address 10.0.0.1 255.0.0.0
counter ipv4
end
Note
To remove the counter assignment, use the no counter command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-121
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
counte r
If you have already assigned the maximum n umber of counters, the counter command fails, disp layin g
th e fo llowing error message:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fa3/2
Switch(config-if)# no switchport
Switch(config-if)# counter ipv6
Counter resource exhausted for interface fa3/2
Switch(config-if)# end
Switch#
00:24:18: %SYS-5-CONFIG_I: Configured from console by console
In this situation, y ou must release a co unter from an other interface so the new in terface can use it.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-122
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dbl
dbl
To enable active queue manag ement on a transmit queue used by a class of traffic, u se th e dbl comman d.
Use the no form of this comman d to return to the defau lt setting.
dbl
no dbl
Syntax Description
This comman d has no keywo rds or arg umen ts.
Defaults
Active queue managemen t is disabled.
Command Modes
Policy-map class con figuratio n
Usage Guidelines
The semantics of the DBL co nfiguration is s imilar to the WRED algo rithm. The dbl co mmand can
operate alone on class-default; o therwise, it requ ires you to co nfigure th e bandwidth o r shape
co mmand s o n th e class.
Examples
This examp le shows how to enable d bl action in a class:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# dbl
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# service-policy output policy1
Switch(config-if)# end
Related Commands
Co mmand
Description
bandwidth
Creates a sign aling class s tructure that can be referred to by its
name.
Creates a class map to be used for matchin g p ackets to the class
who se name yo u s pecify and to enter class-map config uration
mode.
cla ss
policy-map
service-policy (policy-map
cla ss)
Creates a po licy map th at can be attach ed to multiple ports to
specify a service p olicy and to en ter p olicy -map con figuratio n
mode.
Creates a serv ice policy that is a quality of serv ice (QoS) policy
within a policy map.
show policy -map
Displays information about the policy map.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-123
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug adjacency
debug adjacency
To display in formatio n abou t the adjacency debu gging, use the debug adjacency co mmand . To disable
d ebug ging outpu t, use the no form of this comman d.
debug adja cency [ipc]
no debug adjacency
Syntax Description
ipc
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
(Optio nal) Displays the IPC entries in the adjacency database.
This example s hows how to display the in formatio n in th e adjacency database:
Switch# debug adjacency
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
4d02h: ADJ: add 172.20.52.36 (GigabitEthernet1/1) via ARP will expire: 04:00:00
<... output truncated...>
Switch#
Related Commands
Command
undebug adjacency (same as
n o d ebug adjacency)
Descriptio n
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-124
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug backup
debug backup
To debug th e backu p events , use the debug backup co mmand . To disable the debugg ing o utput, use the
no form o f this co mmand .
debug backup
no debug backup
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to d ebug the back up events:
Switch# debug backup
Backup events debugging is on
Switch#
Related Commands
Co mmand
Description
undebug backup (same as n o
debug backu p)
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-125
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug condition interface
debug condition interface
To limit th e debugging o utput of interface-related activities , use the debug co nditio n interface
command. To disable th e debugging o utput, use the no form of this command.
debug condition interface {fastethernet mod/p ort | Gig abitEthernet mo d/port |
null in terfa ce_num | port-channel in terfa ce-n um | vlan vlan_id}
no debug condition interface {fastethernet mod/po rt | Giga bitEthernet mod/p ort | null
in terface_num | port-channel in terface-nu m | v lan vlan_id }
Syntax Description
fastethernet
mod/po rt
Gig abitEthernet
null in terfa ce-n um
Defaults
This command has no default setting s.
Limits the debugging to Fast Eth ernet interfaces.
Number of the module an d p ort.
Limits the debugging to Gigab it Eth ernet interfaces.
Limits the debugging to nu ll interfaces; the valid value is 0 .
port-channel in terface-nu m
Limits the debugg ing to port-channel interfaces; valid values are from
1 to 64.
v lan vlan_id
Specifies the VLAN interface number; valid values are from 1 to 4094.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to limit the debugg in g output to VLAN interface 1:
Switch# debug condition interface vlan 1
Condition 2 set
Switch#
Related Commands
Command
debug interface
Descriptio n
Abbreviates the en try of th e debug conditio n interface command.
undebug condition interface
(same as n o d ebug cond ition
in terface)
Disab les interface related activities .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-126
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug condition standby
debug condition standby
To limit the debuggin g output for th e standby state ch ang es, use the debug condition standby command.
To disable the debuggin g output, use th e no form o f this co mmand .
debug condition standby {fa stethernet mod /port | GigabitEthernet mod/port |
port-channel interface-num | vlan vlan_id group-number}
no debug condition s tandby {fastethernet mod/po rt | Giga bitEthernet mod /port |
port-channel interface-num | vlan vlan_id group-number}
Syntax Description
Defaults
fas tethernet
mod /port
Limits the debugg ing to Fast Ethernet interfaces.
Number of the mod ule and port.
GigabitEthernet
port-channel interface_n um
Limits the debugg ing to Gigabit Ethernet interfaces.
Limits the debugg ing output to port-channel interfaces; valid values
are from 1 to 64.
vlan vlan _id
Limits the debugging of a condition on a VLAN interface; valid values
are from 1 to 4094 .
group-number
VLAN group number; valid valu es are from 0 to 25 5.
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If you attempt to remove the only con dition set, you will be prompted with a messag e askin g if you wan t
to abort the remo val o peration. Yo u can enter n to ab ort the removal or y to proceed with th e removal. If
you remove the on ly cond ition set, an excessive number of d ebug ging mes sag es might occu r.
Examples
This examp le shows how to limit the d ebu gging outp ut to g roup 0 in VLAN 1 :
Switch# debug condition standby vlan 1 0
Condition 3 set
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-127
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug condition standby
This example s hows the d isplay if you try to turn off th e last standby d ebug cond itio n:
Switch# no debug condition standby vlan 1 0
This condition is the last standby condition set.
Removing all conditions may cause a flood of debugging
messages to result, unless specific debugging flags
are first removed.
Proceed with removal? [yes/no]: n
% Operation aborted
Switch#
Related Commands
Command
Descriptio n
undebug condition standby
(same as n o d ebug cond ition
standby )
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-128
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug condition vlan
debug condition vlan
To limit the VLAN debugg ing ou tput for a specific VLAN, u se the debug condition vlan co mmand . To
disable the debugging ou tput, u se the no form of th is command.
debug condition vlan {vlan _id}
no debug condition vlan {vlan_ id}
Syntax Description
vla n_id
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If y ou attempt to remove the only VLAN conditio n set, you will be p romp ted with a message askin g if
you want to ab ort the removal operation. You can enter n to abo rt the removal or y to proceed with the
removal. If you remove th e only cond itio n set, it could resu lt in the display of an excessiv e number o f
mess ages.
Examples
This examp le shows how to limit the d ebu gging outp ut to VLAN 1:
Number of the VLAN; valid values are from 1 to 4096 .
Switch# debug condition vlan 1
Condition 4 set
Switch#
This examp le shows the mess age that is displayed when you attemp t to disable the last VLAN debug
co ndition:
Switch# no debug condition vlan 1
This condition is the last vlan condition set.
Removing all conditions may cause a flood of debugging
messages to result, unless specific debugging flags
are first removed.
Proceed with removal? [yes/no]: n
% Operation aborted
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-129
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug condition vlan
Related Commands
Command
undebug condition vlan (same
as no debug co ndition vlan)
Descriptio n
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-130
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
deb ug dot1x
debug dot1x
To enable the debu gging for the 802.1X feature, use th e debug dot1x comman d. To disable the
debugging ou tput, u se the no form of this command.
debug dot1x {all | erro rs | ev ents | packets | reg is try | state-machine}
no debug dot1x {all | errors | events | packets | registry | state-machine}
Syntax Description
all
erro rs
Enables the debugg ing of all conditions.
Enables the debugging of prin t statements gu arded by th e dot1x error flag.
events
packets
Enables the debugg ing of print statements guarded by the do t1x events flag.
All incoming dot1 x p ackets are printed with packet and interface info rmation.
registry
Enables the debugg ing of print statements guarded by the do t1x registry flag.
sta te-machine
Enables the debugg ing of print statements guarded by the do t1x registry flag.
Defaults
Debuggin g is disabled.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to enable th e 802.1X d ebu gging for all conditio ns:
Switch# debug dot1x all
Switch#
Related Commands
Co mmand
Description
show dot1x
Displays dot1 x in formatio n.
undebug dot1x (same as n o
debug dot1x)
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-131
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug etherchnl
debug etherchnl
To debug EtherChannel, u se the debug etherchnl comman d. To disable the debu gging outp ut, use the
no form of th is command.
debug etherchnl [a ll | detail | erro r | event | idb | linecard]
no debug etherchnl
Syntax Description
Defaults
a ll
detail
(Optional) Display s all EtherChannel debug mess ages.
(Optional) Display s th e detailed EtherCh ann el debug messag es.
error
event
(Optional) Display s th e EtherCh an nel error messages.
(Optional) Debug s th e major EtherCh ann el event messag es.
idb
lineca rd
(Optional) Debug s th e PAgP IDB messages.
(Optional) Debug s th e SCP messag es to the mo dule.
The default settings are as follows:
•
Debu g is dis abled.
•
All messages are displayed.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
If you d o n ot specify a key word, all debu g messages are displayed.
Examples
This example s hows how to display all the EtherChann el debug mess ages:
Switch# debug etherchnl
PAgP Shim/FEC debugging is on
22:46:30:FEC:returning agport Po15 for port (Fa2/1)
22:46:31:FEC:returning agport Po15 for port (Fa4/14)
22:46:33:FEC:comparing GC values of Fa2/25 Fa2/15 flag = 1 1
22:46:33:FEC:port_attrib:Fa2/25 Fa2/15 same
22:46:33:FEC:EC - attrib incompatable for Fa2/25; duplex of Fa2/25 is half, Fa2/15 is full
22:46:33:FEC:pagp_switch_choose_unique:Fa2/25, port Fa2/15 in agport Po3 is incompatable
Switch#
This example s hows how to display the EtherChannel IDB debug messag es:
Switch# debug etherchnl idb
Agport idb related debugging is on
Switch#
This example s hows how to disable th e debuggin g:
Switch# no debug etherchnl
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-132
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug etherchnl
Related Commands
Co mmand
Description
undebug etherchnl (same as n o Disables d ebug ging outp ut.
debug etherchn l)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-133
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug interface
debug interface
To abbreviate the entry of the debug condition interface co mmand , u se the debug interface command.
To disable debugg ing output, use th e no form of this command .
debug interface {Fas tEthernet mo d/port | GigabitEthernet mod/por t | null |
port-channel in terface-nu m | vlan vlan _id}
no debug interface {FastEthernet mod/p ort | Gig abitEthernet mo d/port | null |
port-channel in terface-nu m | vlan vlan _id}
Syntax Description
Defaults
Fa stEthernet
Limits the debugging to Fast Eth ernet interfaces.
mod/po rt
Gig abitEthernet
null
Number of the module an d p ort.
Limits the debugging to Gigab it Eth ernet interfaces.
Limits the debugging to nu ll interfaces; the on ly valid valu e is 0.
port-channel in terface-nu m
Limits th e debugg ing to po rt-channel interfaces; valid values are from
1 to 64.
v lan vlan_id
Specifies the VLAN interface n umber; valid values are from 1 to
40 94.
This command has no default setting s.
Command Modes
Examples
Priv ileged EXEC mo de
This example s hows how to limit the debugg in g to in terface VLAN 1:
Switch# debug interface vlan 1
Condition 1 set
Switch#
Related Commands
Command
debug condition interface
Descriptio n
Limits th e debugging o utput of interface-related activities .
undebug etherchnl (same as no
d ebug etherchnl)
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-134
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug ipc
debug ipc
To d ebu g the IPC activity, us e the debug ipc command. To disable th e d ebug ging ou tput, use the no form
of this command.
debug ipc {a ll | errors | events | headers | packets | ports | seats }
no debug ipc {all | errors | events | headers | pa ckets | ports | s eats}
Syntax Description
all
erro rs
Enables all IPC d ebug ging.
Enables the IPC error debu gging.
events
headers
Enables the IPC event d ebu gging.
Enables the IPC header debugg in g.
packets
Enables the IPC packet d ebug ging.
ports
sea ts
Enables the debugging of the creation and d eletion of po rts.
Enables the debugging of the creation and d eletion of no des.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to enable th e debugging o f the IPC events :
Switch# debug ipc events
Special Events debugging is on
Switch#
Related Commands
Co mmand
Description
undebug ipc (same as no d ebug
ipc)
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-135
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug ip dhcp snooping event
debug ip dhcp snooping event
To debug the DHCP sn ooping even ts, use the debug ip dhcp snooping event command. To dis able
d ebug ging outpu t, use the no form of this comman d.
debug ip dhcp snooping event
no debug ip dhcp snooping event
Syntax Description
This command has no arguments or keywo rds.
Defaults
Debu gging of s noopin g event is disabled.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to enab le the d ebu gging for the DHCP snoopin g events:
Switch# debug ip dhcp snooping event
Switch#
This example s hows how to disable th e debuggin g for th e DHCP sno oping events:
Switch# no debug ip dhcp snooping event
Switch#
Related Commands
Command
Descriptio n
debug ip dhcp snooping
packet
Debu gs the DHCP sn ooping messages .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-136
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug ip dhcp snooping packet
debug ip dhcp snooping packet
To debug th e DHCP s nooping messag es, u se the debug ip dhcp sno oping packet co mmand . To disable
the debugg ing outpu t, use th e no form of this comman d.
debug ip dhcp snooping packet
no debug ip dhcp snooping packet
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Debuggin g o f snoo ping packet is d isab led.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to enable th e debugging for th e DHCP snoo ping pack ets:
Switch# debug ip dhcp snooping packet
Switch#
This examp le shows how to d isable the d ebug ging fo r the DHCP s nooping p ackets:
Switch# no debug ip dhcp snooping packet
Switch#
Related Commands
Co mmand
Description
debug ip dhcp snooping event Debugs the DHCP snoop ing events.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-137
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug ip verify source packet
debug ip verify source packet
To debug the IP sou rce gu ard messages, u se the debug ip verify source packet comman d. To disab le
th e debugging o utput, u se the no form of this command.
debug ip verify source pa cket
no debug ip verify source packet
Syntax Description
This command has no arguments or keywo rds.
Defaults
Debu gging of s noopin g s ecurity p ackets is disabled.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to enab le debuggin g for th e IP source guard :
Switch# debug ip verify source packet
Switch#
This example s hows how to disable d ebug ging fo r the IP so urce g uard:
Switch# no debug ip verify source packet
Switch#
Related Commands
Command
ip dhcp snooping
Descriptio n
Globally enables DHCP snoo ping.
ip dhcp snoo ping limit ra te
ip dhcp snooping trust
Enab les DHCP op tion 82 data insertio n.
Enab les DHCP sn ooping on a trusted VLAN.
show ip dhcp s noo ping
Displays the DHCP sn ooping configuration.
show ip dhcp s nooping binding
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-138
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug lacp
debug lacp
To debug the LACP activity, use th e debug lacp comman d. To disable th e debu gging outpu t, use the no
form of this comman d.
debug lacp [all | event | fsm | misc | pa cket]
no debug lacp
Syntax Description
all
event
(Optional) En ables all LACP debugging .
(Optional) En ables the d ebug ging of the LACP even ts.
fsm
misc
(Optional) En ables the d ebug ging of the LACP finite state mach ine.
(Optional) En ables the miscellaneous LACP debuggin g.
packet
(Optional) En ables the LACP pack et debugging .
Defaults
Debuggin g o f LACP activity is d isabled.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
This comman d is su pported on ly b y th e supervisor engine an d can be entered only from the
Catalyst 4500 series switch console.
Examples
This examp le shows how to enable th e LACP mis cellan eou s d ebug ging:
Switch# debug lacp
Port Aggregation Protocol Miscellaneous debugging is on
Switch#
Related Commands
Co mmand
undebug pagp (same as n o debu g p ag p)
Description
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-139
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug monitor
debug monitor
To display th e monitoring activity, use th e debug monitor co mmand . To disable th e debuggin g o utput,
u se the no form of th is command.
debug monitor {a ll | errors | idb-update | list | notifications | platform | requests}
no debug monitor {all | errors | idb-update | list | notifications | platform | requests}
Syntax Description
a ll
errors
Displays all the SPAN debu gging messag es.
Displays the SPAN error d etails.
idb-update
list
Displays the SPAN IDB update traces.
Displays the SPAN list tracing an d the VLAN list tracing.
notifications
Displays the SPAN no tification s.
platform
requests
Displays the SPAN platform tracing.
Displays the SPAN req ues ts.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to debug the mo nitorin g errors:
Switch# debug monitor errors
SPAN error detail debugging is on
Switch#
Related Commands
Command
Descriptio n
undebug monitor (same as no debug
mo nitor)
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-140
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug nmsp
debug nmsp
To the enable debu gging of the Netwo rk Mob ility Services Protocol (NMSP) o n the switch, use th e
debug nmsp command. This command is available only when your switch is running the cry ptograp hic
(encrypted) software image. Use the no form of th is command to disable debugg ing.
debug nmsp {all | connection | erro r | event | packet | rx | tx}
no debug nmsp
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Debuggin g is disabled.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
The undebug nmsp command is the same as the no debug nmsp command.
Related Commands
Co mmand
Description
show debugging
Displays information about the types o f debugging that are enabled.
show nmsp
Displays the NMSP information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-141
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug nvram
debug nvram
To debug the NVRAM activity, use the debug nvram command. To disable the debuggin g output, use
th e no form o f this co mmand .
debug nvram
no debug nvram
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to debug NVRAM:
Switch# debug nvram
NVRAM behavior debugging is on
Switch#
Related Commands
Command
Descriptio n
undebug nvram (same as no debug
nvram)
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-142
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug pagp
debug pagp
To debug th e PAgP activ ity, use th e debug pagp command. To d isable the debugging outp ut, use the no
form of this comman d.
debug pagp [a ll | dual-active | event | fsm | misc | pa cket]
no debug pagp
Syntax Description
all
dual-active
(Optional) En ables all PAg P debuggin g.
(Optional) En ables the PAgP du al-active debugg ing.
event
fsm
(Optional) En ables the d ebug ging of the PAgP events.
(Optional) En ables the d ebug ging of the PAgP finite s tate machine.
misc
(Optional) En ables the miscellaneous PAgP debugg ing.
packet
(Optional) En ables the PAgP packet debugg ing.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
This comman d is su pported on ly o n the sup ervisor engin e and can be entered only from the
Catalyst 4500 series switch console.
Examples
This examp le shows how to enable th e PAgP miscellaneous debugging :
Switch# debug pagp misc
Port Aggregation Protocol Miscellaneous debugging is on
Switch#
*Sep 30 10:13:03: SP: PAgP: pagp_h(Fa5/6) expired
*Sep 30 10:13:03: SP: PAgP: 135 bytes out Fa5/6
*Sep 30 10:13:03: SP: PAgP: Fa5/6 Transmitting information packet
*Sep 30 10:13:03: SP: PAgP: timer pagp_h(Fa5/6) started with interval 30000
<... output truncated...>
Switch#
Related Commands
Co mmand
Description
undebug pagp (same as n o debu g p ag p)
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-143
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug platform packet protocol lacp
debug platform packet protocol lacp
To debug the LACP protocol p ackets, use the debug platform pa cket protocol la cp co mmand. To
d isable the debugg ing outpu t, use the no form of this comman d.
debug platform packet protocol la cp [receive | transmit | vlan]
no debug platform packet protocol lacp [receive | transmit | v lan]
Syntax Description
Defaults
receive
trans mit
(Optio nal) Enables th e platform packet reception debugg ing fun ction s.
(Optio nal) Enables th e platform packet transmission debugg ing fun ction s.
v lan
(Optio nal) Enables th e platform packet VLAN debugging functions.
This command has no default setting s.
Command Modes
Examples
Priv ileged EXEC mo de
This example s hows how to enab le all PM debugging :
Switch# debug platform packet protocol lacp
Switch#
Related Commands
Command
Descriptio n
undebug platform packet protocol lacp Disab les debuggin g output.
(same as n o d ebug p latform packet
p rotocol lacp)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-144
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug platform packet protocol pagp
debug platform packet protocol pagp
To debug the PAgP p roto col packets, use th e debug platform packet proto col pagp co mmand. To
disable the debugging ou tput, u se the no form of th is command.
debug platform packet protocol pagp [receive | transmit | v lan]
no debug platform packet protocol pa gp [receive | transmit | vlan]
Syntax Description
Defaults
receive
transmit
(Optional) En ables the p latform packet recep tion debu gging functions.
(Optional) En ables the p latform packet transmissio n debu gging functions.
vlan
(Optional) En ables the p latform packet VLAN debugg ing fun ction s.
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to enable all PM debugg ing:
Switch# debug platform packet protocol pagp
Switch#
Related Commands
Co mmand
Description
undebug platform pa cket protocol
pagp (same as no d ebug platform packet
pro toco l p agp )
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-145
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug pm
debug pm
To debug the port man ager (PM) activity, u se the debug pm command. To disable the debugging output,
u se the no form of th is command.
debug pm {all | ca rd | coo kies | etherchnl | mes sages | port | registry | s cp | sm | span | split |
v lan | vp}
no debug pm {all | card | cookies | etherchnl | messa ges | port | registry | scp | sm | span | split |
v lan | vp}
Syntax Description
a ll
Displays all PM d ebug ging messag es.
card
cookies
etherchnl
Debu gs the modu le-related ev ents.
Enab les the internal PM cookie validation.
Debu gs the Eth erChan nel-related even ts.
messages
port
Debu gs the PM messages.
Debu gs the port-related events.
reg istry
scp
Debu gs the PM registry invocations.
Debu gs the SCP mod ule messag ing.
sm
Debu gs the state mach ine-related events .
span
split
v lan
Debu gs the spannin g-tree-related events.
Debu gs the split-processor.
Debu gs the VLAN-related events.
vp
Debu gs the virtual po rt-related events.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to enab le all PM debugging :
Switch# debug pm all
Switch#
Related Commands
Command
undebug pm (same as n o debu g p m)
Descriptio n
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-146
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug port-sec urity
debug port-security
To debu g po rt security, use the debug port-security command. To disable the debuggin g outp ut, use the
no form o f this co mmand .
debug port-security
no debug port-security
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to enable all PM debugg ing:
Switch# debug port-security
Switch#
Related Commands
Co mmand
Description
switchport port-security
Enables p ort secu rity on an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-147
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug pppoe intermediate-agent
debug pppoe intermediate-agent
To turn o n d ebug ging of th e PPPoE Intermediate Ag ent feature, use the debug pppoe
intermediate-agent co mmand . To turn off debu gging, use th e no form of this command .
debug pppoe intermediate-agent {event | packet | all }
no debug pppoe intermediate-agent {event | packet | all}
Syntax Description
Defaults
event
packet
Activates event d ebug ging
Activates p acket d ebug ging
a ll
Activates b oth event an d p acket d ebug ging
All d ebug ging is turn ed off.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to turn on packet debu gging:
Switch# debug pppoe intermediate-agent packet
PPPOE IA Packet debugging is on
*Sep 2 06:12:56.133: PPPOE_IA: Process new PPPoE packet, Message type: PADI, input
interface: Gi3/7, vlan : 2 MAC da: ffff.ffff.ffff, MAC sa: aabb.cc00.0000
*Sep 2 06:12:56.137: PPPOE_IA: received new PPPOE packet from inputinterface
(GigabitEthernet3/4)
*Sep 2 06:12:56.137: PPPOE_IA: received new PPPOE packet from inputinterface
(GigabitEthernet3/8)
*Sep 2 06:12:56.137: PPPOE_IA: Process new PPPoE packet, Message type: PADO, input
interface: Gi3/4, vlan : 2 MAC da: aabb.cc00.0000, MAC sa: 001d.e64c.6512
*Sep 2 06:12:56.137: PPPOE_IA: Process new PPPoE packet, Message type: PADO, input
interface: Gi3/8, vlan : 2 MAC da: aabb.cc00.0000, MAC sa: aabb.cc80.0000
*Sep 2 06:12:56.137: PPPOE_IA: received new PPPOE packet from inputinterface
(GigabitEthernet3/7)
*Sep 2 06:12:56.137: PPPOE_IA: Process new PPPoE packet, Message type: PADR, input
interface: Gi3/7, vlan : 2 MAC da: 001d.e64c.6512, MAC sa: aabb.cc00.0000
*Sep 2 06:12:56.145: PPPOE_IA: received new PPPOE packet from inputinterface
(GigabitEthernet3/4)
*Sep 2 06:12:56.145: PPPOE_IA: Process new PPPoE packet, Message type: PADS, input
interface: Gi3/4, vlan : 2 MAC da: aabb.cc00.0000, MAC sa: 001d.e64c.6512
This example s hows how to turn off packet debugg ing:
Switch# debug pppoe intermediate-agent packet
PPPOE IA Packet debugging is off
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-148
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
d ebug p ppoe intermediate-agent
Related Commands
Co mmand
pppoe intermediate-agent
(interface)
pppoe intermediate-agent
limit rate
pppoe intermediate-agent
trust
Description
Enables th e PPPoE Intermediate Ag en t feature on an interface.
Limits the rate of the PPPoE Discovery p ackets arriving on an
interface.
Sets the trust configu ration of an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-149
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug redundancy
debug redundancy
To debug sup ervisor en gine redundancy, use the debug redunda ncy command. To dis able the debu gging
o utput, u se the no form of this command .
debug redundancy {errors | fsm | kpa | msg | prog ression | status | timer}
no debug redundancy
Syntax Description
errors
fsm
Enab les the redund ancy facility for error d ebug ging.
Enab les the redund ancy facility for FSM event d ebu gging.
kpa
msg
Enab les the redund ancy facility for keepalive debu gging.
Enab les the redund ancy facility for messaging event debugging .
progression
status
timer
Enab les the redund ancy facility for progression event debugging.
Enab les the redund ancy facility for status event debugging.
Enab les the redund ancy facility for timer event debuggin g.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to debug the redundancy facility timer event debugging :
Switch# debug redundancy timer
Redundancy timer debugging is on
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-150
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug spanning-tree
debug spanning-tree
To debug the sp ann ing tree activities, use the debug s panning-tree comman d. To disable the debugging
outpu t, use th e no form of this comman d.
debug spanning-tree { a ll | backbonefas t | bpdu | bpdu-opt | ethercha nnel | config | ev ents |
ex ceptions | genera l | ha | mstp | pvst+ | root | snmp | switch | synchronization | uplinkfast}
no debug spanning-tree {all | bpdu | bpdu-opt | ethercha nnel | config | ev ents | exceptions |
general | mst | pvst+ | root | snmp}
Syntax Description
all
backbonefast
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Displays all the spanning tree debugging messages .
Debugs the BackboneFast ev ents.
bpdu
bpdu-opt
Debugs the s pan ningtree BPDU.
Debugs the o ptimized BPDU handlin g.
etherchannel
co nfig
Debugs the s pan ning tree EtherChannel s upport.
Debugs the s pan ning tree configuration changes.
events
ex ceptions
Examples
Debugs the TCAM events.
Debugs the s pan ning tree excep tio ns.
general
Debugs the g en eral spanning tree activity.
ha
mstp
pvst+
Debugs the HA events.
Debugs the multiple spannin g tree events.
Debugs the PVST+ even ts.
roo t
snmp
Debugs the s pan ning tree root events.
Debugs the s pan ning tree SNMP ev ents.
switch
synchronization
Debugs the s witch d ebu g even ts.
Debugs the STP state syn chronizatio n events.
uplinkfas t
Debugs the UplinkFast events.
This examp le shows how to d ebug the spanning -tree PVST+:
Switch# debug spanning-tree pvst+
Spanning Tree PVST+ debugging is on
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-151
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug spanning-tree
Related Commands
Command
undebug s panning-tree (same as n o
d ebug sp ann ing-tree)
Descriptio n
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-152
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug spanning-tree backbonefa st
debug spanning-tree backbonefast
To enable debugg ing of the span ning tree BackboneFast events, use th e debug s panning-tree
backbonefast command. To disable th e debuggin g output, use the no form o f this co mmand .
debug spanning-tree backbonefast [detail | exceptions]
no debug spanning-tree backbonefast
Syntax Description
detail
ex ceptions
(Optional) Dis play s th e detailed Backbo neFast d ebug ging mes sag es.
(Optional) En ables the d ebug ging of sp ann ing tree Backb oneFast exceptions.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
This comman d is su pported on ly o n the sup ervisor engin e and en terab le only from the switch con sole.
Examples
This example sh ows how to enable the debu gging and to d isplay the d etailed span ning tree Backbo neFast
debugging information :
Switch# debug spanning-tree backbonefast detail
Spanning Tree backbonefast detail debugging is on
Switch#
Related Commands
Co mmand
undebug spanning-tree backbonefast
(same as no debug spanning-tree
backb onefast)
Description
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-153
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug spanning-tree switch
debug spanning-tree switch
To en able the switch sh im debugg ing, u se the debug spanning-tree switch command. To disable the
d ebug ging outpu t, use the no form of this comman d.
debug spanning-tree switch {all | errors | general | pm | rx {decode | errors | interrupt |
process} | sta te | tx [decode]}
no debug spanning-tree switch {all | errors | general | pm | rx {decode | errors | interrupt |
process} | sta te | tx [decode]}
Syntax Description
a ll
errors
Displays all the s pan ning-tree switch shim debuggin g messages.
Enab les the debu gging of switch shim errors or exception s.
g eneral
pm
Enab les the debu gging of gen eral events.
Enab les the debu gging of port manager events.
rx
decode
Displays the received BPDU-handling debugg ing messages.
Enab les the d ebu gging of the decod e-received p ackets o f the spannin g-tree switch
sh im.
Enab les the debu gging of th e receive errors of the spanning-tree s witch s him.
Enab les the shim ISR receive BPDU debugg in g on the spann in g-tree switch.
errors
interrupt
process
Enab les the pro cess receive BPDU d ebug ging on the s pan ning-tree switch.
state
tx
decode
Enab les the debu gging of th e state changes o n th e spanning -tree port.
Enab les the transmit BPDU debugging o n th e spanning -tree switch shim.
(Optio nal) Enab les the decod e-transmitted packets debugging on th e s pan ning-tree
switch sh im.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
This command is supp orted only on the superv isor engine and enterable only from the switch console.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-154
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug spanning-tree switch
Examples
This examp le shows how to enable th e transmit BPDU debugg ing on the spann in g tree switch shim:
Switch# debug spanning-tree switch tx
Spanning Tree Switch Shim transmit bpdu debugging is on
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 303
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 304
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 305
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 349
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 350
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 351
*Sep 30 08:47:33: SP: STP SW: TX: bpdu of type ieee-st size 92 on FastEthernet5/9 801
<... output truncated...>
Switch#
Related Commands
Co mmand
Description
undebug s panning-tree switch (same as Disables d ebug ging outp ut.
no debug spanning-tree s witch)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-155
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug spanning-tree uplinkfast
debug spanning-tree uplinkfast
To en able the debugg ing of the spanning-tree UplinkFast even ts, use the debug spanning-tree
uplinkfast command. To disable th e debuggin g o utput, use the no form of this command .
debug spanning-tree uplinkfast [exceptions]
no debug spanning-tree uplinkfast
Syntax Description
exceptions
Defaults
This command has no default setting s.
Command Modes
Usage Guidelines
Examples
(Optio nal) Enables th e debuggin g o f the sp ann ing tree UplinkFas t exceptio ns.
Priv ileged EXEC mo de
This command is supp orted only on the superv isor engine and enterable o nly from the switch console.
This example s hows how to debug the s pan ning tree UplinkFast exceptio ns:
Switch# debug spanning-tree uplinkfast exceptions
Spanning Tree uplinkfast exceptions debugging is on
Switch#
Related Commands
Command
Descriptio n
undebug s panning-tree uplinkfast
(same as n o d ebug sp ann ing-tree
u plinkfast)
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-156
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug sw-vlan
debug sw-vlan
To debug the VLAN man ager activ ities, use the debug sw-vlan command. To disable the debugging
outpu t, use th e no form of this comman d.
debug sw-vlan {badpmcookies | events | management | packets | registries }
no debug sw-vlan {badpmcookies | ev ents | management | packets | registries}
Syntax Description
Defaults
Command Modes
Examples
badpmcookies
events
management
Displays the VLAN man ager incidents of b ad port manager cookies.
Debugs the VLAN man ager even ts.
Debugs the VLAN man ager management of in ternal VLANs.
packets
Debugs the p acket h an dling an d encapsulation pro cesses.
registries
Debugs the VLAN man ager regis tries.
This comman d has no default settings.
Privileg ed EXEC mode
This examp le shows how to d ebug the software VLAN events:
Switch# debug sw-vlan events
vlan manager events debugging is on
Switch#
Related Commands
Co mmand
undebug sw-vlan (same as no debug
sw-vlan)
Description
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-157
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug sw-vlan ifs
debug sw-vlan ifs
To en able the VLAN manager Cisco IOS file s ystem (IFS) error tests, us e the debug sw-vlan ifs
command. To disable th e debugging o utput, use the no form of this command.
debug sw-vlan ifs {open {read | write} | read {1 | 2 | 3 | 4} | write}
no debug sw-vlan ifs {open {read | write} | rea d {1 | 2 | 3 | 4} | write}
Syntax Description
o pen
rea d
write
{1 | 2 | 3 | 4}
write
Defaults
Enab les the VLAN man ager IFS debugg ing of errors in an IFS file-open operation .
Debu gs the errors that occu rred when th e IFS VLAN con figuration file was open for
reading.
Debu gs the errors that occu rred when th e IFS VLAN con figuration file was open for
writing.
Determines the file-read operation. See th e “Usage Guidelines ” section for
in formatio n abou t o peration levels.
Debu gs the errors that occurred during an IFS file-write operation.
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
The following are fo ur types of file read o perations:
•
Examples
Operation 1 — Reads the file header, which contains the head er verification wo rd and the file version
n umber.
•
Operation 2—Read s th e main b ody of the file, wh ich contains most of the domain and VLAN
in formatio n.
•
Operation 3—Read s TLV descriptor stru ctures .
•
Operation 4—Read s TLV data.
This example s hows how to debug the TLV data errors durin g a file-read operation :
Switch# debug sw-vlan ifs read 4
vlan manager ifs read # 4 errors debugging is on
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-158
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug sw-vlan ifs
Related Commands
Co mmand
undebug sw-vlan ifs (same as no debug
sw-vlan ifs)
Description
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-159
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug sw-vlan notification
debug sw-vlan notification
To enable th e debug ging of the mess ages that trace th e activ ation and deactivatio n of the ISL VLAN IDs,
u se the debug sw-vlan notification command. To d isable the debugging outp ut, use the no form of this
command.
debug sw-vlan notification {accfwdchange | a llowedvlancfgcha ng e | fwdchange | linkcha ng e |
modechange | pruningcfgchange | statechange}
no debug sw-vlan notification {accfwdchange | a llo wedv lancfgchange | fwdchang e | linkcha ng e
| modechange | pruningcfgchange | statecha ng e}
Syntax Description
a ccfwdchange
fwdchange
Enab les the VLAN manager notificatio n o f agg regated access interface
STP forward changes.
Enab les the VLAN man ager no tification of ch ang es to allowed VLAN
configuration.
Enab les the VLAN man ager no tification of STP forwarding changes.
linkchange
Enab les the VLAN manager notification of interface link state ch ang es.
a llowedv lancfgchange
modechange
Enab les the VLAN man ager no tification of interface mode ch ang es.
pruningcfg change
Enab les the VLAN man ager no tification of ch ang es to pruning
configuration.
Enab les the VLAN man ager no tification of interface state changes.
statechange
Defaults
This command has no default setting s.
Command Modes
Examples
Priv ileged EXEC mo de
This example s hows how to debug the s oftware VLAN interface mode change notificatio ns:
Switch# debug sw-vlan notification modechange
vlan manager port mode change notification debugging is on
Switch#
Related Commands
Command
Descriptio n
undebug s w-vlan notification (same as
n o d ebug sw-v lan no tification)
Disab les debuggin g output.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-160
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug sw-vlan vtp
debug sw-vlan vtp
To en able th e debugging of messages to b e gen erated by th e VTP p roto col co de, u se the debug sw-vlan
vtp comman d. To disab le the d ebu gging outp ut, use the no fo rm of this command.
debug sw-vlan vtp {events | packets | pruning [packets | xmit] | xmit}
no debug sw-vlan vtp {events | packets | pruning [packets | x mit] | xmit}
Syntax Description
events
packets
pruning
packets
Displays the general-p urp ose logic flo w and d etailed VTP d eb ugging messages
generated by the VTP_LOG_RUNTIME macro in th e VTP code.
Displays th e co nten ts o f all incoming VTP pack ets that have been passed into the VTP
code from the Cisco IOS VTP platfo rm-dep en den t layer, except for prun ing packets.
Enab les the debu gging messag e to be g enerated by the pruning segment of the VTP
protocol co de.
(Optio nal) Displays the contents of all incoming VTP pruning packets that have been
passed into the VTP cod e from the Cisco IOS VTP p latform-dependent layer.
xmit
(Optio nal) Displays the contents of all outgoin g VTP packets that the VTP code will
req ues t that the Cisco IOS VTP platform-depen dent layer to send.
xmit
Displays the contents of all o utgoing VTP p ackets th at the VTP cod e will requ est that
the Cisco IOS VTP p latform-dependent layer to send; do es not in clud e prun ing p ackets.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If y ou do not en ter any more parameters after entering pruning, th e VTP pruning debug ging mess ages
are dis play ed.
Examples
This examp le shows how to d ebug the software VLAN outgoin g VTP packets:
Switch# debug sw-vlan vtp xmit
vtp xmit debugging is on
Switch#
Related Commands
Co mmand
undebug sw-vlan vtp (same as n o debug
sw-vlan v tp)
Description
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-161
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug udld
debug udld
To en able the debugg ing of UDLD activ ity, u se the debug udld command. To disable the debugging
o utput, u se the no form of this command .
debug udld {events | packets | regis tries }
no debug udld {events | packets | registries}
Syntax Description
events
packets
reg istries
Enab les the debu gging of UDLD process events as they occur.
Enab les the debugg ing of the UDLD process as it receives packets from the packet queue
and attempts to transmit packets at the request of the UDLD protocol code.
Enab les the debu gging of the UDLD process as it processes registry upcalls from the
UDLD process-dependent module and other feature modules.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
Examples
This command is supp ortedon ly o n th e supervisor engin e and enterable only from the s witch cons ole.
This example s hows how to debug the UDLD events:
Switch# debug udld events
UDLD events debugging is on
Switch#
This example s hows how to debug the UDLD packets:
Switch# debug udld packets
UDLD packets debugging is on
Switch#
This example s hows how to debug the UDLD registry even ts:
Switch# debug udld registries
UDLD registries debugging is on
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-162
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
debug udld
Related Commands
Co mmand
undebug udld (same as no debug udld)
Description
Disables d ebug ging outp ut.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-163
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
debug vqpc
debug vqpc
To debug the VLAN Query Pro toco l (VQP), u se the debug vqpc command. To disable the debu gging
o utput, u se the no form of this command .
debug vqpc [all | cli | events | learn | packet]
no debug vqpc [all | cli | events | learn | packet]
Syntax Description
a ll
(Optio nal) Debugs all the VQP events.
cli
events
learn
(Optio nal) Debugs the VQP co mmand -line interface.
(Optio nal) Debugs the VQP events.
(Optio nal) Debugs the VQP ad dress learning.
packet
(Optio nal) Debugs the VQP packets.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to enab le all VQP debu gging:
Switch# debug vqpc all
Switch#
Related Commands
Command
v mps reco nfirm (privileged EXEC)
Descriptio n
Immed iately sends VLAN Query Pro toco l (VQP) queries to
recon firm all th e dynamic VLAN assig nmen ts with the
VLAN Membership Policy Server (VMPS).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-164
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
define interface-range
define interface-range
To create a macro of in terfaces, u se the define interfa ce-range command .
define interface-range macro-name interface-range
Syntax Description
macro-n ame
interface-range
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Name of the in terface range macro ; u p to 3 2 characters.
Lis t of valid rang es wh en specifyin g interfaces; see the “Usage Guid elines”
sectio n.
Glob al co nfigu ration mode
The macro name is a character string of up to 32 ch aracters.
A macro can co ntain up to five ranges. An interface rang e cann ot s pan mod ules .
Wh en entering the inter face-ra nge, use thes e fo rmats:
•
•
interface-type {mod}/{first-interface} - {last-interface}
interface-type {mod}/{first-interface} - {last-interface}
The valid values for interface-type are as follows:
Examples
•
FastEthernet
•
GigabitEthernet
•
Vlan vla n_id
This examp le shows how to create a mu ltiple-interface macro :
Switch(config)# define interface-range macro1 gigabitethernet 4/1-6, fastethernet 2/1-5
Switch(config)#
Related Commands
Co mmand
interface range
Description
Runs a command on multiple p orts at th e same time.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-165
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
deny
deny
To deny an ARP packet based on match es again st th e DHCP bind ings, use the deny co mmand . To
remo ve the s pecified ACEs from the access list, use the no fo rm of this command.
deny {[request] ip {any | host send er-ip | sender-ip sender-ip -ma sk} mac {any | host s end er-mac
| s end er-mac send er-mac-mask} | response ip {any | host sender-ip | s end er-ip
sender-ip-mask} [{any | host target-ip | target-ip target-ip-mas k}] mac {a ny | host sender-ma c
| sender-mac sender-ma c-mas k} [{any | host target-mac | target-ma c targ et-mac-mask}]} [log ]
no deny {[request] ip {any | ho st sender-ip | sender-ip sender-ip -ma sk} mac {any | host
sender-mac | send er-mac sen der-mac-mask} | response ip {any | host s end er-ip | sen der-ip
sender-ip-mask} [{any | host target-ip | target-ip target-ip-mas k}] mac {a ny | host sender-ma c
| sender-mac sender-ma c-mas k} [{any | host target-mac | target-ma c targ et-mac-mask}]} [log]
Syntax Description
request
(Option al) Requests a match for th e ARP req ues t. Wh en request is
not specified, match ing is perfo rmed against all ARP pack ets.
ip
a ny
host sen der-ip
Specifies the send er IP add ress.
Specifies that any IP or MAC address will be accep ted.
Specifies that only a specific sender IP addres s will b e accep ted.
sender-ip send er-ip-mask
Specifies that a specific rang e of sender IP addresses will be
accepted .
Specifies the send er MAC address .
mac
host sen der-mac
sender-mac s end er-mac-mask
Specifies that only a sp ecific sender MAC address will be accepted.
Specifies that a specific rang e of sender MAC addresses will be
accepted .
res ponse
Specifies a match for th e ARP respon ses.
ip
host target-ip
Specifies the IP add ress values fo r the ARP respo nses.
(Option al) Specifies th at only a s pecific target IP address will be
accepted .
ta rget-ip ta rget-ip -mask
(Option al) Specifies that a specific range of target IP ad dresses will
be accepted.
mac
host target-mac
Specifies the MAC address values for th e ARP respon ses.
(Option al) Specifies th at o nly a specific target MAC ad dress will be
accepted .
(Option al) Specifies th at a specific range of target MAC ad dresses
will be accepted.
ta rget-mac ta rget-mac-mask
lo g
(Option al) Logs a packet when it matches the access co ntrol entry
(ACE).
Defaults
At th e end of the ARP access list, there is an implicit deny ip any ma c any co mmand .
Command Modes
arp-nacl configuration mo de
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-166
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
deny
Usage Guidelines
Examples
Deny clauses can be added to fo rward o r drop ARP p ackets b ased on some matching criteria.
This examp le shows a host with a MAC address of 0000.000 0.abcd and an IP address of 1.1.1 .1. This
example shows howto d eny bo th requests and res ponses from this h ost:
Switch(config)# arp access-list static-hosts
Switch(config-arp-nacl)# deny ip host 1.1.1.1 mac host 0000.0000.abcd
Switch(config-arp-nacl)# end
Switch# show arp access-list
ARP access list static-hosts
deny ip host 1.1.1.1 mac host 0000.0000.abcd
Switch#
Related Commands
Co mmand
Description
arp access-list
Defines an ARP access list or add s clauses at the end of a
predefined list.
ip arp inspection filter vlan
Permits ARPs from ho sts th at are configured for static IP
when DAI is enabled and to define an ARP access lis t and
ap plies it to a VLAN.
permit
Permits an ARP p acket b ased on matches against the DHCP
binding s.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-167
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
destination address
destination address
To con figure the des tin ation e-mail add ress or URL to wh ich Call Ho me mes sages will be sent, u se the
destination address command.
destination address {email email-address | http url}
Syntax Description
email ema il-add ress
http url
Defaults
This command has no default setting s.
Command Modes
cfg-call-home-profile
Usage Guidelines
To enter profile call-home configuration submo de, u se the profile co mmand in call-ho me co nfiguration
mo de.
Specifies the destinatio n e-mail address in 1 to 200 characters .
Specifies the destinatio n HTTP URL in 2 to 200 characters.
When en tering the http s:// d estina tion URL fo r the s ecure server, y ou must also config ure a trustpoint
CA.
Examples
This example s hows how to set th e destination to the e-mail add ress callhome@cisco .com:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination address email [email protected]
Related Commands
Command
destination message-size-limit bytes
Descriptio n
Con figures a maximu m destination messag e size for the
d estination profile.
destination preferred-msg-format
Con figures a preferred mess age format.
destination transport-method
profile
subscribe-to-a lert-group all
Enab les the message transport metho d.
Enters profile call-home co nfigu ration submod e
Sub scribes to all available alert groups .
subscribe-to-a lert-group configura tion Sub scribes th is destination profile to th e Configuration
alert group.
subscribe-to-a lert-group diagnostic
Sub scribes th is destination profile to th e Diagno stic alert
g roup .
subscribe-to-a lert-group environment
Sub scribes this d estin ation profile to th e Enviro nmen t alert
g roup .
subscribe-to-a lert-group invento ry
Sub scribes th is destination profile to th e Inventory alert
g roup .
subscribe-to-a lert-group syslo g
Sub scribes this destination profile to th e Syslo g alert gro up.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-168
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
destination message-size-limit bytes
destination message-size-limit bytes
To config ure a maximum destinatio n message s ize for th e destination pro file, use the des tination
message-size-limit bytes command.
destina tion messag e-size-limit bytes
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
3145 728 bytes
Command Modes
cfg-call-h ome-profile
Usage Guidelines
To en ter profile call-ho me con figuration su bmode, use the profile command in call-home config uration
mode.
Examples
This example shows how to config ure the maximum message size for the destination profile as 30 00000 :
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination message-size-limit 3000000
Switch(cfg-call-home-profile)#
Related Commands
Co mmand
Description
destination address
Config ures the d estination e-mail add ress or URL to which
Call Ho me mes sages will be s ent.
destina tion preferred-msg -format
destination transport-method
Config ures a preferred message format.
Enables th e messag e transp ort method.
profile
Enters profile call-h ome configuration sub mode
subscribe-to-alert-g roup a ll
Subscribes to all available alert grou ps.
subscribe-to-alert-g roup configuration Subscribes this destinatio n p rofile to the Con figuratio n
alert group .
Subscribes this destinatio n p rofile to the Diag nostic alert
group.
subscribe-to-alert-g roup env ironment Subscribes th is destination profile to the Environment alert
group.
subscribe-to-alert-g roup diag no stic
subscribe-to-alert-g roup inventory
Subscribes this destinatio n p rofile to the Inven tory alert
group.
subscribe-to-alert-g roup s yslog
Subscribes this d estin ation pro file to the Sy slog alert group.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-169
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
destination preferred-msg-format
destination preferred-msg-format
To co nfigure a preferred mes sage format, use the destination preferred-msg-format co mmand.
destination preferred-msg-format {long-text | short-text | xml}
Syntax Description
long-text
short-text
Sends the message in lon g-text format.
Sends the message in sh ort-text format.
x ml
Sends the message in XML fo rmat.
Defaults
x ml
Command Modes
Usage Guidelines
Examples
cfg-call-home-profile
To enter profile call-home configuration submo de, u se the profile co mmand in call-ho me co nfiguration
mo de.
This example s hows how to config ure the preferred message format as lon g text:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination preferred-msg-format long-text
Switch(cfg-call-home-profile)#
Related Commands
Command
Descriptio n
destination a ddress
destination transport-method
Con figures the destination e-mail addres s or URL to which
Call Home messages will be sent.
Con figures a maximu m destination messag e size for the
d estination profile.
Enab les the message transport metho d.
profile
Enters profile call-home co nfigu ration submod e
destination message-size-limit bytes
subscribe-to-a lert-group all
Sub scribes to all available alert groups .
subscribe-to-a lert-group configura tion Sub scribes th is destination profile to th e Configuration
alert group.
subscribe-to-a lert-group diagnostic
Sub scribes th is destination profile to th e Diagno stic alert
g roup .
subscribe-to-a lert-group environment
Sub scribes this d estin ation profile to th e Enviro nmen t alert
g roup .
subscribe-to-a lert-group invento ry
Sub scribes th is destination profile to th e Inventory alert
g roup .
subscribe-to-a lert-group syslo g
Sub scribes this destination profile to th e Syslo g alert gro up.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-170
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
destination transport-method
destination transport-method
To enable the message transport metho d, use the destination transport-method command.
destination transport-method {email | http}
Syntax Description
email
http
Defaults
e-mail
Command Modes
Usage Guidelines
Examples
Enables e-mail as tran sport method .
Enables HTTP as transport method .
cfg-call-h ome-profile
To en ter profile call-ho me con figuration su bmode, use the profile command in call-home config uration
mode.
This examp le shows how to set the tran sport method to HTTP:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination transport-method http
Related Commands
Co mmand
destination address
Description
Config ures the d estination e-mail add ress or URL to which
Call Ho me mes sages will be s ent.
destina tion messag e-size-limit bytes
destina tion preferred-msg -format
Config ures a maximum des tinatio n message size for th e
destinatio n profile.
Config ures a preferred message format.
profile
subscribe-to-alert-g roup a ll
Enters profile call-h ome configuration sub mode
Subscribes to all available alert grou ps.
subscribe-to-alert-g roup configuration Subscribes this destinatio n p rofile to the Con figuratio n
alert group .
subscribe-to-alert-g roup diag no stic
Subscribes this destinatio n p rofile to the Diag nostic alert
group.
subscribe-to-alert-g roup env ironment
Subscribes th is destination profile to the Environment alert
group.
subscribe-to-alert-g roup inventory
Subscribes this destinatio n p rofile to the Inven tory alert
group.
subscribe-to-alert-g roup s yslog
Subscribes this d estin ation pro file to the Sy slog alert group.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-171
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
diagnostic fpga soft-error recover
diagnostic fpga soft-error recover
To con figure the SEU beh avio r, u se the diagnostic fpg a s oft-error recover command. To return to the
d efault setting, use the no form of this command.
diagnos tic fpga soft-erro r recover {conservativ e | agg ressive}
no diagnostic fpga so ft-error recover
Syntax Description
conservative
Dictates that the su pervisor engine does not reload, Rather it issu es a con sole error
mess age once an hour.
You sho uld reload the sup ervisor engin e at the nex t maintenance wind ow.
Dictates that the superv isor engine reloads immediately and automatically. A
crashdump is generated , allowing you to identify th e SEU event as the cau se of
the relo ad.
a ggressive
Defaults
A s witch exhib its the default SEU behavio r when this co mmand is no t configured. On redund ant
switch es that have reached SSO, the defau lt b ehavior is aggress ive. In all other switches, th e default
b ehavior is conservative.
Command Modes
Global config mode
Usage Guidelines
SEU events on the system FPGAs result in a p oten tially unstable switch. The on ly recovery is to reload
th e affected superv isor engine. However, SEU events may be h armless, so y ou might wan t to delay the
relo ad until a maintenance window, to avoid impactin g users. Alternatively, you mig ht want to force an
immediate reload to avoid an instance where the switch crash es or d rop s traffic b ecause of the SEU.
Examples
This example s hows how to config ure the SEU behavior as conservative:
Switch(config)#
diagnostic fpg a s oft-error recov er conserva tive
This example s hows how to revert to the default behav ior:
Switch(config)#
no diagnositc fpga soft-error recover
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-172
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
diagnostic monitor action
diagnostic monitor action
To direct the actio n of the s witch when it detects a p acket memory failu re, use the diagnostic monitor
action co mmand .
diagnostic monitor action [co nservative | normal | aggressive]
Syntax Description
co nservative
(Optional) Specifies that th e bootu p SRAM diagno stics log all failu res
and remove all affected buffers from the hard ware o peration. The
ongo ing SRAM diag nostics will lo g events, bu t will take no o ther
action .
normal
(Optional) Specifies that the SRAM diagnostics operate as in
conservativ e mode, ex cept th at an ong oing failure resets the su pervisor
engine; allows for the bootup tests to map ou t the affected memory.
(Optional) Specifies that the SRAM diagnostics operate as in normal
mode, ex cept th at a b ootup failure o nly log s failures an d does n ot allow
the su perviso r en gine to come o nline; allows fo r eith er a redun dan t
supervisor engine or netwo rk-level redundancy to take over.
aggres siv e
Defaults
normal mode
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Use the conservative keyword when you do n ot wan t the switch to reboot so that th e problem can be
fixed.
Use the agg ressive keywo rd wh en yo u h ave redundant supervisor engines, or wh en network-level
redun dan cy has been provided.
Examples
This example shows h ow to co nfigu re the switch to initiate an RPR s witchover when an o ngoing failure
occurs:
Switch# configure terminal
Switch (config)# diagnostic monitor action normal
Related Commands
Co mmand
Description
show diagnostic result mo dule test 2
show diagnostic result mo dule test 3
Displays the module-based diagnostic test results.
Displays the module-based diagnostic test results.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-173
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
diagnostic start
diagnostic start
To run th e specified diagno stic test, use the diagnostic start comman d.
diagnos tic start {module num} {test test-id} [port num]
Syntax Description
Defaults
module num
Mo dule n umber.
test
test-id
Specifies a test to ru n.
Specifies an identificatio n n umber fo r the test to be run; can be th e cable
d iagn ostic test-id, or the ca ble-tdr keywo rd.
port nu m
(Optio nal) Sp ecifies the interface p ort numb er.
This command has no default setting s.
Command Modes
Examples
Priv ileged EXEC mo de
This example s hows how to run the specified diag nostic test at the s pecified module:
This exec command starts the TDR test on specified interface
Switch# diagnostic start module 1 test cable-tdr port 3
diagnostic start module 1 test cable-tdr port 3
module 1: Running test(s) 5 Run interface level cable diags
module 1: Running test(s) 5 may disrupt normal system operation
Do you want to continue? [no]: yes
yes
Switch#
2d16h: %DIAG-6-TEST_RUNNING: module 1: Running online-diag-tdr{ID=5} ...
2d16h: %DIAG-6-TEST_OK: module 1: online-diag-tdr{ID=5} has completed successfully
Switch#
Note
Related Commands
The show cable-diagnos tic tdr command displays the results o f a TDR test. The test results will n ot be
available u ntil app roximately 1 min ute after the test starts. If y ou en ter the show cable-dia gnostic tdr
command within 1 minu te of the tes t startin g, yo u may see a “TDR test is in p rogress o n interface...”
message.
Command
show diag nos tic content
Descriptio n
Displays diag nostic content information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-174
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x auth-fail max-attemp ts
dot1x auth-fail max-attempts
To config ure the max number of attempts before a port is moved to th e auth-fail VLAN, use the
dot1x a uth-fail max-attempts command. To return to the default setting, u se the no form of this
co mmand .
dot1x a uth-fail max-attempts max-attemp ts
no dot1x auth-fail max-attempts ma x-attempts
Syntax Description
max-attempts
Specifies a maximum numb er o f attempts befo re a port is moved to the
auth-fail VLAN in the rang e of 1 to 10 .
Defaults
Default is 3 .
Command Modes
Interface con figuration mode
Examples
This example sh ows h ow to config ure th e maximu m numb er of attempts before th e port is moved to th e
au th-fail VLAN on Fast Ethernet interface 4/3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x auth-fail max-attempts 5
Switch(config-if)# end
Switch#
Related Commands
Co mmand
Description
dot1x max-reauth-req
Sets the maximum numb er o f times that the switch will
retransmit an EAP-Request/Iden tity frame to th e client
before restarting the authentication proces s.
show dot1x
Displays 802 .1 x i n formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-175
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x auth-fail vlan
dot1x auth-fail vlan
To enable the auth-fail VLAN on a p ort, u se the dot1x auth-fail vlan command. To return to the default
setting, use th e no form of this command .
dot1x auth-fail vlan vlan-id
no dot1x auth-fail vlan vlan -id
Syntax Description
vlan-id
Defaults
This command has no default setting s.
Command Modes
Interface configuration mode
Examples
Specifies a VLAN in the range of 1 to 4094 .
This example s hows how to config ure the auth-fail VLAN on Fast Ethern et interface 4/3 :
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x auth-fail vlan 40
Switch(config-if)# end
Switch#
Related Commands
Command
dot1x ma x-rea uth-req
Descriptio n
Sets th e maximum number of times that th e switch will
retransmit an EAP-Request/Identity frame to the client
b efore restarting the au then tication process.
show dot1x
Displays dot1x information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-176
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x control-direction
dot1x control-direction
To enable un idirectio nal po rt co ntrol on a per-po rt basis on a switch, use the dot1 x control-direction
co mmand . Use the no fo rm of this command to disable unid irectio nal port co ntrol.
dot1x control-direction [in | both]
no dot1x control-direction
Syntax Description
in
both
Defaults
Both in-b ound and out-bound traffic will be controlled .
(Optional) Specifies controlling in-b ound traffic on a port.
(Optional) Specifies controlling both in-boun d and ou t-bou nd traffic on a
port.
Command Modes
Interface con figuration mode
Usage Guidelines
You can manage remote systems us ing unid irectio nal con trol. Unidirectional control enab les y ou to turn
on systems remotely u sing a specific Ethernet p acket, known as a magic packet.
Using u nidirectional control en ables you to remotely man age systems using 802.1X ports. In the past,
the po rt became un au th orized after the systems was turned off. In this state, th e port only allowed th e
receipt and transmission o f EAPoL p ackets. Th erefore, there was no way fo r the u nidirectional control
mag ic packet to reach the h ost and without being turned o n th ere was no way fo r the sy stem to
au then ticate and open the p ort.
Examples
This examp le shows how to enable u nidirectional control on incoming pack ets:
Switch(config-if)# dot1x control-direction in
Switch(config-if)#
Related Commands
Co mmand
show dot1x
Description
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-177
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x credentials (global configuration)
dot1x credentials (global configuration)
Use the dot1x credentials global con figuratio n command to configure a pro file on a sup plicant switch.
dot1x credentia ls profile
no dot1x credentials profile
Syntax Description
p rofile
Defaults
No pro file is config ured for the switch .
Command Modes
Global configuration
Specify a pro file for the supplicant switch.
Usage Guidelines
You must have an other switch set up as the authenticator for this switch to b e the s upplican t.
Examples
This example s hows how to config ure a switch as a supplicant:
Switch(config)# dot1x credentials profile
You can verify your settings by entering the show running -config priv ileged EXEC command.
Related Commands
Command
cisp enable
Descriptio n
Enab les Client Information Signalling Proto col (CISP).
show cisp (IOS
command)
Displays CISP information for a specified interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-178
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x critical
dot1x critical
To enab le the 802.1X critical authentication on a port, use the dot1x critical command. To return to the
default setting , use the no form of this comman d.
dot1x critical
no dot1x critical
Syntax Description
This comman d has no keywo rds or variables.
Defaults
Critical authentication is disabled.
Command Modes
Interface con figuration mode
Examples
This examp le shows how to enable 8 02.1x critical au then tication:
Switch(config-if)# dot1x critical
Switch(config-if)#
Related Commands
Co mmand
Description
dot1x critical eapol
dot1x critical recov ery delay
Enables s end ing EAPOL success packets when a po rt is
critically authorized partway through an EAP ex chang e.
Sets the time interval between port rein itializatio ns.
dot1x critical vlan
show dot1x
Assig ns a critically authenticated port to a s pecific VLAN.
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-179
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x critical eapol
dot1x critical eapol
To enable sending EAPOL s uccess packets when a port is critically authorized partway th rou gh an EAP
exchange, u se th e dot1x critical eapol command. To return to th e d efault setting , u se the no form of this
command.
dot1x critica l eapol
no dot1x critical ea po l
Syntax Description
This command has no key words or variables.
Defaults
The default is to not sen d EAPOL su ccess p ackets.
Command Modes
Global configuratio n mo de
Examples
This example s hows how to enab le sending EAPOL success packets:
Switch(config-if)# dot1x critical eapol
Switch(config-if)#
Related Commands
Command
Descriptio n
dot1x critica l
Enab les the 802.1X critical authentication o n a port.
dot1x critica l recovery delay
dot1x critica l vla n
Sets th e time interval between po rt reinitializations.
Assigns a critically auth en ticated po rt to a specific VLAN.
show dot1x
Displays dot1x information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-180
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x critical recovery delay
dot1x critical recovery delay
To set the time interval between po rt reinitializations, u se the dot1x critical recovery delay co mmand .
To return to the default setting, use the no form of this command.
dot1x critical recov ery delay delay-time
no dot1x critical recovery delay
Syntax Description
delay-time
Specifies the interval between po rt reinitializations wh en AAA trans istion
occurs; valid values are from 1 to 10,000 millisecon ds.
Defaults
Delay time is set to 100 millisecon ds.
Command Modes
Glob al co nfigu ration mode
Examples
This examp le shows how to set the 8 02.1x critical recovery delay time to 50 0:
Switch(config-if)# dot1x critical recovery delay 500
Switch(config-if)#
Related Commands
Co mmand
dot1x critical
Description
Enables th e 802 .1X critical auth en tication on a po rt.
dot1x critical eapol
Enables s end ing EAPOL success packets when a po rt is
critically authorized partway through an EAP ex chang e.
dot1x critical vlan
show dot1x
Assig ns a critically authenticated port to a s pecific VLAN.
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-181
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x critical vlan
dot1x critical vlan
To ass ign a critically authenticated port to a specific VLAN, use th e dot1 x critical vlan command. To
retu rn to the defau lt setting, use th e no form o f this co mmand .
dot1x critica l vla n vlan-id
no dot1x critical vla n-id
Syntax Description
vlan-id
Defaults
Critical auth entication is disab led on a ports VLAN.
Command Modes
Interface configuration mode
Usage Guidelines
(Optio nal) Sp ecifies the VLANs; valid valu es are from 1 to 40 94.
The typ e of VLAN specified must match the type of the po rt. If the port is an access port, th e VLAN
mu st be a regu lar VLAN. If the port is a p rivate-VLAN host port, the VLAN must be th e seco ndary
VLAN of a valid private-VLAN do main. If the port is a ro uted po rt, no VLAN may b e specified.
This command is not supp orted on platforms such as Layer 3 switches that do no t include the Critical
Auth VLAN sub system.
Examples
This example s hows how to enab le 802 .1x critical authenticatio n on a ports VLAN:
Switch(config-if)# dot1x critical vlan 350
Switch(config-if)#
Related Commands
Command
dot1x critica l
Descriptio n
Enab les the 802.1X critical authentication o n a port.
dot1x critica l eapol
Enab les sending EAPOL success packets when a port is
critically auth orized p artway thro ugh an EAP exchange.
dot1x critica l recovery delay
show dot1x
Sets th e time interval between po rt reinitializations.
Displays dot1x information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-182
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x guest-vlan
dot1x guest-vlan
To enable a guest VLAN o n a per-p ort b asis, use the dot1 x guest-vlan comman d. To retu rn to the default
settin g, use the no form of th is command.
dot1x g uest-vlan vlan-id
no dot1x guest-vlan vlan -id
Syntax Description
vla n-id
Defaults
This comman d has no default settings.; th e guest VLAN feature is disabled .
Command Modes
Interface con figuration mode
Usage Guidelines
Guest VLANs can be co nfigu red only on ports that are statically configured as access ports or private
VLAN host po rts. Statically config ured access po rts can be con figured with regular VLANs as guest
VLANs; statically co nfigu red private VLAN ho st p orts can be co nfigu red with secon dary private
VLANs as guest VLANs.
Examples
This examp le shows how to enable a guest VLAN on Fast Ethernet interface 4 /3:
Specifies a VLAN in the rang e of 1 to 40 94.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x guest-vlan 26
Switch(config-if)# end
Switch(config)# end
Switch#
Related Commands
Co mmand
Description
dot1x max-reauth-req
Sets the maximum numb er o f times that the switch will
retransmit an EAP-Request/Iden tity frame to th e client
before restarting the authentication proces s.
show dot1x
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-183
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x guest-vlan supplicant
dot1x guest-vlan supplicant
To place an 8 02.1X-capable su pplicant (h ost) into a guest VLAN, use th e dot1x guest-vlan s upplica nt
g lobal configuration command. To return to th e default settin g, use the no fo rm of this command.
dot1x quest-vlan supplicant
no dot1x quest-vlan supplicant
Syntax Description
This command has no arguments or keywo rds.
Defaults
8 02.1X-capable h osts are no t pu t into a guest VLAN.
Command Modes
Global configuratio n mo de
Usage Guidelines
With Cisco Release 1 2.2(25 ) EWA, you can use th e dot1x guest-vlan supplica nt command to p lace an
8 02.1X-capable h ost into a guest VLAN. Prior to Cisco Releas e 12.2(25)EWA, yo u cou ld o nly place
n on-8 02.1X cap able hosts into a g uest VLAN.
When guest VLAN supplicant beh avior is enabled, the Catalyst 4500 series switch does not main tain
EAPOL packet histo ry. Th e switch allows clients that fail 802 .1 X auth entication to access a g ues t
VLAN, whether or not EAPOL pack ets have been d etected on the interface.
Examples
This example s hows how to place an 8 02.1X-capable su pplicant (host) in to a guest VLAN:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# dot1x guest-vlan supplicant
Switch(config)# end
Switch#
Related Commands
Command
Descriptio n
dot1x system-auth-control
Enab les 802 .1 X au then tication on the s witch.
show dot1x
Displays dot1x information.
dot1x host-mode
Use th e dot1x host-mode interface con figuratio n co mmand o n the s witch stack or on a stand alon e switch
to allow a sing le host (client) o r multiple h osts on an IEEE 8 02.1x-auth orized p ort. Use the
multi-do main key word to enable mu ltid omain authenticatio n (MDA) on an IEEE 8 02.1x-au thorized
p ort. Use th e no form of this comman d to retu rn to the d efau lt setting.
dot1x host-mode {multi-host | single-hos t | multi-domain}
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-184
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x host-mode
no dot1x host-mode [multi-ho st | single-host | multi-do main}
Syntax Description
multi-host
single-host
En ables multiple-h osts mode on th e switch.
En ables single-h ost mode o n th e switch.
multi-domain
En ables MDA on a switch port .
Defaults
The defau lt is sing le-host mode.
Command Modes
Interface con figuration mode
Usage Guidelines
Use this command to limit an IEEE 80 2.1 X-enabled port to a single client o r to attach multiple clien ts
to an IEEE 8 02.1X-en abled port. In multiple-hos ts mo de, only one of the attached ho sts needs to be
successfully au thorized for all hosts to be g ranted network access. If the port becomes u nau thorized
(re-authentication fails or an Exten sible Au th en tication Protocol over LAN [EAPOL]-logo ff mess age is
received), all attached clients are d enied access to the network.
Use the multi-domain keyword to enable MDA on a port. MDA d iv ides the port into bo th a data d omain
an d a voice domain. MDA allows both a data device and a voice device, such as an IP p hone (Cisco or
non-Cisco ), on the same IEEE 8 02.1x-enabled port.
Before enterin g this command, make sure th at th e dot1x port-control interface configuration co mmand
is set to auto for the specified port.
You can assign bo th vo ice and d ata VLAN dynamically from the ACS server. No add itio nal
co nfiguration is required to enab le dyn amic VLAN ass ig nmen t o n th e switch.To enable VLAN
ass ignment, yo u mu st configure the Cisco ACS server. For details on configu ring the ACS server for
voice VLAN as signment, refer to the “Cisco ACS Co nfigu ration for VLAN Assignment” s ection in th e
Catalyst 4500 Series Switch Software Co nfigu ration Guid e-Releas e, 12.2(5 2)SG.
Examples
This examp le shows how to enable IEEE 802.1x authentication and to enable multiple-hos ts mod e:
Switch# configure t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet6/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-host
Switch(config-if)# end
Switch#
This examp le shows how to enable MDA and to allow both a h ost and a voice dev ice on the po rt:
Switch# configure t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface FastEthernet6/1
Switch(config-if)# switchport access vlan 12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport voice vlan 10
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-domain
Switch(config-if)# no shutdown
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-185
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x host-mode
Switch(config-if)# end
Switch#
You can verify your settings by entering the show dot1x [interface interface-id] p rivileg ed EXEC
command.
Related Commands
Command
show dot1x
Descriptio n
Displays dot1x information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-186
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x initialize
dot1x initialize
To un auth orize an interface befo re reinitializing 80 2.1 X, u se the do t1x initia lize command .
dot1x initialize inter face
Syntax Description
interface
Defaults
This comman d has no default settings.
Number of the interface.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
Use this command to initialize state machines and to set up the enviro nmen t for fresh authentication.
Examples
This examp le shows how to in itialize the 802.1X state mach ines on an interface:
Switch# dot1x initialize
Switch#
Related Commands
Co mmand
show dot1x
Description
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-187
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x mac-auth-bypass
dot1x mac-auth-bypass
To enable th e 802.1X MAC ad dress bypassing on a switch, use the dot1x ma c-auth-by pa ss command.
Use the no form of this command to disable M AC address byp assin g.
dot1x ma c-auth-by pas s [eap]
no dot1 x mac-a uth-bypass [eap]
Syntax Description
eap
Defaults
There is no default setting.
Command Modes
Interface configuration mode
Usage Guidelines
The removal of th e dot1x mac-auth-bypass configuration from a port d oes not affect the auth orizatio n
o r authenticatio n state of a port. If the po rt is in un au then ticated state, it remains unauthenticated, and if
MAB is active, the authentication will revert back to the 8 02.1X Auth enticator. If th e port is au th orized
with a MAC add ress, and the MAB co nfiguration is removed the port remains authorized until
re-authentication takes p lace. When re-au then tication o ccurs the MAC address is removed in favo r o f an
8 02.1X supp licant, which is d etected on the wire.
Examples
This example s hows how to enab le EAP MAC ad dress authentication:
(Optio nal) Sp ecifies using EAP MAC ad dress authentication.
Switch(config-if)# dot1x mac-auth-bypass
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-188
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x max-re auth-req
dot1x max-reauth-req
To set th e maximum n umber of times that the s witch will retransmit an EAP-Request/Identity frame to
the clien t b efore restarting the au then tication process, use the dot1x max-reauth-req command. To
return to th e default settin g, use the no fo rm of this command.
dot1x max-reauth-req count
no dot1x max-reauth-req
Syntax Description
co unt
Number of times that the switch retransmits EAP-Req ues t/Identity frames befo re
restarting the authentication proces s; valid values are fro m 1 to 10.
Defaults
The switch sen ds a max imum o f two retran smissions.
Command Modes
Interface con figuration mode
Usage Guidelines
You sho uld chang e the default value of th is command only to adjust for unusual circu mstan ces such as
unreliable lin ks or specific behavioral problems with certain clients and au then tication servers . This
settin g imp acts the wait before a non-dot1x-capable client is admitted to the gu est VLAN, if one is
co nfigured.
You can verify you r settin gs by entering the show dot1x privileged EXEC command.
Examples
This examp le shows how to set 5 as the number of times that th e switch retransmits an
EAP-Requ est/Identity frame before restarting the authentication proces s:
Switch(config-if)# dot1x max-reauth-req 5
Switch(config-if)#
Related Commands
Co mmand
show dot1x
Description
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-189
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x max-req
dot1x max-req
To set the maximum number of times that th e switch retransmits an Extensib le Authenticatio n Protocol
(EAP)-Request frame of typ es other than EAP-Req ues t/Identity to the clien t b efore restarting the
authenticatio n p rocess, us e the dot1x ma x-req comman d. To return to the default s etting , use the no
form of this command.
dot1x ma x-req count
no dot1 x max-req
Syntax Description
Defaults
coun t
Number of times that the switch retransmits EAP-Req uest frames o f types other than
EAP-Request/Id entity before restarting the auth entication pro cess; valid values are from
1 to 10.
The switch sends a maximum of two retransmissio ns.
Command Modes
Interface configuration mode
Usage Guidelines
You should change th e default value of this comman d o nly to adju st for un usual circumstances such as
u nreliable links or specific behavio ral p rob lems with certain clients an d authenticatio n servers.
Examples
This example s hows how to set 5 as the nu mber of times th at the s witch retransmits an EAP-Request
frame b efore restarting the au then tication process:
You can verify your settings by entering the show dot1x p rivileg ed EXEC co mmand .
Switch(config-if)# dot1x max-req 5
Switch(config-if)#
This example s hows how to return to the default setting:
Switch(config-if)# no dot1x max-req
Switch(config-if)#
Related Commands
Command
dot1x initialize
dot1x ma x-rea uth-req
Descriptio n
Unauthorizes an interface before reinitializing 802.1X.
Sets th e maximum number of times that th e switch will
retransmit an EAP-Request/Identity frame to the client
b efore restarting the au then tication process.
show dot1x
Displays dot1x information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-190
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x port-control
dot1x port-control
To enab le man ual contro l of th e auth orization state o n a p ort, u se the dot1x po rt-control command. To
return to th e default settin g, use the no fo rm of this command.
dot1x port-control { a uto | force-a uthorized | fo rce-una uthorized}
no dot1x port-control {auto | force-authorized | force-unauthorized}
Syntax Description
auto
force-a uthorized
force-unauthorized
En ables 802.1X auth entication on the interface and causes the port to
trans ition to th e authorized or un au thorized state bas ed on the 802.1X
authentication exchan ge between the switch and the client.
Disables 802.1X authentication on the interface and causes the port to
trans ition to th e authorized state witho ut any authentication exchan ge
req uired. The po rt transmits and receives n ormal traffic withou t
80 2.1 X-bas ed authentication of the clien t.
Denies all access th rou gh the sp ecified interface by fo rcing the p ort to
trans ition to th e unautho rized state, igno ring all attempts by the clien t to
authenticate. Th e switch cann ot p rovide au then tication services to the client
through th e interface.
Defaults
The port 80 2.1 X au thorization is disab led .
Command Modes
Interface con figuration mode
Usage Guidelines
The 802.1X protocol is supported o n both the Layer 2 static-access ports and the Lay er 3 -routed ports .
You can u se the a uto key word only if the port is not config ured as follows:
•
Trun k port— If y ou try to enab le 802 .1X on a tru nk port, an error message app ears , and 802.1X is
not enabled. If you try to change th e mode of an 802.1X-enabled port to trunk, the port mode is not
ch ang ed.
•
Dyn amic po rts—A po rt in dy namic mo de can neg otiate with its neighbor to beco me a trun k po rt. If
you try to enable 80 2.1X on a dy namic port, an error message app ears, an d 802.1X is not enab led.
If y ou try to change the mode of an 8 02.1X-en abled port to dyn amic, the port mode is no t changed.
•
EtherChannel port—Before enab ling 802.1X o n th e port, yo u mu st first remove it fro m the
EtherChannel. If yo u try to en able 802.1X o n an Eth erChan nel or on an active port in an
EtherChannel, an error message appears, and 80 2.1 X is not enabled. If yo u enable 802.1X on an
inactive po rt of an EtherCh ann el, the po rt does not join the Eth erChannel.
•
Switch Port Analyzer (SPAN) destinatio n p ort— You can enable 802 .1 X on a po rt that is a SPAN
destinatio n p ort; however, 802.1X is disabled until th e port is removed as a SPAN destination. You
can enab le 802.1X on a SPAN sou rce port.
To glo bally disable 802.1X on the switch, you must disable it on each port. Th ere is no global
co nfiguration co mmand for this task.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-191
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x port-control
Examples
This example s hows how to enab le 802 .1X on Gigabit Ethern et 1/1:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# dot1x port-control auto
Switch#
You can verify your settin gs by u sing the show dot1x all o r show do t1x interface int commands to show
th e port-control status . An enabled status indicates that the port-control value is set either to auto or to
force-unauthorized.
Related Commands
Command
show dot1x
Descriptio n
Displays dot1x information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-192
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x re-authenticate
dot1x re-authenticate
To manually initiate a reauthenticatio n of all 80 2.1 X-enabled ports or the specified 80 2.1X-en abled po rt,
use th e dot1 x re-authenticate comman d.
dot1x re-authenticate [interfa ce interfa ce-id]
Syntax Description
interface interface-id
Defaults
This comman d has no default settings.
(Op tio nal) Module an d p ort numb er o f the in terface.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
You can u se this comman d to reauthenticate a clien t without waiting fo r the configured nu mber of
secon ds b etween reauthentication attemp ts (re-auth period) and automatic reauthenticatio n.
Examples
This examp le shows how to manually reauthenticate th e device co nnected to Gigabit Ethernet
interface 1/1:
Switch# dot1x re-authenticate interface gigabitethernet1/1
Starting reauthentication on gigabitethernet1/1
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-193
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x re-authentication
dot1x re-authentication
To en able the periodic reauthenticatio n of the client, u se the dot1x re-authentica tion co mmand . To
retu rn to the defau lt setting, use th e no form o f this co mmand .
dot1x re-authentication
no dot1x re-authentication
Syntax Description
This command has no arguments or keywo rds.
Defaults
The periodic reauthenticatio n is dis abled.
Command Modes
Interface configuration mode
Usage Guidelines
You co nfigure th e amo unt of time b etween the p eriodic reauth entication attempts by using the dot1x
timeout re-authperiod global con figuratio n command.
Examples
This example s hows how to disable th e period ic reauthentication of the clien t:
Switch(config-if)# no dot1x re-authentication
Switch(config-if)#
This example shows how to enable the period ic reauth entication and set the number of seco nds b etween
th e reauthentication attemp ts to 40 00 second s:
Switch(config-if)# dot1x re-authentication
Switch(config-if)# dot1x timeout re-authperiod 4000
Switch#
You can verify your settings by entering the show dot1x p rivileg ed EXEC co mmand .
Related Commands
Command
Descriptio n
dot1x timeout
show dot1x
Sets th e reauthentication timer.
Displays dot1x information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-194
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x system-auth-control
dot1x system-auth-control
To enable 80 2.1 X au then tication on the s witch, use the dot1x system-a uth-control co mmand. To
disable 80 2.1 X au then tication on the s ystem, use th e no form of this comman d.
dot1x system-auth-control
no dot1x system-auth-control
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
The 802.1X authentication is disabled.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
You must en able dot1x system-auth-control if you want to use the 802 .1X access con trols on any p ort
on the switch. Yo u can th en use th e dot1x port-control auto command on each sp ecific p ort on which
you want the 8 02.1X access controls to be u sed.
Examples
This examp le shows how to enable 8 02.1X authentication:
Switch(config)# dot1x system-auth-control
Switch(config)#
Related Commands
Co mmand
Description
dot1x initialize
Unautho rizes an interface befo re reinitializing 802 .1 X.
show dot1x
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-195
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
dot1x timeout
dot1x timeout
To set the reau th en tication timer, use th e dot1x timeout command. To return to the default setting, use
th e no form o f this co mmand .
dot1x timeout {reauth-period { seconds | server} | quiet-perio d seco nds | tx-period second s |
supp-timeout seco nds | server-timeout seconds}
no dot1x timeout { reauth-period | quiet-period | tx-period | supp-timeout | server-timeout}
Syntax Description
rea uth-period secon ds
Numb er of s econds between reauthenticatio n attemp ts; valid values are
from 1 to 6 5535. See the “Usage Guidelines” sectio n for mo re
information.
rea uth-period server
Numb er of s econds between reauthenticatio n attemp ts; valid values are
from 1 to 6553 5 as derived from the Sessio n-Timeout RADIUS attribu te.
See th e “Usage Guidelines” section for more in formatio n.
Numb er o f secon ds that the switch remain s in the quiet state followin g
a failed authentication ex change with th e client; valid values are from 0
to 65535 seconds.
Defaults
The default settings are as follows:
quiet-period seconds
tx-period seconds
Numb er o f secon ds that the switch waits for a response to an
EAP-request/identity frame from the client b efore retransmitting th e
request; valid values are from 1 to 65535 seconds.
supp-timeout seco nds
Numb er o f secon ds that the switch waits for the retransmissio n of
EAP-Requ est packets; valid values are from 30 to 655 35 second s.
Numb er o f secon ds that the switch waits for the retransmissio n of
packets by the back-end authenticator to th e auth entication server; valid
valu es are fro m 3 0 to 6 5535 seco nds.
server-timeout seco nds
•
Reau thentication perio d is 36 00 second s.
•
Quiet period is 6 0 second s.
•
Tran smission period is 30 seconds.
•
Sup plicant timeo ut is 30 seconds.
•
Server timeout is 30 second s.
Command Modes
Interface configuration mode
Usage Guidelines
The periodic reauthenticatio n must b e enab led before entering the dot1x timeout re-authperio d
command. Enter the dot1x re-authentication co mmand to enable perio dic reauthenticatio n.
Examples
This example s hows how to set 6 0 as the n umber of seconds that th e switch waits for a respo nse to an
EAP-request/iden tity frame from th e client befo re retransmitting the request:
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-196
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x timeout
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x timeout tx-period 60
Switch(config-if)# end
Switch#
You can verify you r settin gs by entering the show dot1x privileged EXEC command.
This examp le shows how to set up the switch to us e a reauthenticatio n timeout derived from a
Session -Timeout attribute taken from the RADIUS Access-Accept message received when a host
successfully au then ticates via 802.1X:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet4/3
Switch(config-if)# dot1x timeout reauth-period server
Switch(config-if)# end
Switch#
Related Commands
Co mmand
dot1x initialize
show dot1x
Description
Unautho rizes an interface befo re reinitializing 802 .1 X.
Displays dot1 x in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-197
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
duplex
duplex
To co nfigure th e duplex operation on an interface, use th e duplex command. To retu rn to the d efau lt
setting, use th e no form of this command .
duplex {auto | full | half}
no duplex
Syntax Description
Defaults
a uto
full
Specifies the au toneg otiatio n operation.
Specifies the fu ll-dup lex operation .
half
Specifies the half-duplex operation.
Half-d uplex o peration
Command Modes
Interface configuration mode
Usage Guidelines
Tab le 2-1 lists th e supp orted command o ptions by interface.
Table 2-1
Supported duplex Command Options
Interface Type
Su pported
Syntax
Default Settin g
1 0/100-Mbps modu le
duplex [half |
full]
half
1 00-M bps fiber
mo dules
duplex [half |
full]
half
Not sup ported.
Not supp orted.
Guidelin es
If the speed is set to auto, yo u will
n ot b e able to set th e duplex mode.
If the speed is set to 10 or 100, and
y ou do not co nfigu re th e dup lex
setting, the duplex mode is set to half
d uplex .
Gigabit Ethernet
Interface
1 0/100/10 00
duplex [half |
full]
Gigabit Eth ernet interfaces are set to
full duplex.
If the speed is set to auto o r 100 0,
y ou will not be able to set duplex.
If the speed is set to 10 or 100, and
y ou do not co nfigu re th e dup lex
setting, the duplex mode is set to half
d uplex .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-198
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
duplex
If the transmission speed on a 16-port RJ-4 5 Gigab it Ethernet port is s et to 100 0, the du plex mode is set
to full. If the transmission speed is changed to 10 or 10 0, the duplex mode stays at full. You must
co nfigure the correct du plex mode on th e switch wh en the transmission speed ch ang es to 10 or 100 from
1000 Mb ps.
Caution
Chan ging the interface speed an d duplex mod e configuration might shu t down and reen able the interface
during the reconfiguration .
Table 2 -2 describes th e system p erformance for differen t combinations of the duplex and speed mo des.
The specified duplex co mmand that is con figured with the specified s peed comman d prod uces the
resulting actio n shown in the table.
Table 2-2
Relationship Between duplex and speed Commands
duplex Command
duplex half or duplex full
Examples
speed Command
speed auto
duplex half
speed 10
duplex full
speed 10
duplex half
speed 100
duplex full
speed 100
duplex full
speed 1000
Resulting Syste m Action
Au toneg otiates both speed and d uplex mod es
Forces 10 M bps and half duplex
Forces 10 M bps and full duplex
Forces 1 00 Mbps and half duplex
Forces 1 00 Mbps and full dup lex
Forces 1 000 Mbps and fu ll du plex
This examp le shows how to configure the in terface fo r fu ll-dup lex operation :
Switch(config-if)# duplex full
Switch(config-if)#
Related Commands
Co mmand
speed
Description
Config ures the interface speed.
interface (refer to Cisco IOS
documentatio n)
Config ures an interface.
show co ntro llers (refer to Cisco IOS
documentatio n)
Displays controller information.
show interfaces
Displays interface in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-199
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
epm access control
epm access control
To co nfigure access co ntro l, use th e epm access control [open | default] command.
epm access control [open | default]
Syntax Description
o pen
default
Defaults
If the epm access co ntro l comman d is no t config ured, th e behav io r defaults to the epm access control
default command. Nothin g is nvgened.
Command Modes
Con figuratio n mode
Usage Guidelines
Specifies op en access con trol.
Specifies default access control.
When you enter the epm access co ntro l command, it is nvgen’d.
If no ACLs are downlo aded from the ACS server wh en a h ost is authenticated, the ho st is restricted by
th e p ort ACLs and d o not receive ad ditional permissio ns. In such a scen ario, if you enter the epm access
control open command, a permit ip host any entry is created for the ho st after authentication. Th is en try
is created only if no ACLs are downloaded fro m th e ACS.
The epm a ccess co ntro l open comman d is particularly u seful in authentication open mode. Traffic from
a h ost is allowed to pass even before the h ost is au then ticated . This traffic is restricted by th e port ACL.
In such a scenario, if n o ACLs are downloaded fro m the ACS, the ho st will n ot receive any ad ditional
p ermissions. Even after authentication, the ho st is still restricted by the port ACL. If epm access control
o pen is config ured, comp lete access is granted upon authenticatio n.
If epm access co ntrol default is config ured an d no ACL is downloaded, po rt ACL is the only ACL on
th e port. Th is is how access contro l functioned prio r to Cisco IOS Release 12.2(54)SG.
Examples
The following example shows how to en able open access control:
Switch(config)# epm access control open
The following example shows how to en able default access co ntro l:
Switch(config)# epm access control default
Related Commands
Command
show ipv6 snooping co unters
Descriptio n
Displays the numb er of packets dropped p er port due to RA
Guard.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-200
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
erase
erase
To erase a file sy stem, use the erase co mmand .
erase {/all [non-default | nvram:] | ca t40 00_flash | nvram: | startup-config}
Syntax Description
/all nvram:
/all non-default
Erases everything in nvram:.
Erases files an d con figuratio n in n onvolatile storage inclu ding
nvram:, bootflash :, cat40 00_flas h:, and crashinfo: o f the lo cal
sup ervisor eng in e. Resets the Cataly st 45 00 series s witch to the
factory d efau lt settings.
Note
Defaults
This co mmand o ption is inten ded to wo rk only o n a
stand alon e supervisor engin e.
ca t40 00_flash:
nvram:
Erases the VLAN datab ase con figuratio n file.
Erases the startup-co nfig and private-config file in NVRAM.
sta rtup-co nfig:
Erases the startup-co nfig and private-config file in NVRAM.
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
Caution
Wh en you use the erase command to erase a file system, you canno t recover th e files in the file s ystem.
In addition to the comman d op tions shown above, options with the p refix slave that are used to iden tify
nvram: and flash (such as slavenvram: and slavecat40 00_flash :) ap pear in the command help mess ages
on the d ual sup ervisor engin e redu ndancy switch.
The erase nvram: command rep laces the write erase and the erase startup-confg commands . This
co mmand erases both the startup-con fig an d th e private-config file.
The erase /a ll nvram: command erases all files in nvram: in ad dition to startup-config file an d
private-config file.
The erase cat4000 _fla sh: command erases th e VLAN databas e configu ration file.
The erase /all non-default command facilitates the wo rk of a manu facturing facility and rep air center.
It erases th e configuration and states stored in the no nvolatile storag e and resets the Catalyst 4500 series
switch to the factory d efau lt settings. The defau lt settings include those mention ed in the Cisco IOS
library as well as thos e set by the erase /all non-default co mmand (vtp mode=transparent, an d th e
ROMMON variables: ConfigReg=0x21 01, PS1= “rommon ! >” and En ableAutoConfig =1 ).
Fo r the default settings, refer to these gu ides :
•
Cisco IOS Configura tion Fund amentals Configuratio n Guide, Release 12.2, at this URL:
http://www.cisco.com/ en/US/d ocs/io s/fun damentals/configu ration/gu id e/12 _4/cf_1 2_4_book.html
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-201
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
erase
•
Cisco IOS Configuration Fundamen tals Co nfiguration Command Reference, Release 12 .2 , at this
URL:
h ttp://www.cisco.com/en/US/docs/ios/12 _2/config fun/command/reference/ffun_ r.html
Caution
Examples
The erase /all non-default command can erase Cisco IOS images in bootflash :. Ensure that a Cisco IOS
image can be copied back to the b ootflash: (such as, from a acces sible TFTP server or a flash card
in serted in s lo t0:) (available on most chassis mo dels), or that the switch can boot from a image stored in
an acces sible network server.
This examp le sh ows how to erase the files and configuration in a nonvolatile sto rage an d reset the switch
to factory defau lt settings:
Switch# erase /all non-default
Switch#
Erase and format operation will destroy all data in non-volatile storage.
[confirm]
Formatting bootflash: ...
Continue?
Format of bootflash complete
Erasing nvram:
Erasing cat4000_flash:
Clearing crashinfo:data
Clearing the last power failure timestamp
Clearing all ROMMON variables
Setting default ROMMON variables:
ConfigReg=0x2101
PS1=rommon ! >
EnableAutoConfig=1
Setting vtp mode to transparent
%WARNING! Please reboot the system for the changes to take effect
Switch#
00:01:48: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Switch#
This example s hows how to erase the co nten ts in nvram.
Switch# erase /all nvram:
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
Switch#
00:38:10: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram
Switch#
This example s hows how to erase filesys tem cat400 0_flash.
Switch# erase cat4000_flash:
Erasing the cat4000_flash filesystem will remove all files! Continue? [confirm]
[OK]
Erase of cat4000_flash:complete
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-202
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
erase
Related Commands
Co mmand
boot config (refer to Cisco IOS
documentatio n)
delete (refer to Cis co IOS
documentatio n)
show bootv ar
Description
Specifies th e dev ice and filename of the configuration file.
undelete (refer to Cisco IOS
documentatio n)
Recovers a file marked “d eleted ” on a Class a flash file
system.
Deletes a file from a flash memory d evice or NVRAM.
Displays BOOT en viron ment variable info rmation.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-203
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
errdisable detect
errdisable detect
To en able erro r-d isab le detection, use th e errdisable detect command. To disable the error-disab le
d etectio n feature, use the no fo rm of this command.
errdisable detect ca use {all | arp-inspection [action shutdown vlan] | bpduguard s hutdown
v lan | dhcp-rate-limit [action shutdown vlan] | dtp-flap | gbic-invalid | l2ptguard | link-flap
| pagp-flap}
no errdis able detect ca us e {all | arp-inspectio n [a ction shutdown vlan] | bpduguard shutdown
v lan | dhcp-rate-limit [action shutdown vlan] | dtp-flap | gbic-invalid | l2ptguard | link-flap
| pagp-flap}
Syntax Description
cause
a ll
a rp-inspection
action shutdown vlan
bpduguard shutdown
v lan
dhcp-ra te-limit
dtp-flap
g bic-invalid
Specifies erro r-disab le detection to detect a specific cause.
Specifies erro r-disab le detection for all error-disable causes.
Specifies the detectio n for th e ARP inspectio n error-disable cause.
(Optional) Specifies p er-VLAN error-disable for ARP inspection and DHCP
rate limiting .
Specifies per-VLAN error-disable for BPDU guard.
Specifies the detectio n for th e DHCP rate-limit error-disable cau se.
Specifies the detectio n for th e DTP flap error-disable cause.
Specifies the detectio n for th e GBIC invalid error-disable cause.
l2 ptguard
link-flap
Specifies the detectio n for th e Layer 2 protocol-tun nel error-disable cause.
Specifies the detectio n for th e link flap error-disable cau se.
pagp-flap
Specifies the detectio n for th e PAgP flap error-disab le caus e.
Defaults
All error-disable causes are detected.
Command Modes
Global configuratio n mo de
Usage Guidelines
A cause (dtp-flap, lin k-flap, pagp-flap) is defin ed as the reason wh y th e error-disabled state o ccurred.
When a cau se is detected o n an interface, the in terface is placed in error-disabled state (an operational
state th at is similar to lin k-down state).
You must en ter th e shutdown co mmand and then the no shutdown co mmand to recover an in terface
manually from the error-disable s tate.
To prevent th e port from s hutting down, yo u can use the shutdown vlan o ption to shut down ju st the
o ffendin g VLAN o n the port where the vio lation occured . This optio n is available for the fo llowing three
causes: b pduguard, arp -insp ection, and d hcp -rate-limit. You can us e the clear errdisable command to
recover disabled VLANs on a p ort.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-204
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
errdisable detect
Examples
This examp le shows how to enable error-disable detection for the link-flap error-disable cau se:
Switch(config)# errdisable detect cause link-flap
Switch(config)#
This examp le shows how to enable p er-VLAN error-disable d etection for BPDU guard:
Switch(config)# errdisable detect cause bpduguard shutdown vlan
Switch(config)#
This examp le shows how to d isable error-disab le detection for DAI:
Switch(config)# no errdisable detect cause arp-inspection
Switch(config)# end
Switch# show errdisable detect
ErrDisable Reason
Detection
Mode
-------------------------- -----arp-inspection
Enabled
port
bpduguard
Enabled
vlan
channel-misconfig
Enabled
port
dhcp-rate-limit
Enabled
port
dtp-flap
Enabled
port
gbic-invalid
Enabled
port
psecure-violation
Enabled
port/vlan
Switch#
Related Commands
Co mmand
Description
show errdis able detect
show interfaces status
Displays the error disable detection status.
Displays the interface status or a list of in terfaces in
error-disabled state.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-205
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
errdisable recovery
errdisable recovery
To configure th e recovery mech anism variab les, us e th e errdisable recovery co mmand . To return to the
d efault setting, use the no form of this command.
errdisable recovery [cause {all | arp-ins pection | bpduguard | channel-misconfig |
dhcp-ra te-limit | dtp-flap | gbic-invalid | l2ptguard | link-flap | pagp-flap |
pesecure-v iolation | security-violation | storm-control | udld | unicastflood | vmps}
[arp-inspection] [interv al { in terval}]]
no errdisable recovery [cause {all | a rp-inspection | bpdug ua rd | channel-misconfig |
dhcp-ra te-limit | dtp-flap | gbic-invalid | l2ptguard | link-flap | pagp-flap |
pesecure-v iolation | security-violation | storm-control | udld | unicastflood | vmps}
[arp-inspection] [interv al { in terval}]]
Syntax Description
cause
(Optio nal) Enables the erro r-disab le recovery to recover from a specific cause.
a ll
(Optio nal) Enables th e recovery timers for all error-disable cau ses.
a rp-inspection
bpduguard
(Optio nal) Enables th e recovery timer for the ARP inspectio n cause.
(Optio nal) Enables th e recovery timer for the BPDU gu ard erro r-d isab le
cause.
channel-misconfig
(Optio nal) Enables the recovery timer for th e channel-misconfig error-disable
cause.
(Optio nal) Enables th e recovery timer for the DHCP rate limit error-disable
cause.
dhcp-ra te-limit
dtp-flap
g bic-invalid
(Optio nal) Enables th e recovery timer for the DTP flap error-disable cause.
(Optio nal) Enables th e recovery timer for the GBIC invalid erro r-d isable
cause.
l2 ptguard
(Optio nal) Enables th e recovery timer for the Layer 2 protocol-tu nnel
error-disable cause.
(Optio nal) Enables th e recovery timer for the link flap error-disable cause.
link-flap
pagp-flap
(Optio nal) Enables th e recovery timer for the PAg P flap error-disable cau se.
pesecure-v iolation
(Optio nal) En ables the recovery timer for th e p esecure vio lation erro r-d isab le
cause.
security-v iolatio n
(Optio nal) Enables th e au tomatic recovery of po rts disabled d ue to 802 .1 X
security vio lation s.
storm-co ntro l
udld
(Optio nal) Enables the timer to recover fro m storm-contro l erro r-d isable state.
(Optio nal) Enables th e recovery timer for the UDLD error-disable cause.
unicastflood
(Optio nal) Enables th e recovery timer for the unicast flood error-disable
cause.
v mps
a rp-inspection
(Optio nal) Enables th e recovery timer for the VM PS erro r-disab le cause.
(Optio nal) Enables th e ARP inspection cause and recovery timeout.
interval interval
(Optio nal) Specifies the time to recover from a specified erro r-d isab le cause;
valid values are fro m 30 to 86 400 seco nds.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-206
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
errdisab le recovery
Defaults
Error disab le recovery is disabled .
The recovery interval is set to 30 0 s econds .
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
A cause (bpdugu ard, dtp-flap, link -flap , pag p-flap , udld) is d efined as the reason why the erro r-disab led
state occurred. Wh en a cause is detected on an interface, th e interface is placed in error-disabled state
(an operational state that is similar to the link -down state). If you do not enab le error-disable recovery
for th e cause, the in terface stay s in the error-disabled state until a shutd own and no shu td own occurs. If
you enable recovery for a cause, the in terface is b rou ght out of the erro r-d isab led state and allowed to
retry o peratio n again once all th e cau ses have timed o ut.
You must enter the shutdown command and th en the no shutdown command to recover an interface
manually from error dis able.
Examples
This examp le shows how to enable th e recovery timer for the BPDU gu ard erro r disable cause:
Switch(config)# errdisable recovery cause bpduguard
Switch(config)#
This examp le shows how to set the timer to 300 seconds:
Switch(config)# errdisable recovery interval 300
Switch(config)#
This examp le shows how to enable th e errdisab le recovery fo r arp-inspectio n:
Switch(config)# errdisable recovery cause arp-inspection
Switch(config)# end
Switch# show errdisable recovery
ErrDisable Reason
Timer Status
-----------------------------udld
Disabled
bpduguard
Disabled
security-violatio
Disabled
channel-misconfig
Disabled
vmps
Disabled
pagp-flap
Disabled
dtp-flap
Disabled
link-flap
Disabled
l2ptguard
Disabled
psecure-violation
Disabled
gbic-invalid
Disabled
dhcp-rate-limit
Disabled
unicast-flood
Disabled
storm-control
Disabled
arp-inspection
Enabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-207
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
errdisable recovery
Related Commands
Command
show errdisable detect
Descriptio n
Displays the error dis able detection statu s.
show errdisable recovery
show interfa ces sta tus
Displays erro r disable recovery timer information.
Displays the interface s tatus or a list of interfaces in
error-disabled state.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-208
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
flowcontrol
flowcontrol
To configure a Gigabit Eth ernet interface to s end or receive pause frames, use the flowcontrol command.
To disable the flow con trol setting, use the no form of this command.
flowco ntro l {receiv e | send} {off | on | desired}
no flowcontrol {receive | s end} { o ff | on | desired}
Syntax Description
receive
Specifies th at the in terface pro cesses p au se frames.
send
off
Specifies th at the in terface sen ds pau se frames.
Prevents a local port fro m receiving and proces sing p ause frames from remote ports o r
fro m sendin g pau se frames to remote ports .
Enables a lo cal port to receive and p rocess p aus e frames from remote ports or sen d
paus e frames to remote ports.
on
desired
Defaults
Obtains predictab le results wheth er a remote p ort is set to on, off, or des ired.
The defau lt settings for Gigab it Eth ernet in terfaces are as follows:
•
Send ing pau se frames is off—Non-o versubscrib ed Gigab it Eth ernet in terfaces.
•
Receivin g pau se frames is desired—Non-oversubscribed Gigabit Ethernet interfaces.
•
Send ing pau se frames is on— Oversub scribed Gigabit Ethernet interfaces .
•
Receivin g pau se frames is desired—Oversubscribed Gigabit Ethernet interfaces.
Table 2 -3 shows th e default settin gs for th e modu les.
Table 2-3
Default Module Settings
Module
All modules except
WS-X441 8-GB and
WS-X441 6-2 GB-TX
Po rts
Send
All ports excep t for the
oversubs cribed p orts
Off
WS-X441 8-GB
Uplin k p orts (1–2)
Off
WS-X441 8-GB
Oversu bscribed ports (3–1 8) On
WS-X441 2-2 GB-TX
Uplin k p orts (13–14 )
WS-X441 2-2 GB-TX
Oversu bscribed ports (1–1 2) On
WS-X441 6-2 GB-TX
Uplin k p orts (17–18 )
Off
Off
Command Modes
Interface con figuration mode
Usage Guidelines
The p ause frames are special packets that sign al a source to stop sending frames for a s pecific p eriod of
time because the buffers are full.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-209
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
flowcontrol
Tab le 2-4 des cribes the guidelines for using the d ifferent config urations of the send and receive
keywo rds with th e flo wcontrol command.
Table 2-4
Keyword Configurations for send and receive
Configuratio n
Description
send on
En ables a local po rt to sen d pau se frames to remote ports. To o btain
pred ictable results, us e send on o nly when remote ports are set to
receive on o r receive desired.
send off
Preven ts a local port fro m sendin g pau se frames to remote ports. To
obtain p redictable res ults, use send o ff only when remo te ports are set
to receive off or receive desired.
send desired
Ob tains pred ictable results wh ether a remote port is set to receiv e on,
receive off, or receive desired.
receive on
En ables a local port to process pause frames that a remote port sends .
To o btain p redictable results, use receive on o nly when remote ports
are set to send on o r send desired.
receive off
Preven ts remo te ports from sen ding pause frames to a local port. To
obtain p redictable res ults, use send o ff only when remo te ports are set
to receive off or receive desired.
receive des ired
Ob tains predictable results whether a remo te port is set to send on,
send off, or send desired.
Tab le 2-5 id entifies how the flow control will be forced or neg otiated on th e Gigabit Ethernet interfaces
b ased on their speed settings .
Table 2-5
Send Capability by Switch Type, Module, and Port
Interface Type
1 0/100/10 00BASE-TX
Examples
Configured Speed
Adve rtised Flow Control
Speed 1 000
Co nfigu red flow control always
1 000BASE-T
Nego tiation always en abled
Co nfigu red flow control always
nego tiated
1 000BASE-X
No speed no nego tiation
Co nfigu red flow control nego tiated
1 000BASE-X
Speed n onegotiatio n
Co nfigu red flow control forced
This example s hows how to enab le send flow control:
Switch(config-if)# flowcontrol receive on
Switch(config-if)#
This example s hows how to disable send flow co ntro l:
Switch(config-if)# flowcontrol send off
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-210
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
flowcontrol
This examp le shows how to set receive flow contro l to desired:
Switch(config-if)# flowcontrol receive desired
Switch(config-if)#
Related Commands
Co mmand
interface port-channel
Description
Accesses or creates a po rt-ch ann el interface.
interface range
show flowco ntro l
Runs a command on multiple p orts at th e same time.
Displays the per-interface status and statistics related to
flow control.
show running-config
Displays the runn ing-con figuratio n for a switch.
speed
Config ures the interface speed.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-211
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
hardware statistics
hardware statistics
To en able TCAM hard ware s tatistics in y our ACLs us e the hardware statistics command. To disable
TCAM hardware statistics , use the no form of this comman d.
hardware statistics
no hardware statistics
Syntax Description
This command has no arguments or keywo rds.
Defaults
Hardware statistics is disabled.
Command Modes
Examples
Global configuratio n mo de
This example s hows how to enab le TCAM h ardware statistics in your ACLs ace:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)#ip access-list extended myv4
Switch(config-ext-nacl)#permit ip any any
Switch(config-ext-nacl)#hardware statistics
Switch(config-ext-nacl)#end
Related Commands
End with CNTL/Z.
Command
Descriptio n
ip access list (refer to Cisco IOS
d ocu mentation)
ipv6 access list (refer to Cisco IOS
d ocu mentation)
mac a ccess-list extended
Defines th e ex tend ed MAC access lists.
Creates an IP ACL (Access Control List).
Creates an IPv6 ACL.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-212
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
hw-module beacon
hw-module beacon
To control the beacon LED in conjunction with the beacon button, enter the hw-module beacon
co mmand :
hw-module bea con [o n | off]
Syntax Description
on
off
Defaults
none
Command Modes
Usage Guidelines
Tu rns on the LED.
Turns off the LED.
global con figuratio n
Either press the beacon button on the front side of the switch or enter the hw-mod beacon command, so the
switch is identifiable when the operator walks around the isle to the back side of the switch. (The LED and
the CLI function as switch identifiers when multiple units are present.)
Pressing the blue beacon LED switch toggles the beacon LED state.
Examples
If n umerous WS-C4500 X-32 chassis are in close p roximity and you want to remove a transceiver from
one chassis’ p ort 11, you can identify it with the hw-mo dule beacon on comman d:
Switch# hw-module beacon on
Switch#
*Feb 16 13:12:24.418: %C4K_IOSMODPORTMAN-6-BEACONTURNEDON: Beacon has been turned on
The WS-C4 500X-32 whose b eacon was tu rned on is the switch yo u are look ing for.
After yo u complete the necessary service on a switch with the b eacon LED turn ed on, yo u sh ould either
press the beacon button to turn it o ff, or en ter the hw-module beacon off co mmand to turn the LED off.
Switch# hw-module beacon off
Switch#
*Feb 16 13:12:18.083: %C4K_IOSMODPORTMAN-6-BEACONTURNEDOFF: Beacon has been turned off
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-213
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
hw-module power
hw-module power
To turn the power off on a slot or line module, use th e no hw-module power comman d. To turn the power
b ack on, use the hw-module power command.
hw-module [slot | module] numb er power
no hw-module [slot | module] nu mber power
Syntax Description
Defaults
slo t
(Optio nal) Sp ecifies a slot on a chassis.
module
n umber
(Optio nal) Sp ecifies a line mo dule.
Slot or mo dule nu mber.
After a b oot up, the power is on .
Command Modes
Global configuratio n mo de
Usage Guidelines
After you en ter no hw-mod mod x power co mmand and OIR the lin ecard, th e con figuratio persists and
is valid for any slot in the chassis it is applied to.
Examples
This example s hows how to shut off power to a mo dule in slo t 5:
Switch# no hw-module slot 5 power
Switch#
Related Commands
Command
Descriptio n
clear hw-module slot password
Clears the password on an intelligen t line module.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-214
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
hw-module system max-queue-limit
hw-module system max-queue-limit
To enable a u ser to change the qu eue limit for all interfaces glob ally use the hw-mo dule s ystem
max-queue-limit comman d. To cancel the global setting, use th e no form of the command.
hw-module system max-queue-limit ma x-queue-limit
no hw-module system max-queue-limit max-q ueu e-limit
Syntax Description
max-queue-limit
Defaults
Not enabled by default
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Specifies the queue limit fo r all interfaces . Valid values are from
1024 to 81 84. This parameter must be a multiple o f 8.
This command allows you to change the queue limit for all interfaces globally rather than apply a p olicy
with a q ueu e limit to all the interfcaes.
This is a glob al config uration comman d. It can be overriden by th e per port, p er class, queue-limit
co mmand .
Fo r a standalone superviso r engine, yo u mu st reboot the engin e after ap plying this command. For a
redun dan t superv isor eng ine, yo u must enter the redundancy reload shelf command to enforce a reboo t
on both the supervis or engines.
Examples
This examp le shows how to set the q ueu e limit g lobally to 1 024:
Switch> enable
Switch# configure terminal
Switch(config)# hw-module system max-queue-limit 1024
Need to reboot to take effect max queue limit
Switch(config)# exit
Switch# reload (for standalone supervisors)
Switch# redundancy reload shelf (for reduandancy supervisors in SSO mode)
or
Switch# redundancy force-switchover (followed by another redundancy force-switchover, for
reduandancy supervisors in RPR mode
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-215
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
instance
instance
To map a VLAN or a set of VLANs to an MST instance, use th e instance command. To return the
VLANs to the common instance default, u se the no form of this command.
instance instance-id {vlans vla n-ra nge}
no instance ins tance-id
Syntax Description
in stance-id
v lans vlan-range
Defaults
Mappin g is dis abled.
Command Modes
MST configuration mode
Usage Guidelines
MST instance to which the specified VLANs are mapped; valid valu es are
fro m 0 to 15.
Specifies the numb er of the VLANs to be map ped to the s pecified in stance.
The nu mber is entered as a single value or a ran ge; valid values are fro m
1 to 40 94.
The mapping is incremental, not absolute. When you en ter a range of VLANs, this ran ge is ad ded o r
remo ved to the existing o nes.
Any unmapped VLAN is mapp ed to the CIST instance.
Examples
This example s hows how to map a range of VLANs to in stance 2 :
Switch(config-mst)# instance 2 vlans 1-100
Switch(config-mst)#
This example s hows how to map a VLAN to instance 5:
Switch(config-mst)# instance 5 vlans 1100
Switch(config-mst)#
This example s hows how to move a range of VLANs fro m ins tance 2 to the CIST instance:
Switch(config-mst)# no instance 2 vlans 40-60
Switch(config-mst)#
This example s hows how to move all the VLANs mapp ed to instance 2 back to the CIST instance:
Switch(config-mst)# no instance 2
Switch(config-mst)#
Related Commands
Command
Descriptio n
name
Sets th e MST region name.
revis ion
Sets the MST configuration revisio n n umber.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-216
OL_28738-01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
instance
Co mmand
Description
show spanning-tree mst
spanning-tree mst config uration
Displays MST protocol in formatio n.
Enters the MST con figuratio n s ubmode.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
2-217
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
instance
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-218
OL_28738-01
22
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
interface
interface
To select an in terface to con figure and to en ter in terface co nfigu ration mode, use the interfa ce
co mmand .
interface type nu mber
Syntax Description
typ e
number
Defaults
No interface ty pes are co nfigured.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Typ e of in terface to be configured; see Table 2-6 for valid values.
Module an d p ort numb er.
Table 2 -6 lists the valid valu es fo r type.
Table 2-6
Valid type Values
Ke yword
Definition
ethernet
Eth ernet IEEE 8 02.3 interface.
fas tethernet
10 0-Mb ps Ethernet interface.
gigabitethernet
Gigab it Eth ernet IEEE 8 02.3z interface.
tengigabitethernet
10 -Gig abit Eth ernet IEEE 8 02.3ae interface.
ge-wan
Gigab it Ethernet WAN IEEE 802.3z interface; supported on Cataly st 4 500
series switches that are con figured with a Superviso r Eng ine 2 only.
pos
Packet OC-3 interface on the Packet over SONET Interface Pro cessor;
sup ported on Catalys t 45 00 series switch es that are config ured with a
Superv isor En gine 2 on ly.
atm
vlan
port-channel
null
ATM interface; supp orted on Catalyst 450 0 s eries switches that are
config ured with a Su pervisor Engine 2 only.
VLAN in terface; see the interfa ce vlan command.
Port channel in terface; see the interfa ce po rt-channel co mmand .
Null in terface; the valid value is 0.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-219
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
interface
Examples
This example s hows how to enter the interface con figuratio n mo de on the Fast Ethern et interface 2 /4:
Switch(config)# interface fastethernet2/4
Switch(config-if)#
Related Commands
Command
show interfa ces
Descriptio n
Displays interface information.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-220
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
interface port-channel
interface port-channel
To access or create a port-channel interface, use th e interface port-channel command.
interface port-channel channel-group
Syntax Description
cha nnel-group
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Port-ch ann el group numb er; valid valu es are from 1 to 64 .
Glob al co nfigu ration mode
You do no t h ave to create a p ort-ch ann el interface before ass ig ning a ph ysical interface to a channel
gro up. A port-chan nel interface is created automatically wh en the channel group gets its first physical
interface, if it is n ot already created.
You can also create the port chann els by en tering th e interfa ce port-channel command. This will create
a Layer 3 port channel. To chan ge the Layer 3 p ort channel into a Layer 2 port channel, use the
switchport comman d b efore you assign the physical interfaces to th e chan nel group. A port channel
canno t be ch ang ed from Layer 3 to Layer 2 or vice versa wh en it co ntain s member ports.
Only on e port channel in a chan nel group is allowed.
Caution
The Layer 3 p ort-chan nel interface is the rou ted interface. Do not enable Layer 3 add resses on th e
physical Fast Ethernet in terfaces.
If you want to u se CDP, y ou must co nfigure it only on the physical Fast Ethernet interface and not on
the po rt-ch ann el interface.
Examples
This examp le creates a port-channel interface with a channel-gro up number of 6 4:
Switch(config)# interface port-channel 64
Switch(config)#
Related Commands
Co mmand
channel-group
Description
Assig ns and configures an EtherChannel in terface to an
EtherChannel group.
show etherchannel
Displays Eth erChan nel information for a channel.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-221
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
interface range
interface range
To run a co mmand on multip le ports at the s ame time, u se the interface ra ng e comman d.
interfa ce range {vlan vlan _id - vla n_id} {port-range | macro na me}
Syntax Description
v lan vlan_id - vlan_ id
Specifies a VLAN range; valid values are fro m 1 to 409 4.
p ort-ran ge
Port rang e; fo r a list of valid valu es fo r port-range, see th e “Usage
Guid elines” s ection.
Specifies the name o f a macro.
macro name
Defaults
This command has no default setting s.
Command Modes
Global configuratio n mo de
Interface configuration mod e
Usage Guidelines
You can use th e interfa ce ra ng e command on the existing VLAN SVIs only. To disp lay th e VLAN SVIs,
enter the show running config command . Th e VLANs that are no t d isplay ed can not be us ed in the
interfa ce range co mmand .
The values th at are entered with the interface rang e comman d are applied to all the existing VLAN
SVIs.
Befo re y ou can use a macro, yo u mu st d efine a range u sing the define interface-range command.
All configuration changes that are made to a port range are saved to NVRAM, but th e port ranges that
are created with the interface ra ng e comman d d o not get saved to NVRAM.
You can enter the po rt range in two ways:
•
Specifying u p to five port ranges
•
Specifying a previously d efin ed macro
You can either specify the ports or the name of a port-rang e macro. A port range must consist of the same
p ort type, and the ports within a rang e cann ot span the modules.
You can define up to five port ranges on a single co mmand ; separate each ran ge with a comma.
When you define a rang e, you must en ter a space between the firs t po rt an d the hyp hen (-):
interface range gigabitethernet 5/1 -20, gigabitethernet4/5 -20.
Use these formats wh en entering the port-range:
•
in terface-type {mod}/{first-p ort} - {last-port}
•
in terface-type {mod}/{first-p ort} - {last-port}
Valid values for interface-type are as follows:
•
Fa stEthernet
•
Gig abitEthernet
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-222
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
interface range
•
Vlan vla n_id
You can not specify both a macro an d an interface range in the same command. After creating a macro,
you can enter ad ditional ranges. If you have alread y entered an interface range, th e CLI do es not allow
you to enter a macro.
You can sp ecify a single in terface in the po rt-rang e valu e. This makes the command similar to the
interface interface-number command.
Examples
This examp le shows how to u se the interface ra ng e comman d to interface to FE 5/1 8 - 20:
Switch(config)# interface range fastethernet 5/18 - 20
Switch(config-if)#
This comman d shows how to run a port-range macro:
Switch(config)# interface range macro macro1
Switch(config-if)#
Related Commands
Co mmand
Description
define interface-range
Creates a macro of interfaces.
show running config (refer to Cisco IOS Displays the runn ing co nfiguration for a switch.
documentatio n)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-223
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
interface vlan
interface vlan
To create or access a Lay er 3 switch virtual in terface (SVI), use the interface vla n co mmand . To delete
an SVI, use the no form of this comman d.
interfa ce vlan vlan_ id
no interface vla n vlan_id
Syntax Description
vlan_ id
Defaults
Fast EtherChannel is no t sp ecified.
Command Modes
Global configuratio n mo de
Usage Guidelines
The SVIs are created the firs t time th at you enter the interface vlan vlan _id command for a p articu lar
VLAN. The vlan_id value correspon ds to th e VLAN tag that is associated with the d ata frames on an
ISL or 802 .1 Q-encapsulated trunk or th e VLAN ID that is config ured fo r an access port. A message is
d isplay ed when ever a VLAN in terface is newly created, so yo u can check that you entered the correct
VLAN number.
Number of th e VLAN; valid values are fro m 1 to 409 4.
If you d elete an SVI by entering the no interfa ce v lan vlan_ id command, the associated interface is
forced into an administrative down state and marked as deleted. Th e deleted interface will no longer be
v isible in a show interfa ce command.
You can reinstate a deleted SVI by entering the interface vlan vlan _id command for the deleted
in terface. The interface comes back up , but much of the previous config uration will be gone.
Examples
This example s hows the o utput when you enter the interface vlan vlan _id command for a n ew VLAN
n umber:
Switch(config)# interface vlan 23
% Creating new VLAN interface.
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-224
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip admission proxy http refresh-all
ip admission proxy http refresh-all
To ensure that you see a customized WebAuth login page with the same name in the switch system
directory as a same-named prior lo gin page, use th e ip a dmission proxy http refresh-a ll command.
ip admission proxy http [success | failure | refresh-all | login [expired | pag e]]
Syntax Description
success
failure
refres h-all
Defaults
Command Modes
Usage Guidelines
Examples
Successful au then tication proxy.
Failed authentication proxy.
Refres h all cu stom h tml p ages.
login expired
Specify ex pired webpage
login pa ge
Specify customized login web pag e
If yo u do not enter this command, if any o f the cu stomized web-b ased authentication page files with the
file o f same name have been changed, y ou see the o ld lo gin pag e rather than the n ew file.
Glob al co nfigu ration mode
You sho uld en ter th is command whenever the customized web -based auth entication page has been
ch ang ed in the system directory.
This examp le shows how to enter this comman d:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip admission proxy http [success | failure | refresh-all | login]
Switch(config)# end
Switch#
<The n ew html page is obs erved .>
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-225
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip arp inspection filter vlan
ip arp inspection filter vlan
To permit ARPs from hosts that are configu red for static IP when DAI is enabled and to define an ARP
access list and apply it to a VLAN, use the ip arp ins pection filter v lan command. To disable this
application, u se the no form of th is command.
ip arp inspectio n filter arp -acl-n ame vlan vlan-range [sta tic]
no ip arp inspection filter arp-acl-na me vla n vlan-range [static]
Syntax Description
Defaults
a rp-a cl-name
vlan-range
Access control lis t name.
VLAN numb er or rang e; valid values are from 1 to 4094.
sta tic
(Optional) Specifies that the access con trol list should be ap plied statically.
No defined ARP ACLs are ap plied to any VLAN.
Command Modes
Usage Guidelines
Global configuratio n mo de
When an ARP access control list is applied to a VLAN for dy namic ARP in spection , the ARP packets
containing only the IP-to-Ethernet MAC bindin gs are co mpared against th e ACLs. All other packet typ es
are bridged in th e incoming VLAN without valid ation .
This command specifies th at the in comin g ARP packets are co mp ared against the ARP access control
list, an d th e pack ets are p ermitted on ly if the access co ntrol list permits them.
If the access control lists deny the packets because of exp licit denies , the p ackets are dropped. If the
p ackets are denied becau se of an implicit deny, th ey are then matched against the list of DHCP bind ings
if the ACL is not ap plied statically.
Examples
This example s hows how to apply the ARP ACL static hos ts to VLAN 1 for DAI:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection filter static-hosts vlan 1
Switch(config)# end
Switch#
Switch# show ip arp inspection vlan 1
Source Mac Validation
: Enabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Vlan
---1
Configuration
------------Enabled
Operation
--------Active
Vlan
----
ACL Logging
-----------
DHCP Logging
------------
ACL Match
--------static-hosts
Static ACL
---------No
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-226
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp inspection filter vlan
1
Switch#
Related Commands
Acl-Match
Deny
Co mmand
Description
arp access-list
Defines an ARP access list or add s clauses at the end of a
predefined list.
Displays the status of dynamic ARP inspection for a
specific range of VLANs.
show ip arp inspection
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-227
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip arp inspection limit (interface)
ip arp inspection limit (interface)
To limit th e rate o f incoming ARP requests and res ponses on an interface an d p revent DAI from
consu ming all of th e system’s resources in the even t of a Do S attack, use the ip arp inspection limit
command. To release the limit, use the no form of this command.
ip arp inspectio n limit {ra te p ps | none} [burst interval second s]
no ip a rp inspection limit
Syntax Description
rate pps
none
burst interval seco nds
Defaults
Specifies an upp er limit on the numb er of incoming packets process ed per
second. The rate can ran ge from 1 to 1000 0.
Specifies no upper limit o n the rate of the incoming ARP p ackets that can
b e processed.
(Optio nal) Sp ecifies the consecutive interval in seconds over wh ich the
in terface is mo nitored for the high rate of the ARP pack ets. The interval
is config urable from 1 to 15 seconds.
The rate is s et to 15 packets per secon d o n the untrusted interfaces , assuming that th e network is a
switch ed netwo rk with a host co nnecting to as many as 15 new h osts per second .
The rate is u nlimited on all the trusted in terfaces.
The burst interval is set to 1 second by default.
Command Modes
Interface configuration mod e
Usage Guidelines
The tru nk p orts shou ld be configured with high er rates to reflect th eir aggregation. When th e rate of the
in comin g p ackets exceeds the u ser-configured rate, the interface is placed into an error-disabled state.
The error-disable timeout featu re can be used to remove the port fro m the error-dis abled state. The rate
applies to both the trusted and nontrusted in terfaces. Configure appropriate rates on trunks to handle the
p ackets across multip le DAI-enabled VLANs or us e the none k eyword to make the rate unlimited.
The rate of the inco ming ARP p ackets o nthe channel p orts is equal to the sum of the inco min g rate of
p ackets from all the chan nel members. Configure the rate limit for the channel ports only after examining
th e rate o f the incoming ARP packets on the chann el memb ers.
After a switch receives more than the co nfigu red rate of packets every seco nd consecu tively over a period
o f burs t seconds, the interface is p laced into an error-disabled state.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-228
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip a rp inspection limit (interface)
Examples
This examp le shows how to limit the rate of th e incoming ARP requests to 25 packets per secon d:
Switch# config terminal
Switch(config)# interface fa6/3
Switch(config-if)# ip arp inspection limit rate 25
Switch(config-if)# end
Switch# show ip arp inspection interfaces fastEthernet 6/3
Interface
Trust State
Rate (pps)
--------------- -------------------Fa6/3
Trusted
25
Switch#
This example shows h ow to limit the rate o f the incoming ARP requ ests to 20 pack ets per s econd an d to
set the interface monito ring interval to 5 con secutive seconds:
Switch# config terminal
Switch(config)# interface fa6/1
Switch(config-if)# ip arp inspection limit rate 20 burst interval 5
Switch(config-if)# end
Related Commands
Co mmand
show ip arp inspection
Description
Displays the status of dynamic ARP inspection for a
specific range of VLANs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-229
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip arp inspection log-buffer
ip arp inspection log-buffer
To co nfigure th e parameters th at are associated with th e logg in g buffer, use th e ip a rp inspection
log-buffer command. To disable the parameters, u se the no form of th is command.
ip arp inspectio n log-buffer {entries nu mber | logs numb er interval seconds }
no ip a rp inspection log-buffer {entries | logs}
Syntax Description
entries n umber
lo gs numb er
interval secon ds
Defaults
Number of entries from the logging buffer; the range is fro m 0 to 102 4.
Number of entries to be logged in an interval; the ran ge is from 0 to 1024. A
0 value in dicates th at en tries should no t be logged out of th is buffer.
Logging rate; the ran ge is from 0 to 86400 (1 day). A 0 value indicates an
immediate log.
When dynamic ARP inspection is enabled, d enied, or dropped, the ARP packets are lo gged.
The nu mber of entries is set to 32.
The nu mber of logg ing en tries is limited to 5 p er s econd.
The interval is set to 1.
Command Modes
Global configuratio n mo de
Usage Guidelines
The first dropped packet of a given flow is logg ed immediately. Th e subs equ ent packets for the same
flow are registered but are not logged immediately. Registering these packets is don e in a log buffer that
is shared by all th e VLANs. Entries fro m this buffer are logged on a rate-controlled bas is .
Examples
This example s hows how to config ure the logg ing buffer to h old up to 45 en tries:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection log-buffer entries 45
Switch(config)# end
Switch# show ip arp inspection log
Total Log Buffer Size : 45
Syslog rate : 5 entries per 1 seconds.
No entries in log buffer.
Switch#
This example s hows how to config ure the logg ing rate to 10 log s p er 3 seconds:
Switch(config)# ip arp inspection log-buffer logs 10 interval 3
Switch(config)# end
Switch# show ip arp inspection log
Total Log Buffer Size : 45
Syslog rate : 10 entries per 3 seconds.
No entries in log buffer.
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-230
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp insp ection log-buffer
Related Commands
Co mmand
arp access-list
show ip arp inspection
Description
Defines an ARP access list or add s clauses at the end of a
predefined list.
Displays the status of dynamic ARP inspection for a
specific range of VLANs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-231
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip arp inspection trust
ip arp inspection trust
To set a p er-po rt co nfigu rable trust state that determines the set of interfaces where inco ming ARP
p ackets are inspected, use the ip arp inspectio n trust command. To make the interfaces u ntru sted, use
th e no form o f this co mmand .
ip arp inspectio n trust
no ip arp inspection trust
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Interface configuration mod e
Examples
This example s hows how to config ure an interface to b e tru sted:
Switch# config terminal
Switch(config)# interface fastEthernet 6/3
Switch(config-if)# ip arp inspection trust
Switch(config-if)# end
To verify th e configu ration, use the show form of th is command:
Switch# show ip arp inspection interfaces fastEthernet 6/3
Interface
--------------Fa6/3
Switch#
Related Commands
Trust State
----------Trusted
Rate (pps)
---------None
Burst Interval
-------------1
Command
Descriptio n
show ip arp inspectio n
Displays the status of dy namic ARP in spection for a
sp ecific range o f VLANs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-232
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp inspection validate
ip arp inspection validate
To perfo rm specific ch ecks for ARP inspectio n, use th e ip arp ins pection validate command. To disable
ch ecks, use the no form of this command.
ip arp inspection va lida te [src-mac] [dst-mac] [ip]
no ip arp inspectio n validate [src-mac] [dst-mac] [ip]
Syntax Description
src-mac
(Optional) Ch ecks th e s ource MAC address in the Eth ernet header ag ainst the sen der’s
MAC address in the ARP bo dy. This ch ecking is done against both ARP requests and
respon ses.
When src-mac is enabled , p ackets with d ifferent M AC add resses are classified
as invalid an d are dropped.
(Optional) Check s th e destination MAC address in the Ethern et head er against the
target MAC address in ARP body. Th is check ing is done for ARP resp onses.
Note
dst-mac
Note
ip
When dst-mac is enabled, the packets with different MAC address es are
class ified as invalid and are dropp ed.
(Optional) Check s th e ARP body for invalid and unexpected IP addresses. Addresses
include 0.0.0.0, 255.255.25 5.2 55, and all IP mu lticast add resses.
The sen der IP add resses are ch ecked in all ARP requests and res ponses and targ et IP
ad dresses are checked only in ARP respon ses.
Defaults
Checks are disab led.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Wh en enabling the check s, specify at least o ne of the keywords (s rc-mac, dst-mac, and ip) on the
co mmand line. Each comman d ov errides the configuration of the prev ious co mmand . If a comman d
en ables src and dst mac validations, an d a second command enables IP valid ation on ly, the src and dst
mac valid ation s are disabled as a resu lt of the second comman d.
The no form of this command disables only the sp ecified ch ecks. If no ne of the check op tio ns are
en abled, all the checks are disabled.
Examples
This examp le show how to enable the source MAC validation:
Switch(config)# ip arp inspection validate src-mac
Switch(config)# end
Switch# show ip arp inspection vlan 1
Source Mac Validation
: Enabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-233
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip arp inspection validate
Vlan
---1
Vlan
---1
Switch#
Related Commands
Configuration
------------Enabled
Operation
--------Active
ACL Logging
----------Deny
DHCP Logging
-----------Deny
ACL Match
---------
Static ACL
----------
Command
a rp access-list
Descriptio n
Defines an ARP access list or adds claus es at the en d of a
p redefined list.
show ip arp inspectio n
Displays the status of dy namic ARP in spection for a
sp ecific range o f VLANs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-234
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp inspection vlan
ip arp inspection vlan
To enable dy namic ARP in spection (DAI) on a p er-VLAN basis, use the ip arp inspection v lan
co mmand . To d isable DAI, use the no fo rm of this command.
ip arp inspection v lan vlan-range
no ip arp inspectio n vlan vla n-ra nge
Syntax Description
vla n-ran ge
Defaults
ARP in spection is disabled on all VLANs.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
You must specify on which VLANs to enable DAI. DAI may not function on the configured VLANs if
they h ave n ot b een created or if th ey are p rivate.
Examples
VLAN number or range; valid values are fro m 1 to 409 4.
This examp le shows how to enable DAI on VLAN 1 :
Switch# configure terminal
Switch(config)# ip arp inspection vlan 1
Switch(config)# end
Switch# show ip arp inspection vlan 1
Source Mac Validation
: Disabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Vlan
Configuration
Operation
ACL Match
-------------------------------1
Enabled
Active
Vlan
ACL Logging
DHCP Logging
------------------------1
Deny
Deny
Switch#
Static ACL
----------
This examp le shows how to d isable DAI o n VLAN 1:
Switch# configure terminal
Switch(config)# no ip arp inspection vlan 1
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-235
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip arp inspection vlan
Related Commands
Command
a rp access-list
show ip arp inspectio n
Descriptio n
Defines an ARP access list or adds claus es at the en d of a
p redefined list.
Displays the status of dy namic ARP in spection for a
sp ecific range o f VLANs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-236
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip arp inspec tion vlan logging
ip arp inspection vlan logging
To control the type of packets that are log ged , use the ip arp ins pection vlan logging co mmand . To
disable this logg ing co ntrol, use th e no form of this comman d.
ip arp inspection v lan vlan-range logging {acl-match { matchlog | none} | dhcp-bindings
{permit | a ll | none}}
no ip arp inspectio n vlan vla n-ra nge log ging { a cl-match | dhcp-binding s}
Syntax Description
vla n-ran ge
Number of the VLANs to be mapp ed to the specified instance. The n umber is
entered as a single value o r a ran ge; valid values are from 1 to 4094 .
Specifies the logging criteria fo r packets that are dropped or permitted based o n
ACL match es.
Specifies that logging o f packets matched against ACLs is co ntro lled by the
matchlog keyword in the permit and deny access control entries of the ACL.
acl-match
matchlog
By default, th e matchlog keyword is not availab le on the ACEs. When th e
keyword is used, den ied packets are not logged. Pack ets are lo gged only
when they match against an ACE that has th e ma tchlog keyword .
Specifies that ACL-matched p ackets are not logged.
Note
none
dhcp-bindings
Specifies the logging criteria fo r packets dropped or permitted based o n matches
against the DHCP bin dings.
permit
all
Specifies log ging when permitted by DHCP bindin gs.
Specifies log ging when permitted or denied by DHCP bindin gs.
none
Prevents all loggin g of packets permitted or denied by DHCP bindin gs.
Defaults
All denied o r dropped packets are logg ed .
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
The acl-match and dhcp-bindings k eywords merge with each other. When you set an ACL match
co nfiguration, th e DHCP bind ings co nfigu ration is not disab led. You can u se the no form of this
co mmand to reset some o f the log ging criteria to th eir d efaults . If you do not specify either option, all
the logging types are reset to log on wh en the ARP packets are denied. The two o ptions th at are available
to you are as fo llows:
Examples
•
acl-match—Log ging on ACL matches is reset to log on deny
•
dhcp-bindings — Logg ing on DHCP bindin g comp ared is reset to lo g o n deny
This example s hows how to configu re an ARP inspectio n on VLAN 1 to add packets to a log on matchin g
ag ainst the ACLs with the lo gging keyword :
Switch# config terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-237
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip arp inspection vlan logging
Switch(config)# ip arp inspection vlan 1 logging acl-match matchlog
Switch(config)# end
Switch# show ip arp inspection vlan 1
Source Mac Validation
: Enabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Vlan
---1
Vlan
---1
Switch#
Related Commands
Configuration
------------Enabled
Operation
--------Active
ACL Logging
----------Acl-Match
DHCP Logging
-----------Deny
Command
a rp access-list
show ip arp inspectio n
ACL Match
---------
Static ACL
----------
Descriptio n
Defines an ARP access list or adds claus es at the en d of a
p redefined list.
Displays the status of dy namic ARP in spection for a
sp ecific range o f VLANs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-238
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip cef load-sharing algorithm
ip cef load-sharing algorithm
To co nfigure the load-s haring h ash fu nctio n so th at the source TCP/UDP port, the destinatio n TCP/UDP
port, or both ports can be inclu ded in th e hash in additio n to the source and destin ation IP addresses , use
the ip cef load-sharing algo rithm command. To revert back to the defau lt, wh ich does not include the
ports, use the no fo rm of this command.
ip cef load-sharing algorithm {include-ports { so urce source | destination dest} | o riginal |
tunnel | universal}
no ip cef load-sharing algorithm {include-ports {source so urce | destination dest } | original |
tunnel | universal}
Syntax Description
include-ports
source so urce
destina tion dest
origina l
Defaults
Specifies the algo rithm that in clud es the Layer 4 p orts.
Specifies the source port in the load -balancin g h ash functions.
Specifies the des tin ation p ort in the lo ad-balan cing hash. Uses the sou rce and
destination in hash fun ction s.
Specifies the origin al algorith m; n ot recommended.
tunnel
Specifies the algo rithm fo r use in tu nnel-on ly environments.
universal
Specifies the defau lt Cisco IOS load-sharing algorithm.
Default load-sh aring alg orithm is disabled.
Note
This optio n d oes no t in clud e the so urce o r destinatio n port in the load -balancin g h ash .
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
The o rigin al alg orithm, tunnel algorithm, and universal algo rithm are routed th rou gh the hardware. Fo r
software-routed packets, th e algo rithms are handled by the software. The include-ports option does not
ap ply to the software-s witched traffic.
Examples
This examp le shows how to configure the IP CEF load-sharing algorithm that includes Layer 4 ports :
Switch(config)# ip cef load-sharing algorithm include-ports
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-239
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip cef load-sharing algorithm
This ex ample shows how to co nfigu re the IP CEF load-sharing algo rithm that includes Layer 4 tunneling
p orts:
Switch(config)# ip cef load-sharing algorithm include-ports tunnel
Switch(config)#
Related Commands
Command
show ip cef v lan
Descriptio n
Displays the IP CEF VLAN interface status and
configuration information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-240
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip device tracking maximum
ip device tracking maximum
To enable IP po rt security binding tracking o n a Layer 2 port, use the ip device tracking maximum
co mmand . To disable IP port security o n un trusted Layer 2 interfaces, use the no form of th is comman d.
ip device tracking maximum {n umber}
no ip device tracking maximum {number}
Syntax Description
Defaults
Command Modes
Examples
number
Specifies the nu mber of bind ings created in the IP d evice track ing table fo r a port, valid
valu es are fro m 0 to 20 48.
This comman d has no default settings.
Interface con figuration mode
This examp le shows how to enable IP p ort secu rity with IP-MAC filters on a Layer 2 access port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device tracking
Switch(config)# interface fastethernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
You can verify you r settin gs by entering the show ip verify so urce privileged EXEC command.
Related Commands
Co mmand
ip verify source
Description
Enables IP s ource g uard on untrusted Layer 2 interfaces.
show ip verify source
Displays the IP sou rce guard configuration and filters on a
particular interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-241
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip dhcp snooping
ip dhcp snooping
To en able DHCP snoo ping globally, use the ip dhcp snooping co mmand . To d isable DHCP snoo ping,
u se the no form of th is command.
ip dhcp snooping
no ip dhcp snooping
Syntax Description
This command has no arguments or keywo rds.
Defaults
DHCP snoopin g is disabled.
Command Modes
Global configuratio n mo de
Usage Guidelines
You must en able DHCP snoo ping globally before yo u can use DHCP s noopin g o n a VLAN.
Examples
This example s hows how to enab le DHCP sno oping:
Switch(config)# ip dhcp snooping
Switch(config)#
This example s hows how to disable DHCP snoopin g:
Switch(config)# no ip dhcp snooping
Switch(config)#
Related Commands
Command
Descriptio n
ip dhcp snoo ping informa tion option
Enab les DHCP op tion 82 data insertio n.
ip dhcp snoo ping limit ra te
Con figures the number of the DHCP messages th at an
in terface can receive p er s econd.
Enab les DHCP sn ooping on a trusted VLAN.
ip dhcp snooping trust
ip dhcp snoo ping vlan
Enab les DHCP sn ooping on a VLAN or a group o f VLANs.
show ip dhcp s noo ping
Displays the DHCP sn ooping configuration.
show ip dhcp s nooping binding
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-242
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip dhcp snoop ing binding
ip dhcp snooping binding
To set u p and generate a DHCP bind ing configuration to restore binding s across reb oots, use the ip dhcp
snooping binding command. To disable the bindin g configuration , use the no fo rm of this command.
ip dhcp snooping binding mac-address vla n vlan-# ip-address interface interface expiry seconds
no ip dhcp s noo ping binding ma c-address vlan vlan-# ip-addres s interfa ce interfa ce
Syntax Description
mac-addres s
vlan vlan -#
Specifies a MAC ad dress.
Specifies a valid VLAN number.
ip-a ddress
interface interface
Specifies an IP address .
Specifies an interface type and numb er.
ex piry secon ds
Specifies the interval (in seconds) after which binding is no long er valid.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
Wh enever a b inding is added or removed using th is command, the binding database is marked as changed
an d a write is initiated.
Examples
This examp le shows how to g enerate a DHCP bind ing co nfiguration on interface gigabitethernet1/1 in
VLAN 1 with an exp iration time of 1000 seco nds:
Switch# ip dhcp snooping binding 0001.1234.1234 vlan 1 172.20.50.5 interface gi1/1 expiry 1000
Switch#
Related Commands
Co mmand
Description
ip dhcp snooping
ip dhcp snooping info rmatio n option
Glob ally enables DHCP sn ooping .
Enables DHCP option 82 data in sertion.
ip dhcp snooping trust
ip dhcp snooping v lan
Enables DHCP snoop in g on a trusted VLAN.
Enables DHCP snoop ing on a VLAN o r a group of VLANs.
show ip dhcp snooping
Displays the DHCP snoop ing con figuratio n.
show ip dhcp snooping binding
Displays the DHCP snoop ing binding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-243
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip dhcp snooping database
ip dhcp snooping database
To store the b indings that are generated b y DHCP snoopin g, use the ip dhcp snooping database
command. To either reset the timeou t, reset the write-delay, or delete the agent specified by the URL,
u se the no form of th is command.
ip dhcp snooping database {url | timeout secon ds | write-delay secon ds}
no ip dhcp snooping database {timeout | write-delay}
Syntax Description
u rl
Specifies the URL in one of the following forms:
•
•
•
timeout seconds
write-dela y
seconds
Defaults
tftp://<host>/<filename>
ftp://<user>:<password>@<ho st>/<filename>
rcp://<u ser>@<host>/<filename>
•
nvram:/<filename>
•
b ootflash:/<filename>
Specifies when to abort the d atabase tran sfer p rocess after a change to the bind in g
d atabase.
The min imum valu e of the delay is 15 secon ds. 0 is defined as an infinite duration.
Specifies the duration for wh ich the tran sfer shou ld b e delayed after a chan ge to
th e bindin g database.
The timeout valu e is set to 300 seconds (5 min utes).
The write-delay value is s et to 300 seco nds.
Command Modes
Interface configuration mod e
Usage Guidelines
You need to create an emp ty file at th e configured URL on n etwo rk-based URLs (such as TFTP and FTP)
b efore the switch can write the set of bind ings for the first time at th e URL.
Note
Because both NVRAM and boo tflash h ave limited storage capacity, using TFTP or network-based files
is recommended . If you use flash to store the d atabase file, n ew upd ates (by the ag ent) result in the
creation of new files (flash fills q uick ly). In addition, due to th e nature of the file sy stem used on the
flas h, a large n umber of files causes access to be consid erab ly slowed . Wh en a file is stored in a remote
lo cation accessible throug h TFTP, an RPR/SSO standby superviso r eng ine can take over the bindin g list
when a switchover occurs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-244
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip dh cp snooping database
Examples
This examp le shows how to sto re a datab ase file with th e IP address 10.1.1.1 within a directory called
directory. A file named file must be present on the TFTP server.
Switch# config terminal
Switch(config)# ip dhcp snooping database tftp://10.1.1.1/directory/file
Switch(config)# end
Switch# show ip dhcp snooping database
Agent URL : tftp://10.1.1.1/directory/file
Write delay Timer : 300 seconds
Abort Timer : 300 seconds
Agent Running : Yes
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts
:
Successful Transfers :
Successful Reads
:
Successful Writes
:
Media Failures
:
1
0
0
0
0
Startup Failures :
Failed Transfers :
Failed Reads
:
Failed Writes
:
0
0
0
0
Switch#
Related Commands
ip dhcp snooping info rmatio n option
Description
Glob ally enables DHCP sn ooping .
Sets up and generates a DHCP b inding config uration to
restore bind ings across reboots.
Enables DHCP option 82 data in sertion.
ip dhcp snooping trust
Co mmand
ip dhcp snooping
ip dhcp snooping binding
Enables DHCP snoop in g on a trusted VLAN.
ip dhcp snooping v lan
show ip dhcp snooping
Enables DHCP snoop ing on a VLAN o r a group of VLANs.
Displays the DHCP snoop ing con figuratio n.
show ip dhcp snooping binding
Displays the DHCP snoop ing binding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-245
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip dhcp snooping information option
ip dhcp snooping information option
To enable DHCP op tion 8 2 data insertion, use the ip dhcp snoo ping information o ption command. To
d isable DHCP option 8 2 d ata insertion, use th e no form o f this co mmand .
ip dhcp snooping information option format remote-id {hostname | string {word}}
no ip dhcp snooping information o ption format remote-id {hos tname | string {word}}
Syntax Description
format
remote-id
Specifies the option 82 in formatio n format.
Specifies the remote ID for optio n 8 2.
hostname
string word
Specifies the user-con figured h ostname for the remote ID.
Specifies the user-d efin ed string for th e remote ID. The word string can be from
1 to 63 characters lo ng with no spaces.
Defaults
DHCP option 82 data insertion is enabled.
Command Modes
Global configuratio n mo de
Usage Guidelines
Examples
If the hostname is long er th an 63 characters it is tru ncated to 6 3 characters in the remote ID.
This example s hows how to enab le DHCP op tio n 82 data insertion :
Switch(config)# ip dhcp snooping information option
Switch(config)#
This example s hows how to disable DHCP option 82 data ins ertion:
Switch(config)# no ip dhcp snooping information option
Switch(config)#
This example s hows how to config ure the hos tname as the remote ID:
Switch(config)# ip dhcp snooping information option format remote-id hostname
Switch(config)#
The fo llowing example shows how to enable DHCP Snooping on VLAN 500 th rou gh 5 55 and option 82
remote ID:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 500 555
Switch(config)# ip dhcp snooping information option format remote-id string switch123
Switch(config)# interface GigabitEthernet 5/1
Switch(config-if)# ip dhcp snooping trust
Switch(config-if)# ip dhcp snooping limit rate 100
Switch(config-if)# ip dhcp snooping vlan 555 information option format-type circuit-id
string customer-555
Switch(config-if)# interface FastEthernet 2/1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-246
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip dhcp snooping information option
Switch(config-if)# ip dhcp snooping vlan 555 information option format-type circuit-id
string customer-500
Switch(config)# end
Related Commands
Co mmand
ip dhcp snooping
Description
Glob ally enables DHCP sn ooping .
ip dhcp snooping binding
Sets up and generates a DHCP b inding config uration to
restore bind ings across reboots.
Enables DHCP option 82 data in sertion.
ip dhcp snooping info rmatio n option
ip dhcp snooping limit rate
ip dhcp snooping trust
ip dhcp snooping v lan
ip dhcp snooping v lan informatio n
option format-type circuit-id string
Config ures the nu mber of the DHCP messages that an
interface can receive per secon d.
Enables DHCP snoop in g on a trusted VLAN.
Enables DHCP snoop ing on a VLAN o r a group of VLANs.
Enables circuit-id (a sub-option of DHCP snoop ing
option-82) on a VLAN.
show ip dhcp snooping
Displays the DHCP snoop ing con figuratio n.
show ip dhcp snooping binding
Displays the DHCP snoop ing binding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-247
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip dhcp snooping information option allow-untrusted
ip dhcp snooping information option allow-untrusted
To allow DHCP packets with option 82 data inserted to be received from a snoop ing u ntru sted port, use
th e ip dhcp snooping information option allow-untrusted co mmand . To d isallow receipt of these
DHCP packets, use the no fo rm of this command.
ip dhcp snoo ping informa tion option allow-untrus ted
no ip dhcp snooping information o ption allow-untrusted
Syntax Description
Defaults
This command has no arguments or keywo rds.
DHCP packets with option 82 are not allowed o n s nooping u ntrus ted ports.
Command Modes
Examples
Global configuratio n mo de
This example s hows how to allow DHCP packets with optio n 8 2 data inserted to be received from a
sn ooping un trusted port:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping information option allow-untrusted
Switch(config)# end
Switch#
Related Commands
Command
Descriptio n
ip dhcp snooping
Globally enables DHCP snoo ping.
ip dhcp snoo ping informa tion option
ip dhcp snoo ping limit ra te
Enab les DHCP op tion 82 data insertio n.
Con figures the number of the DHCP messages th at an
in terface can receive p er s econd.
Enab les DHCP sn ooping on a trusted VLAN.
ip dhcp snooping trust
ip dhcp snoo ping vlan
show ip dhcp s noo ping
Enab les DHCP sn ooping on a VLAN or a group o f VLANs.
Displays the DHCP sn ooping configuration.
show ip dhcp s nooping binding
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-248
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip dhcp snoop ing limit rate
ip dhcp snooping limit rate
To con figure th e n umber of the DHCP messages that an interface can receive per second, use the ip dhcp
snooping limit rate co mmand . To d isable the DHCP s noopin g rate limiting, use the no form of this
co mmand .
ip dhcp snooping limit rate rate
no ip dhcp s noo ping limit ra te
Syntax Description
rate
Number of DHCP messages a switch can receive per second .
Defaults
DHCP snoo ping rate limiting is disabled.
Command Modes
Interface con figuration mode
Usage Guidelines
Typ ically, the rate limit applies to the un trusted interfaces. If you want to set up rate limiting for the
trus ted interfaces , note that the tru sted interfaces aggregate all DHCP traffic in the switch, and you will
need to adjust the rate limit o f the interfaces to a high er value.
Examples
This examp le shows how to enable th e DHCP messag e rate limitin g:
Switch(config-if)# ip dhcp snooping limit rate 150
Switch(config)#
This examp le shows how to d isable the DHCP message rate limiting:
Switch(config-if)# no ip dhcp snooping limit rate
Switch(config)#
Related Commands
Co mmand
ip dhcp snooping
Description
Glob ally enables DHCP sn ooping .
ip dhcp snooping info rmatio n option
Enables DHCP option 82 data in sertion.
ip dhcp snooping trust
Enables DHCP snoop in g on a trusted VLAN.
ip dhcp snooping v lan
show ip dhcp snooping
Enables DHCP snoop ing on a VLAN o r a group of VLANs.
Displays the DHCP snoop ing con figuratio n.
show ip dhcp snooping binding
Displays the DHCP snoop ing binding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-249
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip dhcp snooping trust
ip dhcp snooping trust
To co nfigure an interface as trusted fo r DHCP sno oping purposes, use the ip dhcp snooping trust
command. To config ure an interface as untrusted, us e the no form of th is command.
ip dhcp snooping trust
no ip dhcp snooping trust
Syntax Description
This command has no arguments or keywo rds.
Defaults
DHCP snoopin g trust is disabled .
Command Modes
Interface configuration mod e
This example s hows how to enab le DHCP sno oping trust on an interface:
Switch(config-if)# ip dhcp snooping trust
Switch(config)#
This example s hows how to disable DHCP snoopin g trust on an interface:
Switch(config-if)# no ip dhcp snooping trust
Switch(config)#
Related Commands
Command
Descriptio n
ip dhcp snooping
Globally enables DHCP snoo ping.
ip dhcp snoo ping informa tion option
ip dhcp snoo ping limit ra te
Enab les DHCP op tion 82 data insertio n.
Con figures the number of the DHCP messages th at an
in terface can receive p er s econd.
ip dhcp snoo ping vlan
Enab les DHCP sn ooping on a VLAN or a group o f VLANs.
show ip dhcp s noo ping
Displays the DHCP sn ooping configuration.
show ip dhcp s nooping binding
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-250
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip dhcp snooping vlan
ip dhcp snooping vlan
Use the ip dhcp snooping vlan command to enab le DHCP sno oping on a VLAN. To disable DHCP
snoop ing on a VLAN, use the no fo rm of this command.
ip dhcp snooping [vlan number ]
no ip dhcp s nooping [vlan n umber]
Syntax Description
Defaults
Command Modes
Usage Guidelines
Examples
vlan numb er
(Optional) Single VLAN number or a rang e of VLANs; valid values are from 1
to 4094.
DHCP snoo ping is disabled .
Glob al co nfigu ration mode
DHCP snoo ping is enabled on a VLAN o nly if both glo bal sno oping and the VLAN snoopin g are
en abled.
This examp le shows how to enable DHCP snoopin g o n a VLAN:
Switch(config)# ip dhcp snooping vlan 10
Switch(config)#
This examp le shows how to d isable DHCP snoo ping on a VLAN:
Switch(config)# no ip dhcp snooping vlan 10
Switch(config)#
This examp le shows how to enable DHCP snoopin g o n a group of VLANs:
Switch(config)# ip dhcp snooping vlan 10 55
Switch(config)#
This examp le shows how to d isable DHCP snoo ping on a g roup o f VLANs:
Switch(config)# no ip dhcp snooping vlan 10 55
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-251
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip dhcp snooping vlan
Related Commands
Command
ip dhcp snooping
Descriptio n
Globally enables DHCP snoo ping.
ip dhcp snoo ping informa tion option
ip dhcp snoo ping limit ra te
Enab les DHCP op tion 82 data insertio n.
Con figures the number of the DHCP messages th at an
in terface can receive p er s econd.
ip dhcp snooping trust
ip dhcp snoo ping vlan information
o ption format-type circuit-id string
Enab les DHCP sn ooping on a trusted VLAN.
Enab les circuit-id (a su boption of DHCP snoop ing
o ption-82) on a VLAN.
show ip dhcp s noo ping
show ip dhcp s nooping binding
Displays the DHCP sn ooping configuration.
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-252
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip dhcp snoo ping vlan information option format-type circuit-id string
ip dhcp snooping vlan information option format-type circuit-id
string
To enable circuit-id (a sub option of DHCP sn ooping op tion 82) on a VLAN, u se the ip dhcp snooping
vlan information optio n format-type circuit-id string co mmand . To disable circuit-id o n a VLAN, use
the no fo rm of this command.
ip dhcp snooping v lan nu mber information o ption format-type circuit-id [override] string
string
no ip dhcp s noo ping vlan number info rmatio n option fo rmat-type circuit-id [ov erride] string
Syntax Description
number
Specifies single o r range of VLANs; valid values are from 1 to 4 094.
override
string string
(Optional) Specifies an overrid e strin g.
Specifies a u ser-defined string for the circuit ID; range of 3 to 63 ASCII characters
with no spaces.
Defaults
VLAN-mod-port, if DHCP sn ooping o ption-82 is d isab led.
Command Modes
Interface con figuration
Usage Guidelines
The circuit-id subop tion of DHCP o ption 8 2 is sup ported o nly wh en DHCP sno oping is globally enabled
an d o n VLANs using DHCP o ption 82.
Examples
The followin g examp le shows how to enable DHCP snoo ping on VLAN 5 00 th rou gh 5 55 and option 82
circuit-id:
This command allows you to configure a string of ASCII characters to be th e circuit ID. When y ou want
to overrid e the v lan-mod-port format type an d in stead use th e circuit-ID to define subscrib er
info rmation, use the override key word.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 500 555
Switch(config)# ip dhcp snooping information option format remote-id string switch123
Switch(config)# interface GigabitEthernet 5/1
Switch(config-if)# ip dhcp snooping trust
Switch(config-if)# ip dhcp snooping limit rate 100
Switch(config-if)# ip dhcp snooping vlan 555 information option format-type circuit-id
string customer-555
Switch(config-if)# interface FastEthernet 2/1
Switch(config-if)# ip dhcp snooping vlan 555 information option format-type circuit-id
string customer-500
Switch(config)# end
This examp le shows how to configure the option-82 circuit-ID override su boption :
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-253
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip dhcp snooping vlan information option format-type circuit-id string
Switch(config-if)# ip dhcp snooping vlan 250 information option format-type circuit-id
override string testcustomer
You can verify your settings by entering the show ip dhcp snoo ping user EXEC command.
Note
Related Commands
The show ip dhcp snooping u ser EXEC command only displays the global command output, in clud ing
a remote-ID co nfigu ration. It does n ot display any per-interface, per-VLAN strin g th at you have
configured for the circu it ID.
Command
ip dhcp snooping
Descriptio n
Globally enables DHCP snoo ping.
ip dhcp snoo ping informa tion option
ip dhcp snoo ping limit ra te
Enab les DHCP op tion 82 data insertio n.
Con figures the number of the DHCP messages th at an
in terface can receive p er s econd.
Enab les DHCP sn ooping on a trusted VLAN.
ip dhcp snooping trust
ip dhcp snoo ping vlan
Enab les DHCP sn ooping on a VLAN or a group o f VLANs.
show ip dhcp s noo ping
Displays the DHCP sn ooping configuration.
show ip dhcp s nooping binding
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-254
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp filter
ip igmp filter
To co ntrol whether all h osts on a Layer 2 interface can join one or more IP multicast gro ups by applying
an IGMP p rofile to th e interface, use the ip igmp filter co mmand. To remove a p rofile fro m the in terface,
use th e no form o f this co mmand .
ip igmp filter profile nu mber
no ip igmp filter
Syntax Description
profile number
IGMP pro file nu mber to b e applied; valid values are from 1 to 4 29496 795.
Defaults
Profiles are n ot app lied.
Command Modes
Interface con figuration mode
Usage Guidelines
You can apply IGMP filters only to Layer 2 phy sical interfaces; you cann ot apply IGM P filters to rou ted
ports, switch virtual interfaces (SVIs), or p orts that belo ng to an Eth erChan nel group.
An IGMP profile can be ap plied to on e or mo re switch p ort interfaces, but one port can h ave only one
pro file applied to it.
Examples
This examp le shows how to apply IGMP profile 2 2 to an interface:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# ip igmp filter 22
Switch(config-if)#
Related Commands
Co mmand
ip igmp profile
Description
Creates an IGMP profile.
show ip igmp profile
Displays all configured IGMP profiles or a sp ecified IGMP
pro file.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-255
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip igmp max-groups
ip igmp max-groups
To set the maximu m nu mber of IGMP gro ups that a Layer 2 in terface can join, use th e ip igmp
max-gro ups comman d. To set the maximum back to th e default, u se the no form of th is command.
ip igmp ma x-g roups numb er
no ip ig mp max -groups
Syntax Description
n umber
M aximu m number of IGMP gro ups that an interface can join; valid valu es are from 0 to
4 29496 7294.
Defaults
No maximu m limit.
Command Modes
Interface configuration mod e
Usage Guidelines
You can u se the ip igmp max-groups command only on Layer 2 phy sical in terfaces; you cannot set the
IGMP maximum groups for the rou ted ports , the switch v irtual interfaces (SVIs), o r the ports that belong
to an EtherChannel group.
Examples
This example s hows how to limit the numb er of IGMP g rou ps that an interface can join to 25:
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# ip igmp max-groups 25
Switch(config-if)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-256
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp profile
ip igmp profile
To create an IGMP profile, use the ip igmp profile command . To d elete the IGMP profile, u se the no
form of this comman d.
ip igmp profile p rofile n umber
no ip igmp profile profile number
Syntax Description
profile number
Defaults
No profile created.
Command Modes
IGMP pro file nu mber bein g con figured ; valid values are fro m 1 to 42 949672 95.
Glob al co nfigu ration mode
IGMP profile co nfigu ration
Usage Guidelines
Wh en entering a range, enter the low IP multicast address, a space, and the h igh IP multicast ad dress.
You can apply an IGMP pro file to one o r more Layer 2 in terfaces, bu t each interface can have only on e
pro file applied to it.
Examples
This ex ample shows how to configure IGMP p rofile 40 that p ermits th e specified range of IP multicast
ad dresses:
Switch # config terminal
Switch(config)# ip igmp profile 40
Switch(config-igmp-profile)# permit
Switch(config-igmp-profile)# range 233.1.1.1 233.255.255.255
Switch(config-igmp-profile)#
Related Commands
Co mmand
ip igmp filter
Description
Controls whether all hos ts o n a Layer 2 interface can join
one o r more IP multicast groups by applyin g an IGMP
pro file to the interface.
show ip igmp profile
Displays all configured IGMP profiles or a sp ecified IGMP
pro file.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-257
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip igmp query-interval
ip igmp query-interval
To co nfigure th e frequency that the switch sends the IGMP hos t-query messages, us e the ip igmp
query-interval command. To return to the default freq uency, use the no fo rm of this command.
ip igmp query-interval secon ds
no ip ig mp query -interval
Syntax Description
Defaults
seconds
Frequ en cy, in secon ds, at which the IGMP host-query messages are transmitted; valid
values depend on the IGMP snoo ping mod e. See th e “Us age Guidelines ” section for more
in formatio n.
The qu ery interval is set to 60 seconds.
Command Modes
Usage Guidelines
Interface configuration mod e
If you u se the defau lt IGMP snoop ing co nfiguration, th e valid q uery interval values are from 1 to
6 5535 seco nds. If you have chan ged the default configuration to supp ort CGMP as the IGMP snoopin g
learnin g method , the valid query in terval values are from 1 to 3 00 second s.
The d esig nated switch for a LAN is th e on ly switch that sends the IGMP host-query messages. For IGMP
version 1, the designated switch is elected acco rding to the multicast ro uting protocol th at ru ns on the
LAN. Fo r IGMP version 2, th e designated q uerier is th e lowest IP-add ressed mu lticast switch on the
su bnet.
If no queries are h eard for the timeo ut period (contro lled by th e ip igmp query -timeout co mmand ), the
switch b ecomes th e querier.
Note
Examples
Changin g th e timeout period may severely impact multicast forwarding.
This example s hows how to chan ge the freq uen cy at which th e designated switch send s the IGMP
h ost-q uery mess ages:
Switch(config-if)# ip igmp query-interval 120
Switch(config-if)#
Related Commands
Command
Descriptio n
ip igmp querier-timeout (refer to Cisco Con figures the timeo ut p eriod before the ro uter takes over
IOS documentatio n)
as the querier for the interface after the p revious qu erier has
sto pped querying .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-258
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp query-interval
Co mmand
Description
ip pim query-interval (refer to Cisco
Config ures the frequency o f Proto col Indepen den t
IOS do cumentation)
Multicast (PIM) router query messages.
show ip igmp gro ups (refer to Cisco IOS Displays the multicast gro ups with receivers that are
documentatio n)
directly con nected to th e router an d th at were learned
thro ugh Intern et Gro up Management Protocol (IGMP), use
the show ip igmp groups comman d in EXEC mode.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-259
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip igmp snooping
ip igmp snooping
To enable IGMP sn ooping , use the ip ig mp snoo ping co mmand. To disable IGMP sno oping, u se the no
form of this command.
ip igmp snooping [tcn {floo d query count coun t | query solicit}]
no ip ig mp sno oping [tcn {flood query count count | query solicit}]
Syntax Description
Defaults
tcn
flood
(Optio nal) Sp ecifies the top ology chan ge config urations.
(Optio nal) Specifies to flo od th e spanning tree table to the network when a topolo gy
change occurs.
query
count count
(Optio nal) Sp ecifies the TCN q uery configu rations.
(Optio nal) Sp ecifies how often the spanning tree table is flooded; valid values are
fro m 1 to 10.
so licit
(Optio nal) Sp ecifies an IGMP gen eral qu ery.
IGMP snoo ping is enabled.
Command Modes
Global configuratio n mo de
Usage Guidelines
The tcn flood option ap plies only to Layer 2 switch p orts and EtherChann els; it does not app ly to routed
p orts, VLAN interfaces, or Layer 3 channels.
Interface configuration mod e
The ip igmp snooping command is d isab led by default on multicast routers.
Note
Examples
You can use the tcn floo d optio n in in terface co nfiguration mode.
This example s hows how to enab le IGMP s noopin g:
Switch(config)# ip igmp snooping
Switch(config)#
This example s hows how to disable IGMP snoo ping:
Switch(config)# no ip igmp snooping
Switch(config)#
This example s hows how to enab le the flood ing of the spanning tree table to th e network after nine
to pology changes h ave o ccurred:
Switch(config)# ip igmp snooping tcn flood query count 9
Switch(config)#
This example s hows how to disable th e flo oding of th e spannin g tree table to the n etwork:
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-260
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp snooping
Switch(config)# no ip igmp snooping tcn flood
Switch(config)#
This examp le shows how to enable an IGMP g eneral query :
Switch(config)# ip igmp snooping tcn query solicit
Switch(config)#
This examp le shows how to d isable an IGMP general q uery:
Switch(config)# no ip igmp snooping tcn query solicit
Switch(config)#
Related Commands
Co mmand
Description
ip igmp snooping v lan immedia te-leave Enable IGMP immed iate-leav e processing .
ip igmp snoo ping vlan mrouter
ip igmp snoo ping vlan sta tic
Config ures a Layer 2 interface as a multicast router
interface for a VLAN.
Config ures a Layer 2 interface as a member of a g rou p.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-261
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip igmp snooping report-suppression
ip igmp snooping report-suppression
To en able report suppress io n, us e the ip igmp snooping repo rt-suppression command. To dis able
report sup pression and fo rward the repo rts to the multicast d evices , use the no form of this comman d.
ip igmp snooping report-suppression
no igmp snooping report-suppression
Syntax Description
This command has no arguments or keywo rds.
Defaults
IGMP snoo ping report-su ppressio n is enabled.
Command Modes
Global configuratio n mo de
Usage Guidelines
If the ip igmp snooping report-suppression command is d isab led, all the IGMP rep orts are forwarded
to the multicast dev ices.
If the command is enab led, report suppress ion is d one by IGMP snoop ing.
Examples
This example s hows how to enab le repo rt suppression:
Switch(config)# ip igmp snooping report-suppression
Switch(config)#
This example s hows how to disable report sup pression :
Switch(config)# no ip igmp snooping report-suppression
Switch(config)#
This example s hows how to display the s ystem status fo r report suppress ion:
Switch# show ip igmp snoop
vlan 1
---------IGMP snooping is globally enabled
IGMP snooping TCN solicit query is globally disabled
IGMP snooping global TCN flood query count is 2
IGMP snooping is enabled on this Vlan
IGMP snooping immediate-leave is disabled on this Vlan
IGMP snooping mrouter learn mode is pim-dvmrp on this Vlan
IGMP snooping is running in IGMP_ONLY mode on this Vlan
IGMP snooping report suppression is enabled on this Vlan
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-262
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp snooping report-suppression
Related Commands
Co mmand
Description
ip igmp snooping v lan immedia te-leave Enable IGMP immed iate-leav e processing .
ip igmp snoo ping vlan mrouter
Config ures a Layer 2 interface as a multicast router
interface for a VLAN.
ip igmp snoo ping vlan sta tic
Config ures a Layer 2 interface as a member of a g rou p.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-263
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip igmp snooping vlan
ip igmp snooping vlan
To en able IGMP sn ooping for a VLAN, u se the ip igmp snooping vlan command. To disable IGMP
sn ooping , use the no fo rm of this comman d.
ip igmp snooping vlan vlan-id
no ip ig mp sno oping vla n vlan-id
Syntax Description
vlan-id
Defaults
IGMP snoo ping is disab led.
Command Modes
Global configuratio n mo de
Usage Guidelines
Number of the VLAN; valid values are from 1 to 1001 and from 100 6 to 4 094.
This command is entered in VLAN interface configu ration mode only.
The ip igmp snooping v lan command is disab led by default on multicast routers.
Examples
This example s hows how to enab le IGMP s noopin g o n a VLAN:
Switch(config)# ip igmp snooping vlan 200
Switch(config)#
This example s hows how to disable IGMP snoo ping on a VLAN:
Switch(config)# no ip igmp snooping vlan 200
Switch(config)#
Related Commands
Command
Descriptio n
ip igmp sno oping vlan immediate-leav e Enab le IGMP immediate-leave p rocessing.
ip igmp snooping vlan mro uter
Con figures a Layer 2 in terface as a multicast rou ter
in terface for a VLAN.
ip igmp snooping vlan static
Con figures a Layer 2 in terface as a member of a group.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-264
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp snooping vlan explicit-tracking
ip igmp snooping vlan explicit-tracking
To enable per-VLAN explicit host tracking, use the ip igmp snooping vlan explicit-tracking command.
To disable explicit host tracking, use the no form of this command.
ip igmp snoo ping vlan vla n-id explicit-tracking
no ip igmp snooping vlan vlan-id ex plicit-tracking
Syntax Description
vla n_id
Defaults
Explicit host tracking is en abled.
Command Modes
Glob al co nfigu ration mode
Examples
This examp le shows how to d isable IGMP explicit h ost track ing on interface VLAN 2 00 and h ow to
verify th e configu ration:
(Option al) Specifies a VLAN; valid values are from 1 to 1001 and from 100 6 to 4 094.
Switch(config)# no ip igmp snooping vlan 200 explicit-tracking
Switch(config)# end
Switch# show ip igmp snooping vlan 200 | include explicit tracking
Global IGMP Snooping configuration:
----------------------------------IGMP snooping
: Enabled
IGMPv3 snooping
: Enabled
Report suppression
: Enabled
TCN solicit query
: Disabled
TCN flood query count
: 2
Vlan 2:
-------IGMP snooping
: Enabled
IGMPv2 immediate leave
: Disabled
Explicit host tracking
: Disabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode
: IGMP_ONLY
Explicit host tracking
: Disabled
Switch#
Related Commands
Co mmand
Description
ip igmp snooping v lan immedia te-leave Enables IGM P immediate-leave processing .
ip igmp snoo ping vlan mrouter
Config ures a Layer 2 interface as a multicast router
interface for a VLAN.
ip igmp snoo ping vlan sta tic
Config ures a Layer 2 interface as a member of a g rou p.
show ip igmp snooping membership
Displays hos t membership information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-265
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip igmp snooping vlan immediate-leave
ip igmp snooping vlan immediate-leave
To en able IGMP immediate-leave process ing, u se the ip igmp snooping vlan immediate-leave
command. To disable immediate-leave p rocessing, u se the no form of this command.
ip igmp snooping vlan vlan_ num immediate-leave
no ip ig mp sno oping vla n vlan_nu m immediate-leave
Syntax Description
Defaults
vlan_ num
immediate-leave
Numb er o f the VLAN; valid values are from 1 to 4 094.
Enables immediate leave pro cessing.
Immed iate leave processin g is dis abled.
Command Modes
Usage Guidelines
Global configuratio n mo de
You en ter th is command in global con figuration mode o nly.
Use the immediate-leave featu re only when there is a single receiver for th e MAC gro up for a specific
VLAN.
The immediate-leave feature is suppo rted only with IGMP version 2 hosts .
Examples
This example s hows how to enab le IGMP immediate-leave p rocessing on VLAN 4:
Switch(config)# ip igmp snooping vlan 4 immediate-leave
Switch(config)#
This example s hows how to disable IGMP immed iate-leav e processing on VLAN 4:
Switch(config)# no ip igmp snooping vlan 4 immediate-leave
Switch(config)#
Related Commands
Command
ip igmp snooping
Descriptio n
Enab les IGMP snoopin g.
ip igmp snooping vlan mro uter
Con figures a Layer 2 in terface as a multicast rou ter
in terface for a VLAN.
Con figures a Layer 2 in terface as a member of a group.
Displays the information about the IGMP-interface status
and config uration.
Displays info rmation ab out the multicast MAC address
table.
ip igmp snooping vlan static
show ip igmp interface
show mac-address-ta ble multicast
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-266
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp snooping vlan mrouter
ip igmp snooping vlan mrouter
To statically configu re an Layer 2 interface as a multicas t router interface for a VLAN, use the
ip igmp snoo ping vlan mrouter command. To remove th e configu ration, use the no form of this
co mmand .
ip igmp snoo ping vlan vla n-id mrouter {interface {{fastethernet slot/por t} | {gig abitethernet
slot/port } | {tengiga bitethernet s lot/port} | {port-channel number }} |
{lea rn {cgmp | pim-dvmrp}}
no ip igmp sno oping v lan vlan-id mrouter {interface {{fastethernet slo t/port} | {giga bitethernet
slot/port } | {tengiga bitethernet s lot/port} | {port-channel number }} |
{lea rn {cgmp | pim-dvmrp}}
Syntax Description
vlan vlan -id
Sp ecifies the VLAN ID numb er to us e in the command; valid values are
from 1 to 4 094.
interface
Sp ecifies the next-h op interface to a mu lticast s witch.
fas tethernet slot/port
Sp ecifies the Fast Eth ernet interface; number of th e slot and port.
gigabitethernet slo t/p ort Sp ecifies the Gig abit Eth ernet interface; number of th e slot and port.
tengigabitethernet
slot/port
Sp ecifies the 10-Gig abit Eth ernet interface; number of th e slot an d port.
port-channel number
lea rn
cg mp
Po rt-chann el number; valid values are fro m 1 to 64.
Sp ecifies the multicas t switch learning method.
Sp ecifies the multicas t switch sn ooping CGM P pack ets.
pim-dvmrp
Sp ecifies the multicas t switch sn ooping PIM -DVMRP packets.
Defaults
Multicast switch snoo ping PIM-DVMRP packets are specified.
Command Modes
Interface con figuration mode
Usage Guidelines
You enter this co mmand in VLAN in terface co nfigu ration mode o nly.
The in terface to th e switch must be in the VLAN where yo u are en tering the command. It mu st be both
ad ministratively up and line proto col up .
The CGMP learnin g method can decrease control traffic.
The learn ing metho d th at you configure is saved in NVRAM.
The static con nections to multicas t interfaces are sup ported on ly o n s witch in terfaces.
Examples
This examp le shows how to sp ecify th e next-ho p interface to a multicas t switch :
Switch(config-if)# ip igmp snooping 400 mrouter interface fastethernet 5/6
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-267
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip igmp snooping vlan mrouter
This example s hows how to specify the mu lticast switch learn ing metho d:
Switch(config-if)# ip igmp snooping 400 mrouter learn cgmp
Switch(config-if)#
Related Commands
Command
ip igmp snooping
Description
En able IGMP sn ooping.
ip igmp snooping vlan immediate-leave En able IGMP immediate-leave process ing.
ip igmp snooping vlan static
Configures a Layer 2 interface as a member of a group.
show ip igmp snooping
Dis play s info rmation on d ynamically learned an d man ually
config ured VLAN switch interfaces.
show ip igmp snooping mrouter
Dis play s in formatio n o n the dyn amically learned and
manually con figured mu lticast switch interfaces.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-268
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip igmp snooping vlan static
ip igmp snooping vlan static
To config ure a Layer 2 interface as a member of a grou p, us e the ip igmp snooping vlan static
co mmand . To remove the configuratio n, use the no fo rm of this command.
ip igmp snoo ping vlan vla n_num static mac-add ress {interface {fastethernet slot/po rt} |
{gigabitethernet slo t/p ort} | {teng igabitethernet slot/po rt} | {port-channel nu mber}}
no ip igmp snooping vlan vlan_ num static mac-address { interfa ce {fastethernet slot/port } |
{gigabitethernet slo t/p ort} | {teng igabitethernet mo d/interface-numb er } | {port-channel
number }}
Syntax Description
vla n_num
mac-addres s
interface
fas tethernet slot/port
Number of the VLAN.
Group MAC address.
Specifies the next-hop interface to mu lticast switch.
Specifies the Fast Ethernet interface; numb er of the s lot and po rt.
gigabitethernet slo t/p ort
Specifies the Gigabit Ethernet interface; nu mb er of the s lot and po rt.
tengigabitethernet slot/p ort
Specifies the 10-Gigabit Ethernet interface; numb er o f the s lo t and
po rt.
port-channel number
Port-channel n umber; valid values are from 1 thro ugh 64.
Defaults
This comman d has no default settings.
Command Modes
Glob al co nfigu ration mode
Examples
This examp le shows how to configure a h ost s tatically on an interface:
Switch(config)# ip igmp snooping vlan 4 static 0100.5e02.0203 interface fastethernet 5/11
Configuring port FastEthernet5/11 on group 0100.5e02.0203 vlan 4
Switch(config)#
Related Commands
Co mmand
Description
ip igmp snoo ping
Enable IGMP snoop in g.
ip igmp snoo ping v lan immediate-leave Enable IGMP immediate-leave pro cessing.
ip igmp snoo ping vlan mrouter
Co nfigures a Layer 2 interface as a multicast ro uter
interface for a VLAN.
show ma c-address-table multica st
Displays info rmation about the multicast M AC address
table.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-269
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip local-proxy-arp
ip local-proxy-arp
To enable the local pro xy ARP feature, use the ip local-pro xy-arp command. To disable the local proxy
ARP feature, use the no form o f this co mmand .
ip local-proxy-arp
no ip lo cal-prox y-arp
Syntax Description
This command has no arguments or keywo rds.
Defaults
Local proxy ARP is d is abled.
Command Modes
Interface configuration mod e
Usage Guidelines
Use this feature only on su bnets where hosts are intention ally prevented from commu nicating directly
to the switch on which they are connected.
ICMP red irect is disabled o n interfaces wh ere the local pro xy ARP featu re is enabled .
Examples
This example s hows how to enab le the lo cal pro xy ARP feature:
Switch(config-if)# ip local-proxy-arp
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-270
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip mfib fastdrop
ip mfib fastdrop
To enable MFIB fast drop, u se the ip mfib fastdrop command. To disable M FIB fas t drop, use th e no
form of this comman d.
ip mfib fastdrop
no ip mfib fastdrop
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
MFIB fast drop is enabled.
Command Modes
Privileg ed EXEC mode
Examples
This examp le shows how to enable MFIB fast drops:
Switch# ip mfib fastdrop
Switch#
Related Commands
Co mmand
Description
clear ip mfib fastdrop
Clears all th e MFIB fast-dro p entries.
show ip mfib fastdrop
Displays all currently active fast-drop en tries and shows
whether fast drop is enabled.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-271
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip multicast multipath
ip multicast multipath
To en able load s plitting of IP multicast traffic over Equal Cost Multip ath (ECMP), use the
ip multicast multipath co mmand in global configuration mode. To dis able this functionality, us e th e no
form of this command.
ip multicast [vrf vrf-name] multipath [s -g-hash { basic | next-hop-based}]
no ip multicast [vrf vrf-na me] multipa th [s-g-hash {basic | next-hop-based}]
Syntax Description
v rf vrf-name
Command Default
If multiple eq ual-cost p ath s exist, mu lticast traffic will not be load-split across those p aths .
Command Modes
Global configuratio n (config)
s-g-ha sh basic |
next-hop-based
(Optio nal) Enables ECMP multicast load splitting for IP multicast traffic
associated with th e Multicast Virtu al Private Network (MVPN) routing and
forwarding (MVRF) instance specified for the vrf-n ame arg umen t.
(Optio nal) Enab les ECMP multicas t load sp littin g based o n sou rce an d group
address o r on source, gro up, and next-h op ad dress.
The basic key word enables a simple hash based on source and group address.
This algo rithm is referred to as the b asic S-G-hash alg orithm.
The next-hop-ba sed k eyword en ables a mo re complex hash bas ed on s ource,
g roup , and nex t-ho p add ress. This algo rithm is referred to as the
n ext-hop-based S-G-hash algorithm.
Usage Guidelines
The ip multicast multipath command d oes not work with bidirectional Pro to co l Ind epend ent Multicast
(PIM).
Use the ip multica st multipath comman d to enable load splitting o f IP multicas t traffic acro ss multiple
equal-cost paths.
If two o r more eq ual-cost paths fro m a source are available, unicast traffic will be load -sp lit acro ss those
p aths. However, by default, multicast traffic is not load-split across multip le equal-cost paths. In general,
mu lticast traffic flows down from the reverse path forwarding (RPF) neig hbor. According to the PIM
sp ecificatio ns, this neighb or must have the highest IP add ress if more than one neighb or has the same
metric.
When yo u co nfigu e load sp litting with the ip multicast multipath co mmand , th e sy stem sp lits multicast
traffic acros s multip le equal-cost path s b ased on sou rce address usin g th e S-hash algorithm. When th e
ip multicast multipath command is co nfigured and multip le eq ual-cost path s exist, the path in which
mu lticast traffic will travel is selected based on the so urce IP address . Multicas t traffic fro m different
so urces will b e load-split acros s th e different equ al-co st paths. Load splitting will no t occur across
equal-cost paths fo r multicast traffic from the same source sent to different multicast groups.
Note
The ip multicast multipath command lo ad splits the traffic but do es n ot load b alance th e traffic. Traffic
fro m a source will use on ly one path, even if the traffic g reatly exceeds traffic from other sou rces.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-272
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip multicast multipath
If the ip multicast multipath comman d is configured with th e s-g-hash key word and multip le
eq ual-cost path s exist, lo ad splittin g will o ccur across equal-cost paths based on so urce and group
ad dress or on so urce, g rou p, and next-hop add ress. If you specify the optional s-g-hash keywo rd for load
splitting IP multicast traffic, you must select the algorithm used to calculate th e equal-cost path s b y
specifying one of the following key words:
Examples
•
basic— The basic S-G-h ash algo rithm is predictable because no ran domization is u sed in calculatin g
the hash value. The basic S-G-h ash algo rithm, however, is su bject to polarization becau se for a given
source an d g rou p th e same hash is always chosen irresp ective of th e router that the hash is b eing
calculated on.
•
next-hop-ba sed—The n ext-hop-based S-G-hash algorith m is predictab le becaus e no randomizatio n
is used to determine the hash value. Unlike the S-has h and basic S-G-has h algorithms, the
nex t-ho p-based hash mechanism is n ot su bject to polarizatio n.
The followin g examp le shows how to enable ECMP mu lticast lo ad splitting on a rou ter based on sou rce
ad dress using the S-hash alg orithm:
Switch(config)# ip multicast multipath
The followin g examp le shows how to enable ECMP mu lticast lo ad splitting on a rou ter based on sou rce
an d g rou p add ress using the b asic S-G-hash alg orithm:
Switch(config)# ip multicast multipath s-g-hash basic
The following example shows how to enable ECMP multicast load splittin g on a router based on source,
gro up, and next-hop address using the nex t-ho p-b ased S-G-hash alg orith m:
Switch(config)# ip multicast multipath s-g-hash next-hop-based
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-273
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip source binding
ip source binding
To ad d o r delete a static IP source bind ing entry, use th e ip s ource binding co mmand . To d elete the
correspon ding IP source bindin g entry, use th e no form o f this co mmand .
ip source binding ip-address mac-a ddress vla n vlan-id interface interface-name
no ip s ource binding ip-a ddres s mac-add ress vlan vla n-id interface in terface-na me
Syntax Description
Defaults
ip -add ress
mac-ad dress
Bin ding IP ad dress.
Bin ding MAC add ress.
v lan vlan-id
interfa ce interfa ce-n ame
VLAN number.
Bin ding interface.
This command has no default setting s.
Command Modes
Global configuratio n mo de
Usage Guidelines
The ip source binding comman d is us ed to add a static IP source bind ing entry only.
The no fo rm of this command deletes th e correspondin g IP s ource b inding entry. For th e deletio n to
su cceed, all requ ired parameters must match .
Each static IP bindin g entry is k eyed by a MAC ad dress an d VLAN number. If the CLI contains an
existing MAC and VLAN, the exis tin g bindin g entry will be updated with th e n ew p arameters; a separate
b inding entry will no t b e created.
Examples
This example s hows how to config ure the static IP sou rce bind ing:
Switch# config terminal
Switch(config)# ip source binding 11.0.0.1 0000.000A.000B vlan 10 interface
fastethernet6/10
Switch(config)#
Related Commands
Command
show ip source binding
Descriptio n
Displays IP source binding s that are configured on the
sy stem.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-274
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip sticky-arp
ip sticky-arp
To enable sticky ARP, use the ip sticky -arp command. Use th e no form of this comman d to d is able
sticky ARP.
ip sticky-arp
no ip sticky-a rp
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Enabled
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
This comman d is su pported on PVLANs o nly.
ARP entries that are learned on Layer 3 PVLAN interfaces are sticky ARP entries. (You should display
an d v erify ARP en tries on the PVLAN interface using the s how a rp command).
Fo r security reasons, s ticky ARP en tries on the PVLAN interface do not ag e out. Connectin g n ew
eq uipment with the same IP addres s g enerates a messag e an d the ARP en try is not created.
Because the ARP entries on the PVLAN interface do no t age o ut, yo u mu st manually remove ARP
en tries o n the PVLAN interface if a MAC ad dress ch ang es.
Unlike static en tries, sticky-ARP entries are not stored and restored when y ou en ter th e reboot and
resta rt commands.
Examples
This examp le shows how to enable sticky ARP:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config) ip sticky-arp
Switch(config)# end
Switch#
This examp le shows how to d isable stick y ARP:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config) no ip sticky-arp
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-275
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip sticky-arp
Related Commands
Command
a rp (refer to Cisco IOS d ocu mentation)
Descriptio n
Enab les Address Res olution Proto col (ARP) entries for
static rou ting over th e Switched Multimegabit Data Serv ice
(SMDS) network.
show a rp (refer to Cisco IOS
d ocu mentation)
Displays ARP in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-276
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip verify head er vlan all
ip verify header vlan all
To enable IP header validation for Layer 2-switched IPv4 pack ets, use the ip verify hea der vla n all
co mmand . To d isable the IP header valid ation , use the no form of this comman d.
ip verify hea der vla n all
no ip verify header vlan all
Syntax Description
This comman d has no default settings.
Defaults
The IP header is valid ated for brid ged and routed IPv4 packets.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
This comman d does n ot apply to Layer 3-switched (routed) packets .
The Catalyst 4500 series switch ch ecks the validity of th e fo llowing fields in the IPv4 header for all
switched IPv4 pack ets:
•
The version must be 4 .
•
The header length must be g reater than or equal to 20 bytes.
•
The total length must be g reater than or equal to fou r times the header length and greater than the
Layer 2 packet size minus the Layer 2 encaps ulation size.
If an IPv 4 p acket fails the IP header validatio n, the packet is d rop ped . If you disable th e head er
validation, the p ackets with the invalid IP h eaders are b ridg ed but are n ot routed even if routing was
intended. Th e IPv4 access lists also are not ap plied to the IP headers.
Examples
This examp le shows how to d isable the IP header valid ation for the Layer 2-s witched IPv4 packets:
Switch# config terminal
Switch(config)# no ip verify header vlan all
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-277
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip verify source
ip verify source
To enable IP source gu ard on u ntru sted Lay er 2 interfaces, use the ip verify so urce command. To disab le
IP so urce g uard on untrusted Layer 2 in terfaces, use the no form of this command.
ip verify source {vlan dhcp-snoo ping | tracking } [port-security]
no ip verify source {vlan dhcp-snooping | tracking} [port-security]
Syntax Description
Defaults
vlan dhcp-snooping
tracking
Enab les IP sou rce guard on untrusted Layer 2 DHCP sn ooping interfaces.
Enab les IP port security to learn static IP address learning on a port.
port-security
(Optio nal) Filters b oth source IP and MAC addresses using the port
security feature.
IP so urce g uard is disab led.
Command Modes
Global configuratio n mo de
Examples
This example s hows how to enab le IP source guard o n VLANs 10 through 20 on a per-p ort basis:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10 20
Switch(config)# interface fastethernet6/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native vlan 10
Switch(config-if)# switchport trunk allowed vlan 11-20
Switch(config-if)# no ip dhcp snooping trust
Switch(config-if)# ip verify source vlan dhcp-snooping
Switch(config)# end
Switch# show ip verify source interface f6/1
Interface Filter-type Filter-mode IP-address
Mac-address
--------- ----------- ----------- --------------- ----------------Fa6/1
ip-mac
active
10.0.0.1
Fa6/1
ip-mac
active
deny-all
Switch#
Vlan
---------10
11-20
This example s hows how to enab le IP port security with IP-MAC filters o n a Layer 2 access po rt:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip device tracking
Switch(config)# interface fastEthernet 4/3
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 1
Switch(config-if)# ip device tracking maximum 5
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# ip verify source tracking port-security
Switch(config-if)# end
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-278
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip verify source
You can verify you r settin gs by entering the show ip verify so urce privileged EXEC command.
Related Commands
Co mmand
ip dev ice tracking ma ximum
ip dhcp snooping
Description
Enables IP port secu rity binding tracking on a Layer 2 p ort.
Glob ally enables DHCP sn ooping .
ip dhcp snooping info rmatio n option
Enables DHCP option 82 data in sertion.
ip dhcp snooping limit rate
Config ures the nu mber of the DHCP messages that an
interface can receive per secon d.
ip dhcp snooping trust
Enables DHCP snoop in g on a trusted VLAN.
ip source binding
show ip dhcp snooping
Add s o r delete a static IP source bindin g entry.
Displays the DHCP snoop ing con figuratio n.
show ip dhcp snooping binding
show ip source binding
Displays the DHCP snoop ing binding entries.
Displays IP source bind ings that are co nfigured on the
system.
show ip verify source
Displays the IP sou rce guard configuration and filters on a
particular interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-279
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip verify unicast source reachable-via
ip verify unicast source reachable-via
To en able an d configure unicast RPF checks on a IPv 4 in terface, use the ip verify unicast s ource
reachable-via command. To disable un icast RPF, use the no form o f this co mmand .
ip verify unicast source reacha ble-v ia rx allow-default
no ip verify unicast source reachable-via
Syntax Description
rx
allow-default
Defaults
Verifies that the source address is reachable on the interface where the packet was
received.
Verifies that th e default route matches the source address.
Disabled
Command Modes
Interface configuration mod e
Usage Guidelines
In basic RX mode, u nicast RPF ensures a source address must be reachable on the arrived interface. For
example, the source must be reachable without load balancing.
Note
Unicast RPF is an in put fun ction and is ap plied on ly o n the inpu t in terface of a router at the ups tream
end of a co nnection .
Do not use unicast RPF on intern al network interfaces. Internal interfaces might hav e routing asymmetry,
which means th at there are multip le routes to the sou rce o f a packet. App ly unicast RPF on ly where there
is natural or configured symmetry.
Examples
This example s hows how to enab le unicast RPF exist-only checking mo de:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# ip verify unicast source reachable-via rx allow-default
Switch(config-if)# end
Switch#
Related Commands
Command
Descriptio n
ip cef (refer to Cis co IOS documen tation ) Enab les Cisco Expres s Forwarding (CEF) on the switch.
show running-co nfig
Displays the current runn ing co nfiguration for a switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-280
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip wccp
ip wccp
To enable sup port of the specified Web Cache Co mmunication Protocol (WCCP) service for
participatio n in a service group, u se the ip wccp comman d in global con figuratio n mod e. To d isable th e
service group, use th e no form of this comman d.
ip wccp {web-cache | service-n umber} [a ccelerated] [group-a ddress multica st-add ress]
[redirect-list access-list] [gro up-list access-list] [pas sword [0 | 7] pass wo rd ]
no ip wccp {web-cache | service-number}[accelerated] [group-a ddress mu lticas t-add ress]
[redirect-list access-list] [gro up-list access-list] [pas sword [0 | 7] pass wo rd ]
Syntax Description
web-cache
Specifies the web-cache service.
Web cache coun ts as one service. The maximum numb er of
services, including those as signed with the service-numb er
argument, are 8.
Dynamic service identifier, which means the service definition is dictated
by the cache. The dynamic serv ice number can be from 0 to 2 54. The
maximum number of services is 8, which in clud es the web-cache service
specified with the web-cache keywo rd.
Note
ser vice-number
Note
If Cisco cache engines are b eing us ed in you r service group, the
rev erse-proxy service is indicated by a value of 99.
(Option al) This o ption ap plies only to hardware-accelerated rou ters. Th is
keyword configu res the serv ice g rou p to p rev ent a conn ection being
formed with a cache en gine unless the cache engine is configured in a way
that allows redirectio n on the router to benefit fro m hardware acceleration.
accelerated
gro up-addres s
multicast-address
(Option al) M ulticast IP ad dress that communicates with th e WCCP
serv ice grou p. The multicas t addres s is used by the router to determine
which cache en gine sh ould receive redirected messag es.
redirect-list access-list
(Option al) Access list that controls traffic redirected to th is service group.
Th e access-list argument sh ould consist of a string of no more than 6 4
characters (name or n umber) th at specifies the access list.
gro up-list access-list
(Option al) Acces s list that d etermines which cache engines are allowed to
participate in the service gro up. The access-list argument sp ecifies either
the number or th e name of a standard or extended access list.
(Option al) Mes sage digest algorith m 5 (MD5) authenticatio n for mes sag es
received from the service gro up. M essages that are not accepted by the
authentication are discarded. The encryp tio n type can b e 0 or 7, with 0
specifyin g not yet en crypted an d 7 fo r proprietary. The password argument
can b e up to eig ht characters in leng th.
password [0 | 7]
password
Command Default
WCCP services are not enabled on the router.
Command Modes
Glob al co nfigu ration (config)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-281
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip wccp
Usage Guidelines
This command instru cts a rou ter to en able o r disab le the supp ort for th e specified service number or the
web -cache service name. A service n umber can be from 0 to 25 4. Once the service number or name is
enabled, the rou ter can participate in the estab lishment o f a serv ice grou p.
When the no ip wccp command is en tered , the router termin ates particip ation in the service group,
d eallocates space if non e of the interfaces still has the service con figured , and terminates the WCCP task
if no other services are configu red.
The keyword s following the web-cache keyword and the service-n umber argument are optio nal and may
b e specified in any ord er, but only may b e specified o nce. The following sections outline the sp ecific
u sage of each of th e optio nal forms of th is command.
ip wccp {web- cache | service-num ber } group- address mul ticast-ad dre ss
A WCCP group ad dress can be configu red to set u p a multicast address that co operating routers an d web
caches can use to exchange WCCP protocol mes sages. If su ch an ad dress is used , IP multicas t routing
mu st be en abled so that th e messag es that use the con figured g rou p (multicast) ad dresses are received
correctly.
This option instructs th e ro uter to use the specified multicas t IP addres s to coalesce the “I See You”
responses for the “Here I Am” messages that it has receiv ed on this g rou p address . The response is sent
to the g roup ad dress as well. The default is fo r no gro up address to be configured, in which case all “Here
I Am” messages are respon ded to with a unicast rep ly.
ip wccp {w eb-cache | service-n umbe r} redirect-list a ccess-li st
This option instructs th e ro uter to use an access list to co ntrol the traffic that is redirected to the web
caches of the s ervice group sp ecified by the service n ame given . Th e access-list argument specifies either
th e n umber or the name of a stand ard or exten ded access list. The acces s list itself s pecifies which traffic
is permitted to be red irected. The default is for no redirect list to be con figured (all traffic is redirected).
WCCP req uires that the following protocol and po rts not be filtered by any acces s lists:
•
User Datagram Protocol (UDP) (p rotocol ty pe 17) port 2048 . This po rt is u sed for control signaling.
Blocking this type of traffic will preven t WCCP from establish in g a con nection between th e rou ter
and cache eng ines.
ip wccp {web- cache | service -nu mber} gr oup-lis t acce ss-list
This option instructs th e ro uter to use an access list to co ntrol the cache engines that are allowed to
p articipate in the specified serv ice gro up. The access-list argument specifies eith er th e numb er o f a
standard or ex tend ed access list o r the name o f any ty pe of named acces s list. The access list itself
sp ecifies which cache engines are p ermitted to participate in the s ervice group. The d efau lt is fo r no
g roup list to be con figured , in which case all cache engin es may particip ate in th e service g rou p.
Note
The ip wccp {web-cache | service-number } group-list command syntax resembles th e ip wccp
{web-ca che | service-nu mber} gro up-listen command, bu t these are entirely differen t commands. The
ip wccp group-listen command is an interface co nfiguration command us ed to configu re an interface to
listen fo r multicast notifications from a cache clu ster. Refer to th e description of the ip wccp
group-listen comman d in the Cisco IOS IP Application Services Command Reference.
ip wccp {web- cache | service-num ber } passw or d password
This option instructs th e ro uter to use MD5 auth entication on the messages received from the service
g roup sp ecified by the serv ice name given . Use this form of the command to set th e password on the
router. Yo u mus t also configure the same password sep arately on each web cache. The p assword can be
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-282
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip wccp
up to a maximum of eight characters. Messages that d o n ot authenticate when authenticatio n is en abled
on the router are discarded. Th e default is for n o auth entication pas sword to b e config ured an d for
au then tication to be dis abled.
Examples
The following example sh ows how to co nfigu re a rou ter to run WCCP rev erse-proxy service, using the
multicast address of 2 39.0.0.0 :
Router(config)# ip multicast-routing
Router(config)# ip wccp 99 group-address 239.0.0.0
Router(config)# interface gigabitethernet 3/1
Router(config-if)# ip wccp 99 group-listen
The following example shows how to config ure a router to redirect web-related packets without a
destinatio n of 10.168 .1 96.51 to the web cache:
Router(config)# access-list 100 deny ip any host 10.168.196.51
Router(config)# access-list 100 permit ip any any
Router(config)# ip wccp web-cache redirect-list 100
Router(config)# interface gigabitethernet 3/2
Router(config-if)# ip wccp web-cache redirect out
Related Commands
Co mmand
ip wccp check services
all
ip wccp version
Specifies which version of WCCP y ou wish to use on your router.
show ip wccp
Description
Enables all WCCP services.
Displays glob al statistics related to WCCP.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-283
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip wccp check services all
ip wccp check services all
To enable all Web Cach e Commu nication Protocol (WCCP) services, use the ip wccp check serv ices all
command in global con figuratio n mode. To d isable all serv ices, us e the no form of th is command.
ip wccp check serv ices all
no ip wccp check services all
Syntax Description
This command has no arguments or keywo rds.
Defaults
WCCP serv ices are no t enabled o n th e router.
Command Modes
Global configuratio n (config)
Usage Guidelines
With th e ip wccp check services all comman d, WCCP can be co nfigured to check all co nfigured
services fo r a match and perform red irectio n for th ose serv ices if appro priate. Th e caches to which
p ackets are redirected can be controlled by a redirect ACL access co ntro l list (ACL) as well as by th e
p riority value of the service.
It is po ssible to configu re an interface with more than one WCCP serv ice. When mo re th an one WCCP
service is configured on an interface, the precedence of a service depen ds o n th e relative priority of the
service co mpared to th e priority of the other configured serv ices. Each WCCP service has a priority
value as part of its definitio n.
If no WCCP services are config ured with a redirect ACL, the services are consid ered in priority o rder
u ntil a service is found wh ich matches the IP p acket. If no services match th e packet, th e pack et is not
redirected. If a service match es the packet and the service has a redirect ACL co nfigured, then the IP
p acket will be ch ecked against the ACL. If the packet is rejected by the ACL, the p acket will n ot b e
p assed down to lower p riority services un less the ip wccp check services all command is configu red.
When th e ip wccp check services all command is configured, WCCP will continue to attempt to match
th e packet ag ainst any remain ing lower priority serv ices co nfigured o n the interface.
Examples
Note
The p riority of a WCCP serv ice group is determined by the web cache ap plian ce. The priority of a WCCP
service gro up canno t b e co nfigu red via Cisco IOS software.
Note
The ip wccp check s ervices all command is a global WCCP command that applies to all s ervices and is
n ot associated with a single service.
The following example shows how to co nfigure all WCCP services:
Router(config)# ip wccp check services all
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-284
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip wccp check services all
Related Commands
Co mmand
ip wccp
ip wccp group -listen
ip wccp red irect
Description
Enables suppo rt of the sp ecified WCCP service for participation in a service
gro up.
Config ures an interface o n a rou ter to enable or d isab le the reception of IP
multicast packets fo r Web Cach e Communicatio n Protocol (WCCP).
Enables packet redirection on an inbo und or outbo und interface using Web
Cache Commu nication Pro toco l (WCCP).
ip wccp redirect exclude Config ure an interface to exclude p ackets received on an interface from
in
being checked for redirectio n.
ip wccp version
Specifies which version of WCCP y ou wish to use on your router.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-285
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip wccp group-listen
ip wccp group-listen
To co nfigure an interface on a router to enab le or dis able the reception of IP multicas t packets for Web
Cach e Communication Protocol (WCCP), u se the ip wccp group-listen co mmand in interface
configuration mode. To disab le the reception of IP multicast packets for WCCP, u se the no form o f this
command.
ip wccp {web-cache | ser vice-number} g roup-listen
no ip wccp {web-cache | service-numb er} group-listen
Syntax Description
web-ca che
service-numb er
Defaults
This command is disabled by d efau lt.
The web cache service.
WCCP serv ice number; valid values are from 0 to 254.
Command Modes
Interface configuration (co nfig-if)
Usage Guidelines
On rou ters th at are to b e members of a Serv ice Gro up when IP multicast is used, the fo llowing
configuration is requ ired:
Examples
•
Con figure the IP multicast ad dress fo r use b y th e WCCP Service Group.
•
Con figure the interfaces on which th e ro uter wishes to receive the IP multicast ad dress with the
ip wccp {web-cache | ser vice-number} g roup-listen interface configuration command.
The following example shows how to en able the multicast p ackets for a web cach e with a multicast
address o f 224.1.1.100 :
Switch# configure terminal
Switch(config)# ip wccp web-cache group-address 224.1.1.100
Switch(config)# interface gigabitethernet 3/1
Switch(config-if)# ip wccp web-cache group-listen
Related Commands
Command
ip wccp
Description
Enables s upport of the WCCP service for participatio n in a
service group.
ip wccp ch eck services all
Enables all Web Cache Communicatio n Protocol (WCCP)
services .
ip wccp redirect
ip wccp redirect
Enables WCCP red irectio n on an interface.
Enables packet redirection on an inbou nd or outbou nd interface
using Web Cache Commun ication Proto col (WCCP).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-286
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip wcc p group-listen
Co mmand
Description
ip wccp red irect exclu de in
Configures an interface to ex clud e packets received on an
interface from b eing check ed for redirection .
Specifies which vers io n of WCCP you wish to u se on you r
router.
ip wccp version
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-287
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ip wccp redirect
ip wccp redirect
To en able packet redirection on an in bound or outbou nd interface usin g Web Cache Co mmunication
Protocol (WCCP), use the ip wccp redirect command in interface configuration mod e. To disable
WCCP red irection , use the no fo rm of this command.
ip wccp {web-cache | ser vice-number} redirect {in | out}
no ip wccp {web-cache | service-numb er} redirect {in | out}
Syntax Description
web-ca che
service-numb er
Command Default
Redirection checking on th e interface is disabled.
Enab les the web cach e service.
Identificatio n n umber of th e cache engin e service group; valid values are
fro m 0 to 254 .
in
If Cisco cach e engines are used in the cache clu ster, the revers e proxy
service is in dicated by a valu e of 9 9.
Specifies packet red irection o n an inbo und interface.
o ut
Specifies packet red irection o n an outb ound interface.
Command Modes
Interface configuration (co nfig-if)
Usage Guidelines
The ip wccp {web-cache | service-number} redirect in command allows you to co nfigure WCCP
redirectio n on an interface receiving inbo und network traffic. When the command is app lied to an
in terface, all packets arriving at that interface will be compared ag ainst the criteria defin ed by the
sp ecified WCCP service. If th e packets match the criteria, they will b e redirected.
Likewise, the ip wccp {web-cache | service-number} redirect out comman d allows yo u to configure
th e WCCP redirection check at an outbou nd interface.
Tips
Examples
Be careful n ot to confuse th e ip wccp {web-cache | service-number} redirect {out | in} interface
configuration command with the ip wccp redirect exclude in interface config uration comman d.
The following example shows how to co nfigure a sess io n in which reverse proxy packets on Ethernet
in terface 3/1 are being checked fo r redirection and redirected to a Cisco Cache Eng in e:
Switch(config)# ip wccp 99
Switch(config)# interface gigabitethernet 3/1
Switch(config-if)# ip wccp 99 redirect out
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-288
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip wccp redirect
The following example shows how to config ure a session in which HTTP traffic arriving on
GigabitEth ernet interface 3/1 is redirected to a Cach e Eng ine:
Switch(config)# ip wccp web-cache
Switch(config)# interface gigabitethernet 3/1
Switch(config-if)# ip wccp web-cache redirect in
Related Commands
Co mmand
ip wccp check serv ices all
Description
Configures an interface on a router to enab le or d isab le the
reception of IP multicast p ackets for Web Cache
Commun ication Proto col (WCCP).
ip wccp group -listen
Configures an interface on a router to enab le or d isab le the
reception of IP multicast p ackets for Web Cache
Commun ication Proto col (WCCP).
En ables redirection exclu sion on an in terface.
ip wccp red irect exclu de in
show ip interfa ce
Display s th e usability status of interfaces th at are configured
for IP.
show ip wccp
Display s th e WCCP global con figuration and statistics.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-289
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
p wccp redirect exclude in
p wccp redirect exclude in
To config ure an interface to exclu de p ackets received on an interface from b eing checked for redirection ,
u se the ip wccp redirect exclude in command in interface configu ration mode. To disable the ability of
a rou ter to exclude p ackets fro m red irectio n checks, us e the no form of th is command.
ip wccp redirect ex clude in
no ip wccp redirect exclude in
Syntax Description
This command has no arguments or keywo rds.
Command Default
Redirection ex clusio n is dis abled.
Command Modes
Interface configuration (co nfig-if)
Usage Guidelines
This con figuratio n command instructs th e interface to exclu de inb ound packets from any redirection
check . Note that the command is g lobal to all the services and s hould b e applied to any in bound interface
th at will be excluded from redirection.
This comman d is intended to be used to accelerate the flow of packets from a cache en gine to the Internet
as well as allow for th e use of the Web Cache Co mmunication Protocol (WCCP) v 2 pack et retu rn feature.
Examples
In the followin g example, packets arrivin g on GigabitEthernet interface 3/1 are exclu ded fro m WCCP
o utput redirection checks:
Router (config)# interface gigabitethernet 3/1
Router (config-if)# ip wccp redirect exclude in
Related Commands
Command
Descriptio n
ip wccp
Enab les sup port of the WCCP service for participation in a service gro up.
ip wccp redirect
Enab le pack et redirection on an inboun d or outb ound interface u sing Web
Cach e Communication Protocol (WCCP).
Con figures red irectio n o n an interface in the outgo ing direction.
Con figures an interface on a router to en able or disable th e receptio n o f IP
mu lticast p ackets for Web Cache Co mmu nication Pro toco l (WCCP).
ip wccp redirect out
ip wccp ch eck services
all
ip wccp group-listen
Con figures an interface on a router to en able or disable th e receptio n o f IP
mu lticast p ackets for Web Cache Co mmu nication Pro toco l (WCCP).
ip wccp redirect exclude Enab les redirection exclusion on an interface.
in
show ip interface
Displays the usability status of interfaces that are con figured for IP.
show ip wccp
Displays the WCCP glob al co nfigu ration an d statistics.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-290
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ipv6 mld snooping
ipv6 mld snooping
To enable IP version 6 (IPv6 ) Multicast Listener Discov ery (MLD) snoo ping glo bally or on the specified
VLAN, u se the ipv6 mld snooping command withou t keywords. To dis able MLD snoopin g on a switch
or the VLAN, use the no form o f this co mmand .
ipv 6 mld sno oping [vlan vlan -id]
no ipv6 mld snooping [v lan vlan-id]
Syntax Description
Defaults
vlan vlan -id
(Op tio nal) Enables or disables IPv 6 MLD snoopin g on the specified VLAN.
The VLAN ID rang e is 1 to 1001 and 1006 to 40 94.
MLD sn ooping is glob ally disabled on the switch .
MLD sn ooping is enab led on all VLANs. However, MLD s noopin g mu st b e globally enab led befo re
VLAN snoo ping can take place.
Command Modes
Usage Guidelines
Glob al co nfigu ration mode
Wh en MLD snoo ping is glob ally disabled , it is d isab led on all th e existing VLAN interfaces. Wh en you
globally en able MLD sn ooping , it is enabled on all VLAN interfaces that are in th e default state
(enabled). VLAN configu ration overrides glo bal config uration on interfaces on which MLD sn ooping
has b een disabled .
If MLD snoo ping is globally disabled , you cannot enab le it on a VLAN. If MLD sno oping is globally
en abled, you can disable it on ind iv idual VLANs.
VLAN numbers 10 02 thro ugh 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD sno oping.
Examples
This examp le shows how to g lobally enable M LD snoo ping:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# ipv6 mld snooping
Switch(config)# end
Switch#
End with CNTL/Z.
This examp le shows how to d isable MLD sn ooping on a VLAN:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# no ipv6 mld snooping vlan 11
Switch(config)# end
Switch#
You can verify you r settin gs by entering the show ipv6 mld snooping user EXEC command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-291
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ipv6 mld snooping
Related Commands
Command
show ipv6 mld snooping
Descriptio n
Displays IP version 6 (IPv6) Mu lticast Listener Discovery
(MLD) snoop ing con figuratio n o f the switch or the VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-292
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ipv6 mld snooping last-listener-query-count
ipv6 mld snooping last-listener-query-count
To config ure IP version 6 (IPv6) M ulticast Listener Discovery Mulitcast Address Specific Qu eries
(MASQs) that will be sent before aging ou t a client, u se the ipv 6 mld snoo ping
last-listener-query-count command. To reset the qu ery count to the default setting s, use the no form of
this co mmand .
ipv 6 mld sno oping [vlan vlan -id] la st-listener-query-co unt integer_ va lu e
no ipv6 mld snooping [v lan vlan-id] last-listener-query-count
Syntax Description
vlan vlan -id
integer_value
Command Default
(Op tio nal) Co nfigures last-listener query count on th e specified VLAN. The
VLAN ID ran ge is 1 to 1001 and 100 6 to 4 094.
The integer rang e is 1 to 7 .
The defau lt g lobal count is 2.
The defau lt VLAN cou nt is 0 (the glo bal count is used).
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
In MLD snoop ing, th e IPv6 multicast switch p eriodically sends out qu eries to hosts belong ing to the
multicast group. If a host wants to leave a mu lticast grou p, it can silently leave or it can respond to the
query with a Multicast Listener Done message (eq uivalent to an IGMP Leave message). When
Immediate Leave is not con figured (it should no t be co nfigured if multiple clients for a group ex ist on
the same po rt), the configured last-listener query coun t determines the nu mber of MASQs th at are sent
before an MLD clien t is aged o ut.
Wh en the last-listener query count is set for a VLAN, th is count overrides the value co nfigu red glo bally.
Wh en the VLAN count is not con figured (set to the default o f 0), the global coun t is used.
VLAN numbers 10 02 thro ugh 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD sno oping.
Examples
This examp le shows how to g lobally s et the last-listener qu ery co unt:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping last-listener-query-count 1
Switch(config)# end
Switch#
This examp le shows how to set the last-lis tener qu ery co unt for VLAN 10:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 10 last-listener-query-count 3
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-293
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ipv6 mld snooping last-listener-query-count
You can verify your settings by entering the show ipv 6 mld sno oping [vlan vlan -id] u ser EXEC
command.
Related Commands
Command
ipv6 mld snooping
la st-listener-query-interval
Descriptio n
Con figures IP vers ion 6 (IPv 6) Multicas t Lis tener
Disco very (MLD) sno oping last-listener query in terval on
th e switch or on a VLAN.
show ipv6 mld snooping
Displays IP version 6 (IPv6) Mu lticast Listener Discovery
(MLD) snoop ing con figuratio n o f the switch or the VLAN.
show ipv6 mld snooping querier
Displays IP versio n 6 (IPv6) MLD sno oping q uerier-related
in formatio n mo st recently received by the switch or th e
VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-294
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ip v6 mld snooping last-listener-query-interval
ipv6 mld snooping last-listener-query-interval
To config ure IP version 6 (IPv6) M ulticast Listener Discovery (MLD) snoopin g last-listen er q uery
interval o n th e switch or o n a VLAN, use th e ipv6 mld sno oping las t-listener-query-interval
co mmand . To reset the q uery time to the defau lt settings, use th e no form of this comman d.
ipv 6 mld sno oping [vlan vlan -id] la st-listener-query-interval integ er_ valu e
no ipv6 mld snooping [v lan vlan-id] last-listener-query-interval
Syntax Description
vlan vlan -id
integer_value
(Op tio nal) Configu res last-listener query interval on the sp ecified VLAN.
The VLAN ID rang e is 1 to 1001 and 1006 to 40 94.
Sets the time p eriod (in thou san dths of a second ) that a multicast switch must
wait after issuin g a MASQ before deleting a p ort from the mu lticast gro up.
The ran ge is 100 to 32,76 8. Th e default is 1000 (1 s econd),
Command Default
The defau lt g lobal qu ery interval (max imum response time) is 10 00 (1 second).
Command Modes
Glob al co nfigu ration mode
The defau lt VLAN query interval (maximum respon se time) is 0 (the global coun t is used).
Usage Guidelines
The last-listen er-qu ery-in terval time is the maximu m time th at a multicast s witch waits after issuin g a
Mulitcast Ad dress Specific Query (MASQ) before deleting a port from the multicas t group .
In MLD snoo ping, when the IPv 6 multicast switch receives an MLD leave message, it sends o ut qu eries
to hosts belonging to the multicast g roup . If there are no respons es from a port to a MASQ fo r a length
of time, the switch deletes th e port from the membership databas e of the multicast address. The last
listen er q uery interval is the max imum time that the switch waits b efore deleting a nonresp onsive po rt
from the multicast g roup .
Wh en a VLAN query interval is set, the g lobal query interval is overridden. When the VLAN interval is
set at 0 , the global value is u sed.
VLAN numbers 10 02 thro ugh 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD sno oping.
Examples
This examp le shows how to g lobally s et the last-listener qu ery interval to 2 seco nds:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping last-listener-query-interval 2000
Switch(config)# end
Switch#
This examp le shows how to set the last-lis tener qu ery interval for VLAN 1 to 5.5 seco nds:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 1 last-listener-query-interval 5500
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-295
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ipv6 mld snooping last-listener-query-interval
Switch(config)# end
Switch#
You can verify your settings by entering the show ipv 6 MLD snooping [v lan vlan-id] user EXEC
command.
Related Commands
Command
ipv6 mld snooping
last-listener-query-count
Descriptio n
Con figures IP vers ion 6 (IPv 6) Multicas t Lis tener
Disco very Mulitcast Add ress Sp ecific Queries (MASQs)
th at will be s ent befo re aging o ut a client.
show ipv6 mld snooping querier
Displays IP versio n 6 (IPv6) MLD sno oping q uerier-related
in formatio n mo st recently received by the switch or th e
VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-296
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ipv6 mld snoop ing listener-message-suppression
ipv6 mld snooping listener-message-suppression
To enable IP versio n 6 (IPv6 ) Multicast Listener Discovery (MLD) snoo ping listener message
suppression, use the ipv6 mld s nooping listener-message-suppression command. To dis able MLD
snoop ing listen er message su ppressio n, use the no fo rm of this command.
ipv 6 mld sno oping listener-message-s uppression
no ipv6 mld snooping listener-mess age-suppression
Command Default
The defau lt is for MLD snoopin g lis tener message sup pression to be disabled .
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
MLD snoo ping listener messag e suppres sion is equivalent to IGMP sno oping report su ppression . Wh en
it is enabled , received MLDv1 reports to a gro up are forwarded to IPv6 multicast switchs on ly o nce in
every rep ort-fo rward time. This prevents th e forwarding of d uplicate reports.
Examples
This examp le shows how to enable MLD snoo ping listen er message suppress ion:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping listener-message-suppression
Switch(config)# end
Switch#
This examp le shows how to d isable MLD sn ooping listener messag e supp ression:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# no ipv6 mld snooping listener-message-suppression
Switch(config)# end
Switch#
You can verify you r settin gs by entering the show ipv6 mld snooping [vlan vlan-id ] user EXEC
co mmand .
Related Commands
Co mmand
Description
ipv 6 mld sno oping
Enables IP v ersion 6 (IPv6) Multicast Listen er Discovery
(MLD) sn ooping glo bally o r on the sp ecified VLAN.
show ipv6 mld sno oping
Displays IP version 6 (IPv6) MLD snoopin g configuration
of the switch or the VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-297
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ipv6 mld snooping robustness-variable
ipv6 mld snooping robustness-variable
To co nfigure th e number of IP version 6 (IPv6) Mu lticast Listener Discovery (MLD) queries th at the
switch sends before deleting a lis tener that does not respond , or to enter a VLAN ID to config ure the
n umber of queries per VLAN, use th e ipv6 mld sno oping robustness-variable comman d. To reset the
variable to th e default settin gs, us e the no form of th is command.
ipv6 mld snooping [vla n vlan-id] robustness-variable integer_value
no ipv6 mld snooping [vlan vla n-id] robustness-variable
Syntax Description
v lan vlan-id
in teger _va lue
Command Default
(Optional) Con figures the robu stness variable on the sp ecified VLAN. The
VLAN ID range is 1 to 1 001 an d 1006 to 4094 .
Th e ro bustness value ranges from 1 to 3 .
The default glob al ro bustness variable (nu mber of qu eries befo re deleting a listener) is 2 .
The default VLAN robustness variable (number of queries b efore aging out a multicast address) is 0,
which means that the system u ses the global robustn ess variable for aging ou t th e listener.
Command Modes
Global configuratio n mo de
Usage Guidelines
Robu stness is measured by the numb er of MLDv 1 queries sent with no resp onse before a po rt is removed
fro m a multicast g roup . A port is deleted when there are no MLDv 1 rep orts received for th e co nfigured
n umber of MLDv1 queries. The global value determines the number of queries th at the s witch waits
b efore deleting a listener th at does not respon d, and it app lies to all VLANs th at do not have a VLAN
value s et.
The robustness value con figured for a VLAN overrides the glo bal value. If the VLAN ro bustness value
is 0 (the default), the global value is us ed.
VLAN n umbers 1002 throug h 10 05 are reserved fo r Tok en Ring an d FDDI VLANs and cann ot be used
in MLD snoop ing.
Examples
This example s hows how to config ure the glob al robustness variab le so that th e switch sends out three
q ueries b efore it d eletes a listener po rt that d oes no t res pond:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping robustness-variable 3
Switch(config)# end
Switch#
This example s hows how to config ure the robustness variable for VLAN 1. This value overrides the
g lobal configuration for the VLAN:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 1 robustness-variable 1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-298
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ipv6 mld sn ooping ro bustne ss-variable
Switch(config)# end
Switch#
You can verify you r settin gs by entering the show ipv6 MLD sno oping [vlan vlan -id] user EXEC
co mmand .
Related Commands
Co mmand
ipv 6 mld sno oping
last-listener-query-count
Description
Config ures IP version 6 (IPv6) Mu lticast Listener
Discovery Mulitcast Address Specific Qu eries (MASQs)
that will be sent b efore ag ing out a clien t.
show ipv6 mld sno oping
Displays IP version 6 (IPv6) MLD snoopin g configuration
of the switch or the VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-299
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ipv6 mld snooping tcn
ipv6 mld snooping tcn
To co nfigure IP version 6 (IPv 6) Multicast Listener Disco very (MLD) Topolog y Ch ang e No tifications
(TCNs ), us e the ipv6 mld snooping tcn co mmand s. To reset the defau lt settings, us e the no form of the
commands.
ipv6 mld snooping tcn {flood query count integer_value | query solicit}
no ipv6 mld snooping tcn {flood query count integer_value | query solicit}
Syntax Description
Command Default
flood query count
in teger _va lue
Sets the floo d q uery count, which is th e number o f queries that are sen t
befo re forwarding multicast data to only those po rts requesting it. The rang e
is 1 to 10.
query solicit
En ables soliciting of TCN q ueries.
TCN query soliciting is disabled .
When en abled, the default flo od query count is 2.
Command Modes
Examples
Global configuratio n mo de
This example s hows how to enab le TCN qu ery soliciting:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping tcn query solicit.
Switch(config)# end
Switch#
This example s hows how to set th e flo od query count to 5:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping tcn flood query count 5.
Switch(config)# end
Switch#
You can verify your settings by entering the show ipv 6 MLD snooping [v lan vlan-id] user EXEC
command.
Related Commands
Command
show ipv6 mld snooping
Descriptio n
Displays IP version 6 (IPv6 ) MLD sno oping config uration
o f the switch or the VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-300
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
ipv6 mld snooping vlan
ipv6 mld snooping vlan
To config ure IP version 6 (IPv6) M ulticast Listener Discovery (MLD) snoopin g parameters on the
VLAN interface, use the ipv6 mld snooping vlan command. To reset the parameters to the default
settin gs, us e the no form of th is command.
ipv 6 mld sno oping vla n vlan-id [immedia te-leave | mrouter interface interface-id | s tatic
ipv6-multica st-ad dress interface interface-id]
no ipv6 mld snooping vlan vlan -id [immediate-leav e | mrouter interface in terface-id | static
ip-a ddress interfa ce in terfa ce-id]
Syntax Description
Command Default
vlan vlan -id
immediate-leave
Sp ecifies a VLAN nu mber. The range is 1 to 100 1 and 10 06 to 4094.
(Optional) Enables MLD Immed iate-Leave processin g on a VLAN
interface. Use the no form of the command to disable th e Immediate
Leave feature on th e interface.
mrouter interface
(Optional) Configures a multicast switch p ort. The no form of the
command removes the configuration .
sta tic ip v6-mu lticast-add ress
(Optional) Configures a multicast g rou p with the specified IPv6
multicast ad dress.
interface interface-id
Adds a Layer 2 p ort to the g rou p. Th e mrouter or static interface can
be a physical port or a p ort-chan nel interface ranging from 1 to 48.
MLD sn ooping Immed iate-Leave processin g is dis abled.
By defau lt, there are no static IPv6 multicast gro ups.
By defau lt, there are no multicast switch p orts.
Command Modes
Usage Guidelines
Glob al co nfigu ration mode
You should only con figure the Immediate-Leave feature when there is only one receiver on every po rt in
the VLAN. The config uration is saved in NVRAM.
The static keywo rd is used for con figuring the MLD memb er p orts statically.
The con figuratio n and the static ports and group s are saved in NVRAM.
VLAN numbers 10 02 thro ugh 1005 are reserved for Token Ring and FDDI VLANs and cannot be used
in MLD sno oping.
Examples
This examp le shows how to enable MLD Immediate-Leave pro cessing on VLAN 1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 1 immediate-leave
Switch(config)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-301
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
ipv6 mld snooping vlan
This example s hows how to disable MLD Immediate-Leave pro cessing on VLAN 1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# no ipv6 mld snooping vlan 1 immediate-leave
Switch(config)# end
Switch#
This example s hows how to config ure a port as a multicast s witch p ort:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 1 mrouter interface GigabitEthernet1/1
Switch(config)# end
Switch#
This example s hows how to config ure a static multicast group:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ipv6 mld snooping vlan 2 static FF12::34 interface GigabitEthernet1/1
Switch(config)# end
Switch#
You can verify your settings by entering the show ipv 6 mld sno oping vla n vlan-id u ser EXEC
command.
Related Commands
Command
ipv6 mld snooping
show ipv6 mld snooping
Descriptio n
Enab les IP versio n 6 (IPv6 ) Multicast Listener Dis covery
(MLD) snoo ping globally or o n th e specified VLAN.
Displays IP version 6 (IPv6 ) MLD sno oping config uration
o f the switch or the VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-302
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
issu abortversion
issu abortversion
To cancel the ISSU up grade or the down grade process in progress an d to res to re the Catalyst 4500 series
switch to its state b efore the start of the process , use the issue a bortversion co mmand .
issu a bo rtversion active-slo t [active-image-new]
Syntax Description
active-slo t
active-image-new
Specifies the slot nu mber for the current s tand by s uperviso r en gine.
(Optional) Name of the new image present in the current standby superv isor
en gine.
Defaults
There are no d efault settings
Command Modes
Privileg ed EXEC mode
Usage Guidelines
You can u se the is su abortversion command at any time to stop the ISSU process. To complete the
pro cess en ter th e issu commitversion command. Befo re any action is taken , a check ensures th at both
superv isor engines are either in the run version (RV) o r load version (LV) s tate.
Wh en the issu abortversion command is entered b efore the iss u runversion co mmand , the stand by
superv isor engine is reset and reloaded with the old image. When th e issu abortversio n comman d is
en tered after the issu runversio n command, a ch an ge takes place and th e n ew stand by supervisor en gine
is reset and reloaded with the old image.
Examples
This examp le shows how you can reset and relo ad the stan dby superv isor engine:
Switch# issu abortversion 2
Switch#
Related Commands
Co mmand
issu a cceptversion
Description
Halts the ro llb ack timer and ensu res that the new Cisco IOS
software image is no t automatically stopp ed du ring the
ISSU process.
issu commitversion
Loads the n ew Cisco IOS software image into the new
stan dby superv isor engine.
issu lo adv ersion
issu runvers ion
Starts th e ISSU process.
Fo rces a change from the active s uperviso r en gine to the
stan dby superv isor engine an d causes th e newly active
superv isor engine to run the new image s pecified.
show issu s tate
Displays the ISSU state an d current booted image name
during the ISSU p rocess.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-303
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
issu acceptversion
issu acceptversion
To halt the rollb ack timer and to ensure that the new Cisco IOS software image is no t automatically
sto pped durin g the ISSU process , use the issu acceptvers ion command.
iss u acceptversion a ctive-slot [active-ima ge-new]
Syntax Description
a ctive-slot
Specifies the slot number for the currently active superviso r engine.
a ctive-imag e-new
(Optio nal) Name of the new image on the cu rrently active superv isor eng ine.
Defaults
Rollb ack timer resets automatically 45 minutes after you enter the issu runversion co mmand.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
After yo u are satisfied with the n ew image and have confirmed the new s uperviso r en gine is reachab le
by bo th the console an d th e network, enter the issu acceptversion co mmand to halt the rollback timer.
If the issu acceptvers io n comman d is not en tered with in 4 5 minu tes from the time the issu runv ersion
command is entered, the entire ISSU process is auto matically rolled back to the p rev ious version of the
so ftware. The rollback timer starts immediately after yo u enter the issu runvers io n command.
If the rollback timer expires befo re th e standby superv isor engine goes to a h ot s tand by s tate, the timer
is auto matically extended b y up to 15 min utes. If the stand by state goes to a hot-standby state with in this
extension time or the 15 minu te ex tens ion exp ires, the switch abo rts the ISSU pro cess. A warning
message that requires yo ur intervention is disp layed every 1 minu te of th e timer extension .
If the rollback timer is set to a long perio d of time, such as the default o f 45 minutes, and the stan dby
su pervisor engin e goes into the h ot standby state in 7 minutes, you have 38 minutes (45 minus 7 ) to roll
b ack if necessary.
Use the issu set rollback-timer to con figure the rollb ack timer.
Examples
This example s hows how to halt th e rollback timer an d allow the ISSU process to co ntinue:
Switch# issu acceptversion 2
Switch#
Related Commands
Command
iss u abortversion
Descriptio n
Cancels the ISSU upgrade or th e downgrade pro cess in
p rogress and restores the s witch to its state b efore the start
o f the proces s.
iss u commitversion
Load s th e new Cisco IOS software image into th e new
standby su pervisor en gine.
iss u loadvers ion
Starts the ISSU pro cess.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-304
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
issu acceptversion
Co mmand
Description
issu runvers ion
Fo rces a change from the active s uperviso r en gine to the
stan dby superv isor engine an d causes th e newly active
superv isor engine to run the new image s pecified.
Configures the In Service Software Upgrade (ISSU)
rollb ack timer value.
Displays the ISSU state an d current booted image name
during the ISSU p rocess.
issu set rollback-timer
show issu s tate
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-305
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
issu commitversion
issu commitversion
To load th e new Cisco IOS software image into the new stand by superviso r engine, use the issu
commitversion co mmand .
iss u commitversion s tandby-s lot [stand by-imag e-new ]
Syntax Description
sta ndby-slo t
Specifies the slot number for the currently active superviso r engine.
sta ndby-image-new
(Optio nal) Name of the new image on the cu rrently active superv isor eng ine.
Defaults
Enab led by default.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
The issu co mmitversion command verifies that the stan dby superv isor engine has the new Cisco IOS
so ftware image in its file sy stem and that bo th s uperviso r en gines are in the run version (RV) state. If
th ese con ditions are met, th e fo llowing action s take place:
•
The standby su pervisor eng ine is reset and bo oted with the new version of Cisco IOS s oftware.
•
The standby superv is or en gine moves into the Stateful Switchover (SSO) mod e an d is fully stateful
for all clients an d app lications with which the standby supervisor engine is comp atible.
•
The sup ervisor eng ines are moved into final state, which is the same as initial state.
Entering th e iss u commitversion command completes the In Serv ice Software Upgrade (ISSU) process .
This pro cess canno t be stopped or reverted to its orig inal state with out starting a n ew ISSU process .
Entering the issu commitversion co mmand without en tering the iss u acceptversion command is
equivalen t to entering bo th th e issu a cceptversio n and the issu co mmitversion commands. Use th e
iss u co mmitversion command if you do not intend to run in the current state for an extended period of
time and are satisfied with the new software version.
Examples
This example shows how you can co nfigu re the standb y sup ervisor engine to be reset and reloaded with
th e new Cisco IOS s oftware versio n:
Switch# issu commitversion 1
Switch#
Related Commands
Command
iss u acceptversion
Descriptio n
Halts th e rollback timer and ensures th at th e new Cisco IOS
so ftware image is not automatically stopped during the
ISSU process.
iss u commitversion
Load s th e new Cisco IOS software image into th e new
standby su pervisor en gine.
iss u loadvers ion
Starts the ISSU pro cess.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-306
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
issu commitversion
Co mmand
Description
issu runvers ion
Fo rces a change from the active s uperviso r en gine to the
stan dby superv isor engine an d causes th e newly active
superv isor engine to run the new image s pecified.
Displays the ISSU state an d current booted image name
during the ISSU p rocess.
show issu s tate
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-307
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
issu loadversion
issu loadversion
To start the ISSU p rocess, use the issu loadversio n comman d.
iss u loadvers ion active-slot active-image-new sta ndby-slo t sta ndby-image-new [force]
Syntax Description
a ctive-slot
a ctive-imag e-new
sta ndby-slo t
Defaults
Specifies the slot nu mber for the currently active supervisor engin e.
Specifies th e name o f th e new image on the cu rrently active supervisor engine.
Specifies the standby slo t on the networking dev ice.
sta ndby-image-new
Specifies the name o f the new image on the stan dby superv isor engine.
force
(Optional) Overrides the automatic rollback when th e new Cisco IOS software
version is detected to b e incompatible.
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
The issu loadversio n comman d causes th e standby sup ervisor engin e to be reset and booted with the
n ew Cisco IOS s oftware image specified by the command. If both the old image and the n ew image are
ISSU capable, ISSU co mpatible, and have no configu ration mismatches, the stan dby superv is or engine
moves into Statefu l Switchover (SSO) mode, and both su pervisor eng ines move into the load version
(LV) state.
Examples
This example s hows how to initiate the ISSU pro cess:
It will take several second s after th e issu loadversion co mmand is entered for Cisco IOS so ftware to
lo ad onto th e standby supervisor engine an d th e standby sup ervisor engin e to transition to SSO mode.
Switch# issu loadversion 1 bootflash:new-image 2 slavebootflash:new-image
Switch#
Related Commands
Command
iss u abortversion
Descriptio n
Cancels the ISSU upgrade or th e downgrade pro cess in
p rogress and restores the s witch to its state b efore the start
o f the proces s.
iss u acceptversion
Halts th e rollback timer and ensures th at th e new Cisco IOS
so ftware image is not automatically stopped during the
ISSU process.
iss u commitversion
Load s th e new Cisco IOS software image into th e new
standby su pervisor en gine.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-308
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
issu loadversion
Co mmand
Description
issu runvers ion
Fo rces a change from the active s uperviso r en gine to the
stan dby superv isor engine an d causes th e newly active
superv isor engine to run the new image s pecified.
Displays the ISSU state an d current booted image name
during the ISSU p rocess.
show issu s tate
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-309
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
issu runversion
issu runversion
To force a change from th e active su pervisor eng ine to the stand by supervis or engine and to cau se the
n ewly active s uperviso r engine to run th e n ew image specified in the issu loadversion co mmand , u se th e
iss u runversion co mmand .
iss u runversion standb y-slot [sta ndby-image-new]
Syntax Description
Defaults
sta ndby-slo t
sta ndby-image-new
Specifies the standby slot on the n etworkin g device.
(Optio nal) Sp ecifies the name of the new image on the stan dby superv isor
engin e.
This command has no default setting s.
Command Modes
Usage Guidelines
Examples
Priv ileged EXEC mo de
The issu runversion command changes th e curren tly active supervisor engine to stan dby superv isor
engin e and the real standby -sup ervisor engine is booted with the o ld image version fo llowing an d resets
th e switch. As soo n as the standby-superv isor engine moves in to th e stan dby state, the rollback timer is
started.
This examp le s hows h ow to force a change of the active-su pervisor engine to stand by-s uperviso r engin e:
Switch# issu runversion 2
Switch#
Related Commands
Command
iss u abortversion
Descriptio n
Cancels the ISSU upgrade or th e downgrade pro cess in
p rogress and restores the s witch to its state b efore the start
o f the proces s.
iss u acceptversion
Halts th e rollback timer and ensures th at th e new Cisco IOS
so ftware image is not automatically stopped during the
ISSU process.
Load s th e new Cisco IOS software image into th e new
standby su pervisor en gine.
iss u commitversion
iss u loadvers ion
show iss u state
Starts the ISSU pro cess.
Displays the ISSU state and current b ooted image name
during the ISSU process.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-310
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
issu set rollba ck-timer
issu set rollback-timer
To config ure the In Service Software Up grade (ISSU) rollb ack timer value, u se the
issu set rollback-timer co mmand .
issu set rollback-timer secon ds
Syntax Description
secon ds
Specfies th e rollb ack timer value, in seconds. The valid timer valu e range is
from 0 to 720 0 seco nds (2 h ours ). A value o f 0 secon ds disables the rollback
timer.
Defaults
Rollback timer valu e is 2700 seconds.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Use the issue set rollback-timer co mmand to configure the rollback timer value. You can only en able
this co mmand when th e supervisor engines are in the init state.
Examples
This examp le shows how you can set th e ro llback timer valu e to 3600 seconds, or 1 hou r:
Switch# configure terminal
Switch(config)# issu set rollback-timer 3600
Switch(config)# end
Switch#
Related Commands
Co mmand
Description
issu a cceptversion
Halts the ro llb ack timer and ensu res that the new Cisco IOS
software image is no t automatically stopp ed du ring the
ISSU process.
issu set rollback-timer
Configures the In Service Software Upgrade (ISSU)
rollb ack timer value.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-311
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
l2protocol-tunnel
l2protocol-tunnel
To en able pro toco l tu nneling on an interface, us e the l2 protoco l-tunnel command. You can enab le
tu nneling for the Cisco Discovery Protocol (CDP), Spannin g Tree Proto col (STP), o r VLAN Trunking
Protocol (VTP) packets. To disable tun nelin g o n the interface, use the no form of this command.
l2 proto col-tunnel [cdp | stp | v tp]
no l2protocol-tunnel [cdp | stp | vtp]
Syntax Description
Defaults
cdp
stp
(Optio nal) Enables tu nneling of CDP.
(Optio nal) Enables tu nneling of STP.
v tp
(Optio nal) Enables tu nneling of VTP.
The default is that no Layer 2 protocol packets are tun neled.
Command Modes
Interface configuration mod e
Usage Guidelines
You must en ter th is command, with or without protocol ty pes , to tunnel Layer 2 packets.
Layer 2 protocol tunneling across a service-prov ider network ensures th at Layer 2 info rmation is
p ropagated across the network to all cu stomer locations . When protocol tunneling is enab led, protocol
p ackets are encap sulated with a well-known Cis co multicast add ress fo r transmis sion across the network.
When the packets reach their destin ation , the well-known MAC address is rep laced by the Layer 2
p rotocol MAC add ress.
You can en able Layer 2 proto col tunneling for CDP, STP, and VTP individually o r for all th ree p roto cols.
Examples
This example s hows how to enab le protocol tunneling fo r the CDP packets:
Switch(config-if)# l2protocol-tunnel cdp
Switch(config-if)#
Related Commands
Command
Descriptio n
l2 proto col-tunnel cos
l2protocol-tunnel drop-threshold
Con figures the class of service (CoS) value for all tunneled
Layer 2 protocol packets.
Sets a drop threshold for the max imum rate of Lay er 2
p rotocol pack ets per seco nd to be received before an
in terface dro ps packets.
l2protocol-tunnel shutdown-threshold
Con figures the pro tocol tu nneling encapsulation rate.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-312
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
l2protocol-tu nnel cos
l2protocol-tunnel cos
To config ure the class o f service (CoS) valu e fo r all tun neled Layer 2 pro toco l p ackets, use the
l2protocol-tunnel co s co mmand . To return to the default value of zero, use the no fo rm of this comman d.
l2protocol-tunnel cos value
no l2protocol-tunnel cos
Syntax Description
va lue
Specifies the CoS priority value fo r tu nneled Layer 2 protocol p ackets. The ran ge is 0 to 7 ,
with 7 being the highest priority.
Defaults
The defau lt is to use the CoS value that is config ured fo r data on the in terface. If no CoS valu e is
co nfigured, the default is 5 for all tu nneled Layer 2 protocol packets.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Wh en enabled , the tu nneled Layer 2 protocol packets use th is CoS valu e.
The value is s aved in NVRAM.
Examples
This examp le shows how to configure a Layer 2 protocol tunnel CoS value o f 7:
Switch(config)# l2protocol-tunnel cos 7
Switch(config)#
Related Commands
Co mmand
l2protocol-tunnel
Description
Enables p roto col tunn eling o n an interface.
l2protocol-tunnel drop-thresho ld
Sets a drop thresh old for the maximum rate o f Layer 2
pro toco l p ackets p er second to be received before an
interface drops pack ets.
l2protocol-tunnel shutdown-threshold
Config ures the protocol tunneling encapsu lation rate.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-313
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
l2protocol-tunnel drop-threshold
l2protocol-tunnel drop-threshold
To set a d rop threshold for the maximum rate of Layer 2 protocol packets p er second to be received
b efore an interface drops packets, use the I2protocol-tunnel dro p-threshold command. You can s et th e
d rop threshold fo r the Cisco Discovery Pro toco l (CDP), Sp an ning Tree Protocol (STP), or VLAN
Trunkin g Pro toco l (VTP) packets. To disable the drop thresho ld on the interface, use the no form of this
command.
l2 proto col-tunnel drop-threshold [cdp | stp | v tp] value
no l2protocol-tunnel drop-threshold [cdp | stp | vtp] va lu e
Syntax Description
cdp
Defaults
The default is no drop threshold for the number of the Layer 2 protocol packets.
(Optio nal) Sp ecifies a drop thresho ld for CDP.
stp
v tp
(Optio nal) Sp ecifies a drop thresho ld for STP.
(Optio nal) Sp ecifies a drop thresho ld for VTP.
value
Specifies a threshold in packets per second to be receiv ed for encapsu lation before the
in terface shuts down, or specifies the threshold befo re th e interface d rops packets. The
range is 1 to 4096 . The default is n o th reshold.
Command Modes
Interface configuration mod e
Usage Guidelines
The l2protocol-tunnel drop-threshold command controls the numb er o f protocol p ackets p er second
th at are received on an interface befo re it drops packets. Wh en no protocol option is specified with a
keywo rd, the threshold is ap plied to each of th e tunneled Layer 2 p roto col types. If y ou also set a
sh utdown threshold on the interface, the drop-thresho ld value must be less than or eq ual to the
sh utdown -thres hold valu e.
When the drop thresh old is reached, th e interface drops the Layer 2 proto col packets un til the rate at
which th ey are received is below the d rop threshold.
Examples
This example s hows how to config ure the drop thresh old rate:
Switch(config-if)# l2protocol-tunnel drop-threshold cdp 50
Switch(config-if)#
Related Commands
Command
Descriptio n
l2 proto col-tunnel
l2 proto col-tunnel cos
Enab les protocol tunneling on an interface.
Con figures the class of service (CoS) value for all tunneled
Layer 2 protocol packets.
l2protocol-tunnel shutdown-threshold
Con figures the pro tocol tu nneling encapsulation rate.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-314
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
l2protocol-tunnel shutdown-threshold
l2protocol-tunnel shutdown-threshold
To con figure the protocol tunneling en capsulation rate, use the I2protocol-tunnel shutdown-threshold
co mmand . You can set the encapsulation rate for the Cisco Discovery Protocol (CDP), Spanning Tree
Protocol (STP), or VLAN Tru nking Proto co l (VTP) p ackets. To d isab le the encapsulation rate on the
interface, use th e no form of this comman d.
l2protocol-tunnel shutdown-threshold [cdp | stp | vtp] value
no l2protocol-tunnel shutdown-threshold [cdp | stp | v tp] value
Syntax Description
cdp
(Optional) Specifies a sh utdown threshold fo r CDP.
stp
vtp
va lue
(Optional) Specifies a sh utdown threshold fo r STP.
(Optional) Specifies a sh utdown threshold fo r VTP.
Specifies a thresh old in packets per second to be received for encap sulation before the
interface shu ts d own. The range is 1 to 4096 . The default is n o th reshold.
Defaults
The defau lt is no shu tdown thres hold fo r the nu mber of Layer 2 protocol packets.
Command Modes
Interface con figuration mode
Usage Guidelines
The l2-protocol-tunnel shutdown-threshold command contro ls th e numb er o f protocol p ackets p er
secon d that are received on an interface before it sh uts down. When no protocol op tion is specified with
the keywo rd, the threshold is app lied to each of the tunneled Lay er 2 p roto col types. If yo u also set a
dro p threshold on th e interface, the s hutdown -threshold valu e must be g reater than or equal to the
dro p-th reshold value.
Wh en the shu tdown thresho ld is reached, th e interface is error disabled. If you en able error recovery by
en tering the errdisable recovery cause l2 ptguard command, th e interface is brought ou t of the
erro r-d isab led state and allowed to retry the op eratio n again when all the causes have timed ou t. If the
erro r recovery feature gen eratio n is no t enabled for l2ptguard, the interface s tays in the error-disabled
state until you enter the shutdown and no shutdown commands.
Examples
This examp le shows how to configure the maximum rate:
Switch(config-if)# l2protocol-tunnel shutdown-threshold cdp 50
Switch(config-if)#
Related Commands
Co mmand
l2protocol-tunnel
Description
Enables p roto col tunn eling o n an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-315
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
l2protocol-tunnel shutdown-threshold
Command
Descriptio n
l2 proto col-tunnel cos
Con figures the class of service (CoS) value for all tunneled
Layer 2 protocol packets.
Sets a drop threshold for the max imum rate of Lay er 2
p rotocol pack ets per seco nd to be received before an
in terface dro ps packets.
l2protocol-tunnel drop-threshold
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-316
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
lacp port-priority
lacp port-priority
To set the LACP prio rity for the p hysical interfaces, use the lacp po rt-priority co mmand .
lacp port-priority pr iority
Syntax Description
priority
Defaults
Priority is set to 32768 .
Priority for the phy sical interfaces; valid values are from 1 to 6553 5.
Command Modes
Interface con figuration mode
Usage Guidelines
You must assign each po rt in the switch a p ort priority th at can be sp ecified automatically or by entering
the lacp port-priority co mmand . Th e port p riority is u sed with the port number to form the p ort
identifier. The p ort prio rity is us ed to d ecide which ports should be pu t in stand by mo de when there is a
hardware limitation that prevents all compatible p orts from aggregating.
Altho ugh th is comman d is a global config uration co mmand, the priority value is su pported only on port
ch ann els with LACP-en abled phys ical in terfaces.This command is s upported o n LACP-enab led
interfaces.
Wh en setting the p riority, the higher numbers indicate lower priorities.
Examples
This examp le shows how to set the p riority for the interface:
Switch(config-if)# lacp port-priority 23748
Switch(config-if)#
Related Commands
Co mmand
Description
channel-group
Assig ns and configure an EtherChannel in terface to an
EtherChannel group.
Enables LACP or PAgP on an interface.
channel-protocol
lacp system-priority
Sets the p riority of the system for LACP.
show lacp
Displays LACP info rmation.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-317
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
lacp system-priority
lacp system-priority
To set the prio rity of th e system for LACP, use th e lacp sys tem-priority command.
la cp system-priority priority
Syntax Description
p riority
Defaults
Priority is set to 32 768.
Priority of the system; valid values are from 1 to 65535 .
Command Modes
Global configuratio n mo de
Usage Guidelines
You mu st assign each switch that is run ning LACP a system p riority th at can be specified automatically
o r by en tering the lacp system-priority co mmand . The system p riority is used with the switch MAC
address to form the system ID and is also used during negotiation with other sys tems.
Althoug h th is command is a glob al co nfigu ration co mmand , the priority value is su pported on po rt
channels with LACP-enabled physical interfaces.
When settin g th e priority, tthe higher numbers indicate lower priorities.
You can also en ter the la cp system-prio rity command in in terface con figuratio n mod e. After you enter
th e co mmand , the system defaults to glob al co nfigu ration mode.
Examples
This example s hows how to set th e system priority:
Switch(config)# lacp system-priority 23748
Switch(config)#
Related Commands
Command
channel-group
channel-protoco l
Descriptio n
Assigns and co nfigu re an EtherCh an nel interface to an
EtherChannel g rou p.
Enables LACP or PAgP on an interface.
la cp system-priority
show la cp
Sets th e priority of the sy stem fo r LACP.
Displays LACP information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-318
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
lldp tlv-select po wer-management
lldp tlv-select power-management
To to enab le power n ego tiation through LLDP, u se the lldp tlv-select power-ma na gement in terface
co mmand .
lldp tlv -select power-management
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Enabled on POEP ports
Command Modes
Interface level
Command History
Re lea se
12.2(54)SG
Usage Guidelines
You need to d isable this feature if you do no t want to perform power neg otiation th roug h LLDP.
Examples
This examp le shows how to enable LLDP power negotiation on interface Gigabit Ethernet 3/1:
Modific ation
Suppo rt was intro duced on the Catalyst 4500 series switch.
This feature is not suppo rted on non-POEP ports; th e CLI is sup pressed on such ports and TLV is n ot
exchanged.
Switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# int gi 3/1
Switch(config-if)# lldp tlv-select power-management
Related Commands
Co mmand
lldp run
Description
Cisco IOS Co mmand Reference lib rary.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-319
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
logging event link-status global (global configuration)
logging event link-status global (global configuration)
To ch ang e the d efau lt switch -wid e glob al link-statu s even t messaging settings, use the
lo gging event link-status global command. Use the no form of this comman d to disable the link-status
even t messaging.
lo gging event link-status global
no logg ing event link-status glo ba l
Syntax Description
This command has no arguments or keywo rds.
Defaults
The glo bal link-status messaging is disabled.
Command Modes
Global configuratio n mo de
Usage Guidelines
If link-status logging even t is not config ured at the interface level, th is g lobal link -status setting takes
effect for each in terface.
Examples
This example s hows how to glob ally enable link status mess age on each interface:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# logging event link-status global
Switch(config)# end
Switch#
Related Commands
Command
Descriptio n
logging event link-status (interface
configuration)
Enab les the link-s tatus event messaging on an in terface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-320
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
logging event link-status (interface configura tion)
logging event link-status (interface configuration)
To enab le the link -status event messaging on an interface, use the logging ev ent link-status co mmand .
Use the no form of this comman d to d isab le link-statu s even t messaging. Use the
logging ev ent link-status use-global comman d to apply th e global link-statu s setting.
logging ev ent link-status
no lo gging event link-sta tus
logging ev ent link-status use-global
Defaults
Glob al link-statu s messaging is en ab led.
Command Modes
Interface con figuration mode
Usage Guidelines
To enable sys tem loggin g o f interface state-change even ts o n a specific interface, enter the
logging ev ent link-status comman d in in terface co nfigu ration mode.
To enable sys tem loggin g o f interface state-change even ts o n all interfaces in the system, enter the
logging ev ent link-status global comman d in g lobal configuration mod e. All interfaces without the
state ch ang e event configu ration use th e glob al setting.
Examples
This examp le shows how to enable lo gging event state-ch ang e events on interface gi11/1:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event link-status
Switch(config-if)# end
Switch#
This examp le shows how to tu rn off logging even t link status regard less of th e glob al settin g:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# no logging event link-status
Switch(config-if)# end
Switch#
This examp le shows how to enable th e global event link-status setting on interface g i11/1:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event link-status use-global
Switch(config-if)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-321
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
logging event link-status (interface configuration)
Related Commands
Command
Descriptio n
lo gging event link-status global (global Changes the d efault switch-wid e global link-statu s even t
configuration)
messaging settings.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-322
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
logg ing event trunk -status global (global configura tion)
logging event trunk-status global (global configuration)
To enable the trun k-status event mes sag in g globally, use the logging event trunk-status global
co mmand . Use the no fo rm of this command to disable trunk-statu s even t messaging.
logging ev ent trunk-status global
no lo gging event trunk-status global
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Glob al tru nk-s tatus messaging is disabled .
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
If trunk-statu s logg ing even t is n ot configured at the interface level, the glob al trunk -status setting takes
effect for each interface.
Examples
This examp le shows how to g lobally enable lin k s tatus messaging on each interface:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# logging event trunk-status global
Switch(config)# end
Switch#
Related Commands
Co mmand
Description
logging ev ent trunk-status global
(glo ba l configuratio n)
Enables th e trunk-statu s even t messaging on an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-323
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
logging event trunk-status (interface configuration)
logging event trunk-status (interface configuration)
To en able the trunk-status event messaging on an interface, use th e logg ing event trunk-status
command. Use th e no form o f this co mmand to dis able the trunk-statu s event messaging. Use the
lo gging event trunk-status use-global command to apply the g lobal trunk-status setting .
lo gging event trunk-status
no logg ing event trunk-status
lo gging event trunk-status use-global
Defaults
Global trunk -status mess agin g is enabled .
Command Modes
Usage Guidelines
Interface configuration mod e
To en able system lo gging of in terface state-ch ang e events on a sp ecific in terface, enter the
lo gging event trunk-status command in interface configuration mod e.
To en able system lo gging of in terface state-ch ang e events on all interfaces in the system, enter the
lo gging event trunk-status use-global co mmand in glo bal co nfigu ration mo de. All interfaces with out
th e state chan ge ev ent config uration use the glob al setting.
Examples
This example s hows how to enab le logg ing event state-change events on interface gi11 /1:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event trunk-status
Switch(config-if)# end
Switch#
This example s hows how to turn off log ging event tru nk statu s reg ardles s o f the glo bal setting:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# no logging event trunk-status
Switch(config-if)# end
Switch#
This example s hows how to enab le the g lobal even t trunk-status setting o n in terface gi11/1 :
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gi11/1
Switch(config-if)# logging event trunk-status use-global
Switch(config-if)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-324
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
logging event trunk-status (interface configura tion)
Related Commands
Co mmand
logging ev ent trunk-status global
(glo ba l configuratio n)
Description
Enables th e trunk-statu s even t messaging on an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-325
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mab
mab
To enable and con figure MAC au thorization byp ass (MAB) on a po rt, use the mab command in interface
configuration mod e. To disable MAB, us e the no form of th is command.
mab [eap]
no mab [ea p]
Note
The mab command is totally ind epend ent of th e effect o f the dot1x system-a uth control command .
Syntax Description
eap
Command Default
Disabled
Command Modes
Interface configuration mod e
Usage Guidelines
When a port is configured for MAB as a fallback method, it o perates in a typ ical d ot1X method until a
configurable number of failed attemp ts to requ est the iden tity o f the ho st. The auth enticator learns the
MAC ad dress of the host an d uses that information to qu ery an auth entication s erver to see whether this
MAC address will be granted access.
Examples
(Optional) Specifies that a full EAP conversation sho uld be us ed, as op posed to
standard RADIUS Acces s-Request, Acces s-Accept conversation.
The following example shows how to en able MAB on a po rt:
Switch(config-if)# mab
Switch(config-if)#
The following example shows how to en able an d configure MAB on a p ort:
Switch(config-if)# mab eap
Switch(config-if)#
The following example shows how to disable MAB on a port:
Switch(config-if)# no mab
Switch(config-if)#
Related Commands
Command
show authentication
Descriptio n
Displays Authenticatio n Manager information .
show mab
Displays MAB info rmation.
show running-co nfig
Displays the running configuration information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-326
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mac access-list extended
mac access-list extended
To define the extended MAC access lists, use the mac acces s-list extended comman d. To remove the
MAC access lists, u se the no form of th is command.
mac access-list extended n ame
no mac access-list extended na me
Syntax Description
name
Defaults
MAC access lists are no t defin ed.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Wh en yo u enter the ACL n ame, follow these n aming conventions:
ACL to which the entry b elon gs.
•
Max imum of 31 characters long and can in clud e a-z, A-Z, 0-9, the das h character (-), the underscore
character (_), and the period character (.)
•
Must start with an alph a ch aracter and must be un ique across all ACLs o f all typ es
Case sen sitive
•
•
Cann ot be a n umber
•
Must not be a key word; k eywords to avoid are all, default-action, map , help, and editbuffer
Wh en you enter the ma c a ccess-list extended na me comman d, you use the fo llowing subset to create or
delete entries in a M AC layer access list:
[no] { permit | deny} {{src-mac ma sk | any} [d est-mac mask]} [protocol-family { a ppletalk |
arp-non-ipv4 | decnet | ipx | ipv6 | rarp-ipv4 | rarp-non-ipv4 | vines | xns} | < ar bitrary ethertyp e> |
name-co ded ethertyp e].
Table 2 -7 describes the sy ntax of the mac access-list extended subcommands .
Table 2-7
mac access-list extended Subcommands
Su bcomma nd
Description
any
Specifies any source-h ost or destination-host.
arbitrary ethertype (Option al) Specifies an arbitrary eth ertype in th e range 1536 to 65 535
(Decimal or Hexadecimal)
deny
Prevents access if the con ditions are matched.
dest-mac mask
(Option al) Specifies a destinatio n MAC add ress of the form:
dest-mac-a ddress dest-mac-a ddress -ma sk.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-327
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mac access-list extended
Table 2-7
mac access-list extended Subcommands (continued)
Subcommand
Description
n ame-coded
ethertype
(Optional) Denotes a predefined name-coded ethertyp e for common protocols :
aarp—Ap pleTalk ARP
amb er—DEC-Amb er
ap pletalk—AppleTalk/Eth erTalk
dec-spanning— DEC-Span ning-Tree
decnet-iv— DECnet Phase IV
diagnostic—DEC-Diagn ostic
dsm—DEC-DSM
ety pe-600 0—0x6 000
ety pe-804 2—0x8 042
lat— DEC-LAT
lavc-sca—DEC-LAVC-SCA
mop-con sole—DEC-MOP Remo te Console
mop-dump—DEC-MOP Dump
msdos—DEC-MSDOS
mumps—DEC-M UMPS
netbios—DEC-NETBIOS
pro toco l-family An Eth ernet protocol family
vines-echo—VINES Ech o
vines-ip —VINES IP
xns-idp—XNS IDP
no
permit
p roto col-family
src-mac mask
(Optional) Deletes a s tatemen t fro m an access list.
Allows access if the cond itions are match ed .
(Optional) Name o f the p rotocol family. Table 2-8 lists wh ich packets are
map ped to a particu lar p roto col family.
Source MAC add ress in th e fo rm:
source-mac-addres s so urce-mac-ad dress-mask.
Tab le 2-8 des cribes mapping an Ethernet packet to a protocol family.
Table 2-8
Pro to col Fa mily
Appletalk
Mapping an Ethernet Packet to a Protocol Family
Ethe rtype in Packet Header
0 x809B, 0x80F3
Arp-No n-Ipv4
0 x0806 and protocol header of Arp is a n on-Ip protocol family
Decnet
0 x6000 -0x6 009, 0x803 8-0 x8042
Ipx
0 x8137 -0x8 138
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-328
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mac access-list extended
Table 2-8
Mapping an Ethernet Packet to a Protocol Family
Protocol Family
Ethertype in Pack et Header
Ipv 6
0x86 DD
Rarp-Ipv4
0x80 35 and p rotocol head er of Rarp is Ipv 4
Rarp-Non-Ip v4
0x80 35 and p rotocol head er of Rarp is a non -Ipv4 protocol family
Vines
0x0BAD, 0x0 BAE, 0 x0BAF
Xns
0x06 00, 0 x0807
Wh en yo u enter the src-mac mask or dest-mac mask value, follow these gu idelin es:
•
•
Enter the MAC addres s masks as th ree 4-byte values in d otted h exadecimal format. Use 1 bit as a
wildcard. Fo r example, to match an ad dress ex actly, use 0 000.0000 .0 000 (can b e entered as 0.0.0).
•
Fo r the op tional p roto col parameter, you can enter either the Eth erTyp e or th e keyword.
•
Entries without a protocol parameter match any protocol.
•
Examples
Enter the MAC addres ses as th ree 4-byte values in dotted h exadecimal format such as
0030 .96 29.9f8 4.
The access list entries are scanned in the order that y ou enter th em. Th e first matching entry is used.
To imp rove performance, p lace th e most common ly used entries near the beginning of the access list.
•
An implicit deny any any entry exists at the en d of an access list unless you include an ex plicit
permit any a ny entry at the end of th e list.
•
All new entries to an existin g lis t are placed at the end of the list. You cann ot add entries to the
middle o f a list.
This examp le shows how to create a M AC layer access list named mac_lay er th at denies traffic fro m
0000 .47 00.0001 , wh ich is going to 00 00.4700.00 09, and permits all o ther traffic:
Switch(config)# mac access-list extended mac_layer
Switch(config-ext-macl)# deny 0000.4700.0001 0.0.0 0000.4700.0009 0.0.0 protocol-family
appletalk
Switch(config-ext-macl)# permit any any
Switch(config-ext-macl)# end
Switch#
Related Commands
Co mmand
Description
show vlan access-map
Displays VLAN access map information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-329
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mac-address-table aging-time
mac-address-table aging-time
To con figure the agin g time for th e en tries in the Layer 2 table, use the mac-address-table aging-time
command. To reset the seco nds valu e to the default setting, u se the no form of this command.
mac-address-table aging-time secon ds [vlan vla n_id]
no mac-address-table aging-time s econds [vlan vlan _id]
Syntax Description
seconds
v lan vlan_id
Defaults
Aging time is set to 3 00 second s.
Command Modes
Usage Guidelines
Aging time in seconds; valid values are 0 and from 10 to 10000 00 second s.
(Optio nal) Sin gle VLAN n umber or a range o f VLANs ; valid values are fro m 1
to 40 94.
Global configuratio n mo de
If you d o n ot enter a VLAN, the change is applied to all rou ted-port VLANs.
Enter 0 second s to disable agin g.
Examples
This example s hows how to config ure the aging time to 40 0 s econds:
Switch(config)# mac-address-table aging-time 400
Switch(config)#
This example s hows how to disable aging :
Switch(config)# mac-address-table aging-time 0
Switch(config)
Related Commands
Command
show mac-address-ta ble aging-time
Descriptio n
Displays MAC addres s table agin g in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-330
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mac-address-table dynamic grou p protoco ls
mac-address-table dynamic group protocols
To en able th e learn in g of MAC add resses in b oth th e “ip” and “o th er” protocol buckets, even tho ugh the
incoming packet may belong to on ly o ne of the protocol buckets, use th e
mac-addres s-table dy na mic group protocols command. To disable grouped learnin g, use th e no form
of this command.
mac-addres s-table dynamic gro up protocols { ip | other} { ip | other}
no mac-address-table dynamic g roup proto cols {ip | o ther} {ip | other}
Syntax Description
ip
other
Defaults
The gro up learn ing featu re is dis abled.
Command Modes
Usage Guidelines
Specifies the “ip” p rotocol bucket.
Specifies the “other” pro toco l bu cket.
Glob al co nfigu ration mode
The entries within the “ip” and “other” pro toco l buckets are created according to the p rotocol of th e
incoming traffic.
Wh en you use the mac-address-table dynamic group protocols co mmand , an incoming MAC address
that migh t belong to either the “ip” or th e “other” p roto col bucket, is learn ed on both protocol buckets.
Therefore, any traffic destined to th is MAC address and belonging to any of the pro toco l bu ckets is
unicasted to that MAC ad dress, rather than floo ded . This red uces the un icast Layer 2 floo ding th at migh t
be caused if the incoming traffic from a h ost belo ngs to a different pro toco l bucket than the traffic that
is destin ed to the send ing host.
Examples
This examp le shows that the MAC addresses are initially as signed to either the “ip” or the “o th er”
pro toco l bu cket:
Switch# show mac-address-table dynamic
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.5000
dynamic other
GigabitEthernet1/1
1
0001.0234.6616
dynamic ip
GigabitEthernet3/1
1
0003.3178.ec0a
dynamic assigned
GigabitEthernet3/1
1
0003.4700.24c3
dynamic ip
GigabitEthernet3/1
1
0003.4716.f475
dynamic ip
GigabitEthernet3/1
1
0003.4748.75c5
dynamic ip
GigabitEthernet3/1
1
0003.47f0.d6a3
dynamic ip
GigabitEthernet3/1
1
0003.47f6.a91a
dynamic ip
GigabitEthernet3/1
1
0003.ba06.4538
dynamic ip
GigabitEthernet3/1
1
0003.fd63.3eb4
dynamic ip
GigabitEthernet3/1
1
0004.2326.18a1
dynamic ip
GigabitEthernet3/1
1
0004.5a5d.de53
dynamic ip
GigabitEthernet3/1
1
0004.5a5e.6ecc
dynamic ip
GigabitEthernet3/1
1
0004.5a5e.f60e
dynamic ip
GigabitEthernet3/1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-331
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mac-address-table dynamic group protocols
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Switch#
0004.5a5f.06f7
0004.5a5f.072f
0004.5a5f.08f6
0004.5a5f.090b
0004.5a88.b075
0004.c1bd.1b40
0004.c1d8.b3c0
0004.c1d8.bd00
0007.e997.74dd
0007.e997.7e8f
0007.e9ad.5e24
000b.5f0a.f1d8
000b.fdf3.c498
0010.7be8.3794
0012.436f.c07f
0050.0407.5fe1
0050.6901.65af
0050.da6c.81cb
0050.dad0.af07
00a0.ccd7.20ac
00b0.64fd.1c23
00b0.64fd.2d8f
00d0.b775.c8bc
00d0.b79e.de1d
00e0.4c79.1939
00e0.4c7b.d765
00e0.4c82.66b7
00e0.4c8b.f83e
00e0.4cbc.a04f
0800.20cf.8977
0800.20f2.82e5
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
ip
assigned
ip
ip
ip
ip
ip
ip
ip
assigned
ip
ip
ip
ip
ip
ip
ip
ip
ip
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
This example s hows how to assign MAC add resses th at belong to eith er th e “ip” or the “other” bucket
to bo th bu ckets:
Switch(config)# mac-address-table dynamic group protocols ip other
Switch(config)# exit
Switch# show mac address-table dynamic
Unicast Entries
vlan
mac address
type
protocols
port
-------+---------------+--------+---------------------+-------------------1
0000.0000.5000
dynamic ip,other
GigabitEthernet1/1
1
0001.0234.6616
dynamic ip,other
GigabitEthernet3/1
1
0003.4700.24c3
dynamic ip,other
GigabitEthernet3/1
1
0003.4716.f475
dynamic ip,other
GigabitEthernet3/1
1
0003.4748.75c5
dynamic ip,other
GigabitEthernet3/1
1
0003.47c4.06c1
dynamic ip,other
GigabitEthernet3/1
1
0003.47f0.d6a3
dynamic ip,other
GigabitEthernet3/1
1
0003.47f6.a91a
dynamic ip,other
GigabitEthernet3/1
1
0003.ba0e.24a1
dynamic ip,other
GigabitEthernet3/1
1
0003.fd63.3eb4
dynamic ip,other
GigabitEthernet3/1
1
0004.2326.18a1
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5d.de53
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5d.de55
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5e.6ecc
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5e.f60e
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5f.08f6
dynamic ip,other
GigabitEthernet3/1
1
0004.5a5f.090b
dynamic ip,other
GigabitEthernet3/1
1
0004.5a64.f813
dynamic ip,other
GigabitEthernet3/1
1
0004.5a66.1a77
dynamic ip,other
GigabitEthernet3/1
1
0004.5a6b.56b2
dynamic ip,other
GigabitEthernet3/1
1
0004.5a6c.6a07
dynamic ip,other
GigabitEthernet3/1
1
0004.5a88.b075
dynamic ip,other
GigabitEthernet3/1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-332
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mac-address-table dynamic grou p protoco ls
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Switch#
0004.c1bd.1b40
0004.c1d8.b3c0
0004.c1d8.bd00
0005.dce0.7c0a
0007.e997.74dd
0007.e997.7e8f
0007.e9ad.5e24
0007.e9c9.0bc9
000b.5f0a.f1d8
000b.fdf3.c498
0012.436f.c07f
0050.0407.5fe1
0050.6901.65af
0050.da6c.81cb
0050.dad0.af07
00a0.ccd7.20ac
00b0.64fd.1b84
00d0.b775.c8bc
00d0.b775.c8ee
00d0.b79e.de1d
00e0.4c79.1939
00e0.4c7b.d765
00e0.4c82.66b7
00e0.4c8b.f83e
00e0.4c8c.0861
0800.20d1.bf09
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
dynamic
ip,other
ip,other
ip,other
assigned
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
assigned
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
ip,other
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
GigabitEthernet3/1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-333
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mac address-table learning vlan
mac address-table learning vlan
To enable MAC addres s learning on a VLAN, use the mac address-table learning glo bal co nfigu ration
command. Use th e no form o f this co mmand to dis able MAC address learnin g o n a VLAN to control
which VLANs can learn MAC addresses.
mac address-table learning vlan vlan-id
no mac address-table learning vlan vla n-id
Syntax Description
vlan-id
Specifies a sing le VLAN ID or a range of VLAN IDs separated by a hyph en
o r co mma. Valid VLAN IDs are 1 to 4094.
Defaults
Enab led on all VLANs
Command Modes
Global configuratio n
Usage Guidelines
When you control M AC address learning on a VLAN, you can manag e the available table space by
controlling which VLANs, and wh ich po rts can learn MAC addresses.
You can disable MAC address learning on a single VLAN ID (for example, by entering
no mac address-table learning vlan 223) or on a range o f VLAN IDs (for example, by en tering
no mac address-table learning vlan 1-20, 1 5.)
Befo re you dis able MAC address learning , familiarize yourself with th e netwo rk top ology and the switch
sy stem config uration. If y ou disable MAC ad dress learning on a VLAN, floodin g may occu r in the
n etwo rk. For example, if yo u disable MAC ad dress learning on a VLAN with a config ured switch virtu al
in terface (SVI), the switch floods all IP packets in th e Layer 2 domain. If yo u d isab le MAC add ress
learnin g o n a VLAN that inclu des more than two po rts, every pack et entering the s witch is flooded in
th at VLAN domain. Disab le MAC addres s learning on ly in VLANs that con tain two ports. Use cautio n
b efore disabling MAC add ress learn ing on a VLAN with an SVI.
You cannot d isable MAC address learning on a VLAN that the switch u ses internally. This action causes
th e switch to generate an error messag e and rejects the no mac a ddress-ta ble learning vlan command.
To view u sed internal VLANs, enter the show v lan interna l usage privileged EXEC command.
If y ou disable M AC address learn ing on a VLAN configured as a PVLAN primary or a secon dary VLAN,
th e MAC add resses are still learn ed on the VLAN (p rimary or second ary) associated with the PVLAN.
You canno t dis able MAC address learnin g on an RSPAN VLAN. Th e configu ration is not allowed.
If you d isable MAC add ress learn ing on a VLAN that includes a secure po rt, M AC address learning is
n ot d isab led on the secure port. If yo u later disable po rt security on the in terface, th e disabled MAC
address learnin g s tate is enabled.
To display the MAC address learning status of a s pecific VLAN or for all VLANs, enter the
show mac-address-ta ble learning vla n command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-334
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mac address-table le arning vlan
Examples
This examp le shows how to d isable MAC add ress learn ing on VLAN 200 3:
Switch(config)# no mac address-table learning vlan 2003
Related Commands
Co mmand
show mac address-table learning
Descriptio n
Displays the MAC ad dress learning statu s o n all VLANs or
o n th e specified VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-335
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mac-address-table notification
mac-address-table notification
To enable MAC address notification on a s witch, use the mac-address-table notification command. To
retu rn to the defau lt setting, use th e no form o f this co mmand
mac-address-table notification [[change [his tory-size hs_value | interval intv_va lue]] |
[mac-move] | [threshold [limit p ercenta ge | interval time]] | [learn-fail [interval time | limit
n um_fa il]]
no mac-address-table notification [[cha ng e [history-size h s_va lue | interv al in tv_value]] |
[mac-move] | [threshold [limit p ercenta ge | interval time]] | [learn-fail [interval time | limit
n um_fa il]]
Syntax Description
change
history-size hs _va lue
interval intv_va lue
mac-move
(Optio nal) Sp ecifies enabling MAC thresh old notification.
(Optio nal) Sp ecifies the percentage of MAT utilization th reshold; valid
values are from 1 to 100 percent.
(Optio nal) Sp ecifies the time b etween MAC th reshold no tifications ; valid
values are greater than or equal to 12 0 seconds .
(Optio nal) Specifies sy slog (level 6) notifications of failures to install MAC
addresses learned in software into hardware. Disab led by default.
limit num_fail
Defaults
(Optio nal) Sp ecifies enabling MAC chan ge no tification.
(Optio nal) Sets a maximum number of en tries in the MAC change
n otification h istory table. Th e range is 0 to 50 0 entries.
(Optio nal) Sets a notification trap interval: the set in terval time between two
consecutive traps. The range is 0 to 2,147 ,4 83,647 secon ds.
(Optio nal) Sp ecifies enabling MAC move n otification .
threshold
limit percentage
interval time
learn-fa il
interval time
(Optio nal) Sp ecifies the sys lo g interval between hardware MAC learn ing
failu re notifications. The default value is 1 50 seco nds. The range is between
1 to 10 0000 seco nds.
(Optio nal) Sp ecifies the nu mber of hard ware MAC learning failures to be
allowed in a notification interval.
MAC address notification feature is disabled .
The default MAC change trap interval value is 1 second.
The default numb er o f en tries in th e history tab le is 1.
MAC move n otificatio n is disabled.
MAC thresh old monitoring feature is d isab led.
The default limit is 50 p ercent.
The default time is 120 seconds.
Hardware MAC learn ing failure syslog no tification is disabled.
The default limit is 10 00.
The default interval is 15 0 second s.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-336
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mac-add ress-table notification
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
You can en able the MAC change no tification feature u sing th e mac-addres s-table notification change
co mmand . If you do this, you must also enable MAC no tification trap s o n an interface u sing the
snmp trap mac-notification change interface con figuratio n co mmand and con figure th e switch to sen d
MAC change traps to the NMS usin g th e snmp-server enable traps mac-notification glob al
co nfiguration co mmand .
Examples
This examp le shows how to set the MAC address notification history table size to 300 entries:
Wh en the history-size option is configured, th e existing MAC change histo ry table is deleted, and a n ew
tab le is created.
Switch(config)# mac-address-table notification change history-size 300
Switch(config)#
This examp le shows how to set the MAC address notification interval time to 1250 seconds:
Switch(config)# mac-address-table notification change interval 1250
Switch(config)#
This examp le shows how to enable h ardware MAC address learnin g failure syslog notification:
Switch(config)# mac address-table notification learn-fail
This example s hows how to set the in terval of hard ware MAC add ress learning failu re syslog n otificatio n
to 30 second s:
Switch(config)# mac address-table notification learn-fail interval 30
Related Commands
Co mmand
Description
mac-addres s-table notification
Clears the global cou nter entries fro m the Layer 2 MAC
ad dress tab le.
Enables M AC address no tification on a switch.
snmp-server enable traps
snmp trap mac-notification change
clear mac-a ddress-ta ble
Enables SNMP no tifications .
Enables SNMP MAC address notifications.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-337
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mac-address-table static
mac-address-table static
To con figure the static M AC addresses fo r a VLAN interface o r dro p u nicast traffic for a MAC address
for a VLAN interface, use the mac-address-table static comman d. To remove the static MAC addres s
configuration s, use the no form of this command.
mac-address-table static mac-add r { v lan vlan-id} {interface typ e | drop}
no mac-address-table static mac-addr {vlan vla n-id} {interfa ce type} {drop}
Syntax Description
mac-ad dr
v lan vlan-id
MAC address; o ptional when using the no form of this command.
VLAN and valid VLAN n umber; valid values are from 1 to 4094.
interfa ce type
drop
Interface type and nu mber; valid option s are FastEthernet an d GigabitEthernet.
Drops all traffic received from and going to the con figured MAC address in the
specified VLAN.
Defaults
This command has no default setting s.
Command Modes
Global configuratio n mo de
Usage Guidelines
When a static MAC ad dress is installed, it is associated with a p ort.
The ou tput interface specified mu st b e a Layer 2 interface and no t an SVI.
If you do not enter a protocol typ e, an entry is automatically created for each o f th e fou r pro toco l types.
Entering the no form of this command does not remove th e system MAC addresses.
When removing a MAC address , entering interface int is option al. For unicast entries, th e entry is
remo ved automatically. Fo r multicast entries, if you do not specify an interface, the entire entry is
remo ved. You can sp ecify th e selected p orts to be removed by specifyin g th e interface.
Examples
This example s hows how to add the static entries to the MAC address table:
Switch(config)# mac-address-table static 0050.3e8d.6400 vlan 100 interface fastethernet5/7
Switch(config)#
Related Commands
Command
Descriptio n
show mac-address-ta ble static
Displays the static MAC ad dress tab le entries only.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-338
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro apply cisco-desktop
macro apply cisco-desktop
To en ab le the Cisco-recommended features an d settings that are suitable for connectin g a switch port to
a standard deskto p, use the macro apply cisco-deskto p comman d.
macro apply cisco-desktop $AVID a cces s_vla nid
Syntax Description
$AVID access_vlanid
Defaults
This comman d has no default settings.
Specifies an access VLAN ID.
Command Modes
Interface con figuration mode
Usage Guidelines
This comman d can only be viewed and ap plied ; it cann ot b e modified.
Ensu re th at the existing configuration on the interface do es not conflict with the inten ded macro
co nfiguration. Befo re y ou ap ply the macro, clear the configuration on the interface with th e default
interface comman d.
Examples
This examp le shows how to enable th e Cisco -recommended featu res and settings on po rt fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-desktop $AVID 50
Switch(config-if)#
The con tents of this macro are as follows:
# Basic interface - Enable data VLAN only
# Recommended value for access vlan (AVID) should not be 1
switchport access vlan $AVID [access_vlanid]
switchport mode access
# Enable port security limiting port to a single
# MAC address -- that of desktop
switchport port-security
# Ensure port-security age is greater than one minute
# and use inactivity timer
# “Port-security maximum 1” is the default and will not
# Show up in the config
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-339
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro apply cisco-desktop
Related Commands
Command
macro apply cisco-phone
Descriptio n
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a standard
d eskto p and a Cis co IP pho ne.
macro apply cisco-router
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a ro uter.
macro apply cisco-switch
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to ano ther switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-340
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro apply cisco-phone
macro apply cisco-phone
To en ab le the Cisco-recommended features an d settings that are suitable for connectin g a switch port to
a standard deskto p and a Cisco IP pho ne, use th e ma cro apply cisco-phone comman d.
macro apply cisco-phone $AVI D access_vlanid $VVID voice_ vlan id
Syntax Description
$AVID access_vlanid
$VVID voice_vlanid
Defaults
This comman d has no default settings.
Command Modes
Interface con figuration mode
Usage Guidelines
Specifies an access VLAN ID.
Specifies a voice VLAN ID.
This comman d can only be viewed and ap plied ; it cann ot b e modified.
Ensu re th at the existing configuration on the interface do es not conflict with the inten ded macro
co nfiguration. Befo re y ou ap ply the macro, clear the configuration on the interface with th e default
interface comman d.
Examples
This examp le shows how to enable th e Cisco -recommended featu res and settings on po rt fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-phone $AVID 10 $VVID 50
Switch(config-if)#
The con tents of this macro are as follows:
# VoIP enabled interface - Enable data VLAN
# and voice VLAN (VVID)
# Recommended value for access vlan (AVID) should not be 1\
switchport access vlan $AVID [access_vlan_id]
switchport mode access
# Update the Voice VLAN (VVID) value which should be
# different from data VLAN
# Recommended value for voice vlan (VVID) should not be 1
switchport voice vlan $VVID [voice_vlan_id]
# Enable port security limiting port to a 3 MAC
# addressees -- One for desktop and two for phone
switchport port-security
switchport port-security maximum 3
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Enable auto-qos to extend trust to attached Cisco phone
auto qos voip cisco-phone
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable@
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-341
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro apply cisco-phone
Related Commands
Command
macro apply cisco-deskto p
Descriptio n
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a standard
d eskto p.
macro apply cisco-router
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a ro uter.
macro apply cisco-switch
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to ano ther switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-342
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro apply cisco-router
macro apply cisco-router
To en ab le the Cisco-recommended features an d settings that are suitable for connectin g a switch port to
a router, use the macro apply cisco-router command.
macro a pply cisco -router $NVID na tive_vlanid
Syntax Description
$NVID native_vla nid
Defaults
This comman d has no default settings.
Specifies a n ative VLAN ID.
Command Modes
Interface con figuration mode
Usage Guidelines
This comman d can only be viewed and ap plied ; it cann ot b e modified.
Ensu re th at the existing configuration on the interface do es not conflict with the inten ded macro
co nfiguration. Before y ou apply the macro apply cisco-ro uter command, clear the co nfiguration on the
interface with th e default interface command.
Examples
This examp le shows how to enable th e Cisco -recommended featu res and settings on po rt fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-router $NVID 80
Switch(config-if)#
The con tents of this macro are as follows:
# Access Uplink to Distribution
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID [native_vlan_id]
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan $VRANGE [vlan_range]
# Hardcode trunk and disable negotiation to
# speed up convergence
# Hardcode speed and duplex to router
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
# Configure qos to trust this interface
auto qos voip trust
qos trust dscp
# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.
spanning-tree portfast
spanning-tree bpduguard enable
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-343
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro apply cisco-router
Related Commands
Command
macro apply cisco-deskto p
Descriptio n
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a standard
d eskto p.
macro apply cisco-phone
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a standard
d eskto p and a Cis co IP pho ne.
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a ro uter.
macro apply cisco-router
macro apply cisco-switch
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to ano ther switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-344
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro a pply cisco-switch
macro apply cisco-switch
To en ab le the Cisco-recommended features an d settings that are suitable for connectin g a switch port to
an other switch, use the macro a pply cisco-switch command.
macro a pply cisco -switch $NVID n ative_vlanid
Syntax Description
$NVID native_vla nid
Defaults
This comman d has no default settings.
Specifies a native VLAN ID.
Command Modes
Interface con figuration mode
Usage Guidelines
This comman d can only be viewed and ap plied ; it cann ot b e modified.
Ensu re th at the existing configuration on the interface do es not conflict with the inten ded macro
co nfiguration. Befo re y ou ap ply this macro , clear the con figuratio n on the interface with the default
interface comman d.
Examples
This examp le shows how to enable th e Cisco -recommended featu res and settings on po rt fa2/1:
Switch(config)# interface FastEthernet2/1
Switch(config-if)# macro apply cisco-switch $NVID 45
Switch(config-if)#
The con tents of this macro are as follows:
# Access Uplink to Distribution
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID [native_vlan_id]
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan $VRANGE
# Hardcode trunk and disable negotiation to
# speed up convergence
switchport mode trunk
switchport nonegotiate
# Configure qos to trust this interface
auto qos voip trust
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-345
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro apply cisco-switch
Related Commands
Command
macro apply cisco-deskto p
Descriptio n
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a standard
d eskto p.
macro apply cisco-phone
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a standard
d eskto p and a Cis co IP pho ne.
Enab les the Cisco-recommen ded features and settin gs th at
are suitable for connecting a switch port to a ro uter.
macro apply cisco-router
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-346
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto device
macro auto device
Use th e ma cro a uto device co mmand to simplify changing the p arameters fo r a built-in functions for a
dev ice ty pe. Use the no fo rm of this command to rev ert to the intial parameter values.
macro a uto device device_type [params values]
no macro auto device device_ type [p arams values]
Syntax Description
device_ type
Specifies the device type.
•
phon e—Apply interface configs on detecting a ph one
•
switch—Apply interface configs on detecting a switch
•
•
param n ame=va lue
Command Modes
rou ter—Ap ply interface config s o n d etecting a ro uter
ap —App ly in terface co nfigs on detecting an ap
•
lwap—Ap ply interface config s o n d etectin g a light weight ap
•
dmp—Apply interface configs on detecting a DMP
•
ipvsc—Ap ply interface config s o n d etecting a IPVSC
(Optional) para meter=value—Replace d efau lt values th at begin with $.
Enter new valu es in the form of name valu e pair separated by a space:
[<name1>=<value1> <name2>=<value2>...]. Default valu es are shown in
parenthesis.
Glob al co nfigu ration
Usage Guidelines
Altho ugh you can us e the macro auto execute command to pro duce the s ame effect as the
macro a uto device command, th e later is simpler.
Examples
This ex ample shows how to ch an ge the access VLAN an d vo ice VLAN from th eir d efault value to user
defined values fo r phon e dev ices.
(config)# macro auto device phone ACCESS_VLAN=10 VOICE_VLAN=20
Related Commands
Co mmand
macro auto execute (built-in
function)
Descriptio n
Changes built-in function default valu es or to map user-defined
triggers to built-in fun ction s, and to pas s th e parameter values.
macro a uto ex ecute
Maps a trigger to a remotely defin ed functions.
(remotely-defined trigger)
macro a uto ex ecute
Maps a trigger to a u ser-defin ed function.
(user-defined function)
macro a uto global processing Enables Auto Smartports on a switch.
macro a uto processing
Enables Auto SmartPorts macros on a specific interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-347
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro auto device
Command
Description
macro auto s ticky
Specifies not to remove configuratio ns app lied by ASP acro ss lin k
flaps and dev ice removal.
shell trigger
Creates a u ser defined trigger.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-348
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto execute (b uilt-in func tion)
macro auto execute (built-in function)
Use the macro auto execute configuration command to change built-in fun ction default values or to map
user-defined triggers to built-in fun ction s and to pass the parameter values. Use th e no form of this
co mmand to un map the trigger.
macro a uto ex ecute even t_trigger builtin shell_ function [pa ram name=values]
no macro auto execute event_trig ger builtin sh ell_fu nction [param name=values]
Syntax Description
event_trigger
Defines map ping from an even t trigger to a built-in macro .
Specify an event trigger :
•
•
CISCO_PHONE_EVENT
CISCO_SWITCH_EVENT
•
CISCO_ROUTER_EVENT
•
CISCO_WIRELESS_AP_EVENT
•
•
shell_function
CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
CISCO_DMP_EVENT
•
CISCO_IPVSC_EVENT
•
WORD—Apply a user-defined event trigg er.
Specifies a built-in macro name:
•
CISCO_PHONE_AUTO_SMARTPORT
(Optional) Specify the parameter values: $ACCESS_VLAN=(1) and
$VOICE_VLAN=(2).
•
CISCO_SWITCH_AUTO_SMARTPORT
(Optional) Specify the parameter values: $NATIVE_VLAN=(1).
•
CISCO_ROUTER_AUTO_SMARTPORT
(Optional) Specify the parameter values: $NATIVE_VLAN=(1).
•
CISCO_AP_AUTO_SMARTPORT
(Optional) Specify the parameter values: $NATIVE_VLAN=(1).
•
CISCO_LWAP_AUTO_SMARTPORT
(Optional) Specify the parameter values: $ACCESS_VLAN=(1).
•
CISCO_DMP_AUTO_SMARTPORT
CISCO_IP_CAMERA_AUTO_SMARTPORT
(Optional) Specifies values for the parameters that are to be used in the
fun ction b ody.
•
param n ame=va lue
Defaults
Auto Smartpo rts is disab led.
Command Modes
Glob al co nfigu ration
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-349
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro auto execute (built-in function)
Usage Guidelines
The switch auto matically map s from builtin even t trig gers to builtin fun ction s. The builtin fu nctio ns are
sy stem-defined fun ction s in the software image.
Use th e macro a uto execute glob al configuration command to replace the builtin fu nctio n default valu es
with values specific to your switch.
You can also create user-defined triggers and use this command to map the triggers to builtin functions.
You can create user-defined event triggers by entering th e shell trigger glob al con figuratio n command.
Use the show shell priv ileged EXEC command to display the contents of the builtin an d u ser-defin ed
triggers and fu nctio ns.
Examples
This example shows how to use two built-in Auto Smartpo rts macros fo r conn ecting Cis co switches and
Cisco IP pho nes to the switch . It mo difies the default vo ice VLAN, access VLAN, and n ative VLAN fo r
th e tru nk interface:
Switch# configure terminal
Switch(config)#!!! the next command modifies the access and voice vlans
Switch(config)#!!! for the built in Cisco IP phone auto smartport macro
Switch(config)# macro auto execute CISCO_PHONE_EVENT builtin CISCO_PHONE_AUTO_SMARTPORT
ACCESS_VLAN=10 VOICE_VLAN=20
Switch(config)#
Switch(config)#!!! the next command modifies the native vlan
Switch(config)#!!! for the built in switch auto smartport macro
Switch(config)# macro auto execute CISCO_SWITCH_EVENT builtin CISCO_SWITCH_AUTO_SMARTPORT
NATIVE_VLAN=10
Switch(config)#!!! the next example creates a user-defined trigger and maps it to a
builtin functions
Switch(config)# shell trigger myTrigger “user-defined trigger”
Switch(config)# macro auto execute myTrigger builtin CISCO_PHONE_AUTO_SMARTPORT_ACCESSVLAN
voice_vlan
Switch(config)#!!! the next command enables auto smart ports globally
Switch(config)# macro auto global processing fallback CDP
Switch# !!! here's the running configuration of the interface connected
Switch# !!! to another Cisco Switch after the Macro is applied
Switch#
Switch# show running-config interface Gi1/0/1
Building configuration...
Current configuration : 284 bytes
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
macro description CISCO_SWITCH_EVENT
end
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-350
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto execute (b uilt-in func tion)
Related Commands
Co mmand
macro a uto device
macro a uto ex ecute
(remotely-defined trigger)
macro a uto ex ecute
(user-defined function)
Descriptio n
Simplifies chan ging the p arameters for a built-in fu nctio ns for a
d evice typ e.
Maps a trigger to a remotely defin ed functions.
Maps a trigger to a u ser-defin ed function.
macro a uto global processing Enables Auto Smartports on a switch.
macro a uto processing
macro a uto sticky
shell trigger
Enables Auto SmartPorts macros on a specific interface.
Specifies n ot to remov e co nfigu rations applied by ASP across link
flaps and device removal.
Creates a user defined trig ger.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-351
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro auto execute (remotely-defined trigger)
macro auto execute (remotely-defined trigger)
Use the macro a uto ex ecute con figuratio n command to map a trigg er to a remotely d efined function.
Use the no form of this command to unmap the trigger.
macro auto execute trigger_n ame remote url
no macro auto execute trigger_name remote url
Syntax Description
trigg er_ name
u rl
Specifies the trigg er name.
Specifies the remotely-d efined URL
Defaults
None
Command Modes
Global configuratio n
Usage Guidelines
This command enables yo u to sto re s hell functions in a central location an d utilized by ASP o n many
switch es. This alleviates the pro blem of updating fu nctio ns on every switch for each modification.
Examples
This example s hows how to map a trig ger to th e remotely defined fun ction myfunction - the filen ame
th at co ntain s th e fu nctio n body:
Triggerin g o f the remotely defin ed function requires netwo rk connectivity to the URL, which is
accessed for each executio n o f the function.
Switch(config)# macro auto execute mytrigger remote tftp://dirt/tftpboot/myfunction
Related Commands
Command
macro auto device
Description
Simplifies changin g the parameters for a built-in functions for a
device type.
macro auto execute (built-in
function)
Changes built-in function default values or to map u ser-defin ed
trig gers to built-in functions, and to pass the p arameter valu es.
macro auto execute
Maps a trigger to a user-defined fun ction .
(user-defined function)
macro auto glo bal processing En ables Auto Smartports on a switch .
macro auto processing
En able Auto SmartPorts macros on a s pecific interface.
macro auto s ticky
shell trigger
Specifies not to remove configuratio ns app lied by ASP acro ss lin k
flaps and dev ice removal.
Create a u ser d efined trigger.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-352
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto execute (user-defined func tion)
macro auto execute (user-defined function)
Use the macro auto execute configu ration command to map a trigger to a user-defined fun ction . Us e
the no fo rm of this command to unmap th e trig ger.
macro a uto ex ecute trigger _name [p aram_ name=value] {function body}
no macro auto execute trigger_n ame [para m_na me=valu e]
Syntax Description
trigger_name
param n ame=va lue
function_b ody
Defaults
Specifies the trigger name.
(Optional) Specifies values for the parameters that are to be used in the
fun ction b ody.
Shell functions with CLIs.
Non e
Command Modes
Glob al co nfigu ration
Usage Guidelines
Because the fun ction defin ed in this comman d d oes no t h ave a name, you cann ot u se it to map to
an other trig ger. This is the on ly way th at you can map a trigger to a user defin ed function. Shell
fun ction s d efined in the non-co nfigu re mo de can no t b e used to map triggers.
Examples
This example shows how to map the user-defined even t trig ger Cisco Dig ital Media Player (DM P) to a
user-defined macro.
a.
Connect the DMP to an 802 .1 x- or MAB-enabled s witch p ort.
b.
On the RADIUS server, set the attribute-value pair to a uto-sma rt-port=CISCO_DMP_EVENT.
c.
On the switch, create the event trigger CISCO_DMP_EVENT, an d enter the user-d efined macro
co mmand s sh own below.
d.
The switch recogn izes th e attribute-value pair=CISCO_DMP_EVENT respon se from th e RADIUS
server and app lies the macro associated with this event trigger.
Switch(config)# shell trigger CISCO_DMP_EVENT Cisco DMP player
Switch(config)# macro auto execute CISCO_DMP_EVENT {
if [[ $LINKUP -eq YES ]]; then
conf t
interface $INTERFACE
macro description $TRIGGER
switchport access vlan 1
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
spanning-tree portfast
spanning-tree bpduguard enable
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-353
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro auto execute (user-defined function)
exit
fi
if [[ $LINKUP -eq NO ]]; then
conf t
interface $INTERFACE
no macro description $TRIGGER
no switchport access vlan 1
if [[ $AUTH_ENABLED -eq NO ]]; then
no switchport mode access
fi
no switchport port-security
no switchport port-security maximum 1
no switchport port-security violation restrict
no switchport port-security aging time 2
no switchport port-security aging type inactivity
no spanning-tree portfast
no spanning-tree bpduguard enable
exit
fi
}
Switch(config)# end
Related Commands
Command
macro auto device
macro auto execute (built-in
function)
macro auto execute
(remo tely-defined trigg er)
Description
Simplifies changin g the parameters for a built-in functions for a
device type.
Changes built-in function default values or to map u ser-defin ed
trig gers to built-in functions, and to pass the p arameter valu es.
Maps a trigger to a remotely defined fun ction s.
macro auto glo bal processing En ables Auto Smartports on a switch .
macro auto processing
macro auto s ticky
shell trigger
En ables Auto SmartPorts macros on a specific interface.
Specifies not to remove configuratio ns app lied by ASP acro ss lin k
flaps and dev ice removal.
Creates a u ser defined trigger.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-354
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto global processing
macro auto global processing
Use the macro auto glo ba l pro cessing global con figuratio n command to enab le Au to SmartPorts
macros on the switch. Use the no fo rm of this command to d isab le Au to SmartPorts (ASP) macros
globally.
macro a uto global processing [cdp | lldp]
no macro auto g lobal processing [ cdp | ldp]
Note
Syntax Description
Starting with Release 15.0(2 )SG, the fallback option has been deprecated.
cdp
lldp
Selects CDP as fallb ack mode.
Selects LLDP as fallback mo de.
Defaults
Auto Smartpo rts is disab led.
Command Modes
Glob al co nfigu ration
Usage Guidelines
Use the macro auto glo ba l pro cessing global con figuratio n command to globally enab le Au to
Smartports macros on the switch. To disable ASP macros on a sp ecific p ort, use the no macro auto
proces sing command in the interface mo de before ASP is enab led glo bally.
Auto Smartpo rts macros dynamically configu re p orts based on the device type detected on th e port.
Wh en the switch detects a new d evice on a po rt it applies the appropriate ASP macro. When a link-down
event o ccurs on a port, the switch removes the macro. For examp le, when yo u connect a Cisco IP pho ne
to a po rt, ASP automatically ap plies the IP phone macro. The IP p hone macro enables qu ality of service
(QoS), security features, and a dedicated voice VLAN to ensure proper treatment o f delay -sensitive
voice traffic.
ASP u ses ev ent triggers to map devices to macros. The mos t common event trig gers are b ased on
Cisco Discovery Protocol (CDP) messages received from connected devices. The detection o f a device
invokes a CDP event trigger: Cisco IP p hone, Cisco wireless access p oint, Cisco switch, or Cisco router.
Other event triggers use MAC authentication by pas s (MAB) and 80 2.1 X au then tication messag es.
Use CDP if port authentication is enab led and the RADIUS server does not sen d an event trig ger.
Select LLDP to apply auto config uration if authentication fails.
If authentication is enabled on a po rt, a switch igno res CDP and LLDP messag es u nless the cdp keyword
is enabled.
Wh en usin g 8 02.1X or M AB auth entication, configure the RADIUS server to suppo rt the Cisco
attribute-value (AV) pair auto-smart-port=event trigger.
Wh en CDP-iden tified d evices advertise multiple capab ilities, a switch chooses a cap ability in this
prio rity order: switch, router, access poin t, lightweigh t access point, phon e, host.
To verify that an ASP macro is ap plied to an interface, use th e show running config command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-355
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro auto global processing
The macro auto global processing cdp an d macro auto glo ba l processing lldp commands enables ASP
g lobally if it is not already en abled, and set the fallback to CDP or LLDP, respectively. However, the no
macro auto global processing [cdp | lldp] command only removes the fallback mechanism. It do es not
d isable ASP g lobally; o nly the no ma cro auto global processing command disables ASP glob ally.
The keywords cdp an d lldp are also co ntro lled at th e interface level; by default, CDP is the fallb ack
mechan ism on an interface. If y ou prefer LLDP, first enter th e no macro auto processing cdp co mmand ,
th en enter the macro auto processing lldp comman d.
If you want to activate b oth CDP and LLDP, you must enable them in sequence. For example, you would
first enter the macro auto processing cdp comman d, then the macro auto processing lldp command.
Examples
This example s hows how enable ASP on a switch and to disable the featu re on Gi1/0/1 :
Switch(config)# interface interface Gi1/0/1
Switch(config-if)# no macro auto processing
Switch(config)# macro auto global processing
Related Commands
Command
Description
macro auto device
Simplifies changin g the parameters for a built-in functions for a
device type.
macro auto execute (built-in
function)
macro auto execute
(remo tely-defined trigg er)
Changes built-in function default values or to map u ser-defin ed
trig gers to built-in functions, and to pass the p arameter valu es.
Maps a trigger to a remotely defined fun ction s.
macro auto execute
(user-defined function)
macro auto processing
macro auto s ticky
shell trigger
Maps a trigger to a user-defined fun ction .
En ables ASP macros on a specific interface.
En ables a user to not remove co nfigurations ap plied by ASP across
link flaps and dev ice removal.
Creates a u ser defined trigger.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-356
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto mac-address-group
macro auto mac-address-group
Use th e ma cro a uto mac-a ddress-group co mmand to configu re a grou p o f MAC-address or OUIs as a
trigg er. Use th e no form of this comman d to u nco nfigure the group.
macro a uto ma c-address-group gr p_name
no macro auto mac-a ddress-group grp_ namel
Syntax Description
grp_n ame
Command Modes
Glob al co nfigu ration
Usage Guidelines
Specifies the group name.
This comman d changes the mo de to config-mac-ad dr-grp , in which you can add or remove a M AC
ad dress or OUI fro m the gro up.
You can sp ecify a list o f MACs or OUIs, or a range o f OUIs (maximu m of 5 in th e range).
Examples
This examp le shows how to configure testGroup as a trigger:
Switch(config)# macro auto mac-address-group testGroup
Switch(config-addr-grp-mac)# mac-address list 1111.1111.1111 2222.2222.2222
Switch(config-addr-grp-mac)# exit
Switch(config)# exit
Related Commands
Co mmand
macro auto execute (built-in
function)
macro a uto ex ecute
(remotely-defined trigger)
Descriptio n
Changes built-in function default valu es or to map user-defined
triggers to built-in fun ction s, and to pas s th e parameter values.
Maps a trigger to a remotely defin ed functions.
macro a uto ex ecute
Maps a trigger to a u ser-defin ed function.
(user-defined function)
macro a uto global processing Enables Auto Smartports on a switch.
macro a uto processing
Enables Auto SmartPorts macros on a specific interface.
macro a uto sticky
Specifies n ot to remov e co nfigu rations applied by ASP across link
flaps and device removal.
shell trigger
Creates a user defined trig ger.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-357
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro auto monitor
macro auto monitor
To enable the device classifier, use th e macro auto monitor glo bal co nfigu ration command. Use the no
form of this command to disable th e device classifier.
macro auto monitor
no macro auto monitor
Syntax Description
This command has no arguments or keywo rds.
Command Default
Device classifier is enabled.
Command Modes
Global configuratio n
Usage Guidelines
Use the no macro auto monitor glob al co nfigu ration co mmand to disable the device classifier. You
cannot disable the dev ice classifier while it is b eing u sed by features such as ASP.
Examples
This example s hows how to enab le the ASP device classifier o n a switch:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# macro auto monitor
Switch(config)# end
Related Commands
Command
Description
show macro auto monito r clients
Displays the clients using the device classifier facility o n th e
switch.
Displays the devices conn ected to a switch, along with th eir
pro perties and class ifications .
show macro auto monito r device
show macro auto monitor type
Displays all the d evice types known to the d evice classification
ag ent.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-358
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto processing
macro auto processing
Note
Only us e this co mmand when Auto SmartPorts (ASP) is enabled globally; when ASP is dis abled
globally, interface-level co ntro l has no effect.
Use the macro auto pro cessing interface config uration comman d to enable ASP macros on a specific
interface. Use the no form of this command to disable ASP on a sp ecific interface before ASP is enabled
globally.
macro a uto processing [fa llback cdp] [fallback lldp]
no macro auto processing [fallback cdp] [fallback lldp]
Syntax Description
fallback cdp
Specifies as CDP as the fallback mech anis m.
Specifies as LLDP as the fallback mechanism.
fallback lldp
Defaults
Fallback mechan ism is CDP.
Command Modes
Interface level configuration
Usage Guidelines
The no macro auto processing co mmand sh ould be configured on all interfaces wh ere ASP is not
desirable (such as Layer 3 and EtherChannel interfaces ) before ASP is enabled globally.
At the interface level, the default fallback mechanism is CDP. To change the mechan ism to LLDP, enter
the no macro auto processing fallback cdp comman d, followed by the macro auto processing
fallback lldp command.
Examples
This examp le shows how to enable th e feature on an in terface:
Switch(config)# interface Gi3/1
Switch(config-if)# macro auto processing
Related Commands
Co mmand
Descriptio n
macro auto execute (built-in
function)
shell trigger
show shell functions
Con figures mapping fro m an event trigg er to a built-in macro.
Creates a user defined trig ger.
show shell triggers
Displays co nfigurations included for all the builtin functions
in clud ing user created an d bu ilt-in functions.
Displays detail fo r all sup ported user created and built-in triggers.
macro auto execute (built-in
function)
Changes built-in function default valu es or to map user-defined
triggers to built-in fun ction s, and to pas s th e parameter values.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-359
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro auto processing
Command
Description
macro auto execute
(remo tely-defined trigg er)
macro auto execute
(user-defined function)
Maps a trigger to a remotely defined fun ction s.
Maps a trigger to a user-defined fun ction .
macro auto glo bal processing En ables Auto Smartports on a switch .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-360
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro auto sticky
macro auto sticky
Use the macro auto sticky con figuratio n to s pecify not to remove config urations app lied by ASP across
link flaps and device removal.
macro a uto sticky
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Not sticky (macros are removed
Command Modes
Glob al co nfigu ration
Usage Guidelines
This comman d enables you to avoid un necessary removal o f ASP con figuratio ns when a feature
intentionally shuts d own a link (like EnergyWise, wh ich shuts down inactive links to save energ y). When
such a featu re is enab led, you don't want ASP macros to b e applied and removed u nnecessarily. So you
co nfigure th e sticky feature.
Examples
This examp le shows how to sp ecify n ot to remov e configu rations:
Switch(config)# macro auto sticky
Related Commands
Co mmand
macro auto execute (built-in
function)
macro a uto ex ecute
(remotely-defined trigger)
Descriptio n
Changes built-in function default valu es or to map user-defined
triggers to built-in fun ction s, and to pas s th e parameter values.
Maps a trigger to a remotely defin ed functions.
macro a uto ex ecute
Maps a trigger to a u ser-defin ed function.
(user-defined function)
macro a uto global processing Enables Auto Smartports on a switch.
macro a uto processing
Enables Auto SmartPorts macros on a specific interface.
shell trigger
Creates a user defined trig ger.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-361
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro global apply cisco-global
macro global apply cisco-global
To ap ply the sys tem-defined defau lt template to the switch , use the macro global apply cisco-global
g lobal configuration command on the switch stack or on a standalone switch.
macro global apply cisco-global
Syntax Description
This command has no key words or variables.
Defaults
This command has no default setting .
Command Modes
Global configuratio n mo de
Examples
Thes e ex amples show how to apply the system-defin ed default to the switch :
Switch(config)# macro global apply cisco-global
Changing VTP domain name from gsg-vtp to [smartports] Device mode already VTP TRANSPARENT.
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-362
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
macro global apply system-cpp
macro global apply system-cpp
To apply the con trol plane p olicing d efault template to the switch , use the macro global apply
system-cpp glo bal config uration comman d on the switch stack o r on a standalone switch.
macro g lobal a pply system-cpp
Syntax Description
This comman d has no keywo rds or variables.
Defaults
This comman d has no default setting.
Command Modes
Glob al co nfigu ration mode
Examples
This examp le shows how to apply the system-d efin ed default to the switch :
Switch (config)# macro global apply system-cpp
Switch (config)#
Related Commands
Co mmand
Description
macro g lobal a pply cisco -global
App lies the s ystem-defined default template to the switch.
macro g lobal descriptio n
Enters a descriptio n ab out the macros that are applied to th e
switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-363
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
macro global description
macro global description
To enter a d escrip tion abou t the macros that are applied to the switch, use the macro global description
g lobal configuration command on the switch stack or on a standalone switch. Use th e no form o f this
command to remove the description.
macro global des cription text
no macro global description text
Syntax Description
Defaults
text
Enters a descriptio n abou t th e macros that are app lied to the switch.
This command has no default setting .
Command Modes
Usage Guidelines
Examples
Global configuratio n mo de
This command associates co mment text, or the macro name, with a switch. When multip le macros are
applied on a switch , the description text will be from the last app lied macro.
This example s hows how to add a description to a switch:
Switch(config)# macro global description udld aggressive mode enabled
You can verify your settings by entering the show parser macro description privileged EXEC
command.
Related Commands
Command
macro global apply cisco-global
Descriptio n
Applies the system-defined d efau lt template to the switch .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-364
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
main-cpu
main-cpu
To enter the main CPU submode an d manually synchronize the co nfigurations on the two superviso r
en gines, use the main-cpu comman d.
main-cpu
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Redu ndancy mod e
Usage Guidelines
The main CPU submod e is used to manually synchronize the con figurations on the two s uperviso r
en gines. From the main CPU sub mode, us e the auto -sync co mmand to enable au tomatic synchronizatio n
of the co nfiguration files in NVRAM.
Note
Examples
After you en ter th e main CPU su bmode, yo u can use the auto-sync command to au tomatically
synchronize the configuration b etween the primary and secondary rou te proces sors based o n the primary
co nfiguration. In add ition, y ou can use all o f the redu ndancy commands that are applicable to the main
CPU.
This ex ample shows how to reenab le the default automatic synchronization feature using the auto -syn c
stan dard comman d to sy nch ron ize th e startup -config and config -register configuration of the active
superv isor engine with the standby sup ervisor engin e. The up dates for the boo t variables are automatic
an d cannot be disab led.
Switch(config)# redundancy
Switch(config-red)# main-cpu
Switch(config-r-mc)# auto-sync standard
Switch(config-r-mc)# end
Switch# copy running-config startup-config
Switch#
Related Commands
Co mmand
auto-sync
Description
Enables auto matic sy nchron ization of th e configu ration
files in NVRAM .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-365
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
match
match
To specify a match clau se by selecting one or more ACLs for a VLAN access-map s equ ence, use the
match subcommand. To remove th e match claus e, use the no form of this command.
match {ip address {acl-nu mber | a cl-name}} | {ma c address acl-name}
no match { ip address { a cl-number | acl-n ame}} | {mac address acl-name}
Note
If a match clause is not sp ecified, the action for the VLAN access-map sequence is app lied to all p ackets.
All p ackets are matched ag ains t that seq uen ce in th e access map.
Syntax Description
ip address a cl-number
Defaults
This command has no default setting s.
Command Modes
Usage Guidelines
ip address a cl-name
Selects one or more IP ACLs for a VLAN access-map sequence; valid valu es
are from 1 to 199 an d from 1 300 to 2699 .
Selects an IP ACL by n ame.
mac address acl-n ame
Selects one or more MAC ACLs for a VLAN access-map sequence.
VLAN access-map mo de
The match clause specifies th e IP or MAC ACL fo r traffic filterin g.
The MAC sequence is not effective for IP p ackets. IP pack ets shou ld be access con trolled by IP match
clauses.
Refer to the Ca talys t 45 00 Series Switch Cisco IOS Software Configu ration Guid e fo r additional
configuration gu idelin es and restriction s.
Refer to the Cis co IOS Command Reference pu blication for additional match comman d information.
Examples
This example s hows how to define a match clau se for a VLAN access map:
Switch(config)# vlan access-map ganymede 10
Switch(config-access-map)# match ip address 13
Switch(config-access-map)#
Related Commands
Command
Descriptio n
show v lan access -map
v lan access-map
Displays the contents of a VLAN access map.
Enters VLAN access-map co mmand mod e to create a
VLAN access map.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-366
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
match (class-map configura tion)
match (class-map configuration)
To define the match criteria for a class map, use the ma tch clas s-map con figuratio n command. To
remove the match criteria, us e the no form of th is command.
match {access-group acl-ind ex-or-name | cos cos-list | [lp] dscp dscp-list | [lp] precedence
ip-p recedence-list | qo s-g roup value | protoco l [ip | ipv6 | arp]
no match {access-group acl-index-or-name | cos cos-list | [lp] dscp dscp-list | [lp] precedence
ip-p recedence-list | qo s-g roup value | protoco l [ip | ipv6 | arp]
Syntax Description
access-group
acl-index-or-name
co s cos-list
[lp] dscp dscp-list
[lp] precedence
ip-p recedence-list
Numb er o r name of an IP standard or extended access control list (ACL) or
MAC ACL. For an IP standard ACL, the ACL index range is 1 to 9 9 an d 1300
to 1999. Fo r an IP extended ACL, the ACL index ran ge is 100 to 19 9 and
2000 to 26 99.
Lists up to fo ur Layer 2 class of s ervice (CoS) values to match against a
packet. Separate each valu e with a space. Th e rang e is 0 to 7 .
(Optional) IP keyword. It specifies that the match is for IPv 4 pack ets only. If
not used, th e match is for both IPv4 and IPv 6 p ackets.
Lists up to eig ht IP Differentiated Services Code Po int (DSCP) values to
match agains t a packet. Separate each value with a sp ace. The range is 0 to
63. You also can en ter a mnemonic name for a commo nly used value.
(Optional) IP keyword. It specifies that the match is for IPv 4 pack ets only. If
not used, th e match is for both IPv4 and IPv 6 p ackets.
Lists up to eig ht IP-p recedence values to match against a packet. Separate
each value with a sp ace. The range is 0 to 7. You also can en ter a mn emon ic
name fo r a commonly us ed value.
qos-g roup value
protocol ip
protocol ipv6
protocol a rp
Specifies the internally generated qos-grou p value assig ned to a packet o n
the inp ut qos classification.
Specifies IP in the Ethernet head er. Tho ugh vis ible in the command-line help
strin gs, the only protocol types su pported are IP, IPv6, and ARP.
Specifies IPv6 in the Ethernet header. Though vis ible in the command-line
help s trings the only protocol types su pported are IP, IPv6, and ARP.
Specifies ARP in the Ethern et head er. Thou gh visible in the co mmand -line
help s trings the only protocol types su pported are IP, IPv6, and ARP.
Defaults
No match criteria are defin ed.
Command Modes
Class-map configuration mo de
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-367
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
match (class-map configuration)
Usage Guidelines
Before entering the match command, y ou must firs t en ter the class-map g lobal co nfigu ration command
to specify the name of th e class who se match criteria you want to establish. The match comman d is used
to sp ecify which fields in the packets are examin ed to classify the packets . If a packet matches the
sp ecified criteria, the packet is considered a member of the class and is forward ed according to the
q uality of service (QoS) specification s s et in the traffic po licy.
For the match ip ds cp dscp-list or the match ip precedence ip -precedence-list comman d, you can enter
a mnemo nic name for a commo nly used value. For example, you can enter the match ip dscp af11
command, which is th e same as enterin g th e match ip dscp 10 co mmand . Yo u can enter the match ip
precedence critical comman d, which is the same as entering the match ip precedence 5 comman d. Fo r
a list o f supp orted mnemonics, enter the match ip dscp ? or the match ip precedence ? co mmand to
see th e comman d-line help s trings .
To match only IPv 6 packets, yo u mu st u se the match protocol ipv6 command. To match on ly IPv4
p ackets y ou can use either the ip prefix or the proto col ip keyword.
To match only ARP packets, you must use th e match protocol arp command.
You can configu re the match cos cos-list , match ip dscp dscp-list , match ip precedence
ip-precedence-list command in a clas s map within a policy map.
The match cos cos-list command ap plies on ly to Ethernet frames that carry a VLAN tag.
The match qos -group command is u sed by the class-map to identify a specific Qo S group value
assign ed to a packet. The QoS gro up valu e is local to the switch and is asso ciated with a pack et on the
in put Qos classification.
Packets that do not meet any o f the matchin g criteria are classified as members o f the default traffic class.
You co nfigure it by specifying class-default as the class name in the class po licy-map configuration
command. For more info rmation, s ee th e “class” section on page 2-84.
Examples
This example shows how to create a class map called clas s2, wh ich matches all the inbou nd traffic with
DSCP valu es of 1 0, 11 , and 12:
Switch# configure terminal
Switch(config)# class-map class2
Switch(config-cmap)# match ip dscp 10 11 12
Switch(config-cmap)# exit
Switch#
This example shows how to create a class map called clas s3, wh ich matches all the inbou nd traffic with
IP-precedence valu es of 5 , 6, and 7 for bo th IPv4 an d IPv6 traffic:
Switch# configure terminal
Switch(config)# class-map class3
Switch(config-cmap)# match ip precedence 5 6 7
Switch(config-cmap)# exit
Switch#
This example s hows how to delete the IP-precedence match criteria and to classify traffic using acl1:
Switch# configure terminal
Switch(config)# class-map class2
Switch(config-cmap)# match ip precedence 5 6 7
Switch(config-cmap)# no match ip precedence
Switch(config-cmap)# match access-group acl1
Switch(config-cmap)# exit
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-368
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
match (class-map configura tion)
This example shows h ow to specify a class-map that applies only to IPv6 traffic o n a Superv isor Eng ine
6-E:
Switch# configure terminal
Switch(config)# class-map match all ipv6 only
Switch(config-cmap)# match dscp af21
Switch(config-cmap)# match protocol ipv6
Switch(config-cmap)# exit
Switch#
You can verify you r settin gs by entering the show class-map priv ileged EXEC command.
Related Commands
Co mmand
Description
cla ss-map
Creates a class map to b e used for matching packets to the
class who se name yo u specify and to enter class-map
co nfiguration mode.
Displays class map info rmation.
show cla ss-map
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-369
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
match flow ip
match flow ip
To sp ecify match criteria to treat flows with a uniq ue source or destination address as new flows, use the
match flow ip co mmand . To d isab le this fu nctio n, use the no fo rm of this command.
match flow ip {source-address [ip destination-address ip protocol L4 source-address L4
destination-address] | destination-a ddress}
no match flow ip { s ource-address [ip destination-a ddress ip proto col L4 source-address L4
destination-address] | destination-a ddress}
Syntax Description
so urce-addres s
ip destination-address
ip protocol L4
so urce-addres s L4
destination-address
destination-address
Establishes a new flow from a flow with a unique IP source ad dress.
(Optional) Comprises th e fu ll flow key word; treats each flow with unique
IP sou rce, destination, protocol, an d Layer 4 s ource an d destination address
as a new flow.
Establishes a new flow from a flow with a unique IP destinatio n add ress.
Defaults
This command has no default setting s..
Command Modes
class-map co nfigu ration submod e
Usage Guidelines
When you specify the s ource-addres s keywo rd, each flow with a uniqu e source ad dress is treated as a
n ew flow.
When you specify the d estin ation -address keyword, each flow with a unique des tinatio n address is
treated as a n ew flow.
A policy map is called a flow-based po licy map when yo u config ure the flow k eywords on th e class map
th at it u ses . To attach a flow-based po licy map as a child to an aggreg ate policy map, u se the
service-po licy comman d.
Note
Examples
The match flow command is available on the Cataly st 4 500 series s witch o nly when
Sup ervisor Engine VI (WS-X451 6-1 0GE) is p resent.
This example s hows how to create a flow-b ased class map asso ciated with a source address:
Switch(config)# class-map match-all c1
Switch(config-cmap)# match flow ip source-address
Switch(config-cmap)# end
Switch#
Switch# show class-map c1
Class Map match-all c1 (id 2)
Match flow ip source-address
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-370
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
match flow ip
This examp le shows how to create a flow-based class map associated with a d estination address:
Switch(config)# class-map match-all c1
Switch(config-cmap)# match flow ip destination-address
Switch(config-cmap)# end
Switch#
Switch# show class-map c1
Class Map match-all c1 (id 2)
Match flow ip destination-address
Switch#
Assu me there are two active flows on th e Fast Ethernet interface 6 /1 with source ad dresses
192.168 .1 0.2 0 and 19 2.1 68.10.21. The followin g example shows h ow to maintain each flow to 1 Mbps
with an allowed burst value of 900 0 bytes:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip source-address
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastethernet6/1
Switch(config-if)# service-policy input p1
Switch(config-if)# end
Switch# write memory
Switch# show policy-map interface
FastEthernet6/1
Service-policy input: p1
Class-map: c1 (match-all)
15432182 packets
Match: flow ip source-address
police: Per-interface
Conform: 64995654 bytes Exceed: 2376965424 bytes
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
Switch#
This examp le shows two active flows o n the Fast Eth ernet interface 6/1 with destination ad dresses of
192.168 .2 0.2 0 and 19 2.1 68.20.21. The followin g example shows h ow to maintain each flow to 1 Mbps
with an allowed burst value of 900 0 bytes:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip destination-address
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastethernet6/1
Switch(config-if)# service-policy input p1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-371
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
match flow ip
Switch(config-if)# end
Switch# write memory
Switch# show policy-map interface
FastEthernet6/1
Service-policy input: p1
Class-map: c1 (match-all)
2965072 packets
Match: flow ip destination-address
police: Per-interface
Conform: 6105636 bytes Exceed: 476652528 bytes
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
Switch#
Assume th ere are two active flows as sh own below on the Fast Ethernet in terface 6/1:
SrcIp
DstIp
IpProt SrcL4Port DstL4Port
-------------------------------------------------------192.168.10.10 192.168.20.20 20
6789
81
192.168.10.10 192.168.20.20 20
6789
21
With the following configuration , each flow is policed to a 10000 00 bps with an allowed 90 00-b yte bu rst
value.
Note
If you u se the match flow ip source-a ddress |destina tion-addres s command, these two flows are
conso lidated into one flow b ecau se they have the same sou rce and destination add ress.
Switch# conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip source-address ip destination-address ip protocol l4
source-port l4 destination-port
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastEthernet 6/1
Switch(config-if)# service-policy input p1
Switch(config-if)# end
Switch# write memory
Switch# show policy-map interface
FastEthernet6/1
class-map c1
match flow ip source-address ip destination-address ip protocol l4 source-port l4
destination-port
!
policy-map p1
class c1
police 1000000 bps 9000 byte conform-action transmit exceed-action drop
!
interface FastEthernet 6/1
service-policy input p1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-372
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
match flow ip
Switch# show class-map c1
Class Map match-all c1 (id 2)
Match flow ip source-address ip destination-address ip protocol l4 source-port l4
destination-port
Switch# show policy-map p1
Policy Map p1
Class c1
police 1000000 bps 9000 byte conform-action transmit exceed-action drop
Switch# show policy-map interface
FastEthernet6/1
Service-policy input: p1
Class-map: c1 (match-all)
15432182 packets
Match: flow ip source-address ip destination-address ip protocol l4 source-port l4
destination-port
police: Per-interface
Conform: 64995654 bytes Exceed: 2376965424 bytes
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
Switch#
Related Commands
Co mmand
Description
service-policy (interface configuration) Attach es a p olicy map to an interface.
show cla ss-map
Displays class map info rmation.
show policy -map
Displays information about the policy map.
show policy -map interfa ce
Displays the statistics an d configuration s o f the in put and
outpu t po licies that are attach ed to an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-373
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mdix auto
mdix auto
To en able the automatic medium-dep en den t interface crossover (auto -MDIX) feature on the interface,
u se the mdix auto comman d. When auto -MDIX is enabled , the in terface au tomatically d etects th e
required cable co nnection typ e (straight-thro ugh or cro ssover) and config ures the connection
appropriately. Use the no form of th is command to disable auto-MDIX.
mdix auto
no mdix auto
Syntax Description
This command has no arguments or keywo rds.
Defaults
Auto-MDIX is enabled.
Command Modes
Interface configuration mod e
Usage Guidelines
The following linecards supp ort Au to-MDIX th rou gh the CLI on their cop per med ia ports:
WS-X4124-RJ45, WS-X414 8-RJ4 5 (hard ware revis ion 3.0 o r higher), and WS-X4232-GB-RJ45
(hardware revision 3.0, or high er), WS-X4 920-GE-RJ45, and WS-46 48-RJ4 5V+E (Au to-MDIX supp ort
when in line power is d isabled on the port).
Linecards that s upport auto-MDIX by default when po rt auto -negotiation en abled an d cannot be turned
o ff usin g an mdix CLI command include: WS-X4448 -GB-RJ45, WS-X454 8-GB-RJ45 ,
WS-X4424-GB-RJ45, and WS-X4412-2GB-T.
Linecards that canno t su pport auto-MDIX functionality, either by default or CLI commands , include:
WS-X4548-GB-RJ45V, WS-X4524 -GB-RJ45V, WS-X450 6-GB-T, WS-X4 148-RJ, WS-X42 48-RJ 21V,
WS-X4248-RJ45V, WS-X42 24-RJ4 5V, and WS-X4 232-GB-RJ .
When y ou enable auto-MDIX on an interface, you must also set the interface speed to be autoneogiated
so th at the feature op erates co rrectly.
When auto-MDIX (and autonegotiation of s peed) is enabled on one or both of con nected interfaces, link
u p o ccurs even if the cab le type (straig ht-throug h o r crossover) is inco rrect.
Examples
This example s hows how to enab le auto MDIX on a po rt:
Switch# configure terminal
Switch(config)# interface FastEthernet6/3
Switch(config-if)# speed auto
Switch(config-if)# mdix auto
Switch(config-if)# end
Related Commands
Command
Descriptio n
speed
Con figures the interface speed.
show interfa ces
Displays traffic on a specific interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-374
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mdix auto
Co mmand
Description
show interfaces capabilities
Displays the interface capabilities for an interface o r fo r all the
interfaces on a switch.
Displays the interface status.
show interfaces status
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-375
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
media-type
media-type
To select th e connecto r fo r a du al-mode capab le port, us e the media-type co mmand .
media-type {rj45 | sfp}
Syntax Description
rj45
sfp
Defaults
sfp
Command Modes
Usage Guidelines
Uses the RJ-45 conn ector.
Uses the SFP co nnector.
Interface configuration mod e
This command is supp orted on all po rts on the WS-X4306 -GB-T modu le an d ports 1/4 5-4 8 o n the
WS-X4948 chassis.
Entering the sho w interface capa bilities command provides th e Multiple Med ia Ty pes field, which
d isplay s th e valu e no if a po rt is not dual-mod e capable and lists the media types (sfp and rj45 ) for
d ual-mode capable po rts.
Examples
This example s hows how to config ure port 5/4 5 o n a WS-X49 48 ch assis to use the RJ-45 co nnector:
Switch(config)# interface gigabitethernet 5/45
Switch(config-if)# media-type rj45
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-376
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
mode
mode
To set the redu ndancy mod e, use the mode command.
mode {rpr | sso }
Syntax Description
rpr
sso
Defaults
If you are up grading the cu rren t su pervisor eng ine from Cisco IOS Release 12.2(18)EW o r an earlier
release to 12.2(20)EWA, and the RPR mod e has been saved to the startup configuration , b oth sup ervisor
en gines will contin ue to operate in RPR mode after the software u pgrade. To use SSO mode, y ou must
man ually change th e redu ndancy mod e to SSO.
Command Modes
Redu ndancy configuration mod e
Usage Guidelines
Specifies RPR mod e.
Specifies SSO mode.
RPR and SSO mod e are not supported o n Catalyst 4500 series switches th at are con figured with
Superviso r Engin e 2.
The mode command can be entered on ly fro m within redun dan cy configu ration mode.
Fo llow these guidelines when co nfiguring you r system to RPR or SSO mode:
•
•
You must use identical Cis co IOS images an d s uperviso r en gines to su pport RPR and SSO mode.
Redu ndancy may no t wo rk due to differences between the Cisco IOS release and su pervisor engin e
capabilities.
Any modu les that are not onlin e at the time of a switchover are reset and reloaded o n a switchover.
•
If you perform an OIR of the modu le with in 6 0 s econds before a stateful switchover, the module
resets d urin g th e stateful switchover and the po rt states are res tarted .
•
The FIB tables are cleared on a switchover. Routed traffic is interru pted un til route tables
reconverge.
The redund ant sup ervisor engin e reloads on any mode change and begins to work in the current mode.
Examples
This examp le shows how to set the red undancy mo de to SSO:
Switch(config)# redundancy
Switch(config-red)# mode sso
Switch(config-red)#
Related Commands
Co mmand
redundancy
Description
Enters the redund ancy configu ration mode.
redundancy force-switchover
Fo rces a s witchover from the active to th e standby supervisor
en gine.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-377
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mode
Command
Descriptio n
show redundancy
show running-co nfig
Displays redund ancy facility informatio n.
Displays the running configuration of a switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-378
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor capture {access-list | class-map}
monitor capture {access-list | class-map}
To specify an access list or clas s map as the co re filter, use the monitor capture {access -list |
cla ss-map} command. To remove the filter, use the no form of this command.
monitor capture name {access -list n ame | class-ma p name}
no monitor capture name {access-list name | class-map name}
Syntax Description
Defaults
name
access-list name
Specifies a capture poin t.
Specifies access list n ame
cla ss-map n ame
Specifies clas s map name
Non e
Command Modes
Privileg ed EXEC mode
Usage Guidelines
The access list or class map is d efined with configuration commands . The access list or class map should
be defined prio r to enterin g the monitor capture command. We can specify the core filter as a class map,
access lis, t or an exp licit in-line filter. If the filter has already been specified when you enter the mo nitor
ca pture command, it rep laces th e older one.
Examples
The following example shows how to define a core system filter using an existing ACL or class-map:
Switch# monitor capture mycap filter access-list myacl
Switch# monitor capture mycap filter class-map mycm
Switch# no monitor capture mycap filter class-map mycm
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-379
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor capture [clear | export]
monitor capture [clear | export]
To clear cap tu re buffer con tents or to sto re the packets to a file, use the monitor capture [clea r | export
filename] command.
monitor capture name [clea r] [export filename]
Syntax Description
n ame
clear
Specifies a cap ture point.
Clears all the packets in the capture buffer.
export filen ame
Store all the p ackets in capture buffer to a .pcap file.
Defaults
n one
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
The clear option empties the capture buffer an d the ex po rt option stores the pack ets in th e capture buffer
to the file. You should use these commands only when the storag e destinatio n is a captu re buffer. Th ese
commands are u sab le eith er durin g capture or when it has stopp ed either because o ne or more end
cond itions has b een met or y ou en tered the sto p comman d. If you enter the clear command after the
capture has s topped, further export (or decode) and displa y commands have no impact b ecau se the
bu ffer has no packets.
Examples
The following example shows how to asso ciate or disassociate a captu re file:
Switch# monitor capture mycap export bootflash:mycap.pcap
Switch# monitor capture mycap clear
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-380
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor ca pture [interface | vlan | control-plane]
monitor capture [interface | vlan | control-plane]
To specify on e or more attachment points with d irectio n, use the monito r ca pture [interface | vla n |
co ntro l-plane] command. To remove the attachment point, use th e no form o f this co mmand .
monitor capture name [{interface name | vlan num | control-plane} { in | out | both}]
no monitor capture name [{ interfa ce n ame | vlan n um | co ntro l-plane} {in | o ut | both}]
Syntax Description
Defaults
Command Modes
Usage Guidelines
name
interface name
Specifies a capture poin t.
Specifies an interface. In terface range is allowed.
vlan num
co ntro l-plane
Specifies a VLAN.
Specifies control plan e.
input | output | both
Specific traffic direction.
Non e
Privileg ed EXEC mode
Specifies one o r more attachment p oints with direction. We can specify a range of interfaces also. The
co mmand can b e repeated as many times as need ed to add multiple attachment points.
We need to mention at least o ne attachment point. For VLAN, the direction has to be set to b oth.
Examples
The following example shows how to add an attachment point:
Switch# monitor capture mycap interface gigabitEthernet 3/1 in
The following example shows how to remove an attachment point:
Switch# no monitor capture mycap interface gigabitEthernet 3/1 in
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-381
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor capture file location buffer-size
monitor capture file location buffer-size
To specify the capture destinatio n, use the monitor capture command. To remove the details, use the
no form of th is command.
monitor capture name [[file location filename [buffer-size <1-100>] [ring <2-10>] [size
<1-100>]] | [buffer [circular] size <1-100>]]
]no monitor capture name [file | buffer]
Syntax Description
file locatio n filen ame
buffer-size <1-100>
ring <2 -10 >
Defaults
The default buffer size is one MB.
size <1-100>
buffer [circular] size <1-1 00>
Specifies filename of location.
Specifies bufer size in MB.
Specifies number of files.
Specifies the file size.
Specifies th at the capture destinatio n is a buffer. By default, the
mode is linear.
The keyword circular sets the bu ffer mod e to circular.
The keyword size s pecifies the buffer size.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
The cap ture destinatio n can be a file in storag e disk or a memo ry buffer. Th is command specifies the
p arameters related to packet storag e.
The file option specifies th at the p ackets mu st b e stored to a file. To red uce or avoid any loss in packet
capture, you can use the buffer-s ize option . The capture and sto re operations req uire more CPU, limiting
th e captu re th roug hput.
You can in crease the th roug hput by triggerin g lock-step mode, wherein the packets are first captured in
th e buffer. Within this mode, th e “duration ” parameter d efin es the capture du ration. Once the buffer is
full or the du ration closes, the buffer is written to the file, greatly increasing the capture throug hput. Th e
lo ck-step mo de is automatically trigg ered by specifyin g th e buffer size to 32MB or hig her.
The size of the cap ture file can b e limited with the size op tion. The file location mu st on e of th e
followin g:
•
Internal bootflas h (boo tflash: )
•
External flash (slot0 : )
•
USB (usb0: )
Do not specify any oth er devices.
The destination file can b e a rin g o f files rather th an a sin gle file. The ring op tio n s pecifies the numb er
o f files in th e rin g whereas size sp ecifies the total size of all th e files. In ring file mode, when th e file
size limit has reached, it accommod ates space for n ew packets by removin g the oldest file.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-382
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor capture file location buffer-size
If the cap ture destination is a buffer, you mu st use the show comman d to d ecode and display the packets
from the buffer. If the circular op tion is s pecified, capture continues until you explicitly is sue the sto p
co mmand . If no space exists in the buffer, oldest p acket(s) are removed to accommodate the new on es.
If the circula r optio n is no t provided, newer packets are discarded when the capture buffer is full.
Examples
The following example usag es show h ow to specify a file o r a ring of files as th e captu re d estination:
Switch# monitor capture mycap associate buffer-size 1000000file location
bootflash:mycap.pcap
Switch# monitor capture mycap file location bootflash:mycap.pcap size 40
Switch# monitor capture mycap file location bootflash:mycap.pcap ring 4 size 40
Switch# monitor capture mycap file location bootflash:mycap.pcap buffer-size 8
Switch# monitor capture mycap file location bootflash:mycap.pcap ring 4 size 40
buffer-size 16
Switch# no monitor capture mycap file
The following example shows how to setup captu re in lock-step mo de:
Switch# monitor capture mycap file location bootflash:mycap.pcap buffer-size 64
Switch# no monitor capture mycap file
The following example shows how to make a circular buffer as the cap ture des tin ation and operate on
the buffer:
Switch# monitor capture mycap int gi 3/1 in match ipv4 any any
Switch# monitor capture mycap buffer circular size 1
Switch# monitor capture mycap start
Switch#
Switch# sh monitor capture mycap buffer
0.000000
10.1.1.164 -> 20.1.1.2
UDP Source port: 20001
1.000000
10.1.1.165 -> 20.1.1.2
UDP Source port: 20001
2.000000
10.1.1.166 -> 20.1.1.2
UDP Source port: 20001
3.000000
10.1.1.167 -> 20.1.1.2
UDP Source port: 20001
4.000000
10.1.1.168 -> 20.1.1.2
UDP Source port: 20001
5.000000
10.1.1.169 -> 20.1.1.2
UDP Source port: 20001
6.000000
10.1.1.170 -> 20.1.1.2
UDP Source port: 20001
7.000000
10.1.1.171 -> 20.1.1.2
UDP Source port: 20001
8.000000
10.1.1.172 -> 20.1.1.2
UDP Source port: 20001
9.000000
10.1.1.173 -> 20.1.1.2
UDP Source port: 20001
10.000000
10.1.1.174 -> 20.1.1.2
UDP Source port: 20001
11.000000
10.1.1.175 -> 20.1.1.2
UDP Source port: 20001
12.000000
10.1.1.176 -> 20.1.1.2
UDP Source port: 20001
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Switch# sh monitor capture mycap buffer detailed
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Arrival Time: Apr 12, 2012 10:59:06.255983000 PDT
Epoch Time: 1334253546.255983000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 256 bytes (2048 bits)
Capture Length: 256 bytes (2048 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: 00:00:00:00:03:01 (00:00:00:00:03:01), Dst: 54:75:d0:3a:85:3f
(54:75:d0:3a:85:3f)
Destination: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
Address: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-383
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor capture file location buffer-size
Source: 00:00:00:00:03:01 (00:00:00:00:03:01)
Address: 00:00:00:00:03:01 (00:00:00:00:03:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
…
Switch# sh monitor capture mycap buffer dump
0.000000
10.1.1.164 -> 20.1.1.2
UDP Source port: 20001 Destination port: 20002
0000
0010
0020
0030
0040
0050
0060
0070
0080
0090
00a0
00b0
00c0
00d0
00e0
00f0
54 75 d0 3a 85 3f 00 00 00 00 03 01 08 00 45 00
00 ee 00 00 00 00 40 11 59 58 0a 01 01 a4 14 01
01 02 4e 21 4e 22 00 da 6e 13 00 01 02 03 04 05
06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45
46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55
56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65
66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75
76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85
86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95
96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5
a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5
b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5
c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 63 24 51 ee
Tu.:.?........E.
[email protected]......
..N!N"..n.......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
............c$Q.
1.000000
10.1.1.165 -> 20.1.1.2
UDP Source port: 20001
…
Switch# monitor capture mycap clear
Switch# sh monitor capture mycap buffer detailed
…
Switch# monitor capture mycap stop
Destination port: 20002
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-384
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor capture limit
monitor capture limit
To specify cap ture limits, use the monitor capture limit comman d. To remove the limits, use the no
form of this comman d.
monitor capture name limit {duration seconds] [packet-leng th size] [packets n um]
no monitor capture name limit [duration] [packet-length] [packets ]
Syntax Description
name
duration seconds
Specifies a capture poin t.
Specifies du ration in second s.
packet-length size
Specifies packet length. If th e actual packet is lo nger, only th e
first size by tes are s tored.
packets num
Specifies nu mber of packets to be p rocessed .
Defaults
Entire packet is pro cessed if packet-leng th is no t sp ecified.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
Examples
Specifies ses sion duration , pack et seg ment length and number of packets to b e stored
The following example shows how to associate/disassociate a cap ture file:
Switch# monitor capture mycap limit duration 10
Switch# monitor capture mycap limit packet-length 128
Switch# monitor capture mycap limit packets 100
Switch# no monitor capture mycap limit duration packet-length packets
Switch# monitor capture mycap limit duration 10 packet-length 128 packets 100
Switch# no monitor capture mycap limit
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-385
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor capture mycap match
monitor capture mycap match
To define an ex pliciti in-line core filter, u se the monitor capture mycap match command. To remove
it, use th e no form o f this co mmand .
Switch# [no] monitor capture mycap match {any | mac mac-match-string | ipv4
ipv4-match-string | ipv6 ipv6-match-string}
To use a filter fo r MAC, use the format below
Switch# [no] monitor capture mycap match mac {src-mac-addr src-mac-mask | any | host
src-mac-addr} | {dest-mac-addr dest-mac-mask | any | host dest-mac-addr}
To use a filter fo r IPv4/IPv6, use on e of the fo rmats b elow
Switch# [no] monitor capture mycap match {ipv4 | ipv6} [src-prefix/length | any | host
src-ip-addr] [dest-prefix /length | any | host dest-ip-addr]
Switch# [no] monitor capture mycap match {ipv4 | ipv6} proto {tcp | udp}
[src-prefix/length | any | host src-ip-addr] [eq | gt | lt | neq <0-65535>]
[dest-prefix/length | any | host dest-ip-addr] [eq | gt | lt | neq <0-65535>]
Syntax Description
a ny
mac mac-match-string
ipv4 ipv4-match-string
ipv6 ipv6-match-string
match name
sr c-mac-add r
sr c-mac-mask
host src-mac-a ddr
d est-mac-addr
d est-mac-mask
host des t-ma c-addr
src-p refix/length
Specifies “any” packet
Specifies a Layer 2 pack et
Specifies an IPv4 packet
Specifies an IPv6 packet
Specifies a cap ture point
Specifies source MAC address
Specifies source MAC mask
Source (or destination) MAC (or IP) address
Specifies a destination MAC add ress
Specifies a destination MAC mask
Specifies a sou rce (or destination) MAC (or IP) add ress
Specifies a sou rce prefix / length
host src-ip-ad dr
d est-prefix/len gth
Specifies a ho st so urce IP addres s
Specifices a destinatio n prefix / len gth
host des t-ip-addr
proto {tcp | udp}
Specifies a sou rce (or destination) MAC (or IP) add ress
Specifies the protocol to be u sed
{eq | g t | lt | neq} <0-6 5535>
Specifies Equal, Greater Than, Less than, Not Equ al To
Defaults
n one
Command Modes
Priv ileged EXEC mo de
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-386
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor capture mycap match
Usage Guidelines
You can sp ecify the co re filter as a class map, access list, or an explicit in-lin e filter. If the filter has
already been specified wh en yo u enter this comman d, it replaces the o lder one.
The explicit, in -line filter is in tend ed as a simple way to sp ecify a core filter. In certain situations , you
must go thro ugh the app roval p rocess to change a co nfigu ration, which cou ld be time-consumin g.
Altho ugh explicit filters s implify this process, be aware that suppo rt is more ex ten sive for access list and
class map s.
You can cap ture IPv4, IPv6, MAC, or “any” traffic b y sp ecify ing th e appro priate keywords. Depen ding
on the traffic type, the usage varies. For a MAC, you can specify an address or prefix. For IPv4 or IPv6 ,
you can match o n s everal field s. For sou rce or d estin ation po rts, several operators are suppo rted.
Examples
The following example usag es show h ow to set or remove an explicit filter:
Switch# monitor capture mycap match any
Switch# monitor capture mycap match mac any any
Switch# monitor capture mycap match mac host 0000.0a01.0102 host 0000.0a01.0103
Switch# monitor capture mycap match ipv4 any any
Switch# monitor capture mycap match ipv4 host 10.1.1.2 host 20.1.1.2
Switch# monitor capture mycap match ipv4 proto udp 10.1.1.0/24 eq 20001 20.1.1.0/24 eq
20002
Switch# monitor capture mycap match ipv4 proto udp 10.1.1.2/24 eq 20001 any
Switch# no monitor capture mycap match
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-387
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor capture start
monitor capture start
To start or stop a capture poin t, use the monitor ca pture command.
monitor capture name start [capture-filter filter-string] [display [display-filter filter-strin g]]
[brief | detailed | dump | stop]
Syntax Description
n ame
start
Specifies a cap ture point.
Starts th e Wiresh ark ses sion an d captures live traffic.
capture-filter filter-str in g
Specifies the capture filter.
display [display-filter filter-string]
Decodes and displays the filter. Optionally, specifies the display
filter.
[brief | detailed | dump]
stop
Specifies the dis play mod e. Default is brief.
Stops the Wireshark session.
Defaults
The default display mode is brief.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
Thes e comman ds start o r stop a capture session, assu min g all man datory parameters are specified. We
mu st ensure that resources like CPU an d memory are available befo re starting the session. Becau se the
capture an d display filters must observe the Wireshark display filter syn tax, en sure that the filters are
accurate (for example, specify the filters within dou ble-quo tes).
If the packets will be stored and disp layed, do not use display filter; in th is mo de, if a p acket is stored ,
it is displayed as well. If yo u p rovid e a dis play filter, it is igno red.
If a capture filter is sp ecified, the capture is limited to 6 5536 packets. In this releas e, there is a limitation
th at the timestamp will be incorrect when we use a captu re filter.
Examples
The following example shows how to start or stop a capture session in various mod es:
Switch# monitor capture mycap int gi 3/1 in match ipv4 any any
Switch# monitor capture mycap file location bootflash:mycap.pcap
Switch# monitor capture mycap limit packets 100 duration 60
Switch# monitor capture mycap start
Switch#
Switch# monitor capture mycap stop
Switch# monitor capture mycap start capture-filter "udp.port == 20001"
Switch# monitor capture mycap stop
Switch# monitor capture mycap start capture-filter "udp.port == 20001" display
A file by the same capture file name already exists, overwrite?[confirm]
0.000000
0.000000
0.000000
0.000000
10.1.1.9 -> 20.1.1.2
10.1.1.10 -> 20.1.1.2
10.1.1.11 -> 20.1.1.2
10.1.1.12 -> 20.1.1.2
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-388
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor capture start
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
10.1.1.13 -> 20.1.1.2
10.1.1.14 -> 20.1.1.2
10.1.1.15 -> 20.1.1.2
10.1.1.16 -> 20.1.1.2
10.1.1.17 -> 20.1.1.2
10.1.1.18 -> 20.1.1.2
10.1.1.19 -> 20.1.1.2
10.1.1.20 -> 20.1.1.2
10.1.1.21 -> 20.1.1.2
10.1.1.22 -> 20.1.1.2
10.1.1.23 -> 20.1.1.2
10.1.1.24 -> 20.1.1.2
10.1.1.25 -> 20.1.1.2
10.1.1.26 -> 20.1.1.2
10.1.1.27 -> 20.1.1.2
10.1.1.28 -> 20.1.1.2
10.1.1.29 -> 20.1.1.2
10.1.1.30 -> 20.1.1.2
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Switch# monitor capture mycap start capture-filter "udp.port == 20001" display
display-filter "udp.port == 20002"
%Display-filter cannot be specified when capture is associated to a file. Ignoring
display filter%
A file by the same capture file name already exists, overwrite?[confirm]
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
0.000000
10.1.1.96 -> 20.1.1.2
10.1.1.97 -> 20.1.1.2
10.1.1.98 -> 20.1.1.2
10.1.1.99 -> 20.1.1.2
10.1.1.100 -> 20.1.1.2
10.1.1.101 -> 20.1.1.2
10.1.1.102 -> 20.1.1.2
10.1.1.103 -> 20.1.1.2
10.1.1.104 -> 20.1.1.2
10.1.1.105 -> 20.1.1.2
10.1.1.106 -> 20.1.1.2
10.1.1.107 -> 20.1.1.2
10.1.1.108 -> 20.1.1.2
10.1.1.109 -> 20.1.1.2
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Switch#
Switch# monitor capture mycap start capture-filter "udp.port == 20001" display
display-filter "udp.port == 20002" detailed
%Display-filter cannot be specified when capture is associated to a file. Ignoring
display filter%
A file by the same capture file name already exists, overwrite?[confirm]
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Arrival Time: Dec 31, 1969 17:00:00.000000000 PDT
Epoch Time: 0.000000000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 256 bytes (2048 bits)
Capture Length: 256 bytes (2048 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: 00:00:00:00:03:01 (00:00:00:00:03:01), Dst: 54:75:d0:3a:85:3f
(54:75:d0:3a:85:3f)
Destination: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
Address: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-389
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor capture start
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 00:00:00:00:03:01 (00:00:00:00:03:01)
Address: 00:00:00:00:03:01 (00:00:00:00:03:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Switch# monitor capture mycap start capture-filter "udp.port == 20001" display dump
A file by the same capture file name already exists, overwrite?[confirm]
0.000000
0000
0010
0020
0030
0040
0050
0060
0070
0080
0090
00a0
00b0
00c0
00d0
00e0
00f0
10.1.1.6 -> 20.1.1.2
UDP Source port: 20001
54 75 d0 3a 85 3f 00 00 00 00 03 01 08 00 45 00
00 ee 00 00 00 00 40 11 59 f6 0a 01 01 06 14 01
01 02 4e 21 4e 22 00 da 6e b1 00 01 02 03 04 05
06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45
46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55
56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65
66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75
76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85
86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95
96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5
a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5
b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5
c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 ac 69 6e fd
0.000000
10.1.1.7 -> 20.1.1.2
Destination port: 20002
Tu.:.?........E.
[email protected].......
..N!N"..n.......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
.............in.
UDP Source port: 20001
Destination port: 20002
Switch#
Switch# monitor capture mycap start display display-filter "udp.port == 20002"
%Display-filter cannot be specified when capture is associated to a file. Ignoring
display filter%
A file by the same capture file name already exists, overwrite?[confirm]
0.000000
1.000000
2.000000
3.000000
4.000000
5.000000
5.998993
6.998993
7.998993
8.998993
9.998993
10.998993
10.1.1.41 -> 20.1.1.2
10.1.1.42 -> 20.1.1.2
10.1.1.43 -> 20.1.1.2
10.1.1.44 -> 20.1.1.2
10.1.1.45 -> 20.1.1.2
10.1.1.46 -> 20.1.1.2
10.1.1.47 -> 20.1.1.2
10.1.1.48 -> 20.1.1.2
10.1.1.49 -> 20.1.1.2
10.1.1.50 -> 20.1.1.2
10.1.1.51 -> 20.1.1.2
10.1.1.52 -> 20.1.1.2
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Switch#
Switch# monitor capture mycap start display display-filter "udp.port == 20002" dump
%Display-filter cannot be specified when capture is associated to a file. Ignoring
display filter%
A file by the same capture file name already exists, overwrite?[confirm]
0.000000
0000
0010
0020
0030
0040
0050
10.1.1.117 -> 20.1.1.2
UDP Source port: 20001
54 75 d0 3a 85 3f 00 00 00 00 03 01 08 00 45 00
00 ee 00 00 00 00 40 11 59 87 0a 01 01 75 14 01
01 02 4e 21 4e 22 00 da 6e 42 00 01 02 03 04 05
06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
Destination port: 20002
Tu.:.?........E.
[email protected]..
..N!N"..nB......
................
.......... !"#$%
&'()*+,-./012345
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-390
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor capture start
0060
0070
0080
0090
00a0
00b0
00c0
00d0
00e0
00f0
36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45
46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55
56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65
66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75
76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85
86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95
96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5
a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5
b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5
c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 41 0c b4 5d
1.000000
10.1.1.118 -> 20.1.1.2
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
............A..]
UDP Source port: 20001
Destination port: 20002
Switch# no monitor capture mycap file
Switch# monitor capture mycap start display display-filter "udp.port == 20002" dump
0.000000
0000
0010
0020
0030
0040
0050
0060
0070
0080
0090
00a0
00b0
00c0
00d0
00e0
00f0
10.1.1.160 -> 20.1.1.2
UDP Source port: 20001
54 75 d0 3a 85 3f 00 00 00 00 03 01 08 00 45 00
00 ee 00 00 00 00 40 11 59 5c 0a 01 01 a0 14 01
01 02 4e 21 4e 22 00 da 6e 17 00 01 02 03 04 05
06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45
46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55
56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65
66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75
76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85
86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95
96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5
a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5
b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5
c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 9f 20 8a e5
1.000000
10.1.1.161 -> 20.1.1.2
Destination port: 20002
Tu.:.?........E.
[email protected]\......
..N!N"..n.......
................
.......... !"#$%
&'()*+,-./012345
6789:;<=>?@ABCDE
FGHIJKLMNOPQRSTU
VWXYZ[\]^_`abcde
fghijklmnopqrstu
vwxyz{|}~.......
................
................
................
................
............. ..
UDP Source port: 20001
Destination port: 20002
Switch# monitor capture mycap start display display-filter "udp.port == 20002"
0.000000
1.000000
2.000000
3.000000
4.000000
5.000000
6.000000
7.000000
8.000000
9.000000
10.000000
11.000000
12.000000
10.1.1.173 -> 20.1.1.2
10.1.1.174 -> 20.1.1.2
10.1.1.175 -> 20.1.1.2
10.1.1.176 -> 20.1.1.2
10.1.1.177 -> 20.1.1.2
10.1.1.178 -> 20.1.1.2
10.1.1.179 -> 20.1.1.2
10.1.1.180 -> 20.1.1.2
10.1.1.181 -> 20.1.1.2
10.1.1.182 -> 20.1.1.2
10.1.1.183 -> 20.1.1.2
10.1.1.184 -> 20.1.1.2
10.1.1.185 -> 20.1.1.2
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
UDP Source port: 20001
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Destination port: 20002
Switch# monitor capture mycap start display detailed
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
Arrival Time: Apr 12, 2012 11:46:54.245974000 PDT
Epoch Time: 1334256414.245974000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-391
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor capture start
Frame Number: 1
Frame Length: 256 bytes (2048 bits)
Capture Length: 256 bytes (2048 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data]
Ethernet II, Src: 00:00:00:00:03:01 (00:00:00:00:03:01), Dst: 54:75:d0:3a:85:3f
(54:75:d0:3a:85:3f)
Destination: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
Address: 54:75:d0:3a:85:3f (54:75:d0:3a:85:3f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 00:00:00:00:03:01 (00:00:00:00:03:01)
Address: 00:00:00:00:03:01 (00:00:00:00:03:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-392
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor session
monitor session
To enable the SPAN ses sions on interfaces o r VLANs, use th e mo nitor s essio n command. To remove
one o r more source or d estination interfaces from a SPAN session, or a so urce VLAN from a SPAN
ses sion, u se the no form of this command .
monitor session session {destination interface {FastEthernet interface-number |
GigabitEthernet interface-nu mber} [encapsulation {isl | dot1 q}] [ingress [v lan vlan_ id]
[learning]]} | {remote vlan vlan_id } | {source { interface {FastEthernet interface-numb er |
GigabitEthernet interface-nu mber | Port-channel interface-number }} | [vlan vlan_ id]
|{remote vlan vlan_id } | {cpu [queue q ueu e_id | acl { input {co py {rx} | erro r {rx} | forward
{rx} | punt {rx} | rx} } | output {copy {rx} | error { rx} | forward {rx} | punt {rx} | rx} | all
{rx} | control-packet {rx} | esmp {rx} | l2-forwa rd { adj-same-if {rx} | bridge-cpu { rx} |
ip-optio n {rx} | ipv6 -scope-check-fail { rx} | l2-src-index -check-fail { rx} | mcast-rpf-fail
{rx } | non-arpa {rx } | router-cpu { rx} | ttl-expired {rx} | ucast-rpf-fail { rx} | rx} |
l3-forward { forward {rx} | glean {rx} | receive {rx} | rx} mtu-exceeded {rx } |
unknown-port-vlan-mapping {rx} | unknown-sa {rx}]} [ , | - | rx | tx | both]} | {filter {ip
access-group [name | id]}{vlan vlan_id [ , | - ]} | {packet-type {good | bad}} | {address-type
{unicast | multicast | bro adcast} [rx | tx | both]}
no monito r session s essio n {destination interface {FastEthernet interfa ce-n umber |
GigabitEthernet interface-nu mber} [encapsulation {isl | dot1 q}] [ingress [v lan vlan_ id]
[learning]]} | {remote vlan vlan_ id} | { so urce {cpu{both | queue | rx | tx} | interface
{FastEthernet in terfa ce-n umber | GigabitEthernet interface-number | Port-channel
interface-numb er }} | [v lan vlan_id] |{remote vlan vlan _id} | {cpu [queue queue_id | acl
{input {copy {rx} | error {rx} | forward {rx} | punt {rx} | rx} } | output {co py {rx} | error
{rx} | fo rward { rx} | punt {rx } | rx} | a ll {rx} | control-packet {rx} | esmp {rx} | l2-forward
{ adj-s ame-if {rx} | bridge-cpu { rx} | ip-optio n {rx} | ipv6 -scope-check-fail { rx} |
l2-s rc-index-check-fail { rx} | mcast-rpf-fail {rx} | non-arpa {rx} | router-cpu {rx} |
ttl-expired { rx} | ucast-rpf-fail {rx} | rx} | l3-forward {forward { rx} | glea n {rx} | receiv e
{rx} | rx} mtu-exceeded { rx} | unknown-port-vlan-mapping {rx} | unknown-sa { rx}]} [ , |
- | rx | tx | both]} | {filter {ip access-g roup [name | id]}{vlan vlan_id [ , | - ]} | {packet-type
{good | bad}} | {address-type {unicast | multicas t | broadcast} [rx | tx | both]}
Syntax Description
ses sion
destina tion
Number of a SPAN session; valid values are from 1 to 6.
Specifies a SPAN des tinatio n.
interface
FastEthernet in terfa ce-n umber
Specifies an interface.
Specifies a Fast Ethern et module and port numb er; valid values
are from 1 to 6 .
GigabitEthernet interface-nu mber
Specifies a Gigabit Ethernet module and p ort number; valid
values are from 1 to 6.
(Optio nal) Sp ecifies the encapsu lation typ e of th e destination
po rt.
(Optio nal) Sp ecifies ISL en capsulation.
encapsulation
isl
dot1q
ing ress
vlan vlan _id
(Optio nal) Sp ecifies dot1q encapsu lation .
(Optio nal) Ind icates wheth er th e ingress o ption is enabled.
(Optio nal) Specifies the VLAN; valid values are from 1 to 4094.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-393
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor session
learning
(Optional) Enables host learning on ingress-enabled destinatio n
ports.
remote vlan vla n_id
so urce
Port-channel interface-numb er
cpu
Specifies an RSPAN so urce or destinatio n s essio n o n a switch.
Specifies a SPAN so urce.
Specifies a po rt-ch ann el in terface; valid values are from 1 to 64.
Cau ses traffic received or sen t from the CPU to be copied to the
destination of the sessio n.
queue queue_ id
(Optional) Specifies that only traffic received on the sp ecific
CPU subqueue should be co pied to the des tinatio n o f the
session. Valid values are from 1 to 64, o r by the followin g
names: all, control-packet, esmp, mtu-ex ceed ed,
unkn own-port-vlan-map ping, u nknown-sa, acl in put, acl inp ut
co py, acl input error, acl inp ut forward, acl input pun t, acl
outpu t, acl ou tput copy, acl o utput error, acl ou tput forward, acl
outpu t pu nt, l2-fo rward, adj-same-if, b ridg e-cp u, ip-option ,
ipv6-scope-check -fail, l2 -src-index-check-fail, mcast-rpf-fail,
non-arpa, router-cp u, ttl-exp ired, ucast-rpf-fail, l3-forward,
fo rward, glean, receive.
a cl
(Optional) Specifies inpu t and outp ut ACLs; valid valu es are
from 14 to 20.
input
Specifies input ACLs; valid values are from 14 to 16.
error
Specifies the ACL software erro rs.
lo g/co py
Specifies packets for ACL logging .
punt
rx
Specifies packets punted due to o verflows.
Specifies monitoring received traffic only.
o utput
Specifies outpu t ACLs ; valid values are fro m 17 to 20 .
l2-forward
bridge-cpu
(Optional) Layer 2 or Lay er 3 excep tion packets.
Specifies packets brid ged to CPU.
ip-option
Specifies packets with an IP option.
ipv6-scope-check-fa il
Specifies IPv6 packets with scop e-ch eck failures.
l2-src-index-check-fail
Specifies IP packets with mismatched SRC MAC and SRC IP
ad dresses.
Specifies IPv4/IPv6 multicast RPF failures .
mcast-rpf-fail
non-arpa
router-cpu
Specifies packets with non -ARPA encap sulation.
Specifies software routed packets.
ttl-expired
adj-same-if
bridged
Specifies IPv4 routed pacekts exceed TTL.
Specifies packets rou ted to the inco ming interface.
Specifies Layer 2 brid ged p ackets.
1
Specifies packets with the highest priority.
2
3
4
Specifies packets with the a high priority.
Specifies packets with the a med ium priority.
Specifies packets with the a low priority.
ucast-rpf-fail
Specifies IPv4/IPv6 Unicast RPF failures.
a ll
(Optional) all q ueues.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-394
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor session
l3-forward
(Optio nal) Layer 3 p ackets.
forward
Specifies special Layer 3 fo rwards tunnel encapsulation.
glean
receive
Specifies special Layer 3 fo rwards glean.
Specifies packets address ed to a po rt.
co ntro l-packet
(Optio nal) ESMP packets.
(Optio nal) Outpu t Layer 3 interface MTU exceeded .
Specifies Layer 3 routed packets.
Specifies packets address ed to a po rt.
rpf-failure
unknown-port-vlan-mapping
unknown-sa
,
Specifies Multicast RPF failed packets.
(Optio nal) Pack ets with missin g p ort-VLAN mapping.
(Optio nal) Pack ets with missin g s ource-IP-addresses.
(Optio nal) Sy mbol to s pecify anoth er range o f SPAN VLANs ;
valid values are fro m 1 to 409 4.
-
(Optio nal) Sy mbol to s pecify a range of SPAN VLANs.
both
(Optio nal) M onitors and filters received and tran smitted traffic.
rx
tx
(Optio nal) Monitors and filters received traffic on ly.
(Optio nal) Monitors and filters transmitted traffic o nly.
filter
Limits SPAN so urce traffic to sp ecific VLANs.
ip access-group
(Optio nal) Sp ecifies an IP access g rou p filter, eith er a name or
a number.
name
(Optio nal) Sp ecifies an IP access lis t name.
id
(Optio nal) Specifies an IP acces s list numb er. Valid values are 1
to 199 for an IP access list and 1 300 to 269 9 for an IP expanded
access list.
vlan vlan _id
(Optio nal) Sp ecifies the VLAN to be filtered. The nu mber is
entered as a single value o r a ran ge; valid values are from 1 to
40 94.
packet-type
good
Limits SPAN so urce traffic to packets of a specified ty pe.
Specifies a good pack et type
bad
Specifies a bad packet typ e.
address-type unicast | multicast |
broadcast
Defaults
(Optio nal) Layer 2 con trol packets.
esmp
mtu-exceeded
routed
received
Limits SPAN so urce traffic to packets of a specified address
typ e. Valid ty pes are unicast, multicast, an d b roadcas t.
Received an d transmitted traffic, as well as all VLANs, packet types, and address typ es are monitored
on a trunking in terface.
Packets are transmitted untagged o ut th e destination port; in gress an d learnin g are disabled.
All packets are permitted and fo rwarded “as is” on the d estination po rt.
Command Modes
Glob al co nfigu ration mode
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-395
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
monitor session
Usage Guidelines
Only one SPAN destinatio n for a SPAN session is supported. If you attemp t to add another destination
in terface to a session th at already has a destination interface that is config ured, you will get an error. You
mu st first remove a SPAN destination interface befo re changin g th e SPAN destination to a different
in terface.
Beginning in Cisco IOS Release 12 .1 (12c)EW, you can con figure sou rces from different directions
within a sing le user session.
Note
Begin ning in Cisco IOS Release 12.1(12c)EW, SPAN is limited to two sessions containing
ingress sou rces and four s essio ns containing egress sources. Bidirectional s ources su pport bo th
ingress and eg ress sources.
A particular SPAN session can either monitor VLANs or monitor ind iv idual interfaces : you canno t have
a SPAN s essio n that monitors both sp ecific interfaces an d specific VLANs. If you first configure a SPAN
session with a s ource interface, and then try to add a source VLAN to the same SPAN session, y ou will
receive an error. You will also receive an error messag e if yo u configure a SPAN s essio n with a sou rce
VLAN, an d then try to add a source in terface to th at session . You mus t firs t clear any sou rces for a SPAN
session before switch ing to another ty pe o f sou rce. CPU sources may be combined with so urce interfaces
and sou rce VLANs.
When co nfiguring the ingress o ption on a d estination port, y ou must specify an ingress VLAN if the
configured encaps ulatio n ty pe is untagged (th e default) or is 8 02.1Q. If th e encapsulation typ e is ISL,
th en no ing ress VLAN specification is necessary.
By defau lt, when you en able ing ress, no ho st learning is perfo rmed on des tinatio n ports. Wh en you enter
th e learning keywo rd, host learning is p erformed o n th e destination port, an d traffic to learned hosts is
forwarded out the d estination po rt.
If you enter the filter keywo rd on a mo nitored trunking interface, on ly traffic on the set of specified
VLANs is mo nitored. Po rt-ch ann el interfaces are displayed in the list of interface o ptions if yo u h ave
th em co nfigu red. VLAN interfaces are not supported. However, you can span a particular VLAN b y
enterin g th e mo nitor s essio n session source v lan vlan-id command.
The packet-type filters are supported on ly in th e Rx direction. You can specify both Rx- and Tx-typ e
filters and multiple-ty pe filters at the same time (for example, you can use good and unicast to only sniff
n onerror unicas t frames). As with VLAN filters, if you do not specify th e type, the session will sniff all
p acket typ es.
The queue id entifier allows sn iffing for on ly traffic th at is sen t or received on th e s pecified CPU queues.
The qu eues may b e identified either by nu mber or by name. The queue n ames may contain multiple
n umbered queues for convenien ce.
Examples
This example s hows how to config ure IP access group 100 o n a SPAN session:
Switch# configure terminal
Switch(config)# monitor session 1 filter ip access-group 100
Switch(config)# end
Switch(config)#
This example s hows how to add a sou rce interface to a SPAN ses sion:
Switch# configure terminal
Switch(config)# monitor session 1 source interface fa2/3
Switch(config)# end
Switch(config)#
Switch(config)#
Switch(config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-396
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
monitor session
This examp le shows how to configure the sources with different directio ns within a SPAN sessio n:
Switch# configure terminal
Switch(config)# monitor session 1 source interface fa2/3 rx
Switch(config)# monitor session 1 source interface fa2/2 tx
Switch(config)# end
This examp le shows how to remove a so urce interface from a SPAN session:
Switch# configure terminal
Switch(config)# no monitor session 1 source interface fa2/3
Switch(config)# end
This examp le shows how to limit SPAN traffic to VLANs 1 00 thro ugh 304:
Switch# configure terminal
Switch(config)# monitor session 1 filter vlan 100 - 304
Switch(config)# end
This examp le shows how to configure RSPAN VLAN 20 as the destination:
Switch# configure terminal
Switch(config)# monitor session 2 destination remote vlan 20
Switch(config)# end
This examp le shows how to u se queue names an d queue nu mb er ranges for th e CPU as a SPAN source
on Superviso r Eng ine 6-E:
Switch# configure terminal
Switch(config)# monitor session 2 source cpu queue control-packet rx
Switch(config)# monitor session 3 source cpu queue 10 rx
Switch(config)# end
Note
Related Commands
co ntro l-packet is mapped to q ueu e 10.
Co mmand
show mo nitor
Description
Displays information about the SPAN sess ion.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-397
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
mtu
mtu
To en able jumbo frames on an interface by adjusting the maximu m size o f a packet or maximum
tran smission unit (MTU), use the mtu command. To retu rn to the default setting , use the no form of this
command.
mtu bytes
no mtu
Syntax Description
Defaults
b ytes
Byte size; valid values are from 1500 to 91 98.
The default settings are as follows:
Command Modes
Usage Guidelines
•
Ju mbo frames are dis abled
•
1 500 bytes for all ports
Interface configuration mod e
Ju mbo frames are sup ported on no nblocking Gigabit Ethernet ports, switch virtual in terfaces (SVI), and
EtherChannels. Jumb o frames are no t available for stu b-based ports.
The baby gian ts feature uses th e global system mtu s ize co mmand to set the g lobal baby giant MTU. It
allows all stu b-b ased port in terfaces to suppo rt an Ethernet pay load size o f up to 1552 bytes.
Both the system mtu command and the per-interface mtu command work on interfaces that can suppo rt
ju mbo frames, bu t the per-in terface mtu command tak es preceden ce.
Examples
This example s hows how to specify an M TU of 1 800 bytes:
Switch(config)# interface GigabitEthernet 1/1
Switch(config-if)# mtu 1800
Related Commands
Command
sy stem mtu
Descriptio n
Sets th e maximum Layer 2 or Layer 3 payload size.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-398
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
na me
name
To set the MST region name, use the name comman d. To return to the defau lt name, use the no form of
this co mmand .
name name
no name na me
Syntax Description
name
Specifies th e name of the MST region . The n ame can b e any string with a max imu m
len gth of 32 characters.
Defaults
The MST reg ion name is not set.
Command Modes
MST con figuratio n mode
Usage Guidelines
Two o r more Catalyst 450 0 s eries switches with the same VLAN mapping and co nfiguration version
number are co nsidered to be in different MST reg ions if the region names are differen t.
Examples
This examp le shows how to n ame a region:
Switch(config-mst)# name Cisco
Switch(config-mst)#
Related Commands
Co mmand
ins tance
revision
Description
Map s a VLAN or a set of VLANs to an MST instance.
Sets the MST co nfiguration revision number.
show spanning-tree mst
spanning-tree mst
co nfiguration
Displays MST protocol in formatio n.
Enters the MST con figuratio n s ubmode.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-399
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
nmsp
nmsp
To con figure Network M obility Serv ices Protocol (NMSP) on the switch, us e the nmsp command. This
command is available o nly when your s witch is running the cryptographic (en crypted) software image.
Use the no form of this command to return to the default setting.
nmsp {enable | {no tification interval {attachment | lo cation} inter val-secon ds}}
no nmsp {enable | { notification interval {attachment | lo cation} interval-secon ds}}
Syntax Description
Defaults
enable
Enables th e NM SP featu res on the switch .
notification interval
attachment
lo cation
Specifies the NMSP notification interval.
Specifies the attachment notification interval.
Specifies the location notification interval.
in terval-second s
Duratio n in s econds before a switch sends the lo cation or attachment
updates to the MSE. The ran ge is 1 to 30; the default is 30.
NMSP is disabled, NMSP notification interval attachment and NMSP n otification in terval locatio n
d efaults are 30 secon ds.
Command Modes
Global configuratio n mo de
Usage Guidelines
Use the nmsp glob al configuration co mmand to enable th e switch to send encrypted NMSP location and
attachment notifications to a Cisco Mobility Services En gine (MSE).
Examples
This example s hows how to enab le NMSP on a switch and set the location no tification time to 1 0
seconds:
Switch(config)# nmsp enable
Switch(config)# nmsp notification interval location 10
Switch(config)#
Related Commands
Command
clear nms p statistics
Description
Clears the NMSP statistic coun ters.
nmsp attachment suppress
Suppress rep orting attachment information from a specified
interface.
show nmsp
Displays the NMSP information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-400
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
nmsp attachment suppress
nmsp attachment suppress
To sup press reporting attachment information from a specified interface, u se the nmsp attachment
suppress interface command. This co mmand is available on ly when your s witch is running th e
cryptog raphic (encrypted) software image. Use the no fo rm of this command to report attachment
information.
nmsp attachment suppress
no nmsp attachment suppress
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Attach ment information is reported.
Command Modes
Interface con figuration mode
Usage Guidelines
Use the nmsp attachment suppress interface con figuratio n command to configu re an interface to no t
sen d attach ment no tifications to a Cisco Mobility Services Engine (MSE).
Examples
This examp le shows how to configure an interface to not send attachmen t information to the MSE:
Switch(config)# switch interface gigabitethernet1/2
Switch(config-if)# nmsp attachment suppress
Switch(config-if)#
Related Commands
Co mmand
Description
nmsp
Configures Network Mo bility Services Pro toco l (NMSP) on th e
switch.
show nmsp
Display s th e NMSP info rmation.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-401
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
pagp learn-method
pagp learn-method
To learn the input in terface o f the in comin g pack ets, us e th e pagp learn-method command. To return to
th e default value, u se the no form of this command.
pagp learn-method {aggregatio n-port | physical-po rt}
no pagp learn-method
Syntax Description
a ggregation-port
Specifies learning the address o n th e port channel.
physical-port
Specifies learning the address o n th e phy sical port within the bu ndle.
Defaults
Aggregation port is enabled.
Command Modes
Interface configuration mod e
Examples
This example s hows how to enab le phy sical port address learning within the bu ndle:
Switch(config-if)# pagp learn-method physical-port
Switch(config-if)#
This example s hows how to enab le aggregation port address learn in g within the bundle:
Switch(config-if)# pagp learn-method aggregation-port
Switch(config-if)#
Related Commands
Command
show pag p
Descriptio n
Displays info rmation ab out the po rt ch ann el.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-402
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
pagp port-priority
pagp port-priority
To select a port in h ot s tand by mode, use the pagp port-priority command. To return to the default
value, use th e no form of this command .
pagp port-prio rity priority
no pagp port-priority
Syntax Description
priority
Defaults
Port priority is set to 12 8.
Command Modes
Interface con figuration mode
Port priority nu mber; valid values are from 1 to 2 55.
Usage Guidelines
The h igher the priority, th e better th e ch ances are that the port will be selected in the hot standby mode.
Examples
This examp le shows how to set the p ort priority:
Switch(config-if)# pagp port-priority 45
Switch(config-if)#
Related Commands
Co mmand
pagp learn-metho d
Description
Learns the in put interface of th e incoming pack ets.
show pagp
Displays information about the port channel.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-403
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
passive-interface
passive-interface
To dis able sending ro uting u pdates o n an interface, use the passive-interface comman d. To reen ab le th e
sendin g of ro uting upd ates, us e the no form of th is command.
passive-interface [[default] {interface-type interface-numb er }] | {range interfa ce-type
in terface-nu mber-interface-type interface-nu mber}
no passive-interface [[default] { in terface-type in terface-nu mber}] | {range interface-type
in terface-nu mber-interface-type interface-nu mber}
Syntax Description
default
in terface-type
(Optio nal) All interfaces become passive.
Specifies the interface typ e.
in terface-nu mber
range
Specifies the interface nu mber.
Specifies the range of su binterfaces bein g co nfigu red; see the “Usage
Guidelines” sectio n.
Defaults
Rou ting updates are sent o n th e interface.
Command Modes
Rou ter configuratio n mo de
Usage Guidelines
You can use the passive-interfa ce range co mmand on the fo llowing interfaces: FastEthern et,
GigabitEthern et, VLAN, Loopb ack, Port-channel, 1 0-Gigab itEthernet, and Tunn el. When you us e the
passive-interface range comman d o n a VLAN interface, the interface sho uld be the existin g VLAN
SVIs. To display the VLAN SVIs, en ter the show running config command. The VLANs that are not
d isplay ed can not be us ed in the pass iv e-interface range comman d.
The values th at are entered with the pa ssive-interface range command are applied to all the existing
VLAN SVIs.
Befo re y ou can use a macro, yo u mu st d efine a range u sing the define interface-range command.
All configuration changes that are made to a port range through the pa ssive-interface range comman d
are retained in the run ning-co nfiguration as individ ual passive-interface commands.
You can enter the range in two ways :
•
Specifying u p to five interface rang es
•
Specifying a previously d efin ed macro
You can either specify th e interfaces o r the n ame of an in terface-range macro. An interface range mu st
consis t of the same interface type, and the interfaces within a range cannot span acro ss the modu les.
You can define up to five interface ranges o n a single command; separate each range with a comma:
interface range gigabitethernet 5/1-20, gigabitethernet4/5-20.
Use this format when en tering the p ort-ra nge:
•
in terface-type { mod}/{first-p ort} - {last-port}
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-404
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
passive-interface
You can not specify both a macro an d an interface range in the same command. After creating a macro,
you can enter ad ditional ranges. If you have alread y entered an interface range, th e CLI do es not allow
you to enter a macro.
You can sp ecify a single in terface in the range ran ge value. This makes the co mmand similar to the
passive-interface interface-nu mber command.
Note
The range keyword is on ly s upported in OSPF, EIGRP, RIP, and ISIS router mode.
If you disable the sen ding of routing u pdates on an interface, the particular sub net will continu e to be
ad vertised to oth er in terfaces, and u pdates from other routers on that interface continue to be received
an d p rocessed .
The default keyword sets all interfaces as passive by default. You can then co nfigu re in dividual
interfaces where adjacencies are desired u sing the no passive-interface command. Th e default keyword
is useful in Internet service provider (ISP) and larg e enterprise n etwo rks where many of the distribution
rou ters have more than 2 00 interfaces.
For the Open Shortest Path First (OSPF) protocol, OSPF routing information is neither sent nor received
thro ugh the s pecified ro uter interface. The s pecified interface addres s appears as a stub network in th e
OSPF do main.
Fo r the Intermediate System-to-Intermediate System (IS-IS) proto col, this co mmand ins tructs IS-IS to
ad vertise th e IP addresses for the s pecified interface withou t actually run ning IS-IS on that in terface. The
no form o f this co mmand for IS-IS disables advertis ing IP add resses for th e specified addres s.
Note
Fo r IS-IS y ou must keep at least one active interface and co nfigu re th e interface with th e ip router isis
co mmand .
Enhanced Interio r Gateway Routing Protocol (EIGRP) is disabled o n an interface th at is co nfigured as
passiv e alth ough it ad vertises the ro ute.
Examples
The following example send s EIGRP upd ates to all interfaces on n etwo rk 10.10 8.0 .0 except
GigabitEth ernet interface 1/1:
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# router eigrp 109
Switch(config-router)# network 10.108.0.0
Switch(config-router)# passive-interface gigabitethernet 1/1
Switch(config-router)#
The following co nfiguration enables IS-IS on Ethernet interface 1 and serial interface 0 and advertises
the IP addres ses of Ethernet interface 0 in its lin k-state p rotocol data un its (PDUs):
Switch(config-if)# router isis Finance
Switch(config-router)# passive-interface Ethernet 0
Switch(config-router)# interface Ethernet 1
Switch(config-router)# ip router isis Finance
Switch(config-router)# interface serial 0
Switch(config-router)# ip router isis Finance
Switch(config-router)#
The following example sets all interfaces as passive, then activates Ethern et interface 0:
Switch(config-if)# router ospf 100
Switch(config-router)# passive-interface default
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-405
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
passive-interface
Switch(config-router)# no passive-interface ethernet0
Switch(config-router)# network 10.108.0.1 0.0.0.255 area 0
Switch(config-router)#
The following config uration sets th e Ethern et ports 3 throug h 4 on mod ule 0 an d GigabitEthern et ports
4 throug h 7 o n mo dule 1 as pas sive:
Switch(config-if)# router ospf 100
Switch(config-router)# passive-interface range ethernet0/3-4,gigabitethernet1/4-7
Switch(config-router)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-406
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
permit
permit
To permit an ARP p acket based on matches against the DHCP binding s, use the permit comman d. To
remove a specified ACE from an access list, us e the no form of th is command.
permit {[request] ip {any | ho st sender-ip | sen der-ip sender-ip-ma sk} mac {a ny | host send er-mac
| sender-ma c sender-mac-ma sk} | response ip {a ny | host sen der-ip | sender-ip
sen der-ip-mask} [{any | host target-ip | target-ip ta rget-ip-mask}] mac {any | hos t sender-mac
| send er-mac sender-mac-mask} [{ a ny | host target-mac | target-mac target-mac-ma sk}]} [log]
no permit {[request] ip {any | host sender-ip | sender-ip sender-ip -mask} mac {any | host
sen der-ma c | sender-mac sender-mac-ma sk} | response ip {any | host sender-ip | sender-ip
sen der-ip-mask} [{any | host target-ip | target-ip ta rget-ip-mask}] mac {any | hos t sender-mac
| send er-mac sender-mac-mask} [{ a ny | host target-mac | target-mac target-mac-ma sk}]} [log]
Syntax Description
request
(Optional) Requests a match for the ARP request. When request is not
specified , match in g is p erformed against all ARP packets.
ip
any
host sender-ip
Specifies the s end er IP address.
Specifies that any IP or MAC address will be accepted.
Specifies that o nly a specific sender IP address will be accep ted.
sen der-ip
sen der-ip-mask
Specifies that a specific rang e of sender IP addres ses will be accepted.
mac
Specifies the s end er M AC address.
host sender-mac
sen der-ma c
sen der-ma c-mask
Specifies that o nly a specific sender MAC ad dress will be accepted.
Specifies that a specific rang e of sender MAC addresses will be accepted.
response
Specifies a match for th e ARP respons es.
ip
host target-ip
target-ip target-ip-mask
Specifies the IP address values for the ARP respo nses .
(Optional) Specifies that only a sp ecific target IP address will be accepted.
(Optional) Specifies that a specific ran ge of target IP addresses will be
accepted .
mac
Specifies the M AC address values for the ARP respons es.
host target-mac
(Optional) Specifies that only a sp ecific target MAC ad dress will be
accepted .
target-mac
target-mac-mask
log
(Optional) Specifies that a specific ran ge of target MAC ad dresses will be
accepted .
(Optional) Logs a packet wh en it matches the access con trol entry (ACE).
Defaults
This comman d has no default settings.
Command Modes
arp-nacl co nfigu ration mode
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-407
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
permit
Usage Guidelines
Examples
Permit clauses can be add ed to forward or drop ARP packets bas ed on some matching criteria.
This example s hows a ho st with a MAC add ress of 00 00.0000.abcd and an IP ad dress of 1.1.1.1. This
example shows how to permit both requ ests and respon ses from this host:
Switch(config)# arp access-list static-hosts
Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 0000.0000.abcd
Switch(config-arp-nacl)# end
Switch# show arp access-list
ARP access list static-hosts
permit ip host 1.1.1.1 mac host 0000.0000.abcd
Switch#
Related Commands
Command
Descriptio n
a rp access-list
Defines an ARP access list or adds claus es at the en d of a
p redefined list.
deny
Den ies an ARP packet based on matches against the DHCP
b indings.
ip arp inspectio n filter vlan
Permits ARPs from hosts that are config ured fo r static IP when
DAI is enabled an d to defin e an ARP acces s list and app lies it to
a VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-408
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
police
police
To configu re the Traffic Policing feature, use th e police QoS po licy-map class config uration co mmand .
To remove the Traffic Policing feature from the configuration, use th e no form of this comman d.
police { b ps | kbps | mbps | gb ps} [burst-normal] [bu rst-max] confo rm-a ction action exceed-action
action [vio late-a ction a ction]
no police { bp s | kbps | mb ps |gbps } [burst-norma l] [bu rst-max] conform-action a ction
ex ceed-action action [vio late-a ction a ction]
Syntax Description
bps
Average rate, in b its per seco nd. Valid valu es are 32,00 0 to 32,000 ,0 00,000.
kb ps
mbp s
gbps
Average rate, in kilobytes per secon d. Valid values are 32 to 32,000,000 .
Average rate, in megabits per seco nd. Valid values are 1 to 32,000.
Average rate, in gigabits per secon d. Valid values are 1 to 3 2.
burst-norma l
(Optional) Normal burst size, in by tes. Valid values are 64 to 2 ,59 6,929,536.
Burst value of up to four times the con figured rate can be supported.
burst-max
(Optional) Exces s burst size, in bytes. Valid values are 64 to 2,596 ,92 9,536.
Burst value of upto fo ur times th e configu red rate can b e supp orted.
co nform-action
ex ceed-action
Action to take on packets that conform to the rate limit.
Action to take on packets that exceed the rate limit.
violate-actio n
(Optional) Action to take on packets that violate the n ormal an d maximum
burs t sizes.
Action to take on packets. Specify on e of the fo llowing keywords:
action
Defaults
Command Modes
•
drop—Drops the packet.
•
set-cos-transmit new-io s—Sets the class of serv ices (CoS) value to a
new value and send the packet. Th e rang e is 0 to 7 .
•
set-dscp-tra nsmit valu e— Sets the IP differentiated serv ices code point
(DSCP) value and trans mits the packet with the n ew IP DSCP value
settin g.
•
set-prec-transmit value—Sets th e IP preceden ce and tran smits th e
packet with the n ew IP precedence value settin g.
•
transmit—Trans mits the packet. The packet is not altered .
This comman d is dis abled by default.
Policy-map clas s configuration mode (wh en specifying a sin gle action to be applied to a market packet)
Policy-map class p olice config uration mo de (when specifying mu ltiple actions to be app lied to a marked
packet)
Usage Guidelines
Use the police comman d to mark a packet with different quality o f service (QoS) values based on
co nfo rmance to the serv ice-level agreemen t.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-409
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
police
Traffic p olicin g will not be executed for traffic that passes throu gh an interface.
S pecifying Multiple Actions
The police co mmand allows you to specify multiple policing actio ns. When sp ecify ing multiple policing
actions when configu ring the police command, note the following po ints:
•
You can specify a maximum of four actions at on e time.
•
You canno t sp ecify contrad ictory actions su ch as conform-action tran smit an d conform-action
d rop.
Using the Police Command with the Traffic Policing Featur e
The police command can be used with Traffic Policing feature. Th e Traffic Po licing feature works with
a tok en bucket algo rithm. Two ty pes of token bucket algorithms are a sing le-token bucket algorithm and
a two-token bucket alg orithm. A single-token bu cket system is used when the v iolate-action option is
n ot s pecified, and a two-token bu cket system is used when the violate-action option is specified .
Token Bucket Algorithm with One Token Bucket
The on e token bucket algorith m is used wh en the violate-action option is not specified in th e police
command of the co mmand -line interface (CLI).
The conform bucket is initially set to the full size (th e full size is the number of bytes specified as the
n ormal burst size).
When a packet of a g iven size (for example, “B” bytes) arrives at specific time (time “T”) the following
actions occur:
•
Tokens are up dated in the conform bu cket. If the previous arrival of the packet was at T1 an d the
current time is T, the bucket is up dated with (T - T1 ) worth of bits based on the token arrival rate.
The token arrival rate is calculated as follows:
•
If the number of b ytes in the con form bu cket B is greater than or equal to 0, the p acket conforms
and the co nform actio n is taken on the packet. If th e p acket co nfo rms, B bytes are removed from the
conform bu cket and the co nfo rm action is co mpleted for the p acket.
•
If the number of bytes in th e con form bucket B (min us the packet size to be limited ) is fewer th an 0,
th e ex ceed action is taken.
(time between packets <which is equal to T - T1> * policer rate)/8 bytes
Token Bucket Algorithm with Two Token Buckets (R efer to RFC 2697)
The two-token bucket algorithm is us ed when the violate-actio n is specified in the police co mmand CLI.
The conform bucket is initially full (the full size is th e number o f bytes sp ecified as the normal burst
size).
The exceed bucket is initially full (the full exceed buck et size is the nu mber of bytes specified in the
maximum burst s ize).
The tokens for both the co nfo rm an d exceed token buckets are updated b ased on the to ken arrival rate,
o r co mmitted information rate (CIR).
When a packet of g iven size (for example, “B” bytes) arrives at specific time (time “T”) the following
actions occur:
•
Tokens are up dated in the conform bu cket. If the previous arrival of the packet was at T1 an d the
current arrival of the packet is at t, the bucket is u pdated with T -T1 worth of bits based on the token
arrival rate. The refill tokens are placed in th e conform bucket. If the tokens overflow the conform
bu cket, the overflow tokens are placed in the exceed bucket.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-410
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
police
The token arrival rate is calculated as fo llows:
(time between pack ets <which is equ al to T-T1> * policer rate)/8 bytes
Examples
•
If th e numb er o f bytes in th e co nfo rm bucket - B is greater th an or equ al to 0, th e packet co nforms
an d the conform action is tak en on the packet. If the packet conforms , B bytes are removed from the
co nfo rm bucket and the conform actio n is taken. Th e exceed bucket is unaffected in this scen ario.
•
If the nu mber of by tes in the conform bucket B is less than 0 , the excess token buck et is ch ecked for
bytes by the packet. If the n umber of bytes in the ex ceed bu cket B is greater than or equ al to 0, the
exceed action is taken and B bytes are removed from the exceed token bu cket. No b ytes are removed
from the conform bucket.
•
If the number by tes in th e exceed bucket B is fewer than 0, the packet violates the rate and th e vio late
action is tak en. The action is co mplete for the packet.
Token Bucket Algorithm w ith One Token Bucket
This examp le shows how to d efine a traffic class (usin g th e class-map co mmand ) an d associate the
match criteria from th e traffic class with th e Traffic Policin g con figuratio n, which is config ured in the
service p olicy (using the policy-map command). The service-po licy command is then used to attach th is
service po licy to the interface.
In this particular examp le, Traffic Po licing is config ured with the average rate at 80 00 bits per second
an d th e normal burst size at 100 0 bytes for all p ackets leav ing Gigabit Ethern et interface 6/1 :
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map access-match
Switch(config-cmap)# match access-group 1
Switch(config-cmap)# exit
Switch(config)# policy-map police-setting
Switch(config-pmap)# class access-match
Switch(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet 6/1
Switch(config-if)# service-policy output police-setting
Switch(config-if)# end
In this examp le, the initial token buckets starts full at 100 0 bytes. If a 450-byte pack et arrives , th e p acket
co nfo rms b ecause en ough bytes are available in the conform token bu cket. The conform action (s end ) is
taken by the p acket and 450 by tes are removed fro m the co nform token bu cket (leavin g 550 bytes).
If th e next p acket arrives 0.25 seco nds later, 2 50 bytes are ad ded to the token bu cket ((0.2 5 * 8 000)/8),
leaving 800 bytes in the token bu cket. If th e next packet is 900 bytes, the packet exceeds and th e exceed
action (dro p) is taken. No bytes are taken fro m the token buck et.
Token Bucket Algorithm w ith Tw o Token Buckets Example (Refer to R FC 26 97)
In this particular examp le, Traffic Po licing is config ured with the average rate at 80 00 bits per second ,
the normal burst size at 100 0 bytes, and the exces s burs t size at 1000 by tes for all p ackets leaving Gigabit
Ethern et interface 6/1 .
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map access-match
Switch(config-cmap)# match access-group 1
Switch(config-cmap)# exit
Switch(config)# policy-map police-setting
Switch(config-pmap)# class access-match
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-411
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
police
Switch(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action
set-qos-transmit 1 violate-action drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet 6/1
Switch(config-if)# service-policy output police-setting
Switch(config-if)# end
In this example, the initial to ken buckets starts full at 1000 bytes . If a 4 50-byte packet arrives, the pack et
conforms because enou gh by tes are available in the conform token bucket. The conform action (send) is
taken by the packet and 450 bytes are removed from the conform tok en bucket (leaving 55 0 b ytes).
If the next packet arriv es 0.25 secon ds later, 2 50 bytes are added to the co nfo rm token buck et
((0 .25 * 80 00)/8), leaving 800 by tes in the conform tok en bucket. If the n ext packet is 900 bytes, the
p acket do es not conform because only 800 by tes are available in th e conform token bucket.
The exceed token bu cket, which starts full at 10 00 bytes (as sp ecified by the excess burst s ize) is then
check ed for availab le bytes. Because enou gh bytes are available in the exceed token bucket, the ex ceed
action (set the QoS tran smit valu e of 1) is taken and 900 bytes are tak en from the exceed bucket (leaving
1 00 bytes in the exceed token bucket.
If the next packet arriv es 0.40 secon ds later, 4 00 bytes are added to the token buck ets ((.40 * 8000)/8).
Therefore, the conform to ken bucket n ow has 1 000 bytes (the maximum nu mber of tokens available in
th e co nfo rm bucket) and 20 0 bytes overflow the conform to ken bucket (because it on ly 200 bytes were
n eeded to fill th e conform token bucket to capacity ). These overflow bytes are placed in th e exceed token
bu cket, givin g th e ex ceed to ken bucket 300 bytes.
If the arriving p acket is 100 0 by tes, the packet conforms becau se enough by tes are available in th e
conform token bucket. The conform action (trans mit) is taken by the pack et and 1000 bytes are removed
fro m the co nfo rm token bucket (leav ing 0 bytes).
If the next packet arriv es 0.20 secon ds later, 2 00 bytes are added to the token buck et ((.20 * 8000)/8).
Therefore, th e conform bucket n ow has 20 0 bytes. If the arriv ing packet is 400 by tes, the packet does not
conform b ecau se only 2 00 bytes are availab le in the conform bucket. Similarly, the p acket d oes no t
exceed b ecause only 300 bytes are available in the exceed bu cket. Th erefore, the p acket violates and the
v iolate action (drop ) is taken.
Related Commands
Command
police (percent)
Descriptio n
Con figures traffic p olicing o n th e basis of a p ercentage o f
b and width available on an interface.
police (two rates)
Con figures traffic p olicing u sing two rates, the co mmitted
in formatio n rate (CIR) and the peak information rate (PIR).
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
policy-map
service-po licy (po licy-ma p
class)
Creates a service po licy that is a q uality o f service (QoS) po licy
within a po licy map .
show policy-map
show policy-map interface
Displays info rmation ab out the po licy map .
Displays the statistics and con figuratio ns of the inp ut and outp ut
p olicies that are attached to an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-412
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
p olice (percent)
police (percent)
To co nfigu re traffic policing o n the b asis of a percen tage o f ban dwidth availab le on an interface, u se the
police command in Qo S policy-map clas s configuration mod e. To remove traffic policing from the
co nfiguration, u se the no form of this command.
police cir percent percent [bc conform-burs t-in-msec] [pir percent p ercenta ge] [be
peak-burst-inmsec]
no police cir percent p ercent [bc co nform-burst-in-msec] [pir percent percentage] [be
peak-burst-inmsec]
Syntax Description
cir
Committed info rmation rate. Indicates that the CIR will b e u sed fo r po licing
traffic.
Specifies that a percentage o f bandwidth will be used for calculating the
CIR.
Specifies the bandwidth percentag e. Valid range is a n umber from 1 to 1 00.
percent
percent
bc
(Optional) Con form burst (bc) s ize used by the first token bucket for policing
traffic.
co nform-burst-in-msec
(Optional) Specifies the bc value in millisecon ds. Valid ran ge is a nu mber
from 1 to 2 000.
pir
(Optional) Peak information rate (PIR). Indicates that the PIR will be used
for policing traffic.
percent
(Optional) Specifies that a percen tage of bandwidth will be used for
calculatin g th e PIR.
(Optional) Specifies the b and width percentage. Valid ran ge is a numb er from
1 to 100.
percent
be
peak-burst-in-msec
action
(Optional) Peak bu rst (be) size used by the secon d token buck et for po licing
traffic.
(Optional) Specifies the be size in millisecon ds. Valid rang e is a numb er
from 1 to 2 000.
Action to take on packets. Specify on e of the fo llowing keywords:
•
Command Default
drop—Drops the packet.
•
set-cos-transmit new-io s—Sets the class of serv ices (CoS) value to a
new value and send the packet. Th e rang e is 0 to 7 .
•
set-dscp-trans mit va lue—Sets the IP differentiated services code po int
(DSCP) value and trans mits the packet with the n ew IP DSCP value
settin g.
•
set-prec-transmit value—Sets th e IP preceden ce and tran smits th e
packet with the n ew IP precedence value settin g.
•
transmit—Tran smits the packet. The packet is not altered .
This comman d is dis abled by default.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-413
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
police (percent)
Command Modes
Policy-map class config uration mode
Usage Guidelines
This command calculates the CIR an d PIR on th e basis of a p ercentage o f the maximum amount of
b and width available o n the interface. When a policy map is attached to th e interface, the equivalent CIR
and PIR valu es in bits per seco nd (bp s) are calculated on the basis of the interface bandwidth and the
p ercent valu e entered with this co mmand. The show policy -map interfa ce command can then be u sed
to verify the b ps rate calculated .
The calcu lated CIR and PIR bps rates mu st be in the range of 32,000 and 32,000,00 0,0 00 bps . If th e rates
are outside this range, th e associated policy map cann ot b e attached to th e interface. If the interface
b and width chang es (for example, more is ad ded ), the bp s values of the CIR and the PIR are recalcu lated
o n th e basis of the rev ised amount of ban dwidth . If the CIR and PIR percen tages are changed after the
p olicy map is attached to the in terface, th e bps values of the CIR and PIR are recalcu lated.
This command also allows y ou to specify the values for the co nfo rm burs t size and the p eak burst size
in milliseco nds. If you want bandwid th to be calcu lated as a percentage, the conform burst s ize and the
p eak burs t size mus t be specified in millisecon ds (ms).
Examples
This example s hows how to config ure traffic policing using a CIR and a PIR based on a percentage of
b and width on Gigab it interface 6/2. In this example, a CIR o f 20 percent and a PIR o f 40 percent h ave
b een specified. Addition ally, an o ptional b c valu e an d b e value (30 0 ms and 400 ms, resp ectively) h ave
b een specified.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class-map class1
Switch(config-pmap-c)# police cir percent 20 bc 3 ms pir percent 40 be 4 ms
Switch(config-pmap-c)# exit
Switch(config-pmap-c)# interface gigabitethernet 6/2
Switch(config-if)# service-policy output policy
Switch(config-if)# end
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-414
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
police rate
police rate
To con figure s ingle or d ual rate p olicer, use the police rate command in po licy-map con figuration mode.
To remove traffic policing from the configuration , use the no form of this comman d.
Syntax for Bytes Per Second
police ra te u nits bps [burst burst-in -bytes bytes] [peak-rate peak-rate-in -bps bps] [pack-burs t
peak-burst-in-b ytes bytes]
no police rate units bps [burst bu rs t-in-bytes bytes] [pea k-rate peak-rate-in-bps bps ]
[pack-burst p eak-burst-in -bytes bytes]
Syntax for Percent
police rate percent percentage [burst ms ms ] [peak-rate percen t percentag e] [pack-burst ms ms]
no police rate percent p ercenta ge [burst ms ms ] [peak-ra te percent percentage] [pack-burst ms
ms ]
Syntax Description
units
Sp ecifies the traffic po lice rate in bits per secon d. Valid rang e is 32,000 to
32,000,00 0,0 00.
bps
(Optional) Bits per second (bps) will b e used to determin e the rate at which
traffic is policed.
burst burst-in-b ytes
bytes
(Optional) Specifies th e burs t rate, in bytes, will b e used for policing traffic.
Valid range is from 64 to 2,596 ,92 9,536.
peak-rate
peak-rate-in-bps bps
peak-burst
peak-burst-in-b ytes
bytes
percent
(Optional) Specifies the peak burst value, in bytes, for th e peak rate. Valid
range is fro m 3 2,0 00 to 32,000,000 ,00 0.
(Optional) Specifies the peak bu rst valu e, in bytes, will b e used for p olicing
traffic. If the police rate is specified in bps, the valid range of values is 64 to
2,596,929 ,53 6.
(Optional) A percentag e of interface bandwid th will be used to determin e th e
rate at which traffic is p oliced.
Note
Command Default
If a rate is not specified, traffic is policed via bps.
percentage
(Optional) Bandwid th p ercentage. Valid range is a number fro m 1 to 100 .
burst ms ms
(Optional) Burst rate, in millisecon ds, will be used for policing traffic. Valid
range is a number from 1 to 2,000.
peak-rate percent
percentage
peak-burst ms ms
(Optional) A percentag e of interface bandwid th will be used to determin e th e
PIR. Valid rang e is a numb er from 1 to 10 0.
(Optional) Peak burst rate, in milliseco nds, will b e used for policing traffic.
Valid range is a number from 1 to 2,000.
This comman d is dis abled by default.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-415
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
police rate
Command Modes
Usage Guidelines
Policy-map config uration mode
Use the po lice rate command to limit traffic o n th e basis of pps , bps, or a percentage of interface
b and width.
If the police rate co mmand is issued, but the a rate is not specified, traffic that is destined will be p oliced
o n th e basis of bps .
Examples
This example shows how to configu re p olicing on a clas s to limit traffic to an average rate of 1,500 ,00 0
b ps:
Switch(config)# class-map c1
Switch(config-cmap)# match access-group 140
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# police rate 1500000 burst 500000
Switch(config-pmap-c)# exit
Related Commands
Command
Descriptio n
policy-map
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
show policy-map
Displays info rmation ab out the po licy map .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-416
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
police (two rate s)
police (two rates)
To config ure traffic policing using two rates, the committed in formatio n rate (CIR) and the peak
information rate (PIR), use the police comman d in policy-map con figuratio n mod e. To remo ve two-rate
traffic policing from the configuration , use the no form of this comman d.
police cir cir [bc co nform-burst] pir p ir [be peak-burs t] [conform-actio n action [exceed-a ction
action [vio late-a ction a ction]]]
no po lice cir cir [bc conform-burs t] pir pir [be p eak-burst] [co nform-action action [exceed-action
action [vio late-a ction a ction]]]
Syntax Description
cir
Committed info rmation rate (CIR) at which the first token bucket is up dated.
cir
Sp ecifies the CIR valu e in bits per second. Th e value is a number from 32,000
to 32,000,000 ,00 0.
(Optional) Con form burst (bc) size used by th e first token bucket for policing.
bc
co nform-burst
(Optional) Specifies the bc value in bytes. The valu e is a number from 64 to
2,596,929 ,53 6.
pir
Peak info rmation rate (PIR) at which the seco nd token bucket is updated .
pir
Sp ecifies the PIR valu e in b its per secon d. The value is a number fro m 32,000
to 32,000,000 ,00 0.
(Optional) Peak bu rst (be) size used by the second token bu cket for policing.
(Optional) Specifies the peak burst (be) size in b ytes. The value is a numb er
from 64 to 2,596,929,536 .
be
peak-burst
co nform-action
(Optional) Action to take on packets that con form to th e CIR and PIR.
ex ceed-action
(Optional) Action to take o n pack ets th at con form to th e PIR but n ot the CIR.
violate-actio n
action
(Optional) Action to take on packets exceed the PIR.
(Optional) Action to take on packets. Specify on e o f the followin g keywords:
•
drop—Drops the packet.
•
set-cos-transmit new-io s—Sets the class of serv ices (CoS) value to a
new value and send the packet. Th e rang e is 0 to 7 .
•
set-dscp-tra nsmit new-ds cp—Sets the IP differentiated services co de
point (DSCP) value and sends the packet with the n ew IP DSCP value
settin g.
•
set-prec-transmit n ew-prec—Sets the IP precedence and sends the
packet with the n ew IP precedence value settin g.
•
transmit—Sends the packet with n o alteration.
Command Default
This comman d is dis abled by default.
Command Modes
Policy-map configuration mo de
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-417
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
police (two rates)
Usage Guidelines
Refer to RFC 2 698-Two Rate Th ree Color Marker.
Two-rate traffic p olicin g uses two to ken buckets—Tc an d Tp—for policing traffic at two independent
rates. Note the following po ints abo ut th e two token buckets :
•
The Tc token buck et is updated at the CIR value each time a packet arrives at the two-rate policer.
The Tc token buck et can contain up to the confirm burst (Bc) value.
•
The Tp to ken bucket is up dated at the PIR value each time a packet arrives at the two-rate po licer.
The Tp to ken bucket can con tain up to the peak burst (Be) value.
Updating Token Buckets
The following scenario illustrates how the to ken buckets are upd ated:
A p acket o f B by tes arrives at time t. The last packet arrived at time t1. Th e CIR and the PIR token
bu ckets at time t are represented by Tc(t) and Tp(t), respectively. Using th ese values an d in this scenario ,
th e token buck ets are u pdated as follows:
Tc(t) = min(CIR * (t-t1) + Tc(t1), Bc)
Tp(t) = min(PIR * (t-t1) + Tp(t1), Be)
Marking Traffic
The two -rate policer marks packets as either co nforming, exceed ing, o r violating a specified rate. The
followin g p oints (u sing a pack et of B bytes) illustrate how a p acket is marked:
•
If B > Tp(t), the packet is mark ed as v iolatin g the specified rate.
•
If B > Tc(t), the packet is marked as ex ceeding the sp ecified rate, and the Tp (t) to ken bucket is
u pdated as Tp(t) = Tp(t) – B.
Otherwise, th e packet is marked as con forming to the s pecified rate, and both token buck ets—Tc(t) and
Tp(t)—are updated as follows:
Tp(t) = Tp(t) – B
Tc(t) = Tc(t) – B
For example, if the CIR is 10 0 kbps, the PIR is 20 0 kbps, and a data stream with a rate of 250 k bps arrives
at the two -rate policer, the p acket would be mark ed as follows:
•
1 00 kbps wo uld be marked as conforming to the rate.
•
1 00 kbps wo uld be marked as exceeding the rate.
•
5 0 k bps wou ld b e marked as vio lating the rate.
Marking Packets and Assigning Actions Flowchart
The flowchart in Fig ure 2-1 illustrates how the two-rate po licer marks packets and assigns a
correspon ding action (that is, violate, exceed, or conform) to the packet.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-418
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
police (two rate s)
Figure 2-1
Marking Packets and Assigning Actions with the Two-Rate Policer
PIR
CIR
Be
B > Tp
No
Bc
B > Tc
No
Packet of size B
Yes
Violate
Exceed
Conform
Action
Action
Action
60515
Yes
Examples
This examp le shows how to configure two-rate traffic policing on a class to limit traffic to an averag e
co mmitted rate o f 500 kb ps and a peak rate o f 1 Mbps:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map police
Switch(config-cmap)# match access-group 101
Switch(config-cmap)# policy-map policy1
Switch(config-pmap)# class police
Switch(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action
transmit exceed-action set-prec-transmit 2 violate-action drop
Switch(config-pmap-c)# interface gigabitethernet 6/1
Switch(config-if)# service-policy output policy1
Switch(config-if)# end
Switch# show policy-map policy1
Policy Map policy1
Class police
police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action
transmit exceed-action set-prec-transmit 2 violate-action drop
Switch#
Traffic marked as conforming to th e average committed rate (500 k bps) will be sent as is. Traffic marked
as exceeding 500 k bps, bu t no t exceeding 1 Mbp s, will be marked with IP Precedence 2 an d th en sent.
All traffic marked as exceeding 1 Mbps will be dro pped. The burst parameters are set to 1000 0 bytes .
In the following example, 1 .25 Mb ps of traffic is sent (“offered ”) to a policer class:
Switch# show policy-map interface gigabitethernet 6/1
GigabitEthernet6/1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-419
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
police (two rates)
Service-policy output: policy1
Class-map: police (match all)
148803 packets, 36605538 bytes
30 second offered rate 1249000 bps, drop rate 249000 bps
Match: access-group 101
police:
cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000
conformed 59538 packets, 14646348 bytes; action: transmit
exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2
violated 29731 packets, 7313826 bytes; action: drop
conformed 499000 bps, exceed 500000 bps violate 249000 bps
Class-map: class-default (match-any)
19 packets, 1990 bytes
30 seconds offered rate 0 bps, drop rate 0 bps
Match: any
Switch#
The two -rate policer marks 500 kbp s o f traffic as conformin g, 50 0 kbps of traffic as ex ceed ing, and
2 50 kbps of traffic as violating the sp ecified rate. Packets marked as conforming to the rate will be sent
as is, and pack ets marked as exceeding the rate will be marked with IP Precedence 2 an d th en sent.
Packets marked as violating the rate are d rop ped .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-420
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
policy-map
policy-map
To create or mo dify a p olicy map that can b e attached to mu ltip le ports to specify a service po licy and
to enter po licy-map configuration mod e, use th e policy -map g lo bal configuration command. To delete
an existing policy map and to return to global configuratio n mo de, use th e no form of this comman d.
policy-map po licy-map-name
no policy-map policy-ma p-n ame
Syntax Description
Defaults
Command Modes
Usage Guidelines
policy-ma p-na me
Name of the policy map .
No policy map s are defined.
Glob al co nfigu ration mode
Before co nfigu ring po licies for classes whose match criteria are defined in a class map, us e the
policy-map command to sp ecify the n ame of the po licy map to be created or modified. After you enter
the policy-map co mmand , the s witch enters po licy-map configuration mod e. You can configure or
modify the class po licies for th at policy map and decid e how to treat the classified traffic.
These configuration commands are available in p olicy-map configuration mo de:
•
cla ss—Defines the classificatio n match criteria for the specified class map. For mo re in formatio n,
see the “class ” section on page 2-8 4.
•
description—Describes the p olicy map (up to 200 characters).
•
ex it—Exits policy -map con figuratio n mode and returns you to glob al configu ration mode.
•
no—Removes a prev iously defined policy map.
To return to global configuratio n mode, use the ex it command. To return to privileged EXEC mo de, u se
the end command.
You can configure class po licies in a p olicy map only if the classes have match criteria defined for them.
To co nfigure the match criteria for a class, u se th e class -map global config uration and match class-map
co nfiguration co mmand s.
Examples
This examp le shows how to configure multiple classes in a policy map called policymap 2:
Switch# configure terminal
Switch(config)# policy-map policymap2
Switch(config-pmap)# class class1
Switch(config-pmap-c)# police 100000 20000 exceed-action
Switch(config-pmap-c)# set-dscp-transmit cs3
Switch(config-pmap-c)# set-cos-transmit 3
Switch(config-pmap-c)# exit
Switch(config-pmap)# class class2
Switch(config-pmap-c)# police cir 32000 pir 64000 conform-action transmit exceed-action
Switch(config-pmap-c)# set-dscp-transmit cs3 violate-action drop
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-421
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
policy-map
Switch(config-pmap-c)# exit
Switch(config-pmap)# class class3
Switch(config-pmap-c)# set dscp cs3
Switch(config-pmap-c)# exit
Switch#
This example s hows how to delete the po licy map called po licymap2:
Switch# configure terminal
Switch(config)# no policy-map policymap2
Switch#
You can verify your settings by entering the show policy -map privileg ed EXEC command.
Related Commands
Command
Descriptio n
class
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
Creates a class map to be used for matching packets to the class
whose name you specify and to enter class-map co nfiguration
mo de.
class-ma p
policy-map
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
service-po licy (interface
configuration)
show policy-map
Attaches a policy map to an interface or applies different QoS
p olicies on VLANs that an interface belo ngs to.
Displays info rmation ab out the po licy map .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-422
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
port-channel load-balance
port-channel load-balance
To set the load-distrib ution meth od amon g the ports in the bu ndle, use the port-channel load-balance
co mmand . To reset the load distribution to the default, use the no fo rm of this command.
port-channel load-balance method
no port-cha nnel lo ad-balance
Syntax Description
method
Specifies the load distribution meth od. See the “Usag e Gu idelin es” section for more
information.
Defaults
Load distribution on the so urce XOR destinatio n IP add ress is enabled.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
The following values are valid fo r the load-distribution meth od:
Examples
This examp le shows how to set the load-distribution meth od to the destination IP ad dress:
•
dst-ip— Load distribu tion on the destination IP address
•
dst-mac—Load dis tribution on th e destination MAC addres s
•
•
dst-port—Load distribution on the des tin ation TCP/UDP port
src-dst-ip—Load d istribution o n th e source XOR d estination IP address
•
src-dst-mac—Load distribution on the source XOR destination MAC address
•
src-dst-port— Load distribu tion on the so urce XOR destinatio n TCP/UDP port
•
src-ip—Load d istributio n o n th e sou rce IP address
•
src-mac—Lo ad distribution on the source MAC addres s
•
src-port—Load distribution on the so urce p ort
Switch(config)# port-channel load-balance dst-ip
Switch(config)#
This examp le shows how to set the load-distribution meth od to the sou rce XOR d estin ation IP addres s:
Switch(config)# port-channel load-balance src-dst-port
Switch(config)#
Related Commands
Co mmand
interface port-channel
Description
Accesses or creates a po rt-ch ann el interface.
show etherchannel
Displays Eth erChan nel information for a channel.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-423
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
port-channel standalone-disable
port-channel standalone-disable
To disab le the EtherChannel stand alon e optio n in a port channel, use the port-channel
standalone-disable comman d in in terface config uration mode. To enable this option, use th e no fo rm
o f this co mmand .
port-channel s tandalone-disable
no port-channel standalone-dis able
Syntax Description
This command has no arguments or keywo rds.
Defaults
The standalone option is disabled.
Command Modes
Interface configuration mod e
Usage Guidelines
This command can o nly be used wh en the port channel p rotocol type is Link Agg regatio n Co ntrol
Protocol (LACP). It allows you to change th e cu rrent behav ior when a physical port cannot bundle with
an LACP EtherChannel.
Examples
The following example shows how to en able the Eth erChannel standalone option in a p ort chan nel:
Switch(config-if)# no port-channel standalone-disable
Related Commands
Command
Descriptio n
show etherchannel
Displays EtherChannel info rmation fo r a channel.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-424
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
port-security mac-address
port-security mac-address
To config ure a secu re add ress on an interface for a specific VLAN or VLAN rang e, use the
port-security mac-address command.
port-security mac-address mac_ address
Syntax Description
mac_ad dress
Command Modes
VLAN-range interface sub mode
Usage Guidelines
Examples
The M AC-address that needs to be secured.
Layer 2 interfaces can b e p art of mu ltiple VLANs (for example, a typ ical tru nk port). In co njunction with
the vlan comman d, you can use the port-security mac-address command to specify d ifferent add resses
on different VLANs.
This examp le shows how to configure the secure address 1.1.1 on interface Gigab it Eth ernet 1 /1 for
VLANs 2-3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan 2-3
Switch(config-if-vlan-range)# port-security mac-address 1.1.1
Switch(config-if-vlan-range)# end
Switch#
Related Commands
Co mmand
port-security mac-a ddress
sticky
Description
Configures a sticky ad dress on an in terface fo r a specific VLAN
or VLAN range.
port-security maximum
Config ures the maximum nu mb er of ad dresses on an interface for
a specific VLAN or VLAN ran ge.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-425
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
port-security mac-address sticky
port-security mac-address sticky
To co nfigure a sticky address o n an interface for a specific VLAN or VLAN range, u se the
port-security mac-address sticky command.
port-security mac-address sticky mac_address
Syntax Description
mac_address
Command Modes
VLAN-range in terface submod e
Usage Guidelines
Usage Guidelines
The MAC-add ress that needs to b e secu red.
The Sticky feature mus t be en abled on an interface befo re y ou can co nfigu re th e
port-security mac-address sticky command.
Layer 2 interfaces can be part of multiple VLANs (for example, a typical trunk port). In conju nctio n with
th e vlan co mmand , you can u se the port-security mac-address sticky command to specify different
sticky addresses on different VLANs.
The Sticky feature mus t be en abled on an interface befo re y ou can co nfigu re th e
port-security mac-address sticky command.
Sticky MAC addresses are add resses th at persist across switch rebo ots and link flap s.
Examples
This example s hows how to config ure the sticky ad dress 1.1.1 o n interface Gigabit Ethernet 1/1 for
VLANs 2-3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan 2-3
Switch(config-if-vlan-range)# port-security mac-address sticky 1.1.1
Switch(config-if-vlan-range)# end
Switch#
Related Commands
Command
port-security mac-address
port-security maximum
Descriptio n
Con figures a secure add ress on an interface for a specific VLAN
o r VLAN rang e.
Con figures the maximu m number of addresses on an interface fo r
a specific VLAN or VLAN range.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-426
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
p ort-security maximum
port-security maximum
To config ure the maximum number o f ad dresses on an interface for a specific VLAN or VLAN range,
use th e port-security max imum command.
port-security maximum ma x_value
Syntax Description
max_value
Command Modes
VLAN-range interface sub mode
Usage Guidelines
The maximum nu mb er of MAC-add resses .
Layer 2 interfaces can b e p art of mu ltiple VLANs (for example, a typ ical tru nk port). In co njunction with
the vlan co mmand , y ou can use the po rt-security maximum command to specify the maximum numb er
of secure add resses o n d ifferent VLANs.
If a sp ecific VLAN on a po rt is no t configu red with a maximu m value, the max imum configured for th e
port is used for th at VLAN. In this situation, the maximu m nu mber o f ad dresses th at can be secured on
this VLAN is limited to the maximum value configured on the port.
Each VLAN can be configured with a maximu m count that is g reater than the value con figured o n th e
port. Also, the sum total of the maximu m co nfigured values for all the VLANs can exceed the maximu m
co nfigured for th e port. In eith er o f these situations, the nu mber of MAC ad dresses secured on each
VLAN is limited to the lesser of the VLAN configuration maximum and the po rt co nfigu ration
max imum.
Examples
This examp le shows how to configure a maximum numb er o f ad dresses (5) on interface
Gigabit Ethern et 1/1 for VLANs 2 -3:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface g1/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan 2-3
Switch(config-if-vlan-range)# port-security maximum 5
Switch(config-if-vlan-range)# exit
Switch#
Related Commands
Co mmand
port-security mac-a ddress
Description
Config ures a secure address on an in terface for a specific VLAN
or VLAN range.
port-security mac-a ddress
sticky
Configures a sticky ad dress on an in terface fo r a specific VLAN
or VLAN range.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-427
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
power dc input
power dc input
To configure th e p ower DC inpu t parameters on th e s witch, use the power dc input command. To return
to the default p ower settings, u se the no form of this command.
power dc input watts
no power dc input
Syntax Description
watts
Sets the total capacity of the external DC so urce in watts; valid values are from
300 to 850 0.
Defaults
DC p ower input is 2500 W.
Command Modes
Global configuratio n mo de
Usage Guidelines
If you r interface is not cap able of sup porting Power over Ethernet, y ou will receive this message:
Power over Ethernet not supported on interface Admin
Examples
This example s hows how to set th e total capacity of th e ex ternal DC power source to 5000 W:
Switch(config)# power dc input 5000
Switch(config)#
Related Commands
Command
show power
Descriptio n
Displays info rmation ab out the power status .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-428
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
power efficient-ethernet auto
power efficient-ethernet auto
To enable EEE, u se the power efficient-ethernet auto command. To disable EEE, use th e no form o f
this co mmand .
power efficient-ethernet auto
no power efficient-ethernet auto
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
EEE is disabled
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
EEE is sup ported on WS-X4 748-UPOE+E and WS-X4748-RJ45-E.
EEE defines su pport for physical lay er devices (PHYs) to operate in Low Power Idle (LPI) mode. Wh en
en abled, EEE supp orts QUIET times during low lin k u tilization allowing both sides of a link to d isab le
portions of each PHY's o perating circu itry and save power. This functionality is prov ided p er p ort and
is not enabled by default. To avoid issues with EEE fun ction ality on any port d uring run-time, Cisco
pro vides the power efficient-ethernet auto command to enab le or d isab le EEE.
Because EEE relies o n Auto Negotiation pulse to determin e wh ether to activate EEE, th e port mu st
initially enable auto negotiation. Furthermore, EEE is th e correct action provided the sp eed is auto
100M, au to 1 000M, or auto 1 00M an d 1 000M. 10M (either au to o r forced mode) do es not require EEE
for power saving.
Examples
This examp le shows how to enable EEE:
Switch# config t
Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# power efficient-ethernet auto
Switch(config-if)# exit
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-429
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
power inline
power inline
To set the inline-power state for the inline-po wer-capable interfaces, use the po wer inline co mmand . To
retu rn to the defau lt values, use the no fo rm of this command.
power inline { a uto [max milliwatt] | never | static [max milliwatt] | cons umption milliwatt}
no power inline
Syntax Description
a uto
max milliwatt
Sets th e Power over Ethernet state to auto mode for in line-power-capable
in terfaces.
(Optio nal) Sets th e max imum power th at the equipment can con sume; valid
range is from 200 0 to 15 400 mW for clas sic modu les. For the
WS-X4648-RJ45V-E, the maximum is 200 00. For the
WS-X4648-RJ45V+E, the max imum is 30 000.
never
Disab les both th e detection and power for the inline-power capable
in terfaces.
static
Allocates power statically.
consumption milliwa tt
Sets power allocation per interface; valid range is from 4 000 to 1540 0 for
classic modu les. Any no n-default value disables auto matic adju stment of
p ower allo cation.
Defaults
The default settings are as follows:
Command Modes
Interface configuration mod e
Usage Guidelines
•
Auto mode for Power o ver Ethernet is set.
•
Maximum mW mo de is set to 15 400. For the WS-X4 648-RJ45V-E, the maximum mW is set to
2 0000. Fo r the WS-X4648-RJ45V+E, the max imum mW is s et to 3000 0.
•
Defau lt allocatio n is set to 1 5400.
If you r interface is not cap able of sup porting Power over Ethernet, y ou will receive this message:
Power over Ethernet not supported on interface Admin
Examples
This example s hows how to set th e inline-p ower detection and power for the inline-power-cap able
in terfaces:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 4/1
Switch(config-if)# power inline auto
Switch(config-if)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-430
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
power inline
This examp le shows how to d isable the inlin e-power detection and power for th e inline-p ower-capable
interfaces:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 4/1
Switch(config-if)# power inline never
Switch(config-if)# end
Switch#
This examp le shows how to set the p ermanent Power over Ethernet allocation to 800 0 mW fo r Fast
Ethern et interface 4/1 reg ardles s what is mandated either by the 8 02.3af class of the discovered d evice
or by any CDP p acket that is received fro m the powered device:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 4/1
Switch(config-if)# power inline consumption 8000
Switch(config-if)# end
Switch#
This examp le shows how to p re-allocate Power over Ethernet to 16500 mW for Gigabit Ethernet
interface 2/1 regardless of what is mandated either by the 802.3af class of th e discovered device o r by
any CDP packet that is received from the p owered device:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# power inline static max 16500
Switch(config-if)# end
Switch#
Related Commands
Co mmand
show power
Description
Displays information about the power status.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-431
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
power inline consumption
power inline consumption
To set the default power that is allocated to an in terface fo r all the inline-po wer-capable interfaces on
th e switch, use the power inline consumption co mmand . To return to the default values, u se the no form
o f this co mmand .
power inline consumption default milliwatts
no power inline consumption default
Syntax Description
default
milliwatts
Defaults
Milliwatt mode is s et to 15400 .
Command Modes
Global configuratio n mo de
Usage Guidelines
Specifies the switch to use the default allocation.
Sets th e default power allocation in milliwatts; the valid range is fro m
4 000 to 15399 . Any n on-defau lt value d isab les automatic ad justment o f power
allocatio n.
The inline power co nsumption comman d overrides the power allo cated to the po rt throug h IEEE/Cisco
p hone d iscovery and CDP/LLDP power negotiation. To guarantee safe operation of the sys tem, ensu re
th at the valu e co nfigured here is no less than the actual power requirement of the attached d evice. If the
p ower drawn by the inline powered dev ices exceeds the cap ab ility of th e power sup ply, it could trip the
p ower supply.
If you r interface is not cap able of sup porting Power over Ethernet, y ou will receive this message:
Power over Ethernet not supported on interface Admin
Examples
This example s hows how to set th e Power over Ethern et allocation to use 8000 mW, regardless of any
CDP packet that is received from the p owered device:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# power inline consumption default 8000
Switch(config)# end
Switch#
Related Commands
Command
power inline
Descriptio n
Sets th e inline-power state for the inline-po wer-capable
in terfaces.
show power
Displays info rmation ab out the power status .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-432
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
power inline four-pair forced
power inline four-pair forced
To automatically enable p ower on b oth signal and spare pairs from a switch po rt, prov ided th e end-dev ice
is PoE capab le o n both signal and spare p airs but do es not sup port the CDP or LLDP extensions required
for UPOE, use the power inline fo ur-pair forced command.
power inline four-pair fo rced
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Non e
Command Modes
Usage Guidelines
Interface con figuration mode
Altho ugh IEEE 802.at o nly provides fo r power up to 30W per port, the WS-X4748 -UPOE+E modu le can
pro vide up to 60 W using the spare pair of an RJ 45 cable (wires 4,5,7,8) with the sign al pair (wires
1,2,3,6 ). Power on the spare pair is en abled wh en the switch port and end-d evice mutu ally identify
themselves as UPOE capable u sing CDP o r LLDP and the end -device requests fo r power o n th e spare
pair to be enabled. Wh en the spare pair is powered, th e en d-device can nego tiate up to 60W power from
the switch us ing CDP o r LLDP.
If th e end-device is PoE cap able on both signal an d spare p airs bu t d oes no t sup port the CDP or LLDP
extensio ns required for UPOE, th en the following co nfiguration auto matically enables p ower on both
signal and sp are pairs from the switch port
Examples
The following example shows how to automatically en able power on bo th signal and spare pairs from
switch port g igabit ethernet 2/1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# power inline four-pair forced
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
Switch(config-if)# end
Switch#
Do not enter this co mmand if th e end-device is incap ab le of so urcing inline power on the spare p air o r
if the end-device suppo rts the CDP or LLDP exten sions fo r UPOE.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-433
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
power inline logging global
power inline logging global
To en able co nsole messages th at show when a Po E device h as been d etected and to show wh en a PoE
d evice has been removed, use the po wer inline logging global comman d.
power inline lo gging global
Syntax Description
This command has no arguments or keywo rds.
Defaults
Disabled
Command Modes
Global configuratio n mo de
Usage Guidelines
Be aware o f the potential for console floodin g if this comman d is used o n a switch connected to several
PoE devices.
Examples
This example s hows how to glob ally enable PoE status messaging o n each interface:
To en able Po E event logging , you us e the lo gging event poe-status global co mmand :
Switch# conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# power inline logging global
Switch(config)# int gigabitEthernet 5/5
Switch(config-if)# shut
Switch(config-if)#
*Oct 17 12:02:48.407: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi5/5: PD removed
Switch(config-if)# no shut
Switch(config-if)#
*Oct 17 12:02:54.915: %ILPOWER-7-DETECT: Interface Gi5/5: Power Device detected: IEEE PD
Related Commands
Command
Descriptio n
lo gging event link-status global (global Changes the d efault switch-wid e global link-statu s even t
configuration)
messaging settings.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-434
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
power inline police
power inline police
To config ure Power over Ethern et policing on a p articular in terface, u se the power inline po lice
co mmand . The no form o f the command disables PoE po licing o n an interface.
power inline police [action] [errdisable | log]
no power inline police [action] [errdisable | log]
Syntax Description
action
errdisa ble
log
(Option al) Specifies th e action to take on the port when a PoE policing fault
occurs (the device consumes more power than it’s allocated).
(Option al) Enables PoE po licing on th e interface and places the p ort in an
errdisable state when a PoE policing fault occurs.
(Option al) Enables PoE po licing on th e interface and, if a PoE po licing fault
occurs, shuts, restarts the p ort, an d lo gs an error message.
Defaults
PoE policing is disab led.
Command Modes
Interface con figuration mode
Usage Guidelines
If a port is in the errdis able state because o f a PoE policing fault, en ter th e shut co mmand followed by
a no shut on the interface to make th e port operational again.
You can also configu re inline-power errdisable auto recovery so th at an errdisabled interface is
au tomatically rev ived when the errdisable auto reco very timer expires .
Examples
This examp le shows how to enable PoE p olicin g and config ure a policing actio n:
Switch(config)# int gigabitEthernet 2/1
Switch(config-if)# power inline police
Switch(config-if)# do show power inline police gigabitEthernet 2/1
Available:421(w) Used:39(w) Remaining:382(w)
Interface Admin Oper
Admin
Oper
Cutoff Oper
State State
Police
Police
Power Power
--------- ------ ---------- ---------- ---------- ------ ----Gi2/1
auto
on
errdisable ok
17.4
7.6
Switch(config-if)# power inline police action log
Available:421(w) Used:39(w) Remaining:382(w)
Interface Admin Oper
Admin
Oper
Cutoff Oper
State State
Police
Police
Power Power
--------- ------ ---------- ---------- ---------- ------ ----Gi2/1
auto
on
log
ok
17.4
9.6
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-435
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
power inline police
Related Commands
Command
errdisable recovery
Descriptio n
Enab les errdisable autorecovery; the port automatically restarts
itself after go ing to the errdisable state after its errdisable
autorecovery timer expires.
show power inline police
Displays the PoE policing status of an interface, module, o r
chassis.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-436
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
power redundancy-mode
power redundancy-mode
To config ure the power settings for the chassis, u se the power redundancy-mo de command. To return
to the default setting, u se the default form o f this co mmand .
power redundancy-mode {redundant | combined}
default power redundancy-mode
Syntax Description
Defaults
redundant
co mbined
Con figures the switch to redund ant power managemen t mo de.
Con figures the switch to co mbined p ower man agement mode.
Redu ndant power manag ement mode
Command Modes
Usage Guidelines
Caution
Glob al co nfigu ration mode
The two power sup plies mus t be the same typ e and wattage.
If y ou h ave power supplies with d ifferent types or wattag es installed in your switch , the switch will not
recognize one of the power sup plies . A switch set to red undant mode will not have power redu ndancy.
A switch set to combined mode will use on ly o ne power supply.
In red undant mode, the power from a sin gle power s upply must provide enou gh power to sup port the
switch co nfiguration.
Table 2 -9 lis ts the maximum available power for chassis and Power over Ethernet fo r each power supply.
Table 2-9
Po wer Supply
1000 W AC
Available Power
Re dundant Mode (W)
System 1 = 10 00
Inlin e = 0
2800 W AC
Co mbined Mode (W)
System = 1667
Inlin e = 0
System = 1360
System = 2473
Inlin e = 1400
Inline = 2333
1. The sys tem p ower includes p ower for the supervis or en gines, all modules, an d th e fan tray.
Examples
This examp le shows how to set the p ower man agement mo de to combined:
Switch(config)# power redundancy-mode combined
Switch(config)#
Related Commands
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-437
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
power redundancy-mode
Command
Descriptio n
show power
Displays info rmation ab out the power status .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-438
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
pp poe intermediate-agent (global)
pppoe intermediate-agent (global)
To en able th e PPPoE Intermediate Ag ent feature on a switch, u se the pppoe intermediate-agent glo bal
co nfiguration co mmand . To d is able the feature, use th e no form o f this co mmand .
pppoe intermediate-agent
no pppoe intermediate-agent
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
disabled
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
You must enable PPPo E Intermediate Agen t glo bally o n a switch before yo u can use
PPPoE Intermediate Agent on an interface or in terface VLAN.
Examples
This example shows how to enable PPPoE Intermediate Agent on a switch:
Switch(config)# pppoe intermediate-agent
This examp le shows how to d isable PPPoE Intermediate Ag ent on a s witch:
Switch(config)# no pppoe intermediate-agent
Related Commands
Co mmand
Description
pppoe intermediate-agent
(glo ba l)
Sets the access node identifier, generic erro r mes sage, and
identifier strin g for a switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-439
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
pppoe intermediate-agent (interface)
pppoe intermediate-agent (interface)
Note
This command takes effect only if yo u enable th e pppoe intermediate-agent glob al comman d.
To enable the PPPoE Intermediate Agent feature on an interface, use the pppoe intermediate-agent
command. To disable th e feature, u se the no form of this command.
pppoe intermediate-agent
no pppoe intermediate-agent
Syntax Description
This command has no arguments or keywo rds.
Defaults
Disab led on all interfaces.
Command Modes
Interface configuration mod e
Usage Guidelines
PPPoE Intermediate Agent is enabled on an interface provided the PPPoE Intermediate Agent is enabled
b oth on the switch and the in terface.
Examples
This example s hows how to enable the PPPoE Intermediate Agent on an interface:
Switch(config-if)# pppoe intermediate-agent
This example s hows how to disable th e PPPoE Intermediate Ag ent on an interface:
Switch(config-if)# no pppoe intermediate-agent
Related Commands
Command
pppoe intermediate-agent
format-type (interface)
pppoe intermediate-agent
limit rate
Limits th e rate o f the PPPoE Discovery pack ets coming on an
in terface.
pppoe intermediate-agent
trust
pppoe intermediate-agent
vendor-tag strip
Descriptio n
Sets circuit ID or remo te ID for an interface.
Enab les vendor-tag strip ping on PPPoE Disco very packets from
PPPoE Server (or BRAS).
Sets th e trust con figuratio n o f an in terface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-440
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
pppoe intermediate-agent (interface vla n-range)
pppoe intermediate-agent (interface vlan-range)
Note
This comman d takes effect only if you en able the pppoe intermediate-agent g lobal command.
To enable PPPo E Intermediate Ag ent on an interface VLAN rang e, use the pppoe intermediate-agent
global command. To dis able the feature, use th e no form o f this co mmand .
pppoe intermediate-agent
no pppoe intermediate-agent
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
Disabled on all VLANs o n all interfaces
Command Modes
Interface vlan -ran ge config uration mode
Usage Guidelines
Altho ugh this co mmand takes effect irres pective of the pppo e intermediate-ag ent (interface
co nfiguration mode) comman d, yo u mu st enable th e pppoe intermediate-agent (global configuration
mode) comman d.
Examples
This example shows how to enable PPPoE Intermediate Agent on a range of VLANs:
Switch(config-if)# vlan-range 167-368
Switch(config-if-vlan-range)# pppoe intermediate-agent
This examp le shows how to d isable PPPoE Intermediate Ag ent on a s ingle VLAN:
Switch(config-if)# vlan-range 268
Switch(config-if-vlan-range)# no pppoe intermediate-agent
Related Commands
Co mmand
pppoe intermediate-agent
(interface)
Description
Enables th e PPPoE Intermediate Ag en t feature on an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-441
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
pppoe intermediate-agent format-type (global)
pppoe intermediate-agent format-type (global)
To set the access nod e identifier, g eneric error message, an d id entifier string for the switch, u se the
pppoe intermediate-agent format-type (global) command. To disable the feature, us e the no form of
th is command:
pppoe intermediate-agent format-type access-node-identifier string string
pppoe intermediate-agent format-type generic-error-message string string
pppoe intermediate-agent format-type identifier-string s tring strin g option {sp|sv| pv|s pv}
delimiter {,|.| ;|/|#}
no pppoe intermediate-agent format-type {access-node-identifier | g eneric-error-messa ge |
identifier-string}
Syntax Description
a cces s-node-identifier
string strin g
ASCII string literal value for the access-n ode-identifier.
g eneric-error-messa ge
string strin g
ASCII string literal value for the generic-error-message.
identifier-string string
str in g
ASCII string literal value for the identifier-string.
o ption {s p|sv|pv|spv}
Optio ns:
delimiter {,|.|;|/|# }
Delimiter between slot/po rt/VLAN p ortion s o f option.
sp = slot + port
sv = slot + VLAN
pv = port + VLAN
spv = slot + po rt + VLAN
Defaults
a cces s-node-identifier has a default value of 0.0.0.0.
g eneric-error-messa ge, identifier-string, option, and delimiter have no default values.
Command Modes
Global configuratio n mo de
Usage Guidelines
Use the access-node-identifier and identifier-s tring commands to en ab le the switch to generate th e
circuit-id parameters automatically.
The no form of identifier-string command unsets the o ption an d d elimiter.
Use the generic-erro r-message command to set an error messag e notifying the send er that the
PPPoE Discovery packet was too large.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-442
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
pppoe inte rmediate-age nt format-type (global)
Examples
This examp le shows how to set an access-node-id entifier:
Switch(config)# pppoe intermediate-agent format-type access-node-identifier string
switch-abc-123
This examp le shows how to u nset a gen eric-error-message:
Switch(config)# no pppoe intermediate-agent format-type generic-error-message
Related Commands
Co mmand
show pppoe
intermediate-agent interface
Description
Displays the PPPoE Intermed iate Agent co nfiguration an d
statistics (p acket coun ters).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-443
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
pppoe intermediate-agent format-type (interface)
pppoe intermediate-agent format-type (interface)
Note
This command takes effect only if yo u enable th e pppoe intermediate-agent interface configuration
command.
To set circuit-id o r remote-id for an interface, use th e pppoe intermediate-agent format-type
command. To unset the parameters, use the no form of this command.
pppoe intermediate-agent format-type {circuit-id | remote-id} string string
no pppoe intermediate-agent format-type {circuit-id | remote-id} string string
Syntax Description
circuit-id string string
ASCII string literal value for circuit-id.
remote-id string strin g
ASCII string literal value for remote-id.
Defaults
No default values for circu it-id and remote-id.
Command Modes
Interface configuration mod e
Usage Guidelines
Use the pppoe intermediate-agent forma t-type command to set in terface-specific circu it-id and
remo te-id values. If an interface-specific circuit-id is not set, the system's automatic generated circuit-id
value is used.
Examples
This example s hows how to set remote-id for an interface:
Switch(config-if)# pppoe intermediate-agent format-type remote-id string user5551983
This example s hows how to unset circuit-id for an interface:
Switch(config)# no pppoe intermediate-agent format-type circuit-id
Related Commands
Command
Descriptio n
pppoe intermediate-agent
(interface)
Enab les the PPPoE Intermediate Agent feature on an interface.
pppoe intermediate-agent
(interface vlan-range)
Sets th e circuit-id o r remote-id for an interface vlan-range.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-444
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
pppoe intermediate-agent format-type (interface vla n-range)
pppoe intermediate-agent format-type (interface vlan-range)
Note
This comman d takes effect only if you en able the pppoe intermediate-agent in terface vlan-range
co nfiguration mode command.
To set circu it-id or remo te-id for an interface vlan -rang e, use the
pppoe intermediate-a gent fo rmat-ty pe in terface v lan-range mo de command. To u nset the parameters,
use th e no form o f this co mmand .
pppoe intermediate-agent format-ty pe {circuit-id | remote-id} string strin g
no pppoe intermediate-agent format-type {circuit-id | remote-id} string string
Syntax Description
circuit-id string string
remote-id string string
ASCII string literal value to be set for circuit-id.
ASCII string literal value to be set for remote-id.
Defaults
No default valu es for circuit-id and remote-id .
Command Modes
Interface vlan -ran ge config uration mode
Usage Guidelines
Use th ese commands to set circuit-id o r remote-id on an interface vlan-range. If the circu it-id is not set,
the sy stem’s automatically generated circuit-id is used.
Examples
This examp le shows how to set remote-id on an interface VLAN:
Switch(config-if)# vlan-range 268
Switch(config-if-vlan-range)#
pppoe intermediate-agent format-type remote-id string user5551983-cabletv
This examp le shows how to u nset circuit-id on an interface vlan -rang e:
Switch(config-if)# vlan-range 167-368
Switch(config-if-vlan-range)# no pppoe intermediate-agent format-type circuit-id
Related Commands
Co mmand
pppoe intermediate-agent
(interfa ce vlan-range)
Description
Enables PPPoE Intermediate Agen t on an in terface VLAN range.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-445
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
pppoe intermediate-agent limit rate
pppoe intermediate-agent limit rate
To limit the rate of the PPPoE Discovery packets arriving on an interface, use the
pppoe intermediate-agent limit rate comman d. To d isab le the feature, use the no form of this
command.
pppoe intermediate-agent limit rate number
no pppoe intermediate-ag ent limit ra te numb er
Syntax Description
n umber
Specifies the threshold rate o f PPPoE Discovery packets received on th is
interface in pack ets-per-s econd.
Defaults
This command has no default setting s.
Command Modes
Interface configuration mod e
Usage Guidelines
If this command is used and the PPPoE Discovery packets that are received exceeds the rate s et, the
in terface will be error-disabled (shu tdown).
Examples
This example s hows how to set a rate limit fo r an interface:
Switch(config-if)# pppoe intermediate-agent limit rate 50
This example s hows how to disable rate limiting fo r an in terface:
Switch(config-if)# no pppoe intermediate-agent limit rate
Related Commands
Command
pppoe intermediate-agent
(interface)
Descriptio n
Enab les the PPPoE Intermediate Agent feature on an interface
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-446
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
pppoe intermediate-agent tru st
pppoe intermediate-agent trust
To set the trus t co nfigu ration o f an in terface, use the pppoe intermediate-agent trust g lobal comman d.
To un set the trust parameter, use the no form o f this co mmand .
pppoe intermediate-agent trust
no pppoe intermediate-agent trus t
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
All interfaces are untrusted.
Command Modes
Interface con figuration mode
Usage Guidelines
At least one trusted interface mus t be present on the switch for PPPoE Intermediate Agent feature to
work.
Set the in terface co nnecting the switch to the PPPo E Server (or BRAS) as tru sted .
Examples
This examp le shows how to set an in terface as trusted:
Switch(config-if)# pppoe intermediate-agent trust
This examp le shows how to d isable the trust co nfigu ration for an interface:
Switch(config-if)# no pppoe intermediate-agent trust
Related Commands
Co mmand
Description
pppoe intermediate-agent
vendor-tag strip
Enables vendor-tag strip ping o n PPPoE Discovery p ackets from a
PPPoE Server (or BRAS).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-447
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
pppoe intermediate-agent vendor-tag strip
pppoe intermediate-agent vendor-tag strip
Note
This command takes effect only if yo u enable th e pppoe intermediate-agent interface configuration
command and the pppoe intermediate-agent trust command.
To en able ven dor-tag strippin g o n PPPoE Discovery packets from PPPo E Server (or BRAS), us e the
pppoe intermediate-agent vendor-tag strip co mmand . To disable th is setting, use the no form of this
command.
pppoe intermediate-agent vendor-tag strip
no pppoe intermediate-ag ent vendo r-tag strip
Syntax Description
This command has no arguments or keywo rds.
Defaults
vendo r-tag stripping is turn ed off.
Command Modes
Interface configuration mod e
Usage Guidelines
This command has no effect on u ntrus ted interfaces.
Use this command on a PPPoE Intermediate Agent trusted interface to strip off the vendor-specific tags
in PPPo E Discovery pack ets that arrive downstream from th e PPPoE Server (or BRAS), if any.
Examples
This example s hows how to set vendo r-tag stripping on an interface:
Switch(config-if)# pppoe intermediate-agent vendor-tag strip
This example s hows how to disable vendo r-tag stripping on an interface:
Switch(config-if)# no pppoe intermediate-agent vendor-tag strip
Related Commands
Command
Descriptio n
pppoe intermediate-agent
(interface)
pppoe intermediate-agent
trust
Enab les the PPPoE Intermediate Agent feature on an interface.
Sets th e trust con figuratio n o f an in terface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-448
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
priority
priority
To en able th e strict priority qu eue (low-latency qu eueing [LLQ]) an d to give prio rity to a class of traffic
belonging to a p olicy map attached to a p hysical port, u se the priority policy-map clas s configuration
co mmand . To return to the defau lt setting, use th e no form o f this co mmand .
priority
no priority
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
The strict p riority queue is disabled.
Command Modes
Policy-map class con figuratio n mo de
Usage Guidelines
Use th e priority command only in a policy map attached to a ph ysical port. You can use this command
only in class-level classes, yo u cannot use this command in class class-default.
This comman d con figures LLQ and prov ides strict-priority qu eueing. Strict-priority queuein g enables
delay-sensitive data, such as voice, to be sent befo re pack ets in other queues are sen t. The priority queue
is serviced first until it is empty.
You can not use the bandwidth, dbl, and the sha pe policy -map class co nfiguration commands with the
priority p olicy-map class con figuratio n command in the same class within the same policy map.
However, yo u can use these commands in the s ame p olicy map.
You can us e p olice or set class con figuratio n comman ds with the priority police-map class configuration
co mmand .
If the priority queuing class is not rate limited, y ou cannot u se the bandwid th comman d, you can u se the
bandwid th remainin g p ercent comman d in stead.
Examples
This examp le shows how to enable th e LLQ for the policy map called policy1 :
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class voice
Switch(config-pmap-c)# priority
You can verify you r settin gs by entering the show policy-map privileged EXEC comman d.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-449
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
priority
Related Commands
Command
bandwidth
class
dbl
Descriptio n
Specifies or modifies the minimum b and width prov ided to a class
b elon ging to a policy map attached to a phy sical port.
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
Enab les dyn amic buffer limitin g for traffic h itting this class.
policy-map
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
service-po licy (po licy-ma p
class)
shape (class-bas ed queueing)
Creates a service po licy that is a q uality o f service (QoS) po licy
within a po licy map .
Enab les traffic shaping a class of traffic in a policy map attached
to a physical po rt.
show policy-map
Displays info rmation ab out the po licy map .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-450
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
private-vlan
private-vlan
To config ure private VLANs and the associatio n b etween a private VLAN and a secondary VLAN, use
the private-vlan command. To return to the default valu e, use the no form o f this co mmand .
private-vlan {isolated | co mmunity | twoway-community | primary}
private-vlan association seconda ry-vla n-list [{add seco ndary-vlan-list} |
{remov e secon dary-vlan-list}]
no private-vlan { is olated | community | twoway-community | primary}
no private-vlan a ssociatio n
Syntax Description
isolated
co mmunity
Designates the VLAN as an isolated p rivate VLAN.
Designates the VLAN as th e community private VLAN.
twoway -community
Designates the VLAN as a host port th at belongs to a twoway-community
second ary VLAN
Designates the VLAN as th e primary private VLAN.
primary
association
secon dary-vlan-list
add
remov e
Creates an associatio n between a secondary VLAN and a primary VLAN.
Sp ecifies the numb er of the s econdary VLAN.
The lis t can contain only on e isolated VLAN ID; it can also con tain multiple
commu nity or twoway-community VLAN IDs
(Optional) Ass ociates a secon dary VLAN to a primary VLAN.
(Optional) Clears th e association between a seco ndary VLAN and a p rimary
VLAN.
Defaults
Private VLANs are not con figured .
Command Modes
VLAN config uration mode
Usage Guidelines
You can not co nfigure VLAN 1 o r VLANs 10 01 to 1005 as p rivate VLANs.
VTP does not suppo rt private VLANs. You must con figure private VLANs on each dev ice where you
want private VLAN po rts.
The second ary_ vlan _list parameter can not con tain spaces; it can contain mu ltiple comma-separated
items. Each item can b e a sing le p rivate VLAN ID or a range of private VLAN IDs separated by hy phens.
The second ary_ vlan _list parameter can contain multiple commun ity VLAN IDs.
The seco ndary_vlan_list parameter can contain on ly one iso lated VLAN ID. A p rivate VLAN is d efined
as a set o f private ports characterized by a co mmon set of VLAN nu mber p airs: each pair is made up o f
at least two sp ecial un id irectio nal VLANs and is used by isolated po rts or by a commu nity of ports to
co mmunicate with the switch es.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-451
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
private-vlan
An isolated VLAN is a VLAN that is used by the isolated ports to communicate with the pro miscuo us
p orts. The isolated VLAN traffic is blocked on all other p rivate ports in the same VLAN and can be
received only by the standard tru nking po rts an d the promiscuous ports that are ass igned to th e
correspon ding primary VLAN.
A commun ity VLAN is th e VLAN that carries th e traffic among the commun ity ports and from the
commun ity p orts to the p romiscuou s p orts on the co rresp onding primary VLAN. A community VLAN
is no t allowed on a private VLAN trun k.
A p romiscuou s p ort is a private p ort that is assign ed to a primary VLAN.
A p rimary VLAN is a VLAN that is used to co nvey the traffic fro m the switches to th e customer end
stations on the private po rts.
You can specify only on e isolated vlan-id value, while mu ltiple community VLANs are allowed . Yo u
can only as sociate iso lated an d commun ity VLANs to one VLAN. The associated VLAN list may not
contain primary VLANs. Similarly, a VLAN that is already ass ociated to a primary VLAN canno t be
configured as a primary VLAN.
The private-vlan commands do no t take effect until you ex it th e co nfig-VLAN sub mode.
If y ou delete eith er the p rimary o r seco ndary VLAN, th e po rts that are associated with the VLAN become
in active.
Refer to the Ca talys t 45 00 Series Switch Cisco IOS Software Configu ration Guid e fo r additional
configuration gu idelin es.
Examples
This example s hows how to config ure VLAN 202 as a primary VLAN and verify the co nfiguration:
Switch# configure terminal
Switch(config)# vlan 202
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
primary
This example s hows how to config ure VLAN 303 as a community VLAN and verify the config uration:
Switch# configure terminal
Switch(config)# vlan 303
Switch(config-vlan)# private-vlan community
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
primary
303
community
This example s hows how to config ure VLAN 440 as an isolated VLAN an d v erify the con figuratio n:
Switch# configure terminal
Switch(config)# vlan 440
Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
primary
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-452
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
private-vlan
303
440
community
isolated
This examp le shows how to create a p rivate VLAN relationsh ip among the primary VLAN 14, the
isolated VLAN 1 9, and community VLANs 20 and 21 :
Switch(config)# vlan 19
Switch(config-vlan) # private-vlan isolated
Switch(config)# vlan 14
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# private-vlan association 19
This examp le shows how to remove a private VLAN relationship and delete the primary VLAN. The
ass ociated secondary VLANs are n ot d eleted.
Switch(config-vlan)# no private-vlan 14
Switch(config-vlan)#
This examp le shows how to configure VLAN 55 0 as a twoway -community VLAN and verify the
co nfiguration:
Switch# configure terminal
Switch(config)# vlan 550
Switch(config-vlan)# private-vlan twoway-community
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
primary
303
community
440
isolated
550
twoway-community
This example sh ows h ow to associate community VLANs 303 through 307 an d 30 9 and isolated VLAN
440 with p rimary VLAN 20 2 and verify the configuration :
Switch# configure terminal
Switch(config)# vlan 202
Switch(config-vlan)# private-vlan association 303-307,309,440
Switch(config-vlan)# end
Switch# show vlan private-vlan
Primary Secondary Type
Interfaces
------- --------- ----------------- -----------------------------------------202
303
community
202
304
community
202
305
community
202
306
community
202
307
community
202
309
community
202
440
isolated
308
community
Note
The second ary VLAN 308 has no as sociated primary VLAN.
This examp le shows how to remove an is olated VLAN from the private VLAN associatio n:
Switch(config)# vlan 14
Switch(config-vlan)# private-vlan association remove 18
Switch(config-vlan)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-453
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
private-vlan
This example s hows how to config ure interface FastEthernet 5 /1 as a PVLAN ho st p ort and verify th e
configuration :
Switch# configure terminal
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 202 440
Switch(co nfig-if)# end
Switch# show interfaces fastethernet 5/1 switchport
Name: Fa5/1
Switchport: Enabled
Administrative Mode: private-vlan host
Operational Mode: private-vlan host
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Appliance trust: none
Administrative Private Vlan
Host Association: 202 (VLAN0202) 440 (VLAN0440)
Promiscuous Mapping: none
Trunk encapsulation : dot1q
Trunk vlans:
Operational private-vlan(s):
202 (VLAN0202) 440 (VLAN0440)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Related Commands
Command
show v lan
show v lan private-v lan
Descriptio n
Displays VLAN information.
Displays private VLAN information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-454
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
private-vlan mapping
private-vlan mapping
To create a mapp ing between the primary and th e secondary VLANs so that both share the same primary
VLAN SVI, u se the private-vla n mapping command. To remove all PVLAN mappings from an SVI, use
the no form of this command.
private-vlan ma pping prima ry-vla n-id {[secon dary-vlan-list | { a dd second ary-vlan-list} |
{remov e secon dary-vlan-list}]}
no private-vlan mapping
Syntax Description
prima ry-vla n-id
secon dary-vlan-list
VLAN ID of th e primary VLAN of th e PVLAN relationship .
(Option al) VLAN ID o f the secondary VLANs to map to the primary VLAN.
add
remov e
(Option al) M aps the second ary VLAN to the p rimary VLAN.
(Option al) Removes th e mapping between th e seco ndary VLAN and the
primary VLAN.
Defaults
All PVLAN map pings are removed .
Command Modes
Interface con figuration mode
Usage Guidelines
The second ary_ vlan _list parameter can not con tain spaces. It can contain multiple, comma-separated
items. Each item can be a single PVLAN ID or a range of PVLAN IDs separated by hyp hen s.
This comman d is valid in the interface con figuratio n mo de of the primary VLAN.
The SVI of th e primary VLAN is created at Layer 3.
The traffic that is received on the secondary VLAN is routed by the SVI of the primary VLAN.
The SVIs of the existing secon dary VLANs do n ot fu nctio n an d are considered down after th is co mmand
is entered.
A secon dary SVI can b e mapped to o nly one p rimary SVI. If the con figured PVLANs association is
different fro m what is specified in this command (if th e specified p rimary-vlan-id is con figured as a
secon dary VLAN), all the SVIs that are specified in this co mmand are bro ught down .
If you co nfigu re a map ping between two VLANs that do n ot h ave a valid Layer 2 association , the
map ping co nfigu ration does not take effect.
Examples
This examp le shows how to map the in terface of VLAN 2 0 to th e SVI o f VLAN 18:
Switch(config)# interface vlan 18
Switch(config-if)# private-vlan mapping 18 20
Switch(config-if)#
This example shows how to permit th e routing of th e secondary VLAN ing ress traffic fro m PVLANs 30 3
thro ugh 307 , 309 , and 440 and how to verify th e configu ration:
Switch# config terminal
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-455
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
private-vlan mapping
Switch(config)# interface vlan 202
Switch(config-if)# private-vlan mapping add 303-307,309,440
Switch(config-if)# end
Switch# show interfaces private-vlan mapping
Interface Secondary VLAN Type
--------- -------------- ----------------vlan202
303
isolated
vlan202
304
isolated
vlan202
305
isolated
vlan202
306
isolated
vlan202
307
isolated
vlan202
309
isolated
vlan202
440
isolated
Switch#
This example shows the disp layed message that y ou will see if the VLAN that you are adding is already
mapped to the SVI of VLAN 1 8. Yo u must d elete the map ping from the SVI of VLAN 1 8 first.
Switch(config)# interface vlan 19
Switch(config-if)# private-vlan mapping 19 add 21
Command rejected: The interface for VLAN 21 is already mapped as s secondary.
Switch(config-if)#
This example s hows how to remove all PVLAN map pings from the SVI of VLAN 19:
Switch(config)# interface vlan 19
Switch(config-if)# no private-vlan mapping
Switch(config-if)#
Switch# configure terminal
Switch(config)# interface vlan 202
Switch(config-if)# private-vlan mapping add 303-307,309,440
Switch(config-if)# end
Switch# show interfaces private-vlan mapping
Interface Secondary VLAN Type
--------- -------------- ----------------vlan202
303
community
vlan202
304
community
vlan202
305
community
vlan202
306
community
vlan202
307
community
vlan202
309
community
vlan202
440
isolated
Switch#
Related Commands
Command
show interfa ces private-vlan
mapping
Descriptio n
Displays PVLAN mapp ing info rmation fo r VLAN SVIs.
show v lan
show v lan private-v lan
Displays VLAN information.
Displays private VLAN information .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-456
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
p rivate-vlan synchronize
private-vlan synchronize
To map the secondary VLANs to th e same instance as th e primary VLAN, use the private-vlan
synchronize command.
private-vlan synchronize
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Examples
MST con figuratio n mode
If you do not map the VLANs to the same instance as the associated primary VLAN when yo u ex it the MST
co nfiguration sub mode, a warning message displays and lists the seco ndary VLANs that are no t map ped
to the same instance as the associated primary VLAN. The private-vlan synchro nize command
au tomatically maps all secondary VLANs to the same instance as the associated primary VLANs.
This examp le shows how to in itialize PVLAN syn chronization:
Switch(config-mst)# private-vlan synchronize
Switch(config-mst)#
This example assumes that a primary VLAN 2 and a secondary VLAN 3 are associated to VLAN 2, and that
all VLANs are mapped to the CIST instance 1 . This example also shows the outp ut if you try to change the
mapping for the primary VLAN 2 only:
Switch(config)# spanning-tree mst configuration
Switch(config-mst)# instance 1 vlan 2
Switch(config-mst)# exit
These secondary vlans are not mapped to the same instance as their primary:
->3
Switch(config)#
Related Commands
Co mmand
Description
show spanning-tree mst
Displays MST protocol in formatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-457
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
profile
profile
To enter profile call-home configuration submo de, u se the profile co mmand in call-ho me co nfiguration
mo de, use th e profile command .
profile p rofile_name
Syntax Description
p rofile_name
Defaults
This command has no default setting s.
Specifies the profile n ame.
Command Modes
cfg-call-home
Usage Guidelines
When you enter the pro file profile_name comman d in call-home mode, the pro mpt changes to
Switch(cfg-call-h ome-profile)#, and you have access to th e fo llowing profile con figuratio n commands:
•
destination address
destination message-size-limit bytes
•
•
destination preferred-msg-format
destination transport-method
•
end
•
exit
•
•
Examples
a ctive
•
•
subscribe-to-a lert-group all
subscribe-to-a lert-group configura tion
•
subscribe-to-a lert-group diagnostic
•
subscribe-to-a lert-group environment
•
subscribe-to-a lert-group invento ry
•
subscribe-to-a lert-group syslo g
This example s hows how to create an d con figure a u ser-defin ed call-home profile:
Switch(config)# call-home
Switch(cfg-call-home)# profile cisco
Switch(cfg-call-home-profile)# destination transport-method http
Switch(cfg-call-home-profile)# destination address http
https://172.17.46.17/its/service/oddce/services/DDCEService
Switch(cfg-call-home-profile)# subscribe-to-alert-group configuration
Switch(cfg-call-home-profile)# subscribe-to-alert-group diagnostic severity normal
Switch(cfg-call-home-profile)# subscribe-to-alert-group environment severity notification
Switch(cfg-call-home-profile)# subscribe-to-alert-group syslog severity notification
pattern "UPDOWN"
Switch(cfg-call-home-profile)# subscribe-to-alert-group inventory periodic daily 21:12
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-458
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
profile
Related Commands
Co mmand
destination address
destina tion preferred-msg -format
Description
Config ures the d estination e-mail add ress or URL to which
Call Ho me mes sages will be s ent.
Config ures a maximum des tinatio n message size for th e
destinatio n profile.
Config ures a preferred message format.
destination transport-method
subscribe-to-alert-g roup a ll
Enables th e messag e transp ort method.
Subscribes to all available alert grou ps.
destina tion messag e-size-limit bytes
subscribe-to-alert-g roup configuration Subscribes this destinatio n p rofile to the Con figuratio n
alert group .
subscribe-to-alert-g roup diag no stic
Subscribes this destinatio n p rofile to the Diag nostic alert
group.
subscribe-to-alert-g roup env ironment
Subscribes th is destination profile to the Environment alert
group.
Subscribes this destinatio n p rofile to the Inven tory alert
group.
subscribe-to-alert-g roup inventory
subscribe-to-alert-g roup s yslog
Subscribes this d estin ation pro file to the Sy slog alert group.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-459
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
qos account layer-all encapsulation
qos account layer-all encapsulation
To accou nt fo r Lay er 1 header length of 20 bytes in QoS p olicing features, use the qos a ccount lay er-all
enca psulation command. To disable the use of additional bytes, use the no fo rm of this command.
qos account la yer-all encapsulation
no qos account layer-all encapsulation
Syntax Description
This command has no arguments or keywo rds.
Defaults
Policers acco unt on ly for the Layer 2 head er length in policing features. In contrast, sh apers account fo r
h eader len gth as well as IPG in rate calculations.
Command Modes
Global configuratio n
Usage Guidelines
Sup ervisor Engine 6-E, Superv is or En gine 6L-E, Catalyst 490 0M, and Catalyst 494 8E use th e qos
a ccount lay er-all enca ps ulation command to account for Layer 1 head er of 20 bytes ( preamble + IPG)
and Layer 2 head er in policing featu res. Wh en this command is config ured, p olicer statistics ( in bytes )
o bserved in the outp ut of the show policy-map interface command reflect the Layer 1 h eader leng th as
well ( 20 by tes per packet).
Examples
This example s hows how to shows h ow to inclu de IPG in p olicin g:
Switch)# config t
Switch(config)# qos account layer-all encapsulation
Switch(config)# end
Switch#
Related Commands
Command
Descriptio n
show policy-map interface
Displays policer s tatistics on a specific interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-460
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
qos accou nt layer2 encapsulatio n
qos account layer2 encapsulation
To include ad ditional by tes to be acco unted by th e QoS features, use the qo s a ccount layer2
encapsulation comman d. To disab le the u se of add itio nal bytes, use the no form of this command.
qos account layer2 encapsulation {arpa | dot1q | isl | length len}
no qos account layer2 encapsulation {arpa | dot1q | is l | leng th len}
Syntax Description
arpa
dot1q
isl
length len
Defaults
Specifies the account len gth of the Ethernet ARPA-en capsulated packet
(18 bytes).
Specifies the account len gth of the 802.1Q-encapsu lated packet (22 bytes).
Specifies the account len gth of the ISL-en capsulated p acket (48 bytes).
Specifies the a dd itional packet len gth to accoun t for; the valid range is from 0 to
64 bytes.
The leng th th at is specified in the Ethernet header is considered fo r both IP and non-IP pack ets. The
Layer 2 leng th inclu des the VLAN tag ov erhead.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
Shap ing and sh aring alway s u se Ethernet ARPA length to which 20 by tes of IPv6 overhead is always
ad ded for po licing . However, o nly Layer 2 leng th in clud ing VLAN tag o verhead is considered.
Note
The given length is included when policing all IP pack ets irrespective of the encaps ulatio n with which
it was received . Wh en qos a ccount la yer2 encapsula tion is l is configured , a fixed length of 48 bytes is
included when po licing all IP packets, not only those IP packets th at are received with ISL encap sulatio n.
Sharing and shaping use th e length that is specified in th e Layer 2 headers.
Examples
This examp le shows how to in clud e an additio nal 18 bytes when policing IP packets:
Switch# config terminal
Switch(config)# qos account layer2 encapsulation length 18
Switch (config)# end
Switch#
This examp le shows how to d isable the consis tent accountin g of the Lay er 2 encap sulation by the QoS
features:
Switch# config terminal
Switch(config)# no qos account layer2 encapsulation
Switch (config)# end
Switch #
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-461
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
qos account layer2 encapsulatio n
Related Commands
Command
show interfa ces
Descriptio n
Displays traffic on a specific interface.
switchport
Mo difies the switchin g characteristics of a Layer 2 switch
in terface.
switchport block
Prevents the un known multicast o r unicas t packets from being
forwarded.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-462
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
qos tru st
qos trust
To set the trusted state o f an in terface (for examp le, whether the p ackets arriving at an interface are
trus ted to carry the correct CoS, ToS, an d DSCP classifications), use th e qos trus t command. To set an
interface to the u ntru sted state, use the no form of this comman d.
qos trus t {co s | device cisco-p hone | dscp | extend [cos priority]}
no qos trust {cos | device cisco-pho ne | dscp | ex tend [cos prio rity]}
Syntax Description
co s
device cisco -pho ne
dscp
ex tend
co s p riority
Defaults
(Optional) Specifies that th e CoS p riority value is s et to PVID p ackets; valid
valu es are fro m 0 to 7.
The defau lt settings are as follows:
•
Command Modes
Usage Guidelines
Specifies that the CoS bits in incoming frames are trusted and derives the
internal DSCP value from the Co S bits.
Specifies the Cisco IP phone as the trust device fo r a po rt.
Specifies that the ToS bits in the incoming packets contain a DSCP value.
Specifies to extend the trust to Port VLAN ID (PVID) packets co min g from
the PC.
If global QoS is enabled, trust is d isabled on the port.
•
If global QoS is disabled, trust DSCP is enabled o n the port.
•
The Co S priority level is 0.
Interface con figuration mode
This comman d is no t su pported on th e Superviso r Eng ine 6-E an d Catalyst 4900M chassis.
You can o nly con figure the trusted state on phy sical LAN in terfaces.
By default, the trust s tate of an in terface when QoS is enabled is u ntru sted; when QoS is disabled on the
interface, the trust state is reset to trust DSCP.
Wh en the in terface trust state is qos trust cos , the transmit CoS is alway s th e incoming packet Co S (o r
the default CoS for th e interface, if the packet is n ot tagged).
Wh en the interface trust s tate is no t qos trust dscp, the secu rity and QoS ACL classification will always
use th e interface DSCP an d n ot the incoming packet DSCP.
Trus ted bou ndary shou ld n ot be co nfigured o n th e ports th at are part of an EtherCh ann el (that is, a po rt
ch ann el).
Examples
This examp le shows how to set the trusted state of an interface to CoS:
Switch(config-if)# qos trust cos
Switch(config-if)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-463
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
qos trust
This example s hows how to set th e tru sted state of an interface to DSCP:
Switch(config-if)# qos trust dscp
Switch(config-if)#
This example s hows how to set th e PVID CoS level to 6:
Switch(config-if)# qos trust extend cos 6
Switch(config-if)#
This example s hows how to set th e Cisco p hone as the trust dev ice:
Switch(config-if)# qos trust device cisco-phone
Switch(config-if)#
Related Commands
Command
queue-limit
Descriptio n
Defines per-VLAN QoS for a Layer 2 interface.
show qos interface
Displays QoS info rmation fo r an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-464
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
queue-limit
queue-limit
To specify or mod ify the maximum number of p ackets the queue can ho ld for a class p olicy config ured
in a policy map, use the queue-limit command. To remove th e queue p acket limit from a class, use the
no form o f this co mmand .
queue-limit numb er-of-pa ckets
no queue-limit nu mber-of-packets
Syntax Description
number-of-packets
Defaults
By defau lt, each physical in terface on a Catalys t 45 00 switch has a default q ueu e based o n th e numb er
of slots in a chassis an d the numb er o f ports on the linecards.
Numb er of p ackets that the queue for this class can accumulate; valid rang e
is 16 to 8 184. This numb er mu st b e a multiple of 8.
Command Modes
QoS policy-map class config uration mode
Usage Guidelines
By defau lt, each physical in terface on a Catalys t 45 00 switch comes up with a defau lt q ueu e. The s ize
of this queue is based on the nu mber o f slots in a chassis as well as th e number of po rts on the line card
in each s lot. The switch s upports 51 2K q ueu e entries of which 1 00 K are set asid e as a common sharable
pool. The remainin g 4 12 K en tries are equally d istributed amo ng the slots. Each slot furth er d ivid es its
allo cated q ueu e entries equ ally among its ports.
CBQ creates a queue for every class fo r which a class map is defined. Packets satisfying the match
criterion for a class accumulate in the queue reserved for the class un til they are sent, which occurs when
the queue is serviced by the fair q ueuing pro cess. When th e maximu m packet thresho ld yo u d efin ed for
the class is reached , queuing o f any further packets to th e class queue causes tail drop or, if DBL is
co nfigured for th e class po licy, packet drop to take effect.
Note
Examples
The queue-limit command is supp orted only after you first configu re a sched uling action, such as
bandwid th, or priority, except when yo u co nfigu re queue-limit in the class-default class of an output QoS
policy-map.s
This examp le shows how to configure a p olicy-map called po licy11 to contain policy for a class called
acl203 . Policy for this clas s is set s o th at the q ueu e reserved for it has a maximu m packet limit of 40 :
Switch# configure terminal
Switch (config)# policy-map policy11
Switch (config-pmap)# class acl203
Switch (config-pmap-c)# bandwidth 2000
Switch (config-pmap-c)# queue-limit 40
Switch (config-pmap-c)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-465
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
queue-limit
Related Commands
Command
bandwidth
class
policy-map
shape (class-bas ed queueing)
Descriptio n
Specifies or modifies the minimum b and width prov ided to a class
b elon ging to a policy map attached to a phy sical port.
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
Enab les traffic shaping a class of traffic in a policy map attached
to a physical po rt.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-466
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
re dundancy
redundancy
To en ter the redundancy configuration mode, use the redundancy command in th e global config uration
mode.
redundancy
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Glob al co nfigu ration mode
Usage Guidelines
The redund ancy co nfiguration mode is used to enter the main CPU su bmode.
To enter the main CPU submode, u se the main-cpu command in the red undancy con figuratio n mo de.
The main CPU submod e is used to manually synchronize the con figurations on the two s uperviso r
en gines.
From the main CPU submode, u se the auto-sync command to enable automatic sy nch ron ization of the
co nfiguration files in NVRAM.
Use the no co mmand to disable redund ancy. If you disable red undancy, th en reenable red undancy, the
switch returns to d efau lt red undancy settings .
Use the exit command to exit the redundancy con figuratio n mo de.
Examples
This examp le shows how to enter redu ndancy mod e:
Switch(config)# redundancy
Switch(config-red)#
This examp le shows how to enter the main CPU submod e:
Switch(config)# redundancy
Switch(config-red)# main-cpu
Switch(config-r-mc)#
Related Commands
Co mmand
auto-sync
main-cpu
Description
Enables auto matic sy nchron ization of th e configu ration files in
NVRAM.
Enters the main CPU submo de and man ually sy nch ron ize the
co nfigurations on the two superviso r engines.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-467
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
redundancy config-sync mismatched-commands
redundancy config-sync mismatched-commands
To move the active su pervisor engine into the Mismatch ed Comman d List (MCL) and resets the stan dby
su pervisor en gine, use the redundancy config-sync mismatched-commands command.
If your active and stan dby su pervisors engines are running different versions of Cis co IOS, some of their
CLIs will not be compatible. If such command s are alread y p resent in th e ru nning config uration of th e
active superv isor engine and the syntax-check for the command fails at the standby su pervisor eng ine
while it is booting , you mus t move the active superviso r en gine in to th e Mismatch ed Command List
(MCL).
redundancy config-sync {ignore | validate} mismatched-commands
Syntax Description
Defaults
ig nore
va lida te
Ignore th e mismatched co mmand list.
Revalidate the mismatched co mmand list with the modified
runnin g-configuration .
This command has no default setting s.
Command Modes
Usage Guidelines
Priv ileged EXEC mo de
The following is a lo g entry example for mis matched commands:
00:06:31: Config Sync: Bulk-sync failure due to Servicing Incompatibility. Please check
full list of mismatched commands via:
show redundancy config-sync failures mcl
00:06:31: Config Sync: Starting lines from MCL file:
interface GigabitEthernet7/7
! <submode> "interface"
- ip address 11.0.0.1 255.0.0.0
! </submode> "interface"
To display all mismatched comman ds, u se the s how redundancy config-sync failures mcl command.
To clean the MCL, remove all mismatched commands from the active supervisor engin e’s ru nning
configuration , revalid ate the MCL with a modified ru nning config uration using the redundancy
config-sync va lida te misma tched-comma nds comman d, then reload the standby su pervisor eng ine.
You co uld also ign ore the MCL by entering the redundancy config-sync ignore
mismatched-commands command an d relo adin g the standby sup ervisor engine; the s ystem ch ang es to
SSO mode.
Note
If y ou ignore the mismatched commands, th e out-of-sync con figuratio n at th e active sup ervisor
en gine and the stan dby superv is or engine still exists.
You can verify the igno red MCL with the s how redundancy config-sync ignored mcl command .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-468
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
redundancy config-sync mismatched-commands
If SSO mod e cann ot b e establish ed between the active and standby su pervisor eng ines becau se of an
incompatibility in th e configu ration file, a mis matched command list (MCL) is gen erated at the active
superv isor engine and a reload into RPR mo de is forced for th e stan dby superviso r eng ine. Subsequent
attempts to es tablish SSO, after removing the offend ing co nfiguration and rebooting the stan dby
superv isor engine with the exact same image, might cause the
C4K_REDUNDANCY-2 -IOS_VERSION_CHECK_FAIL and
ISSU-3-PEER_IM AGE_INCOMPATIBLE messag es to ap pear b ecau se the peer image is listed as
incompatible. If the co nfiguration pro blem can be co rrected, yo u can clear the peer image from the
incompatible list with the redundancy config-sync ignore mismatched-commands EXEC command
while th e peer is in a stand by cold (RPR) state. This action allows the standy supervis or en gine to boot
in stan dby hot (SSO) s tate when it relo ads .
Examples
This examp le shows how to validate removal of entries from the MCL:
Switch# redundancy config-sync validate mismatched-commands
Switch#
Related Commands
Co mmand
show redundancy config-sync
Description
Displays an ISSU config-sy nc failure or the ig nored mismatched
co mmand list (MCL).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-469
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
redundancy force-switchover
redundancy force-switchover
To force a switch over from th e active to the stan dby superv isor engine, u se the redundancy
force-switcho ver command.
redundancy force-switchover
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
Befo re usin g this comman d, refer to the “Performing a Software Up grade” section of the Ca talyst 450 0
S eries Switch Cisco IOS S oftware Configuratio n Guide for add itio nal information .
The redundancy force-switchover comman d conducts a manu al switch over to the redun dant superv isor
engin e. The redundant supervisor engine becomes the n ew active s uperviso r en gine runnin g th e
Cisco IOS image. Th e modules are reset.
The old active superv isor engin e reb oots with the new image and becomes the stand by supervisor eng ine.
Examples
This example s hows how to switch over manually from th e active to the stan dby superv is or engine:
Switch# redundancy force-switchover
Switch#
Related Commands
Command
Descriptio n
redundancy
show redundancy
Enters the red undancy configuratio n mo de.
Displays redund ancy facility informatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-470
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
redundancy reload
redundancy reload
To force a reload of one or bo th s uperviso r en gines, use the redunda ncy reload co mmand .
redundancy reload {peer | shelf}
Syntax Description
peer
shelf
Defaults
This comman d has no default settings.
Command Modes
Usage Guidelines
Reload s th e peer unit.
Reboots both su pervisor eng ines .
Privileg ed EXEC mode
Before using this command, refer to the “Performin g a Software Upgrade” sectio n o f th e Catalyst 4500
Series Switch Cisco IOS Software Con figu ration Guid e fo r additional information.
The redundancy reload shelf command cond ucts a reboo t of both superv isor en gines. The modu les are
reset.
Examples
This examp le shows how to manually reload one o r both sup ervisor eng ines:
Switch# redundancy reload shelf
Switch#
Related Commands
Co mmand
Description
redundancy
Enters the redund ancy configu ration mode.
show redundancy
Displays redu ndancy facility info rmation.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-471
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
remote login module
remote login module
To remotely con nect to a specific mod ule, use th e remo te login module configu ration co mmand .
remote login module mod
Syntax Description
mod
Defaults
This command has no default setting s.
Command Modes
Usage Guidelines
Targ et module for the command.
Priv ileged EXEC mo de
This command applies only to the Access Gateway Module on Catalyst 4500 series switches.
The valid valu es for mod d epends on th e chassis used. Fo r example, if y ou have a Catalyst 4506 chassis,
valid valu es fo r the mo dule are from 2 to 6. If you have a 4507R ch ass is , valid values are from 3 to 7.
When you ex ecute th e remote login module mod command, the prompt chan ges to Gateway #
The remote login module command is id entical to the session module mod and th e attach module mod
commands.
Examples
This example s hows how to remotely log in to the Acces s Gateway Module:
Switch# remote login module 5
Attaching console to module 5
Type 'exit' at the remote prompt to end the session
Gateway>
Related Commands
Command
Descriptio n
a ttach mo dule
session mo dule
Remotely con nects to a specific mod ule.
Logs in to the standby sup ervisor eng in e using a virtu al console.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-472
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
remote-span
remote-span
To convert a VLAN into an RSPAN VLAN, use th e remote-s pan comman d. To convert an RSPAN
VLAN to a VLAN, use the no fo rm of this command.
remote-span
no remote-span
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
RSPAN is disabled.
Command Modes
VLAN config uration mode
Examples
This examp le shows how to convert a VLAN in to an RSPAN VLAN:
Switch# config terminal
Switch(config)# vlan 20
Switch(config-vlan)# remote-span
Switch(config-vlan)# end
Switch#
Related Commands
Co mmand
Description
monitor session
Enables th e SPAN sessions on interfaces or VLANs.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-473
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
renew ip dhcp snooping database
renew ip dhcp snooping database
To renew the DHCP bin ding datab ase, u se the renew ip dhcp snooping da tabase co mmand .
renew ip dhcp snooping database [validation no ne] [url]
Syntax Description
va lida tion no ne
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
url
(Optional) Specifies that th e checksu m associated with th e co nten ts o f the file
specified by the URL is not verified.
(Optional) Specifies the file from wh ich the read is performed .
Usage Guidelines
If the URL is not pro vided, the switch tries to read the file from the co nfigured URL.
Examples
This example s hows how to renew the DHCP binding databas e while bypassing the CRC checks:
Switch# renew ip dhcp snooping database validation none
Switch#
Related Commands
Command
ip dhcp snooping
Descriptio n
Globally enables DHCP snoo ping.
ip dhcp snooping binding
Sets up and g enerates a DHCP bind ing co nfiguration to
restore binding s across reb oots.
Enab les DHCP op tion 82 data insertio n.
Enab les DHCP sn ooping on a trusted VLAN.
ip dhcp snoo ping informa tion option
ip dhcp snooping trust
ip dhcp snoo ping vlan
Enab les DHCP sn ooping on a VLAN or a group o f VLANs.
show ip dhcp s noo ping
Displays the DHCP sn ooping configuration.
show ip dhcp s nooping binding
Displays the DHCP sn ooping bin ding entries.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-474
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
rep ad min vlan
rep admin vlan
Use the rep admin vlan glob al configuration command to co nfigure a Resilien t Ethern et Pro tocol (REP)
ad ministrative VLAN for REP to transmit hardware flo od layer (HFL) messag es. Us e the no form of this
co mmand to return to the default config uration with VLAN 1 as the administrative VLAN.
rep admin vla n vlan-id
no rep admin vlan
Syntax Description
vla n-id
Th e VLAN ID range is from 1 to 40 94. The default is VLAN 1; the range to
config ure is 2 to 40 94.
Defaults
The admin istrativ e VLAN is VLAN 1.
Command Modes
Glob al co nfigu ration
Usage Guidelines
If th e VLAN do es not already exist, this co mmand do es not create the VLAN.
To avoid the delay in trod uced by relaying messag es in software for lin k-failu re o r VLAN-blocking
notification during load b alancing, REP floods pack ets at the hardware flood layer (HFL) to a regu lar
multicast address . Thes e messages are flooded to th e whole network, n ot just the REP seg ment. Switches
that do n ot belong to the segment treat them as data traffic. Con figuring an adminis trative VLAN for the
who le domain can contro l floodin g of these messages .
If no REP administrative VLAN is con figured , the defau lt is VLAN 1.
There can be o nly one adminis trative VLAN on a s witch and on a segment.
The admin istrativ e VLAN can not be the RSPAN VLAN.
Examples
This examp le shows how to configure VLAN 10 0 as the REP administrative VLAN:
Switch(config)# rep admin vlan 100
You can verify you r settin gs by entering the show interface rep detail privileged EXEC command.
Related Commands
Co mmand
Description
show interfaces rep
Displays detailed REP con figuratio n and status fo r all interfaces or the
detail (IOS comma nd) specified interface, includin g th e administrative VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-475
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
rep block port
rep block port
Use the rep block port interface configuratio n command on the REP primary edge port to configu re
Resilient Eth ernet Pro to co l (REP) VLAN lo ad balancing. Use the no fo rm of this command to retu rn to
th e default con figuratio n.
rep block port {id p ort-id | neighbor _offset | preferred} vlan {vla n-list | a ll}
no rep block port {id port-id | n eigh bor_offset | preferred}
Syntax Description
id port-id
Defaults
The default b eh avior after you enter the rep preempt segment privileged EXEC co mmand (for manual
p reemp tio n) is to b lock all VLANs at the primary ed ge port. Th is behavior remains until you configu re
th e rep block port command.
n eigh bor_offset
preferred
Identify the VLAN b lock ing altern ate port by entering the uniqu e port ID that is
au tomatically g enerated when REP is enabled. The REP port ID is a 1 6-character
hex adecimal value. You can view the port ID for an interface by entering the show
interface interface-id rep detail comman d.
Identify the VLAN b lock ing altern ate port by entering the offset nu mber of a
neighbor. The range is –2 56 to +2 56; a value of 0 is invalid. The primary edge po rt
has an offset n umber of 1; pos itive numbers above 1 identify downs tream
neighbors of the primary edge port. Negative numb ers identify the secon dary edge
port (offset nu mber -1) an d its downstream n eigh bors.
Identify the VLAN b lock ing altern ate port as the segment p ort on which yo u
en tered the rep segment segment-id preferred interface config uration comman d.
En tering the preferred keywo rd does not ensu re th at the preferred po rt is
the altern ate port; it gives it preference over other similar ports.
Identify the VLANs to b e blocked.
Note
v lan
vlan-list
a ll
Enter a VLAN ID from 1 to 4094 or a range o r sequence of VLANs (such as 1-3,
22, 41-4 4) of VLANs to be blo cked.
Enter to block all VLANs.
If the p rimary edge p ort canno t determine which port is to be the alternate po rt, th e default action is n o
p reemp tio n and no VLAN load b alancing.
Command Modes
Usage Guidelines
Interface configuration
You must en ter th is command on the REP primary ed ge po rt.
When you select an alternate port by entering an offset number, th is nu mber identifies th e downstream
n eigh bor port of an edge p ort. The primary edge p ort has an offset nu mber o f 1 ; positive nu mbers above
1 identify downstream neighbo rs of the primary edg e port. Negative numb ers id en tify the secondary
edge port (offset nu mber -1) and its downstream n eigh bors. See Neighbo r Offset Numbers in a REP
Segmen tFig ure 2-2 .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-476
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
rep block port
Neighbor Offset Numbers in a REP Segment
Uplink
switch C
Forwarding
(51-100)
Forwarding
(1-50)
gi2/0/6
gi2/0/8
Switch A
Note
201398
Figure 2-2
Uplink
switch B
You wo uld never enter an o ffs et valu e of 1 becau se that is the offset nu mber of the primary edge port
itself.
If you have co nfigu red a preempt delay time by enterin g th e rep preempt delay secon ds interface
co nfiguration co mmand and a link failu re and recovery occurs, VLAN load balancing begins after the
co nfigured preemption time perio d elapses without another link failure. The alternate port sp ecified in
the load-b alancing configuration blocks the co nfigu red VLANs and unblocks all other s egment p orts. If
the primary edge po rt canno t determine the alternate port for VLAN balancing, the default action is no
preemption.
Each port in a segment has a un ique port ID. Th e po rt ID format is similar to the one used by the spannin g
tree algorithm: a port number (u nique on the bridge) associated to a MAC ad dress (u nique in th e
network). To d etermine th e p ort ID of a port, en ter the show interface in terfa ce-id rep detail p rivileg ed
EXEC command.
There is no limit to the number of times that yo u can en ter th e rep block port id port-id vlan vlan-list
interface config uration comman d. You can block an un limited nu mb er, range, o r sequence of VLANs.
Wh en yo u u se the rep block port id p ort-id vla n vlan-list interface co nfiguration command on a REP
primary edge po rt to blo ck a VLAN list and then use th e same command to blo ck an other VLAN lis t on
the same po rt, the seco nd VLAN list does not replace the first VLAN list but is appended to the first
VLAN list.
Wh en yo u u se the rep block port id p ort-id vla n vlan-list interface co nfiguration command on a REP
primary edg e port to b lock a VLAN list on one p ort and then u se the same command to block another
VLAN list on an other port, the orig inal port number and VLAN list are overwritten.
Examples
This examp le shows how to configure REP VLAN load balancing on the Switch B primary edg e port
(Gigabit Ethernet port 1/0/1) and to con figure Gigabit Eth ernet port 1/1 of Switch A as the alternate port
to block VLANs 1 to 100. The alternate po rt is iden tified by its port ID, shown in b old in th e outpu t o f
the show interfa ce rep detail command for th e Switch A port.
Switch A# show interface gigabitethernet1/1 rep detail
GigabitEthernet1/1 REP enabled
Segment-id: 2 (Segment)
PortID: 0080001647FB1780
Preferred flag: No
Operational Link Status: TWO_WAY
Current Key: 007F001647FB17800EEE
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-477
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
rep block port
Port Role: Open
Blocked Vlan: <empty>
Admin-vlan: 1
Preempt Delay Timer: 35 sec
Load-balancing block port: none
Load-balancing block vlan: none
STCN Propagate to:
PDU/TLV statistics:
LSL PDU rx: 107122, tx: 192493
Switch B# config t
Switch (config)# interface gigabitethernet1/0/1
Switch (config-if)# rep block port id 0080001647FB1780 vlan 1-100
Switch (config-if)# exit
This examp le sh ows how to configure VLAN load b alancing by using a neigh bor offset n umber and how
to verify the configuration by entering the show interfaces rep detail privileged EXEC comman d:
Switch# config t
Switch (config)# interface gigabitethernet1/1
Switch (config-if)# rep block port 6 vlan 1-110
Switch (config-if)# end
Switch# show interface GigabitEthernet1/1 rep detail
GigabitEthernet1/1 REP enabled
Segment-id: 2 (Segment)
PortID: 0080001647FB1780
Preferred flag: No
Operational Link Status: TWO_WAY
Current Key: 007F001647FB178009C3
Port Role: Open
Blocked Vlan: <empty>
Admin-vlan: 3
Preempt Delay Timer: 35 sec
Load-balancing block port: 6
Load-balancing block vlan: 1-110
STCN Propagate to: none
LSL PDU rx: 1466780, tx: 3056637
HFL PDU rx: 2, tx: 0
BPA TLV rx: 1, tx: 2119695
BPA (STCN, LSL) TLV rx: 0, tx: 0
BPA (STCN, HFL) TLV rx: 0, tx: 0
EPA-ELECTION TLV rx: 757406, tx: 757400
EPA-COMMAND TLV rx: 1, tx: 1
EPA-INFO TLV rx: 178326, tx: 178323
Related Commands
Command
rep preempt delay
rep preempt segment
Descriptio n
Con figures a waiting period after a segment port failure an d recovery before
REP VLAN load balan cing is triggered.
Manually starts REP VLAN load balancing on a segment.
show interfa ces rep
Displays REP detailed configuration and status for all interfaces or the
detail (IOS command) sp ecified interface, including the admin istrativ e VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-478
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
rep lsl-a ge-timer
rep lsl-age-timer
Use the rep lsl-age-timer interface config uration command on a Resilien t Ethern et Protocol (REP) port
to con figure the Link Statu s Lay er (LSL) age timer for th e time period that the REP in terface remain s
up witho ut receiving a hello from the REP neighbo r. Use the no form of th is command to return to the
default time.
rep lsl-age timer valu e
no rep lsl-age timer
Syntax Description
va lue
Defaults
The REP link sh uts down if it does not receive a hello message fro m a neig hbor within 5000 ms.
The age-ou t time in milliseconds. The rang e is from 120 to 100 00 ms in 4 0-ms
incremen ts. Th e default is 5 000 ms (5 seco nds).
Command Modes
Interface con figuration
Usage Guidelines
The LSL hello timer is set to the ag e-timer value divided by 3 so that there sh ould be at least two LSL
hellos sent during the LSL age-timer p eriod. If no hellos are received within that time, the REP link shu ts
down .
In Cisco IOS Releas e 12.2(52)SE, the LSL age-timer range ch ang ed from 3000 to 100 00 ms in 500 -ms
incremen ts to 12 0 to 1 0000 ms in 40-ms in crements. If th e REP n eig hbor d evice is not ru nning Cisco
IOS Release 1 2.2 (52 )SE o r later, you mus t use the shorter time rang e b ecause the device does no t accep t
valu es out of th e earlier range.
EtherChannel port ch ann el interfaces do not su pport LSL age-timer values less th an 1000 ms. If you try
to config ure a value less than 1000 ms on a po rt channel, you receive an error message and the co mmand
is rejected.
Examples
This examp le shows how to configure the REP LSL age timer on a REP link to 70 00 ms:
Switch(config)# interface GigabitEthernet1/1
Switch(config-if)# rep lsl-age-timer 7000
Switch(config-if)# exit
You can verify the con figured ageo ut time by entering the show interfaces rep detail privileged EXEC
co mmand .
Related Commands
Co mmand
Description
show interfaces rep
Displays REP con figuration and status for all interfaces or the specified
[detail] (IOS command) interface, including the con figured LSL age-o ut timer value.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-479
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
rep preempt delay
rep preempt delay
Use the rep preempt delay interface con figuratio n co mmand on the REP primary edge port to configure
a waiting period after a s egment port failu re and recovery befo re Resilient Ethernet Protocol (REP)
VLAN load b alancing is triggered. Use the no form of this comman d to remove the con figured delay.
rep preempt delay seconds
no rep preempt delay
Syntax Description
seconds
Set the n umber of seconds to delay REP preemption. The range is 15 to 30 0.
Defaults
No preemp tion delay is s et. If you do not enter the rep preempt delay command, the default is manual
p reemp tio n with no delay.
Command Modes
Interface configuration
Usage Guidelines
You must en ter th is command on the REP primary ed ge po rt.
You must enter this command and con figure a preempt time delay if you want VLAN load b alancing to
automatically trigger after a link failure and recovery.
If VLAN load b alancing is config ured, after a segment p ort failure and recovery, the REP primary edge
p ort starts a d elay timer befo re VLAN load b alancing occurs. No te that the timer restarts after each link
failu re. When th e timer exp ires, the REP p rimary edge alerts the altern ate port to perform VLAN load
b alancing (configured by using th e rep block port interface con figuratio n command) and p repares th e
segment for the new topolo gy. The configured VLAN lis t is blocked at the alternate p ort, and all other
VLANs are blo cked at the primary edge port.
Do not co nfigure VLAN load balancing on an interface that carries Ethernet over multiprotocol lab el
switch ing (EoMPLS) traffic. VLAN load balancing across the REP rin g might cause s ome of th e
EoMPLS traffic to n ot b e forwarded.
Examples
This example s hows how to config ure REP preemptio n time delay of 1 00 secon ds on the primary ed ge
p ort:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# rep preempt delay 100
Switch(config-if)# exit
You can verify your settings by entering the show interfaces rep privileged EXEC comman d.
Related Commands
Command
rep block port
Descriptio n
Con figures VLAN lo ad balancin g.
show interfa ces rep [detail]
Displays REP configuration and status for all interfaces or the
sp ecified interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-480
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
rep preempt segment
rep preempt segment
Use the rep preempt segment p rivileg ed EXEC co mmand to manually start Resilient Ethernet Pro toco l
(REP) VLAN load b alancing on a segment.
rep preempt segment segment_id
Syntax Description
segmen t-id
Defaults
Man ual preemptio n is the default b ehavior.
Command Modes
Usage Guidelines
ID of the REP segment. The ran ge is from 1 to 1024.
Privileg ed EXEC
Wh en y ou enter the rep preempt segment segment-id co mmand , a confirmatio n mes sage appears befo re
the command is execu ted because preemption can cau se network disruption.
Enter this comman d on the switch on the seg ment that has the primary edge port.
If you do not configu re VLAN load balancing, entering this command resu lts in the default
behavio r—the primary edg e port blocks all VLANs.
You config ure VLAN load balancing by entering the rep block port {id p ort-id | neighbo r_offset |
preferred } vlan {vlan-list | all} interface config uration command on the REP primary edge p ort before
you manually start p reemp tion.
There is not a no version of th is command.
Examples
This examp le shows how to manually trig ger REP preemptio n o n segment 100 with th e confirmatio n
mess age:
Switch)# rep preempt segment 100
The command will cause a momentary traffic disruption.
Do you still want to continue? [confirm]
Related Commands
Co mmand
rep block port
Description
Config ures VLAN load balancing.
show interfaces rep [detail ] Displays REP config uration and status for all interfaces o r the specified
(IOS co mmand)
interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-481
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
rep segment
rep segment
Use the rep segment interface co nfiguration command to enab le Resilient Eth ernet Pro toco l (REP) on
th e interface and to as sign a segmen t ID to it. Use the no form of this command to disable REP on the
in terface.
rep segment segment-id [edge [no-neighbor] [primary]] [preferred]
no rep segment
Syntax Description
segment-id
Assig n a seg ment ID to the interface. Th e range is from 1 to 10 24.
edge
(Optional) Identify the interface as one of the two REP edge ports. Enterin g the edge
key word without the primary keywo rd config ures the po rt as the second ary ed ge
port.
(Optional) Configure a segment edg e with no external REP neighb or.
no-neighbor
primary
preferred
(Optional) On an edge port, specify that the port is the primary edge port. A segment
has o nly one p rimary edge p ort. If you co nfigu re two ports in a segment as the
primary edg e port, for examp le ports on differen t switch es, the REP selects one o f
them to serve as the segment primary ed ge port.
(Optional) Specify that the port is the preferred altern ate port or the preferred po rt
for VLAN load balancing.
Note
Configuring a port as preferred do es not guarantee th at it becomes the
alternate port; it merely gives it a slig ht edge amo ng eq ual contenders. The
alternate port is u sually a previous ly failed port.
Defaults
REP is disabled o n th e interface.
Command Modes
Interface configuration
When REP is enabled on an interface, the d efau lt is for the p ort to be a regular segmen t p ort.
Usage Guidelines
REP ports mus t be Lay er 2 trunk ports. A non-ES REP port can b e eith er an IEEE 802.1Q trunk port or
an ISL trunk port.
REP ports should no t be co nfigu red as one of these p ort types:
•
•
SPAN d estin ation po rt
Private VLAN port
•
Tun nel po rt
•
Access port
You must co nfigure two edg e ports on each REP segmen t, a p rimary edge p ort and a po rt to act as a
secondary edge port. If you con figure two p orts in a seg ment as th e p rimary ed ge port, for ex ample po rts
o n d ifferent switches, th e config uration is allowed , but the REP selects one o f them to serv e as the
segment primary edge port.
REP is suppo rted on EtherChannels, but n ot on an ind ivid ual po rt that belong s to an EtherCh ann el.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-482
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
rep segment
•
REP p orts follow these rules:
– There is n o limit to the nu mber of REP ports on a switch; h owever, only two ports o n a switch
can belong to the same REP segmen t.
– If only one port on a switch is configured in a segment, the port sh ould be an edge p ort.
– If two ports on a switch belo ng to the same segment, they mu st be both edge ports, both regular
seg ment ports, o r one regular port and on e ed ge no -neighb or port. An edg e port and regu lar
seg ment port on a switch can not belo ng to the same segmen t.
– If two ports on a s witch b elon g to the same segment an d o ne is co nfigured as an edge port and
one as a regular seg ment port (a misconfiguration), the edge port is treated as a regu lar segmen t
port.
If you configure two ports in a segment as the primary edge port, for example ports on different switches,
the REP selects one o f them to serve as the segment primary ed ge port. Enter the show rep to po logy
privileged EXEC command on a po rt in the segmen t to verify which port is th e seg ment primary ed ge
port.
REP in terfaces co me up in a blo cked state and remain in a blocked state un til no tified th at it is safe to
unblo ck. You need to b e aware of this to avoid sudd en connection losses.
You sho uld co nfigure REP only in networks with red undancy. Con figuring REP in a network withou t
redun dan cy causes loss of conn ectivity.
In networks wh ere po rts on a neighb orin g s witch d o not support REP, you can configure the n on-REP
facin g ports as edg e no-neighbo r ports. Th ese ports in herit all properties of edge p orts and you can
co nfigure th em as any other edge p ort, including to send STP or REP top ology change no tices to the
ag gregation switch. In this case, the STP topo logy chan ge notice (TCN) that is sent is a multiple
spanning-tree (MST) STP mes sage.
Examples
This examp le shows how to enable REP on a reg ular (no ned ge) segment port:
Switch (config)# interface gigabitethernet1/0/1
Switch (config-if)# rep segment 100
This examp le shows how to enable REP on a p ort and identify the port as the REP primary edg e port:
Switch (config)# interface gigabitethernet1/1
Switch (config-if)# rep segment 100 edge primary
This examp le shows how to configure the same con figuratio n when the interface has no external REP
neighbor:
Switch# configure terminal
Switch (config)# interface gigabitethernet1/1
Switch (config-if)# rep segment 100 edge no-neighbor primary
This ex ample shows how to en able REP on a po rt an d identify the port as the REP second ary edge port:
Switch (config)# interface GigabitEthernet1/1
Switch (config-if)# rep segment 100 edge
You can verify you r setting s by en tering th e sho w interfa ces rep privileged EXEC command. To verify
which port in th e seg ment is the p rimary edge port, en ter th e show rep topology p rivileg ed EXEC
co mmand .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-483
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
rep segment
Related Commands
Command
show interfa ces rep
[detail]
show rep to po logy
[detail]
Descriptio n
Displays REP configuration and status for all interfaces or the sp ecified
in terface.
Displays information about all ports in the seg ment, including which one was
configured and selected as the primary edge p ort.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-484
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
rep stcn
rep stcn
Use the rep stcn interface con figuratio n command on a Resilien t Eth ernet Protocol (REP) edge p ort to
co nfigure the port to sen d REP seg ment topolo gy change notificatio ns (STCNs) to another interface, to
other segmen ts, or to Spanning Tree Proto col (STP) network s. Use the no form of th is command to
disable the sen ding of STCNs to the interface, seg ment, or STP network.
rep stcn {interface interface-id | segment id-list | stp}
no rep stcn {interface | segment | stp}
Syntax Description
interface interfa ce-id Id entify a phy sical interface or p ort chan nel to receive STCNs.
seg ment id-lis t
stp
Id entify o ne REP seg ment or list of segmen ts to receive STCNs. Th e range is 1
to 1024. You can also configu re a sequence of segments (for ex ample 3-5 , 77,
100).
Send STCNs to an STP network.
Defaults
Transmission o f STCNs to other interfaces, segments, or STP networks is disabled .
Command Modes
Interface con figuration
Usage Guidelines
Enter this comman d on a segmen t edge port.
You use this command to n otify other portions o f th e Lay er 2 network of top ology changes that occur in
the local REP segmen t. This removes obso lete entries in the Layer 2 forwardin g table in other parts of
the netwo rk, which allows faster network convergence.
Examples
This examp le shows how to configure a REP edge p ort to send STCNs to segments 25 to 50:
Switch (config)# interface GigabitEthernet1/1
Switch (config-if)# rep stcn segment 25-50
Switch (config-if)# exit
You can verify you r settin gs by entering the show interfaces rep detail privileged EXEC command.
Related Commands
Co mmand
Description
s how interfaces rep
[detail]
Displays REP con figuration and status for all interfaces or the specified
interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-485
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
reset
reset
To leave the pro posed new VLAN database but remain in VLAN configu ration mode and res et the
p ropo sed new datab ase to be identical to the VLAN database currently implemen ted, use th e reset
command.
res et
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
VLAN con figuratio n mode
Examples
This example s hows how to reset the proposed new VLAN datab ase to the current VLAN database:
Switch(vlan-config)# reset
RESET completed.
Switch(vlan-config)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-486
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
revision
revision
To s et the MST config uration revisio n number, use the rev ision command. To return to the default settings,
use the no form of this command.
revision version
no revision
Syntax Description
version
Defaults
Revision version is s et to 0.
Configuration revis io n number; valid values are from 0 to 6553 5.
Command Modes
MST con figuratio n mode
Usage Guidelines
If two Catalyst 4500 series switches have the same configuration but have different co nfiguration
revision numb ers, they are consid ered to be part of two d ifferent region s.
Caution
Examples
Be careful when using the revision command to set th e MST co nfigu ration revision numb er b ecause a
mistak e can put the switch in a different reg ion.
This examp le shows how to set the configuration revisio n number:
Switch(config-mst)# revision 5
Switch(config-mst)#
Related Commands
Co mmand
ins tance
Description
Map s a VLAN or a set of VLANs to an MST instance.
name
Sets the M ST regio n name.
show spanning-tree mst
Displays MST protocol in formatio n.
spanning-tree mst config uration
Enters the MST con figuratio n s ubmode.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-487
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
service-policy (interface configuration)
service-policy (interface configuration)
To attach a policy map to an in terface or to apply different QoS policies on VLANs that an interface
b elon gs to, use the service-po licy command. To remove a po licy map from an interface, use the no form
o f this co mmand .
service-po licy {input | o utput} policy-map na me
no service-policy {input | output} po licy-map name
Syntax Description
Defaults
input
o utput
Specifies the input policy map s.
Specifies the outpu t po licy maps.
p olicy-map name
Name of a p reviously config ured policy map.
A p olicy map is n ot attach ed to an interface or a VLAN.
Command Modes
Usage Guidelines
Note
Interface configuration mod e
Layer 2 interfaces can be part of multiple VLANs (for example, a typical trunk port). In conju nctio n with
th e v lan-range command, y ou can use the service-policy command to specify different QoS policies on
different VLANs.
This capability is restricted to Layer 2 interfaces.
You can ap ply a service po licy under an interface as well as a VLAN range at the same time. However,
th is is allowed only when the in terface policy has on ly q ueu ing actions whereas a VLAN has on ly
n on-q ueuein g actions (QoS marking an d/or po licing ) actions .
To attach a service po licy to a VLAN, the VLAN configu ration mode has to be used.
Examples
This example s hows how to attach a policy map to Fas t Ethernet in terface 5/20:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 5/20
Switch(config-if)# service-policy input pmap1
Switch(config-if)# end
This example s hows how to apply policy map p1 for traffic in VLANs 2 0 and 40 0, and policy map p2
for traffic in VLANs 300 through 301 :
Switch# configure terminal
Switch(config)# interface gigabitEthernet 6/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# vlan-range 20,400
Switch(config-if-vlan-range)# service-policy input p1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-488
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
servic e-policy (interface configura tion)
Switch(config-if-vlan-range)# exit
Switch(config-if)# vlan-range 300-301
Switch(config-if-vlan-range)# service-policy output p2
Switch(config-if-vlan-range)# end
Switch# show policy-map interface gigabitEthernet 6/1 vlan 20
GigabitEthernet6/1 vlan 20
Service-policy input: p1
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
Switch# show policy-map interface gigabitEthernet 6/1
GigabitEthernet6/1 vlan 20
Service-policy input: p1
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
GigabitEthernet6/1 vlan 300
Service-policy output: p2
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
GigabitEthernet6/1 vlan 301
Service-policy output: p2
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
GigabitEthernet6/1 vlan 400
Service-policy input: p1
Class-map: class-default (match-any)
0 packets
Match: any
0 packets
police: Per-interface
Conform: 0 bytes Exceed: 0 bytes
This examp le shows how to attach a p olicy map to a VLAN usin g a Superviso r Eng ine 6-E:
Switch# configure terminal
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-489
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
service-policy (interface configuration)
Switch(config)#vlan configuration 20
Switch(config-vlan-config)#service-policy out policy-vlan
Switch(config-vlan-config)#end
Switch#
Related Commands
Command
class-ma p
Descriptio n
Creates a class map to be used for matching packets to the class
whose name you specify and to enter class-map co nfiguration
mo de.
policy-map
Creates a policy map that can be attached to multiple po rts to
sp ecify a service policy an d to enter policy-map config uration
mo de.
Attaches a policy map to an interface.
service-po licy (interface
configuration)
show policy-map interface
v lan
Displays the QoS po licy-map information applied to a specific
VLAN on an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-490
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
service-policy (policy-map class)
service-policy (policy-map class)
To create a serv ice policy th at is a quality of service (QoS) policy within a po licy map (called a
hierarchical service po licy), u se th e service-po licy p olicy-map class configuration command. To disable
the service policy within a po licy map, use the no fo rm of this command.
service-policy p olicy-map-name
no service-po licy policy-map-name
Syntax Description
policy-ma p-na me
Name of the policy map .
Defaults
No serv ice p olicies map s are defined.
Command Modes
Policy-map class con figuratio n mo de
Usage Guidelines
Use the serv ice-policy co mmand on ly in a hierarchical policy map attached to a phy sical port. This
co mmand is valid in p olicy maps at level two of th e hierarchy.
You can create a hierarchy by h aving the parent p olicy map specify marking and /or policing actions and
hav ing the child policy map specify the queuein g actions.
If you en ter th is command in policy-map class config uration mode, y ou return to po licy-map
co nfiguration mode by u sing the exit command. To return to privileged EXEC mode, u se the end
co mmand .
Examples
This examp le shows how to create a h ierarchical service po licy in the service policy called “parent”:
Switch# configure terminal
Switch(config)# policy-map child
Switch(config-pmap)# class voice
Switch(config-pmap-c)# priority
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# policy-map parent
Switch(config-pmap)# class class1
Switch(config-pmap-c)# police 32k
Switch(config-pmap-c)# service-policy child
Switch#
You can verify you r settin gs by entering the show policy-map privileged EXEC comman d.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-491
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
service-policy (policy-map class)
Related Commands
Command
bandwidth
class
dbl
Descriptio n
Creates a signaling class structu re th at can be referred to b y its
n ame.
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
Enab les active qu eue managemen t on a tran smit qu eue used by a
class o f traffic.
policy-map
Creates a policy map that can be attached to multiple po rts to
sp ecify a service policy an d to enter policy-map config uration
mo de.
priority
Enab les the strict p riority queue (low-latency queuein g [LLQ])
and to g ive p riority to a class of traffic belonging to a policy map
attached to a ph ysical port.
Enab les Weighted Rando m Early Detection (WRED) or
distributed WRED (DWRED).
Enab les traffic shaping a class of traffic in a policy map attached
to a physical po rt.
random-detect (refer to Cisco
IOS documentatio n)
shape (class-bas ed queueing)
show policy-map
Displays info rmation ab out the po licy map .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-492
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
se rvice-polic y input (control-plane)
service-policy input (control-plane)
To attach a po licy map to a co ntrol plane for aggreg ate con trol plane services, use the service-policy
input command. Use the no form o f this co mmand to remove a service p olicy from a control plane.
service-policy input policy-ma p-n ame
Syntax Description
input
policy-ma p-na me
App lies the s pecified service po licy to the p ackets that are entering th e
co ntrol plane.
Name of a service po licy map (created using th e policy -map command) to
be attached.
Defaults
No serv ice p olicy is specified .
Command Modes
Control-plane con figuratio n mo de
Usage Guidelines
In this release, the on ly p olicy-map accepted on the control-plan e is system-cpp-policy. It is already
attached to the control-p lane at start up. If not (du e to so me error co nditions), it is recommended to us e
the global macro system-cpp command to attach it to the co ntro l-plane. The system-cpp-policy created
by the sys tem contain s s ystem predefined classes . For these predefined classes , you can change the
policing parameters bu t yo u should not make any other chan ge to the classes.
You can d efin e you r own class -maps and append them to th e end of the system-cpp-policy p olicy-map.
Examples
This examp le shows how to configure tru sted ho sts with source ad dresses 10.1.1.1 and 10.1.1.2 to
forward Telnet packets to the con trol plane without constraint, while allowing all remaining Telnet
packets to be po liced at the s pecified rate:
Switch(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Allow 10.1.1.2 trusted host traffic.
Switch(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
! Rate limit all other Telnet traffic.
Switch(config)# access-list 140 permit tcp any any eq telnet
! Define class-map “telnet-class.”
Switch(config)# class-map telnet-class
Switch(config-cmap)# match access-group 140
Switch(config-cmap)# exit
Switch(config)# policy-map control-plane-policy
Switch(config-pmap)# class telnet-class
Switch(config-pmap-c)# police 80000 conform transmit exceed drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
! Define aggregate control plane service for the active Route Processor.
Switch(config)# control-plane
Switch(config-cp)# service-policy input control-plane-policy
Switch(config-cp)# exit
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-493
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
service-policy input (control-plane)
Related Commands
Command
control-pla ne
Descriptio n
Enters co ntro l-plane configuration mod e.
macro global apply
sy stem-cpp
Applies th e contro l plane policing defau lt template to the switch.
policy-map
Creates a policy map that can be attached to multiple po rts to
sp ecify a service policy an d to enter policy-map config uration
mo de.
show policy-map
control-pla ne
Displays the co nfigu ration either of a class or of all classes for th e
p olicy map of a control plane.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-494
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
session module
session module
Note
This comman d is on ly supported in SSO mode an d d oes no t work in RPR mod e.
To log in to the s tand by sup ervisor engine usin g a virtual co nsole, use the session module configuration
co mmand .
ses sion module mod
Syntax Description
mod
Target module for the command.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
Catalyst 4500 series switches can be configured with two supervis or engines to p rovid e redu ndancy.
Wh en the switch is p owered, o ne of th e supervisor engin es beco mes active and remains active un til a
switchover occu rs. The other superv isor engine remain s in standby mod e.
Each su pervisor eng ine has its own co nsole p ort. Access to the standby su pervisor eng ine is possib le
only through the co nsole p ort of th e standby supervisor engine. Therefo re, you mu st conn ect to th e
stan dby co nsole to access, mo nitor or debu g th e standby sup ervisor.
The virtual con sole for the standby su pervisor engine enab les y ou to access the standby con sole from the
active s uperviso r engine without req uiring a p hysical conn ection to th e standb y co nsole. It uses IPC ov er
EOBC to co mmunicate with the standby su pervisor en gine and emulates the standby conso le on the
active sup ervisor engin e. Only on e active standby conso le session is active at any time.
The virtual co nsole for th e standby supervisor engine allows users who are logged onto the active
superv isor engine to remotely execute show comman ds on the standby su pervisor eng ine and view the
results on the active supervisor engine. Virtual conso le is availab le only from the active supervisor
en gine.
You can access the standby v irtual con sole from the active supervisor engine with the attach module,
ses sion module, or remote login commands on the active supervisor engin e. You must be in p rivileg e
EXEC mo de (level 1 5) to ru n th ese commands to access the standby console.
Note
The session module command is id entical to the attach module mod and the remote login module mod
co mmand s.
Once y ou enter the standby virtual console, th e terminal p romp t automatically chan ges to
hostna me-standby -console#, where hostna me is the con figured n ame of the s witch. Th e prompt is
restored back to th e original p rompt when yo u exit the v irtual con sole.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-495
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
session module
You exit the virtual console with the exit or quit commands. When the inactivity perio d o f the terminal
o n th e active su pervisor eng ine where y ou logged in exceeds the co nfigured id le time, you are
automatically logg ed ou t of the terminal on the active superv isor engine. In such a case, the virtu al
conso le session is also termin ated. Virtual conso le session is also automatically terminated when the
standby is reb ooted. After the s tand by b oots up, you need to create another virtual console session.
The following limitations apply to the standby virtual con sole:
Examples
•
All commands on the virtual co nsole run to co mpletion . It do es not provide the auto-more featu re;
it behav es as if the terminal leng th 0 command has been ex ecuted. It is also non-interactive.
Therefore, a running command canno t be interrupted o r ab orted by any key seq uen ce on the active
su pervisor engine. If a command prod uces consid erab le o utput, the virtu al cons ole d isplay s it on th e
su pervisor screen.
•
The virtual cons ole is non-interactive. Because the virtual cons ole does not detect the interactiv e
n ature of a comman d, an y comman d that requires user interaction causes the v irtual conso le to wait
u ntil th e RPC timer aborts the co mmand .
•
The virtual cons ole timer is set to 60 seco nds. The virtual cons ole returns to its promp t after 60
seconds. During this time, y ou cannot abort the command from the keyboard. You must wait for the
timer to expire before yo u contin ue.
•
You canno t us e virtual console to view debug and syslo g messages th at are b eing d isplay ed on the
standby su pervisor en gine. The virtu al console only displays the o utput of commands that are
executed from the v irtual con sole. Other information th at is displayed o n the real stand by con sole
d oes no t appear on the v irtual con sole.
To log in to the standby sup ervisor engin e using a virtu al console, do the fo llowing:
Switch# session module 2
Connecting to standby virtual console
Type "exit" or "quit" to end this session
Switch-standby-console# exit
Switch#
If the stan dby con sole is not enabled , the following message app ears :
Switch-standby-console#
Standby console disabled.
Valid commands are: exit, logout
Related Commands
Command
a ttach mo dule
remote login module
Descriptio n
Remotely con nects to a specific mod ule.
Remotely con nects to a specific mod ule.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-496
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
set
set
To mark IP traffic by setting a class o f service (CoS), a Differentiated Services Cod e Point (DSCP), or
IP-precedence in th e packet, use the set policy-map class configuration co mmand . To remove the traffic
classification, u se the no form of this command.
set {co s n ew-cos | [ip] { dscp n ew-d scp | precedence n ew-p recedence} | qos group value}
no set cos new-cos | ip {dscp new-dscp | precedence new-precedence} | qos group valu e}
Syntax Description
co s n ew-cos
ip dscp new-dscp
ip precedence n ew-preced ence
qos group valu e
New CoS value as signed to the clas sified traffic. Th e range is 0 to 7.
New DSCP value assign ed to the classified traffic. The range is
0 to 63. Yo u also can enter a mnemonic n ame for a commo nly us ed
value. Th e sp ecified valu e sets the type of service (To S) traffic clas s
byte in th e IPv4 /IPv6 pack et head er.
New IP-preced ence value assign ed to the classified traffic. The
rang e is 0 to 7 . Yo u also can enter a mnemonic name fo r a
commonly used valu e. The specified valu e sets th e preceden ce bit
in the IP h eader.
Internal QoS group assigned to a classified packet o n ing ress to an
interface.
Defaults
No markin g is enabled o n packets.
Command Modes
Policy-map class con figuratio n mo de
Usage Guidelines
You can u se the s et command only in class -level classes.
The set dscp n ew-dscp and the set precedence new-precedence co mmand s are the same as the set ip
dscp new-dscp and the set ip precedence n ew-preced ence commands.
For the set dscp new-d scp or the s et precedence new-precedence comman d, you can enter a mn emon ic
name for a commo nly u sed value. Fo r example, you can enter th e set dscp af11 comman d, wh ich is th e
as same entering th e set dscp 10 co mmand . You can en ter the set precedence critica l comman d, wh ich
is the s ame as entering the set precedence 5 command. For a list of supp orted mn emon ics, enter the set
dscp ? or the set precedence ? command to see the command-line h elp strings.
You can configure the set cos new-co s, set dscp n ew-d scp, or set precedence n ew-p reced ence co mmand
in an ing ress and an eg ress policy map attached to an interface or VLAN.
To return to policy-map configuration mode, use the exit comman d. To retu rn to privileged EXEC mode,
use th e end co mmand .
Examples
This examp le shows how to create a p olicy map called p 1 with CoS values assig ned to different traffic
types. Class maps for voice and video-data have alread y b een created.
Switch# configure terminal
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-497
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
set
Switch(config)# policy-map p1
Switch(config-pmap)# class voice
Switch(config-pmap-c)# set cos 1
Switch(config-pmap)# exit
Switch(config-pmap)# class video-data
Switch(config-pmap-c)# set cos 2
Switch(config-pmap)# exit
Switch#
You can verify your settings by entering the show policy -map privileg ed EXEC command.
Related Commands
Command
Descriptio n
class
Specifies the name of th e class wh ose traffic p olicy you want to
create or change.
policy-map
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
Displays info rmation ab out the po licy map .
show policy-map
trust
Defines a trust state for traffic clas sified th rou gh the class
p olicy-map configuration command.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-498
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
set cos
set cos
To set the Layer 2 class of service (CoS) valu e of a packet, use the set cos co mmand in p olicy-map class
co nfiguration mode. To remove a sp ecific Co S value setting, use the no form o f this co mmand .
set co s { cos-va lue | from-field [table ta ble-map -na me]}
no set cos {cos-value | from-field [table table-map-name]}
Syntax Description
co s-value
Specific IEEE 802.1Q CoS valu e from 0 to 7.
fro m-field
Specific packet-mark ing categ ory to be used to set the CoS valu e of th e
packet. If you are using a table map for mapping and converting
packet-marking valu es, this establishes the “map from” packet-marking
categ ory. Packet-marking category k eywords are as follows:
•
precedence
•
dscp
•
co s
• qos g roup
(Optional) Ind icates that the valu es s et in a specified table map will be used
to set the Co S value.
table
table-map-name
Command Default
(Optional) Name of th e tab le map used to sp ecify the Co S valu e. The table
map name can be a maximum of 64 alph anu meric characters.
No CoS value is s et fo r the o utgoing packet.
Command Modes
Policy-map class con figuratio n mo de
Usage Guidelines
The s et cos command can be u sed in an ingress as well as an egres s po licy map attached to an interface
or VLAN.
You can use th is command to sp ecify the “from-field” packet-marking category to be u sed for map ping
an d s etting the CoS value. Th e “from-field” packet-marking categories are as fo llows:
•
Precedence
•
Differentiated serv ices cod e point (DSCP)
•
Cost of Service (CoS)
•
Quality of Service (QoS) g rou p
If you specify a “from-field ” category bu t d o n ot specify th e table key word and the ap plicable
table-map-name argument, the d efault action will be to copy the value associated with the “from-field ”
categ ory as the CoS valu e. For instan ce, if you co nfigu re th e set cos precedence co mmand , the
preced ence value will be copied and u sed as the CoS value.
You can d o th e same fo r the DSCP marking category. That is, yo u can co nfigure the set co s dscp
co mmand , and the DSCP value will be copied and used as the CoS valu e.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-499
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
set cos
Note
If you con figure the set cos dscp command, on ly the first th ree bits (the clas s selector bits) of the DSCP
field are used.
Note
If you configure the set cos qos gro up command , only th e three least significant b its o f the q os grou p
field are used.
Examples
This example s hows how to config ure a policy map called cos-set an d assig n d ifferent CoS values for
d ifferent types of traffic. This example assumes th at the class maps called voice and video-data have
already been created.
Switch# configure terminal
Switch(config)# policy-map cos-set
Switch(config-pmap)# class voice
Switch(config-pmap-c)# set cos 1
Switch(config-pmap-c)# exit
Switch(config-pmap)# class video-data
Switch(config-pmap-c)# set cos 2
Switch(config-pmap-c)# end
Switch#
This example sh ows how to con figure a po licy map called policy-cos and to use the values defined in a
table map called tab le-map 1. Th e table map called table-map1 was created earlier with the table-map
(valu e map ping) command. For mo re in formatio n abou t the table-map (valu e map ping) command, see
th e table-map (value mapping ) comman d p age.
This example s hows how the setting o f the CoS valu e is based on the preced ence value d efined in
table-map1:
Switch# configure terminal
Switch(config)# policy-map policy-cos
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# set cos precedence table table-map1
Switch(config-pmap-c)# end
Switch#
Related Commands
Command
match (class-map
configuration)
policy-map
Descriptio n
Defines th e match criteria for a class map.
Creates or mod ifies a po licy map that can be attached to multiple
p orts to specify a serv ice policy and to enter policy -map
configuration mod e.
service-po licy (po licy-ma p
class)
Creates a service po licy that is a q uality o f service (QoS) po licy
within a po licy map .
set dscp
set precedence
Marks a packet by settin g th e differentiated serv ices cod e
p oint (DSCP) value in the type o f service (ToS) by te.
Sets th e preceden ce value in the packet header.
show policy-map
Displays info rmation ab out the po licy map .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-500
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
set dscp
set dscp
To mark a packet by setting the differen tiated services code point (DSCP) value in th e type of service
(ToS) byte, use the set dscp comman d in policy-map class co nfiguration mo de. To remove a p rev iously
set DSCP value, u se the no form of this command.
set [ip] dscp {dscp-va lue | from-field [table table-map-name]}
no set [ip] dscp {dscp-value | from-field [table table-map-name]
Syntax Description
ip
(Optional) Sp ecifies that the match is for IPv4 packets on ly. If n ot used, the
match is on both IPv4 and IPv 6 p ackets.
A number fro m 0 to 63 that sets the DSCP value. A mnemonic n ame for
co mmonly used values can also be used.
Specific packet-mark ing categ ory to be used to set the DSCP valu e of the
packet. If you are using a table map for mapping and converting
packet-marking valu es, this establishes the “map from” packet-marking
categ ory. Packet-marking category k eywords are as follows:
dscp-value
fro m-field
•
co s
•
qos-g roup
•
dscp
• precedence
(Optional) Used in co njunction with the from-field argument. In dicates that
the values s et in a specified table map will be used to set the DSCP valu e.
table
table-map-name
Command Default
(Optional) Us ed in conjunction with the table k eyword. Name of the table
map us ed to specify the DSCP valu e. The name can be a max imum o f 64
alp han umeric characters.
Disabled
Command Modes
Policy-map class con figuratio n mo de
Usage Guidelines
Once th e DSCP b it is set, other qu ality of service (QoS) features can then operate o n the bit settings.
DSCP and Precedence V alues Are Mutually Exclusiv e
The set dscp command cannot be used with the set precedence comman d to mark the sa me packet. The
two values, DSCP and p recedence, are mutu ally exclusive. A p acket can have on e value or the oth er, bu t
not both.
You can use th is command to sp ecify the “from-field” packet-marking category to be u sed for map ping
an d s etting the DSCP value. Th e “from-field” packet-marking categories are as fo llows:
•
Class of service (Co S)
•
QoS group
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-501
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
set dscp
•
Preceden ce
•
Differen tiated services code point (DSCP)
If you sp ecify a “fro m-field” catego ry but do not specify the table k eyword and the applicable
ta ble-map -na me argu ment, the default action will be to cop y the value asso ciated with the “fro m-field”
category as th e DSCP value. For instance, if yo u configure the set dscp cos comman d, the CoS value
will b e copied and used as th e DSCP value.
Note
The CoS field is a three-bit field, and the DSCP field is a s ix -bit field. If you co nfigu re the s et dscp cos
command, only the th ree bits of th e CoS field will be used.
If you config ure th e set dscp qos-group co mmand , the QoS group value will be copied and used as the
DSCP valu e.
The valid value range for th e DSCP is a nu mber from 0 to 63 . The valid value ran ge for the QoS g rou p
is a n umber from 0 to 63.
S et DSCP Values in IP v6 Environments
When this command is us ed in IPv6 enviro nments, th e d efault match occu rs on both IP and IPv6 p ackets.
However, the actu al pack ets set by this function are o nly those which meet th e match criteria of the
class-map co ntain ing this fun ction .
S et DSCP Values for IPv6 P ackets Only
To set DSCP values for IPv6 valu es o nly, the match protocol ipv6 command must also be used . Without
th at co mmand , the DSCP match defaults to match both IPv4 an d IPv6 packets.
S et DSCP Values for IPv4 P ackets Only
To set DSCP values for IPv 4 packets only, use the ip keyword in the match command for classification.
Without the ip key word, the match occurs on both IPv 4 and IPv6 packets.
Examples
P acket-marking Values and Table Map
In the followin g example, the p olicy map called p olicy1 is created to use the packet-marking values
d efin ed in a table map called table-map1. The table map was created earlier with the table-map (value
mappin g) comman d. For more information abou t the table-map (value mapping ) co mmand , see the
table-map (value mappin g) comman d pag e.
This example s hows how the DSCP value is set according to the CoS value defin ed in the table map
called table-map1.
Switch# configure terminal
Switch(config)# policy-map policy1
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# set dscp cos table table-map1
Switch(config-pmap-c)# end
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-502
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
set dscp
Related Commands
Co mmand
match (clas s-map
co nfiguration)
policy-map
Description
Defines the match criteria fo r a class map.
service-policy (policy-map
cla ss)
Creates a serv ice policy that is a quality of serv ice (QoS) policy
within a policy map.
set co s
Creates or modifies a policy map that can be attach ed to mu ltiple
ports to sp ecify a service policy an d to enter policy-map
co nfiguration mode.
Sets IP traffic by setting a class of service (Co S).
set precedence
show policy -map
Sets the p recedence value in the packet h eader.
Displays information about the policy map.
show policy -map interfa ce
Displays the statistics and config urations of the input an d o utput
policies that are attached to an interface.
table-map (value mapping)
(refer to Cisco IOS
documentatio n)
Modifies metric and tag values when the IP routin g table is
updated with BGP learned routes.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-503
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
set precedence
set precedence
To set the precedence valu e in the pack et header, u se the set precedence command in p olicy-map class
configuration mod e. To remove the precedence valu e, use the no form o f this co mmand .
set precedence {preced ence-value | from-field [table table-map-name]}
no set precedence {precedence-value | from-field [table ta ble-ma p-n ame]}
Syntax Description
p recedence-value
from-field
Command Default
Disabled
Command Modes
Policy-map class config uration mode
A n umber from 0 to 7 th at sets th e preceden ce bit in th e packet header.
Specific packet-marking category to be us ed to set th e preceden ce value of
th e packet. If yo u are using a table map for mapping and converting
p acket-markin g values, th is argu ment value establishes th e “map from”
p acket-markin g category. Packet-marking catego ry keyword s are as follows:
•
table
ta ble-map -na me
Usage Guidelines
cos
•
qos-group
•
dscp
• precedence
(Optio nal) Indicates that the values set in a sp ecified table map will b e used
to set the precedence valu e.
(Optio nal) Name of the table map used to s pecify a p recedence value based
o n th e class of service (CoS) value. The name can b e a maximum of 6 4
alphanumeric ch aracters.
C ommand C ompatibility
The set precedence command cannot be used with the set dscp command to mark the same packet. The
two values, DSCP and precedence, are mu tually exclusive. A packet can be o ne value or the oth er, but
n ot b oth.
You can use this co mmand to specify the “from-field” packet-mark ing categ ory to be used for mappin g
and setting the p recedence value. The “fro m-field” p acket-mark ing categ ories are as follows:
•
CoS
•
QoS g rou p
•
DSCP
•
Preceden ce
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-504
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
set precedence
If you specify a “from-field ” category bu t d o n ot specify th e table key word and the ap plicable
table-map-name argument, the d efault action will be to copy the value associated with the “from-field ”
categ ory as the precedence valu e. For instance, if you configu re the set precedence cos comman d, the
CoS value will b e copied and us ed as th e preceden ce value.
You can do the same for the QoS group -markin g category. That is, yo u can con figure the set precedence
qos-g roup command, and th e QoS group valu e will be cop ied and used as the precedence value.
The valid value rang e for the p recedence value is a n umber from 0 to 7 . Th e valid value range for the
QoS group is a numb er fro m 0 to 63. Therefore, when con figuring the s et precedence qo s-group
co mmand the three least s ignifican t b its o f qos-gro up are copied to preced ence.
Precedence V alues in IPv6 Environments
Wh en this comman d is u sed in IPv 6 environments it can set the value in bo th IPv4 and IPv6 pack ets.
However, the actual p ackets set by this fun ction are only those that meet the match criteria o f the
class-map containing this function.
Setting P recedence Values for IPv6 P ackets Only
To s et the preceden ce valu es for IPv6 p ackets only, the match protocol ipv 6 co mmand must als o be used
in th e class-map that classified p ackets for this action. Without the match protocol ipv 6 command, th e
class-map may classify both IPv6 and IPv4 p ackets , (dep end ing on other match criteria) and the s et
precedence comman d will act upon both typ es of p ackets.
Setting P recedence Values for IPv4 P ackets Only
To set the precedence values fo r IPv4 packets on ly, use a command involving the ip keyword like the
match ip precedence or match ip dscp comman d o r include th e match protocol ip command alo ng
with the others in the class map . Without the ad ditional ip keyword, the class -map may match both IPv6
an d IPv4 packets (depending on the o ther match criteria) and the s et precedence o r set dscp command
may act up on both types of packets.
Examples
In the following example, the po licy map n amed po licy-co s is created to use the values defined in a table
map named table-map1. The table map named table-map1 was created earlier with th e table-map (value
map ping) command. For more info rmation ab out the table-map (value mapp ing) command, see th e
table-map (value mapping ) co mmand page.
This ex ample shows how th e preced ence value is set acco rdin g to the CoS value defin ed in table-map 1.
Switch# configure terminal
Switch(config)# policy-map policy-cos
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# set precedence cos table table-map1
Switch(config-pmap-c)# end
Switch#
Related Commands
Co mmand
match (clas s-map
co nfiguration)
Description
Defines the match criteria fo r a class map.
policy-map
Creates or modifies a policy map that can be attach ed to mu ltiple
ports to sp ecify a service policy an d to enter policy-map
co nfiguration mode.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-505
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
set precedence
Command
Descriptio n
service-po licy (po licy-ma p
class)
set cos
Creates a service po licy that is a q uality o f service (QoS) po licy
within a po licy map .
Sets IP traffic by s etting a class of serv ice (CoS).
set dscp
Marks a packet by settin g th e differentiated serv ices cod e
p oint (DSCP) value in the type o f service (ToS) by te.
set qos-group
Sets a quality of serv ice (Qo S) gro up iden tifier (ID) th at can be
u sed later to classify p ackets.
set precedence
Sets th e preceden ce value in the packet header.
show policy-map
show policy-map interface
Displays info rmation ab out the po licy map .
Displays the statistics and con figuratio ns of the inp ut and outp ut
p olicies that are attached to an interface.
Mo difies metric and tag values when the IP routing table is
u pdated with BGP learned rou tes.
table-map (value mapping)
(refer to Cisco IOS
d ocu mentation)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-506
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
set qos-group
set qos-group
To set a quality o f service (QoS) group identifier (ID) that can be used later to classify packets, use th e
set qo s-group command in policy-map class configu ration mode. To remove the gro up ID, use the no
form of this comman d.
set qo s-group g rou p-id
no set qos-group group-id
Syntax Description
Command Default
group-id
Group ID number in the range fro m 0 to 63.
The gro up ID is set to 0.
Command Modes
Policy-map class con figuratio n mo de
Usage Guidelines
The set qos-g roup comman d allows y ou to as sociate a group ID with a packet. This ass ociation is made
thro ugh a service-policy attached to an interface or VLAN in the input direction. The g rou p ID can b e
later used in the o utput direction to ap ply QoS service po licies to th e packet.
Examples
This examp le shows how to set the q os-g roup to 5:
Switch# configure terminal
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Switch(config-pmap-c)# set qos
Switch(config-pmap-c)# set qos-group 5
Switch(config-pmap-c)# end
Switch#
Related Commands
Co mmand
match (clas s-map
co nfiguration)
Description
Defines the match criteria fo r a class map.
policy-map
Creates or modifies a policy map that can be attach ed to mu ltiple
ports to sp ecify a service policy an d to enter policy-map
co nfiguration mode.
service-policy (policy-map
cla ss)
show policy -map
show policy -map interfa ce
Creates a serv ice policy that is a quality of serv ice (QoS) policy
within a policy map.
Displays information about the policy map.
Displays the statistics and config urations of the input an d o utput
policies that are attached to an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-507
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
shape (class-based queueing)
shape (class-based queueing)
To en able traffic shaping a class o f traffic in a po licy map attached to a ph ysical port, use the shape
average p olicy-map class command. Traffic shaping limits the data transmission rate. To return to the
d efault setting, use the no form of this command.
shape av erage {ra te} [bps | kbps | mbps | g bps]
shape av erage percent {percen t_va lue}
no shape avera ge
Syntax Description
rate
Specifies an average rate fo r traffic shaping; the range is 16 000 to 1000 00000 00.
Post-fix notation (k , m, and g) is o ptional and a d ecimal po int is allowed.
bps
kbps
mbps
(Option al) Specifies a rate in bits per seco nds.
(Option al) Specifies a rate in kiloby tes per seco nds.
(Option al) Specifies a rate in megab its per seconds.
g bps
percent
(Option al) Specifies a rate in gigabits per seco nds.
Specifies a p ercentage o f bandwid th for traffic s hap ing.
p ercent_ valu e (Option al) Specifies a percen tage of the ban dwidth u sed for traffic shaping ; valid
values are from 1 to 1 00 percen t.
Defaults
Average-rate traffic shaping is disabled .
Command Modes
Policy-map class config uration mode
Usage Guidelines
Use the shape co mmand o nly in a policy map attached to a phys ical p ort. This comman d is valid in
p olicy maps at any level of the hierarch y.
Shaping is the p rocess of delay ing out-of-profile p ackets in qu eues so that th ey confo rm to a specified
p rofile. Shaping is distinct from p olicin g. Policing drops p ackets that ex ceed a co nfigured thresh old, but
sh apin g buffers p ackets s o th at traffic remains within the thresho ld . Shaping offers greater smoothn ess
in handlin g traffic than po licing .
You canno t use the bandwidth, dbl, and the shape po licy-map clas s configuration commands with the
priority policy-map class config uration command in th e same class within the same po licy map.
However, you can use these comman ds in the same policy map .
To return to policy -map config uration mo de, use the exit command. To return to p rivileg ed EXEC mode,
u se the end command.
Examples
This example s hows how to limit the specified traffic class to a data transmiss ion rate of 256 kbps :
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# policy-map policy1
Switch(config-pmap)# class class1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-508
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
shape (class-based queueing)
Switch(config-pmap-c)# shape average 256000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet1/1
Switch(config-if)# service-policy output policy1
Switch(config-if)# end
You can verify you r settin gs by entering the show policy-map privileged EXEC comman d.
Related Commands
Co mmand
Description
bandwidth
Creates a sign aling class s tructure that can be referred to by its
name.
Specifies the name o f the class whose traffic policy y ou want to
create or chan ge.
Enables active queue manag ement on a transmit queue used by a
class of traffic.
cla ss
dbl
policy-map
service-policy (policy-map
cla ss)
Creates a po licy map th at can be attach ed to multiple ports to
specify a service p olicy and to en ter p olicy -map con figuratio n
mode.
Creates a serv ice policy that is a quality of serv ice (QoS) policy
within a policy map.
show policy -map
Displays information about the policy map.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-509
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
shape (interface configuration)
shape (interface configuration)
To specify traffic shaping on an interface, use the shape comman d. To remove traffic shaping , use the
no form of th is command
shape [rate] [percent]
no shape [rate] [percent]
Syntax Description
rate
percent
Defaults
(Optio nal) Sp ecifies an av erag e rate for traffic shaping ; the range is 1 6000 to
1 00000 0000. Post-fix notation (k, m, and g) is optional and a decimal p oint is
allowed.
(Optio nal) Sp ecifies a percent o f bandwidth for traffic shaping.
Defau lt is no traffic sh apin g.
Command Modes
Interface tran smit q ueu e configu ration mode
Usage Guidelines
Traffic sh ap in g is available o n all the p orts, an d it sets an up per limit on the bandwid th.
Some examples of ports that are con nected directly to th e back plan e are as fo llows:
•
Ports on the WS-X4306-GB module
•
The two 1 000BASE-X ports o n the WS-X4 232-GB-RJ mod ule
•
The first two ports on the WS-X4418-GB module
•
The two 1 000BASE-X ports o n the WS-X4 412-2GB-TX mod ule
All p orts on the 24-port mod ules and the 4 8-p ort modu les are mu ltiplexed thro ugh a Stub ASIC. Some
examples of ports mu ltip lexed thro ugh a Stub ASIC are as follows:
•
Examples
1 0/100 ports on the WS-X4148-RJ45 modu le
•
1 0/100/10 00 ports o n the WS-X4 124-GB-RJ4 5 module
•
1 0/100/10 00 ports o n the WS-X4 448-GB-RJ4 5 module
This example s hows how to config ure a maximum ban dwidth (70 percent) fo r the in terface fa3/1:
Switch(config)# interface fastethernet3/1
Switch(config-if)# tx-queue 3
Switch(config-if-tx-queue)# shape 70m
Switch(config-if-tx-queue)#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-510
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
shell trigger
shell trigger
Use the s hell trig ger global config uration co mmand to create a user defined trigger. Use th e no form of
this co mmand to delete the trigger.
shell trigger id entifier descriptio n
no shell trigger identifier description
Syntax Description
identifier
Specifies the event trigger identifier. The identifier s hould have no spaces or
hyp hen s b etween words.
Specifies the event trigger descriptio n text.
descrip tion
Defaults
There are sy stem-defined event triggers:
•
CISCO_PHONE_EVENT
•
CISCO_SWITCH_EVENT
•
•
Command Modes
Usage Guidelines
CISCO_ROUTER_EVENT
CISCO_WIRELESS_AP_EVENT
•
CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
•
DMP
•
IPVSC
Glob al co nfigu ration
Use this command to create user-d efined even t triggers in conjunction with th e macro auto execute
global con figuratio n command.
To sup port dy namic dev ice d iscovery when using 802 .1 X auth entication, con figure the RADIUS
au then tication server to supp ort the Cisco attribute-value (AV) pair: auto-smart-port=event trigger.
This comman d is mainly used fo r 802.1X authenticatio n b ased trig gers pro vided 8 02.1X or M AB is
suppo rted, enabling you to map new p latform strings or d evice IDs to their respective macros or
fun ction s.
Examples
This examp le shows how to create a u ser-defin ed event trigger called RADIUS_MAB_EVENT:
Switch# configure terminal
Switch(config)# shell trigger RADIUS_MAB_EVENT MAC_AuthBypass Event
Switch(config)# end
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-511
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
shell trigger
Related Commands
Command
Desc ription
macro auto g lobal processing Enables Auto Smartports o n a switch.
macro auto processing
show shell
Enable Auto SmartPo rts macros on a specific interface.
Displays information about event trig gers an d macros.
macro auto device
Simp lifies changing the parameters for a bu ilt-in functions for a
device ty pe.
macro auto execute (builtin
function)
macro auto execute
(user-defined function)
Ch an ges built-in fun ction default values or to map user-defined
trigg ers to bu ilt-in fu nctio ns, and to pass the parameter values.
Map s a trigg er to a user-d efined function.
macro auto execute
(remo tely-defined function)
Map s a trigg er to a remotely d efined functions.
macro auto processing
macro auto s ticky
Enables Auto SmartPo rts macros on a specific in terface.
Sp ecifies not to remove config urations applied by ASP across link
flaps an d d evice removal.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-512
OL_28738 -01
22
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show acc ess-group mode interface
show access-group mode interface
To disp lay the ACL con figuratio n o n a Layer 2 interface, use th e show access-group mo de interface
co mmand .
show access-group mode interface [interface interface-nu mber]
Syntax Description
interface
interface-numb er
(Option al) Interface ty pe; valid values are ethernet, fastethernet,
gig abitethernet, tengig abitethernet, a nd port-channel.
(Option al) Interface n umber.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
The valid values for the port nu mber depen d o n the chassis u sed .
Examples
This examp le shows how to d isplay th e ACL co nfiguration on the Fast Ethernet in terface 6/1:
Switch# show access-group mode interface fa6/1
Interface FastEthernet6/1:
Access group mode is: merge
Switch#
Related Commands
Co mmand
access-group mode
Description
Specifies the ov erride modes (for example, VACL o verrid es
PACL) and th e non-override modes (fo r example, merge or strict
mode).
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-513
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show adjacency
show adjacency
To d isplay information about th e Layer 3 switching adjacency table, u se the show adjacency command.
show adjacency [{interface interface-number} | {null in terface-nu mber} | {port-channel numb er }
| {vla n vlan-id} | detail | internal | summary]
Syntax Description
in terface
(Optio nal) Interface type; p ossible valid values are ethernet, fastethernet,
g igabitethernet, teng igabitethernet, pos, ge-wan, and atm.
in terface-nu mber
(Optio nal) Modu le and p ort nu mber; see th e “Usage Guid elines” section for
valid valu es.
null
in terface-nu mber
port-channel
n umber
(Optio nal) Sp ecifies the nu ll interface; th e valid value is 0.
(Optio nal) Sp ecifies the channel interface; valid values are a maximum of
6 4 values ranging fro m 1 to 256 .
v lan vlan-id
(Optio nal) Sp ecifies the VLAN; valid valu es are from 1 to 40 94.
detail
interna l
(Optio nal) Displays the in formatio n abo ut th e protocol detail an d timer.
(Optio nal) Displays the in formatio n abo ut th e internal data structu re.
summary
(Optio nal) Displays a su mmary of CEF-adjacency info rmation.
Defaults
This command has no default setting s.
Command Modes
EXEC
Usage Guidelines
The interface-number arg umen t d esign ates the mod ule and port n umber. Valid valu es fo r
in terface-nu mber dep en d o n th e specified in terface type and the ch assis and module that are used. For
example, if you specify a Gig abit Ethernet interface and have a 4 8-p ort 1 0/100BASE-T Ethernet modu le
th at is installed in a 13-slot chass is, valid values for the module number are fro m 1 to 13, and valid valu es
for the port n umber are fro m 1 to 48.
Hardware Layer 3 switching adjacency statistics are up dated every 6 0 s econds .
The following informatio n is contained in th e show adjacency command:
•
Protocol in terface.
•
Type of routing protocol that is co nfigu red on the interface.
•
•
Interface addres s.
Method o f ad jacen cy that was learned.
•
MAC address of th e adjacent rou ter.
•
Time left before the adjacency rolls out of the adjacency tab le. After it rolls ou t, a packet must use
th e same next h op to the destination.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-514
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show adjacency
Examples
This examp le shows how to d isplay adjacency info rmation:
Switch# show adjacency
Protocol Interface
IP
FastEthernet2/3
IP
FastEthernet2/3
Switch#
Address
172.20.52.1(3045)
172.20.52.22(11)
This examp le shows how to d isplay a summary of adjacency info rmation:
Switch# show adjacency summary
Adjacency Table has 2 adjacencies
Interface
Adjacency Count
FastEthernet2/3
2
Switch#
This examp le shows how to d isplay p rotocol detail and timer info rmation:
Switch# show adjacency detail
Protocol Interface
IP
FastEthernet2/3
IP
FastEthernet2/3
Address
172.20.52.1(3045)
0 packets, 0 bytes
000000000FF920000380000000000000
00000000000000000000000000000000
00605C865B2800D0BB0F980B0800
ARP
03:58:12
172.20.52.22(11)
0 packets, 0 bytes
000000000FF920000380000000000000
00000000000000000000000000000000
00801C93804000D0BB0F980B0800
ARP
03:58:06
Switch#
This examp le shows how to d isplay adjacency info rmation for a specific interface:
Switch# show adjacency fastethernet2/3
Protocol Interface
Address
IP
FastEthernet2/3
172.20.52.1(3045)
IP
FastEthernet2/3
172.20.52.22(11)
Switch#
Related Commands
Co mmand
debug adjacency
Description
Displays information about the adjacency debugging .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-515
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show ancp multicast
show ancp multicast
To display multicast streams activated by Access Nod e Control Protocol (ANCP), use the show ancp
multicast command.
show a ncp multicast [group groupa ddr] [source so urceaddr] | [ interface in terfacename]
Syntax Description
group g rou paddr
so urce sourcead dr
(Optional) Specifies a multicast gro up ad dress.
(Optional) Specifies a multicast source ad dress.
interfa ce interfa cename
(Optional) Specifies a multicast flowing on a specific interface.
Defaults
Displays all the mu lticast streams activated with ANCP.
Command Modes
Priv ileged EXEC
Examples
This example s hows how to display multicast streams activated by ANCP:
ANCP-Client# show ancp mul
ANCP Multicast Streams
ClientID VLAN Interface Joined on
Group 235.3.2.1
0x01060004000A0703 10 Fa7/3 18:27:35 UTC Sat Sep 13 2008
0x0106000400140703 20 Fa7/3 18:27:35 UTC Sat Sep 13 2008
0x01060004000A0704 10 Fa7/4 18:25:43 UTC Sat Sep 13 2008
0x0106000400140704 20 Fa7/4 18:25:43 UTC Sat Sep 13 2008
Group 238.1.2.3
0x01060004000A0703 10 Fa7/3 18:27:37 UTC Sat Sep 13 2008
0x0106000400140703 20 Fa7/3 18:27:35 UTC Sat Sep 13 2008
0x01060004000A0704 10 Fa7/4 18:25:43 UTC Sat Sep 13 2008
0x0106000400140704 20 Fa7/4 18:25:43 UTC Sat Sep 13 2008
ANCP-Client#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-516
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show arp access-list
show arp access-list
To disp lay detailed information on an ARP access list, u se the s how arp co mmand .
show arp access-list
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Examples
EXEC
This examp le shows how to d isplay th e ARP ACL in formation for a switch:
Switch# show arp access-list
ARP access list rose
permit ip 10.101.1.1 0.0.0.255 mac any
permit ip 20.3.1.0 0.0.0.255 mac any
Related Commands
Co mmand
Description
access-group mode
Specifies the ov erride modes (for example, VACL o verrid es
PACL) and th e non-override modes (fo r example, merge or strict
mode).
arp access-list
Defines an ARP access list or add s clauses at the end of a
predefined list.
ip arp inspection filter vlan
Permits ARPs from ho sts th at are configured for static IP when
DAI is enab led, defin es an ARP access list, and applies the acces s
list to a VLAN.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-517
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show authentication
show authentication
To display the Auth Man ager in formatio n, use the show authentication command in EXEC o r
Priv ileged EXEC mo de.
show authentication {interface interface | registratio ns | sessions [sessio n-id session-id] [handle
h andle] [interface interface] [mac ma c] [metho d method ] [interfa ce interfa ce [details |
policy]]
Syntax Description
interfa ce interfa ce
reg istrations
Displays all of the Auth Manag er details asso ciated with the specified interface.
Displays details of all metho ds registered with the Auth Man ager.
sessions
Displays details of the cu rrent Auth Man ager session s (fo r example, client
d evices). If you do not enter any optio nal specifiers, all current active sessions
are displayed. You can enter the specifiers singly or in comb inatio n to dis play
a specific session (o r group of session s).
session-id session-id (Optio nal) Sp ecifies an Auth Man ager session .
handle ha ndle
mac mac
method method
interfa ce interfa ce
details
interfa ce interfa ce
policy]
(Optio nal) Specifies the particular handle for which Auth Manager in formatio n
is disp layed. Rang e is 1 to 4 29496 7295.
(Optio nal) Displays Au th M anager session information for a s pecified MAC
address.
(Optio nal) Displays all clien ts autho rized by a specified authentication
method . Valid values are as fo llows:
• dot1x
•
mab
•
webauth
(Optio nal) Displays detailed information.
(Optio nal) Displays policies applied on the in terface.
Command Default
This command has no default setting s.
Command Modes
EXEC
Usage Guidelines
Note
Tab le 2-10 describes th e significant fields shown in the show authentication disp lay.
The po ssible values for th e status of sessions are giv en below. For a session in terminal state, “Authz
Success” or “Au thz Failed” are displayed. “No methods” is displayed if no method has provided a result.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-518
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show authentication
Table 2-10
Field
Idle
Running
show authentication Command Output
Description
Th e session has been initialized an d no metho ds have run yet.
A method is ru nning for this session.
No methods
No method h as provided a result for this session.
Auth c Success
A method has resulted in auth entication success fo r this sess ion.
Auth c Failed
A method has resulted in auth entication fail for th is session .
Auth z Success
All features have been successfu lly app lied for this session.
Auth z Failed
A feature has failed to be ap plied for this session.
Table 2 -11 lists the possible values fo r the state of metho ds. For a ses sion in terminal state, “Auth c
Success,” “Authc Failed ,” or “Failed over” are disp lay ed (the latter ind icates a method ran an d failed over
to th e next meth od which did not provide a resu lt. “Not run” is displayed in the case o f sessio ns th at are
synchronized on standby.
Table 2-11
Method State
Not run
Running
Failed o ver
Examples
State Method Values
State Level
Description
Terminal
The method has not ru n for th is session .
Intermediate
The method is ru nning for this session.
Terminal
The method has failed and the next method is exp ected to
p rovid e a res ult.
Auth c Success
Terminal
The meth od h as prov ided a successful authentication result
for th e session.
Auth c Failed
Terminal
The method has provided a failed authenticatio n result for
th e session.
The following example shows how to disp lay authentication methods registered with Auth Manag er:
Switch# show authentication registrations
Auth Methods registered with the Auth Manager:
Handle Priority Name
3 0 dot1x
2 1 mab
1 2 webauth
Switch#
The following example shows how to disp lay Au th Manager details for a specific interface:
Switch# show authentication interface gigabitethernet1/23
Client list:
MAC Address Domain Status Handle Interface
000e.84af.59bd DATA Authz Success 0xE0000000 GigabitEthernet1/0/23
Available methods list:
Handle Priority Name
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-519
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show authentication
3 0 dot1x
Runnable methods list:
Handle Priority Name
3 0 dot1x
Switch#
The following example shows how to display all Au th M anager sessions on the switch:
Switch# show authentication sessions
Interface MAC Address
Method
Domain
Gi3/45
(unknown)
N/A
DATA
Gi3/46
(unknown)
N/A
DATA
Status
Authz Failed
Authz Success
Session ID
0908140400000007003651EC
09081404000000080057C274
The following example shows how to display all Au th M anager sessions on an interface:
Switch# show authentication sessions int gi 3/46
Interface: GigabitEthernet3/46
MAC Address: Unknown
IP Address: Unknown
Status: Authz Success
Domain: DATA
Oper host mode: multi-host
Oper control dir: both
Authorized By: Guest Vlan
Vlan Policy: 4094
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 09081404000000080057C274
Acct Session ID: 0x0000000A
Handle: 0xCC000008
Runnable methods list:
Method
State
dot1x
Failed over
The following example shows how to display Auth Manager ses sion for a specified MAC address:
Switch# show authentication sessions mac 000e.84af.59bd
Interface: GigabitEthernet1/23
MAC Address: 000e.84af.59bd
Status: Authz Success
Domain: DATA
Oper host mode: single-host
Authorized By: Authentication Server
Vlan Policy: 10
Handle: 0xE0000000
Runnable methods list:
Method State
dot1x Authc Success
Switch#
The following example shows how to display all clients authorized via a specified auth method:
Switch# show authentication sessions method mab
No Auth Manager contexts match supplied criteria
Switch# show authentication sessions method dot1x
MAC Address Domain Status Handle Interface
000e.84af.59bd DATA Authz Success 0xE0000000 GigabitEthernet1/23
Switch#
The following example disp lays the policies applied on interface e0/0:
AUTH# show authentication sessions interface e0/0 policy
Interface: Ethernet0/0
MAC Address: aabb.cc01.ff00
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-520
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show authentication
IPv6 Address:
IPv4 Address:
User-Name:
Status:
Domain:
Security Policy:
Security Status:
Oper host mode:
Oper control dir:
Session timeout:
Common Session ID:
Acct Session ID:
Handle:
Current Policy:
Unknown
Unknown
gupn
Authorized
DATA
Should Secure
Unsecure
multi-host
both
N/A
0D0102330000000D0003329A
Unknown
0x6F000002
POLICY_Et0/0
Local Policies:
Template: SVC_1 (priority 10)
Idle timeout: 500 sec
TAG: blue
URL Redirect: www.a.com
URL Redirect ACL: a
Template: SVC_3 (priority 20)
Idle timeout: 300 sec
TAG: red
URL_Redirect: www.b.com
URL-Redirect ACL: b
Related Commands
Server Policies:
Idle timeout:
800 sec
Resultant policies:
Idle timeout:
TAG:
URL Redirect:
URL Redirect ACL:
TAG:
500 sec
blue
www.a.com
a
red
Method status list:
Method
dot1x
State
Authc Success
Co mmand
Description
authentication
co ntro l-direction
authentication critical
reco very delay
authentication event
authentication fallback
authentication host-mode
authentication open
authentication order
Chan ges the port control to unidirectional or bidirection al.
Config ures the 80 2.1 X critical au then tication parameters.
Config ures the actio ns for auth entication events.
Enables the Web auth fallback and specifies the fallback p rofile to
use when failing over to Webauth.
Defines the clas sification of a session that will be used to ap ply
the access-policies using the host-mode configuratio n.
Enables o pen access on this port.
Specifies the order in which authentication methods sho uld be
attempted for a client on an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-521
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show authentication
Command
Descriptio n
authentication periodic
authentication
port-control
authentication priority
Enab les reauthentication for th is po rt.
Con figures the port-control value.
Specifies the priority of auth entication metho ds on an interface.
authentication timer
Con figures the au then tication timer.
a uthentication v iolation
Specifies the action to be taken when a security vio lation exists
o n a port.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-522
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show auto install status
show auto install status
To disp lay the statu s of an automatic installation, u se the show auto insta ll status comman d.
show auto install status
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Examples
This ex ample s hows how to d isplay the IP addres s of th e TFTP server and to d isplay wheth er o r not th e
switch is currently acq uiring th e co nfigu ration file o n th e TFTP server:
Switch# show auto install status
Status
: Downloading config file
DHCP Server
: 20.0.0.1
TFTP Server
: 30.0.0.3
Config File Fetched : Undetermined
The firs t IP address in the display indicates the server that is used for th e au tomatic installation . The
secon d IP address in dicates th e TFTP server that p rovid ed the co nfiguration file.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-523
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show auto qos
show auto qos
To display th e au tomatic quality o f service (auto-Qo S) configuration that is applied, u se the show auto
qos user EXEC co mmand .
show a uto qos [interface [interface-id]] [{begin | exclude | include} expression]
Syntax Description
Command Modes
Usage Guidelines
interfa ce interfa ce-id
(Optio nal) Displays auto-QoS information for the specified in terface or
for all interfaces. Valid interfaces include physical ports.
begin
exclude
(Optio nal) Begins with th e line th at matches the express ion.
(Optio nal) Excludes lines that match the express ion.
include
(Optio nal) Includes lines th at match the specified ex pression .
exp ression
(Optio nal) Expression in the ou tput to use as a referen ce point.
Priv ileged EXEC mo de
The show auto qo s interfa ce interfa ce-id command displays the auto-Qo S config uration; it does n ot
d isplay any user changes to the co nfiguration that migh t be in effect.
To disp lay in formatio n about the QoS con figuratio n that might be affected by auto-QoS, use one of these
commands:
•
show qos
•
show qos map
•
show qos interface in terface-id
•
show running-co nfig
Expressio ns are case sen sitive. For example, if yo u enter exclude output, th e lines that contain output
d o n ot app ear, bu t the lines that co ntain Output appear.
Examples
This example s hows outpu t fro m the show auto qos comman d when auto -QoS is enab led:
Switch# show auto qos
GigabitEthernet1/2
auto qos voip cisco-phone
Switch#
Related Commands
Command
auto qo s v oip
Descriptio n
Automatically configures quality of service (auto-Qo S) for Voice
over IP (VoIP) within a QoS domain.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-524
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show bootflash:
show bootflash:
To disp lay information about the bootflash : file system, us e the s how boo tflash: comman d.
show bootfla sh: [all | chips | filesys]
Syntax Description
all
chips
(Option al) Displays all pos sible Flas h in formatio n.
(Option al) Displays Flash chip information.
filesys
(Option al) Displays file sy stem information.
Defaults
This comman d has no default settings.
Command Modes
EXEC
Examples
This examp le shows how to d isplay file system statu s informatio n:
Switch> show bootflash: filesys
-------- F I L E
S Y S T E M
S T A T U S -------Device Number = 0
DEVICE INFO BLOCK: bootflash
Magic Number
= 6887635
File System Vers = 10000
(1.0)
Length
= 1000000
Sector Size
= 40000
Programming Algorithm = 39
Erased State
= FFFFFFFF
File System Offset
= 40000
Length = F40000
MONLIB Offset
= 100
Length = C628
Bad Sector Map Offset = 3FFF8
Length = 8
Squeeze Log Offset
= F80000
Length = 40000
Squeeze Buffer Offset = FC0000
Length = 40000
Num Spare Sectors
= 0
Spares:
STATUS INFO:
Writable
NO File Open for Write
Complete Stats
No Unrecovered Errors
No Squeeze in progress
USAGE INFO:
Bytes Used
= 917CE8 Bytes Available = 628318
Bad Sectors
= 0
Spared Sectors = 0
OK Files
= 2
Bytes = 917BE8
Deleted Files = 0
Bytes = 0
Files w/Errors = 0
Bytes = 0
Switch>
This examp le shows how to d isplay sy stem image information :
Switch> show bootflash:
-# - ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name
1
.. image
8C5A393A 237E3C
14 2063804 Aug 23 1999 16:18:45 c4-boot-mz
2
.. image
D86EE0AD 957CE8
9 7470636 Sep 20 1999 13:48:49 rp.halley
Switch>
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-525
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show bootflash:
This example s hows how to display all bo otflash information:
Switch> show bootflash: all
-# - ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name
1
.. image
8C5A393A 237E3C
14 2063804 Aug 23 1999 16:18:45 c4-bootmz
2
.. image
D86EE0AD 957CE8
9 7470636 Sep 20 1999 13:48:49 rp.halley
6456088 bytes available (9534696 bytes used)
-------- F I L E
S Y S T E M
S T A T U S -------Device Number = 0
DEVICE INFO BLOCK: bootflash
Magic Number
= 6887635
File System Vers = 10000
(1.0)
Length
= 1000000
Sector Size
= 40000
Programming Algorithm = 39
Erased State
= FFFFFFFF
File System Offset
= 40000
Length = F40000
MONLIB Offset
= 100
Length = C628
Bad Sector Map Offset = 3FFF8
Length = 8
Squeeze Log Offset
= F80000
Length = 40000
Squeeze Buffer Offset = FC0000
Length = 40000
Num Spare Sectors
= 0
Spares:
STATUS INFO:
Writable
NO File Open for Write
Complete Stats
No Unrecovered Errors
No Squeeze in progress
USAGE INFO:
Bytes Used
= 917CE8 Bytes Available = 628318
Bad Sectors
= 0
Spared Sectors = 0
OK Files
= 2
Bytes = 917BE8
Deleted Files = 0
Bytes = 0
Files w/Errors = 0
Bytes = 0
Switch>
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-526
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show bootvar
show bootvar
To disp lay BOOT en viro nmen t variable info rmation, use the show bo otva r comman d.
show bootvar
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Examples
Privileg ed EXEC mode
This examp le shows how to d isplay BOOT environment v ariab le information:
Switch# show bootvar
BOOT variable = sup:1;
CONFIG_FILE variable does not exist
BOOTLDR variable does not exist
Configuration register is 0x0
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-527
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show cable-diagnostics tdr
show cable-diagnostics tdr
To d isplay the test res ults for the TDR cable d iagn ostics , use the show ca ble-dia gno stics tdr command.
show cable-diagnostics tdr {interface {interface interface-number}}
Note
Syntax Description
This command will be deprecated in future Cisco IOS releases; use the diagnostic start comman d
in stead.
interfa ce interface Interface type; valid valu es are fastethernet and gigabitethernet.
in terface-nu mber
Defaults
Module an d p ort numb er.
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
The TDR test is supported for th e following line card s o nly:
•
•
WS-X4548-GB-RJ45
WS-X4548-GB-RJ45V
•
WS-X4524-GB-RJ45V
•
WS-X4013+TS
•
WS-C49 48
•
WS-C49 48-1 0GE
The distance to the fault is d is play ed in meters (m).
Examples
This example s hows how to display information about the TDR test:
Switch# show cable-diagnostics tdr interface gi4/13
Interface Speed Local pair Cable length Remote channel Status
Gi4/13
0Mbps
1-2
102 +-2m
Unknown
Fault
3-6
100 +-2m
Unknown
Fault
4-5
102 +-2m
Unknown
Fault
7-8
102 +-2m
Unknown
Fault
Switch#
Tab le 2-12 describes th e fields in the show cable-diagnostics tdr co mmand o utput.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-528
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show cable-diagnostics tdr
Table 2-12
Field
Related Commands
show cable-diagnostics tdr Command Output Fields
Description
Interface
Interface tested .
Speed
Current line sp eed.
Pair
Cable Length
Local pair name.
Distance to the fault in meters (m).
Chan nel
Pair des ignatio n (A, B, C, o r D).
Status
Pair status dis play ed is one of the following:
•
Terminated —The link is u p.
•
Fau lt—Cable fault (op en or short)
Co mmand
test cable-diagnostics tdr
Description
Tests the cond ition of copper cab les on 48-port 10/100 /1000
BASE-T mod ules .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-529
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show call-home
show call-home
To display the config ured CallHome information, use the sho w call-home command in p rivileg ed EXEC
mo de.
show call-ho me [alert-group | detail | mail-s erver | profile {all | n ame} | s tatistics]
Syntax Description
a lert-group
detail
mail-server
(Optio nal) Displays the available alert group.
(Optio nal) Displays the CallHo me co nfigu ration in detail.
(Optio nal) Displays the CallHo me mail server-related information .
profile a ll
(Optio nal) Displays configu ration information for all existing profiles.
profile n ame
(Optio nal) Displays configu ration information for a sp ecific d estin ation
p rofile.
(Optio nal) Displays the CallHo me statistics.
statistics
Command Default
This command has no default setting s.
Command Modes
Priv ileged EXEC (#)
Examples
The following example disp lays the co nfigured CallHo me settings:
Switch# show call-home
Current call home settings:
call home feature : disable
call home message's from address: [email protected]
call home message's reply-to address: [email protected]
vrf for call-home messages: Not yet set up
contact person's email address: [email protected]
contact person's phone number: +1-408-555-1234
street address: 1234 Picaboo Street, Any city, Any state, 12345
customer ID: ExampleCorp
contract ID: X123456789
site ID: SantaClara
Mail-server[1]: Address: smtp.example.com Priority: 1
Mail-server[2]: Address: 192.168.0.1 Priority: 2
Rate-limit: 20 message(s) per minute
Available alert groups:
Keyword
State
Description
------------------------ ------- ------------------------------configuration
Disable configuration info
diagnostic
Disable diagnostic info
environment
Disable environmental info
inventory
Enable inventory info
syslog
Disable syslog info
Profiles:
Profile Name: campus-noc
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-530
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show call-ho me
Profile Name: CiscoTAC-1
Switch#
Config ured CallHome Info rmation in Detail
Switch# show call-home detail
Current call home settings:
call home feature : disable
call home message's from address: [email protected]
call home message's reply-to address: [email protected]
vrf for call-home messages: Not yet set up
contact person's email address: [email protected]
contact person's phone number: +1-408-555-1234
street address: 1234 Picaboo Street, Any city, Any state, 12345
customer ID: ExampleCorp
contract ID: X123456789
site ID: SantaClara
Mail-server[1]: Address: smtp.example.com Priority: 1
Mail-server[2]: Address: 192.168.0.1 Priority: 2
Rate-limit: 20 message(s) per minute
Available alert groups:
Keyword
State
Description
------------------------ ------- ------------------------------configuration
Disable configuration info
diagnostic
Disable diagnostic info
environment
Disable environmental info
inventory
Enable inventory info
syslog
Disable syslog info
Profiles:
Profile Name: campus-noc
Profile status: ACTIVE
Preferred Message Format: long-text
Message Size Limit: 3145728 Bytes
Transport Method: email
Email address(es): [email protected]
HTTP address(es): Not yet set up
Alert-group
-----------------------inventory
Severity
-----------normal
Syslog-Pattern
-----------------------N/A
Severity
-----------N/A
Profile Name: CiscoTAC-1
Profile status: ACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: email
Email address(es): [email protected]
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Periodic configuration info message is scheduled every 1 day of the month at 09:27
Periodic inventory info message is scheduled every 1 day of the month at 09: 12
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-531
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show call-home
Alert-group
-----------------------diagnostic
environment
inventory
Severity
-----------minor
warning
normal
Syslog-Pattern
-----------------------.*
Switch#
Severity
-----------major
Available Call Home Alert Group s
Switch# show call-home alert-group
Available alert groups:
Keyword
State
Description
------------------------ ------- ------------------------------configuration
Disable configuration info
diagnostic
Disable diagnostic info
environment
Disable environmental info
inventory
Enable inventory info
syslog
Disable syslog info
Switch#
E-Mail Serv er Status Information
Switch# show call-home mail-server status
Please wait. Checking for mail server status ...
Translating "smtp.example.com"
Mail-server[1]: Address: smtp.example.com Priority: 1 [Not Available]
Mail-server[2]: Address: 192.168.0.1 Priority: 2 [Not Available]
Switch#
Information for All Destination Profiles (Predefined and User-Defined )
Switch# show call-home profile all
Profile Name: campus-noc
Profile status: ACTIVE
Preferred Message Format: long-text
Message Size Limit: 3145728 Bytes
Transport Method: email
Email address(es): [email protected]
HTTP address(es): Not yet set up
Alert-group
-----------------------inventory
Severity
-----------normal
Syslog-Pattern
-----------------------N/A
Severity
-----------N/A
Profile Name: CiscoTAC-1
Profile status: ACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: email
Email address(es): [email protected]
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-532
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show call-ho me
Periodic configuration info message is scheduled every 1 day of the month at 09:27
Periodic inventory info message is scheduled every 1 day of the month at 09:12
Alert-group
Severity
------------------------ -----------diagnostic
minor
environment
warning
inventory
normal
Syslog-Pattern
-----------------------.*
Severity
-----------major
Switch#
Information for a User-Defined Destination Profile
Switch# show call-home profile CiscoTAC-1
Profile Name: CiscoTAC-1
Profile status: INACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: email
Email address(es): [email protected]
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService
Periodic configuration info message is scheduled every 11 day of the month at 11:25
Periodic inventory info message is scheduled every 11 day of the month at 11:10
Alert-group
-----------------------diagnostic
environment
inventory
Severity
-----------minor
warning
normal
Syslog-Pattern
-----------------------.*
Severity
-----------major
Call Ho me Statistics
Switch# show call-home statistics
Message Types
Total
Email
HTTP
-------------------------------- -------------------- -----------------Total Success
0
0
0
Config
0
0
0
Diagnostic 0
0
0
Environment 0
0
0
Inventory
0
0
0
SysLog
0
0
0
Test
0
0
0
Request
0
0
0
Send-CLI
0
0
0
Total In-Queue 0
Config
0
Diagnostic 0
Environment 0
Inventory
0
SysLog
0
Test
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-533
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show call-home
0
0
0
0
0
0
Total Failed
0
Config
0
Diagnostic 0
Environment 0
Inventory
0
SysLog
0
Test
0
Request
0
Send-CLI
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Total Ratelimit
-dropped 0
Config
0
Diagnostic 0
Environment 0
Inventory
0
SysLog
0
Test
0
Request
0
Send-CLI
0
Request
Send-CLI
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Last call-home message sent time: n/a
Related Commands
Command
call-ho me (global configura tion)
call-ho me s end a lert-group
Desc ription
Enters call-home con figuratio n mo de.
Sends a specific alert group message.
service ca ll-home (refer to Cisco IOS
d ocu mentation)
Enables o r disables call ho me.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-534
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show cdp neighbors
show cdp neighbors
To display detailed information about the neighbo ring dev ices th at are discovered throug h CDP, use th e
show cdp neighbors command.
show cdp neighbors [type nu mber] [detail]
Syntax Description
typ e
number
detail
(Option al) Interface typ e that is connected to the neighb ors about wh ich you
want information; pos sible valid values are ethernet, fastethernet,
gig abitethernet, tengig abitethernet, port-channel, and vlan.
(Option al) Interface n umber that is connected to the n eigh bors abou t which
yo u wan t information .
(Option al) Displays detailed info rmation ab out a neighbo r (o r neighbors)
includin g n etwork address , enab led protocols, hold time, an d s oftware
versio n.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
The vlan k eyword is supp orted in Catalyst 4500 series switches that are con figured with a Superv is or
Engin e 2.
The port-channel values are fro m 0 to 282 ; values from 2 57 to 282 are su pported on th e CSM and the
FWSM only.
Examples
This examp le shows how to d isplay th e information about the CDP neighb ors:
Switch# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID
Local Intrfce
Holdtme
Capability Platform Port ID
lab-7206
Eth 0
157
R
7206VXR
Fas 0/0/0
lab-as5300-1
Eth 0
163
R
AS5300
Fas 0
lab-as5300-2
Eth 0
159
R
AS5300
Eth 0
lab-as5300-3
Eth 0
122
R
AS5300
Eth 0
lab-as5300-4
Eth 0
132
R
AS5300
Fas 0/0
lab-3621
Eth 0
140
R S
3631-telcoFas 0/0
008024 2758E0
Eth 0
132
T
CAT3000
1/2
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-535
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show cdp neighbors
Tab le 2-13 describes th e fields that are shown in th e ex ample.
Table 2-13
show cdp neighbors Field Descriptions
Field
Defin ition
Device ID
Con figured ID (name), MAC address, or serial nu mb er of th e neighbor
d evice.
Local In trfce
(Local Interface) The pro toco l that is u sed by the co nnectivity media.
Holdtme
(Hold time) Remaining amo unt of time, in seco nds, th at the current
d evice hold s th e CDP ad vertisement from a tran smittin g rou ter b efore
d iscard ing it.
Capability
Capability co de that is d is covered on the device. Th is d evice type is
listed in the CDP Neighb ors table. Possible values are as follows:
R—Rou ter
T—Transparent bridge
B—Sou rce-ro uting bridge
S—Switch
H—Host
I—IGMP device
r—Repeater
P—Phon e
Platform
Product number of th e dev ice.
Port ID
Protocol and po rt number of the device.
This example s hows how to display detailed information about your CDP n eigh bors:
Switch# show cdp neighbors detail
------------------------Device ID: lab-7206
Entry address(es):
IP address: 172.19.169.83
Platform: cisco 7206VXR, Capabilities: Router
Interface: Ethernet0, Port ID (outgoing port): FastEthernet0/0/0
Holdtime : 123 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 5800 Software (C5800-P4-M), Version 12.1(2)
Copyright (c) 1986-2002 by Cisco Systems, Inc.
advertisement version: 2
Duplex: half
------------------------Device ID: lab-as5300-1
Entry address(es):
IP address: 172.19.169.87
.
.
.
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-536
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show cdp neighbors
Table 2 -14 describes the field s th at are sh own in the example.
Table 2-14
show cdp neighbors detail Field Descriptions
Field
Defin ition
Device ID
Name of the neighbor device and either the MAC
address o r the serial numb er o f this dev ice.
Entry add ress(es)
List o f network add resses o f neighbor devices.
[netwo rk protocol] address
Network address of the n eigh bor device. The address
can be in IP, IPX, AppleTalk, DECnet, or CLNS
p rotocol conven tio ns.
Platform
Product name an d n umber of the neighbor device.
Capabilities
Device ty pe of th e neighbo r. This device can be a
router, a bridge, a tran sparent brid ge, a source-routin g
b ridge, a switch, a host, an IGMP dev ice, or a
repeater.
Interface
Protocol and po rt number o f the po rt on the current
d evice.
Hold time
Remain ing amo unt of time, in secon ds, th at the
current dev ice holds the CDP advertisemen t fro m a
transmitting ro uter before discarding it.
Version :
Software version running on th e neighbor device.
ad vertisement version :
Dup lex:
Related Commands
Version of CDP that is b eing u sed for CDP
advertisements.
Duplex state of conn ection between the current dev ice
and the neig hbor d evice.
Co mmand
show cdp (refer to Cis co IOS
documentatio n)
Description
Displays global CDP information, in clu ding timer and hold-time
info rmation.
show cdp entry (refer to Cisco Displays information about a sp ecific neig hboring dev ice
IOS do cumentation)
discovered u sing Cisco Discovery Protocol (CDP).
show cdp interface (refer to
Displays information about the interfaces on wh ich Cisco
Cisco IOS documen tation )
Discovery Pro to co l (CDP) is en abled.
show cdp traffic (refer to Cisco Displays traffic information from the CDP table.
IOS do cumentation)
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-537
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show class-map
show class-map
To display class map in formatio n, use the show class-ma p comman d.
show class-ma p class_na me
Syntax Description
class_ name
Defaults
This command has no default setting s.
Command Modes
Examples
Name of the class map.
Priv ileged EXEC mo de
This example s hows how to display class map info rmation for all class maps:
Switch# show class-map
Class Map match-any class-default (id 0)
Match any
Class Map match-any class-simple (id 2)
Match any
Class Map match-all ipp5 (id 1)
Match ip precedence 5
Class Map match-all agg-2 (id 3)
Switch#
This example s hows how to display class map info rmation for a specific clas s map:
Switch# show class-map ipp5
Class Map match-all ipp5 (id 1)
Match ip precedence 5
Switch#
Assume th ere are two active flows as sh own below on Fast Ethern et interface 6/1 :
SrcIp
DstIp
IpProt SrcL4Port DstL4Port
-------------------------------------------------------192.168.10.10 192.168.20.20 20
6789
81
192.168.10.10 192.168.20.20 20
6789
21
With followin g con figuratio n, each flow will be po liced to a 1000 000 bps with an allowed 9 000-byte
bu rst valu e.
Note
If you u se the match flow ip source-a ddress|destina tion-addres s command, these two flows are
conso lidated into one flow and they have the same sou rce and destination add ress.
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# class-map c1
Switch(config-cmap)# match flow ip source-address ip destination-address ip protocol l4
source-port l4 destination-port
Switch(config-cmap)# exit
Switch(config)# policy-map p1
Switch(config-pmap)# class c1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-538
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show class-map
Switch(config-pmap-c)# police 1000000 9000
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface fastEthernet 6/1
Switch(config-if)# service-policy input p1
Switch(config-if)# end
Switch# write memory
Switch# show policy-map interface
FastEthernet6/1
class-map c1
match flow ip source-address ip destination-address ip protocol l4 source-port l4
destination-port
!
policy-map p1
class c1
police 1000000 bps 9000 byte conform-action transmit exceed-action drop
!
interface FastEthernet 6/1
service-policy input p1
Switch# show class-map c1
Class Map match-all c1 (id 2)
Match flow ip source-address ip destination-address ip protocol l4 source-port l4
destination-port
Switch#
Related Commands
Co mmand
cla ss-map
Description
Creates a class map to be used for matchin g p ackets to the class
who se name yo u s pecify and to be used enter class-map
co nfiguration mode.
show policy -map
show policy -map interfa ce
Displays information about the policy map.
Displays the statistics and config urations of the input an d o utput
policies that are attached to an interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-539
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show diagnostic content
show diagnostic content
To display test in formatio n abou t the test ID, test attributes, and supported coverage test levels for each
test an d for all modules, u se the sho w dia gnostic co ntent command.
show diagnos tic content module {all | n um}
Syntax Description
a ll
n um
Defaults
This command has no default setting s.
Command Modes
EXEC
Examples
Disp lays all th e modules on the chassis.
Modu le number.
This example s hows how to display the test suite, mon ito ring interval, and test attributes for all the
mo dules o f the chassis:
Switch# show diagnostic content module all
module 1:
Diagnostics test suite attributes:
B/* - Basic ondemand test / NA
P/V/* - Per port test / Per device test / NA
D/N/* - Disruptive test / Non-disruptive test / NA
S/* - Only applicable to standby unit / NA
X/* - Not a health monitoring test / NA
F/* - Fixed monitoring interval test / NA
E/* - Always enabled monitoring test / NA
A/I - Monitoring is active / Monitoring is inactive
m/* - Mandatory bootup test, can't be bypassed / NA
o/* - Ongoing test, always active / NA
Testing Interval
ID
Test Name
Attributes
(day hh:mm:ss.ms)
==== ========================================== ============ =================
1) supervisor-bootup -----------------------> **D****I**
not configured
2) packet-memory-bootup --------------------> **D****I**
not configured
3) packet-memory-ongoing -------------------> **N****I*o
not configured
module 6:
Diagnostics test suite attributes:
B/* - Basic ondemand test / NA
P/V/* - Per port test / Per device test / NA
D/N/* - Disruptive test / Non-disruptive test / NA
S/* - Only applicable to standby unit / NA
X/* - Not a health monitoring test / NA
F/* - Fixed monitoring interval test / NA
E/* - Always enabled monitoring test / NA
A/I - Monitoring is active / Monitoring is inactive
m/* - Mandatory bootup test, can't be bypassed / NA
o/* - Ongoing test, always active / NA
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-540
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show diagnostic content
Testing Interval
ID
Test Name
Attributes
(day hh:mm:ss.ms)
==== ========================================== ============ =================
1) linecard-online-diag --------------------> **D****I**
not configured
Switch#
Related Commands
Co mmand
Description
show dia gnostic result module Displays the module-based diagnostic test results.
show diagnostic result mo dule Displays the results of the bootup p acket memory test.
test 2
show diagnostic result mo dule Displays the results from the on going packet memory test.
test 3
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-541
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show diagnostic result module
show diagnostic result module
To display the mod ule-based d iagn ostic test results, u se the sho w dia gnostic result mo dule command.
show diagnos tic result module [slot-n um | all] [test [test-id | test-id -rang e | all]] [detail]
Syntax Description
slo t-nu m
a ll
test
(Optio nal) Sp ecifies the slot on which diagno stics are displayed.
(Optio nal) Displays the d iagn ostics for all slots.
(Optio nal) Displays selected tests on the specified module.
test-id
(Optio nal) Sp ecifies a single test ID.
test-id-ran ge
(Optio nal) Sp ecifies a rang e of test IDs.
a ll
detail
(Optio nal) Displays the d iagn ostics for all tests.
(Optio nal) Displays the complete test results.
Defaults
A s ummary of the test resu lts for all mo dules in th e chass is is disp layed.
Command Modes
Priv ileged EXEC mo de
Examples
This example s hows how to display the s ummary results fo r all mod ules in the chassis:
Switch# show diagnostic result module
Current bootup diagnostic level: minimal
module 1:
Overall diagnostic result: PASS
Diagnostic level at card bootup: bypass
Test results: (. = Pass, F = Fail, U = Untested)
1) supervisor-bootup -----------------------> U
2) packet-memory-bootup --------------------> U
3) packet-memory-ongoing -------------------> U
module 4:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
1) linecard-online-diag --------------------> .
module 5:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-542
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show diagnostic result module
Test results: (. = Pass, F = Fail, U = Untested)
1) linecard-online-diag --------------------> .
module 6:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
1) linecard-online-diag --------------------> .
This examp le shows how to d isplay th e online diagnostics for module 1 :
Switch# show diagnostic result module 1 detail
Current bootup diagnostic level: minimal
module 1:
Overall diagnostic result: PASS
Diagnostic level at card bootup: minimal
Test results: (. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
1) supervisor-bootup -----------------------> .
Error code --------------------------> 0 (DIAG_SUCCESS)
Total run count ---------------------> 0
Last test execution time ------------> n/a
First test failure time -------------> n/a
Last test failure time --------------> n/a
Last test pass time -----------------> n/a
Total failure count -----------------> 0
Consecutive failure count -----------> 0
Power-On-Self-Test Results for ACTIVE Supervisor
Power-on-self-test for Module 1: WS-X4014
Port/Test Status: (. = Pass, F = Fail)
Reset Reason: PowerUp Software/User
Port Traffic: L2 Serdes Loopback ...
0: . 1: . 2: . 3: . 4: . 5: . 6: . 7: . 8: . 9: . 10: . 11: .
12: . 13: . 14: . 15: . 16: . 17: . 18: . 19: . 20: . 21: . 22: . 23: .
24: . 25: . 26: . 27: . 28: . 29: . 30: . 31: .
Port Traffic: L2 Asic Loopback ...
0: . 1: . 2: . 3: . 4: . 5: . 6: . 7: . 8: . 9: . 10: . 11: .
12: . 13: . 14: . 15: . 16: . 17: . 18: . 19: . 20: . 21: . 22: . 23: .
24: . 25: . 26: . 27: . 28: . 29: . 30: . 31: .
Port Traffic: L3 Asic Loopback ...
0: . 1: . 2: . 3: . 4: . 5: .
6: .
7: .
8: .
9: . 10: . 11: .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-543
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show diagnostic result module
12: . 13: . 14: . 15: . 16: . 17: . 18: . 19: . 20: . 21: . 22: . 23: .
24: . 25: . 26: . 27: . 28: . 29: . 30: . 31: . au: .
Switch Subsystem Memory ...
1: . 2: . 3: . 4: . 5: . 6: . 7: . 8: . 9: . 10: . 11: . 12: .
13: . 14: . 15: . 16: . 17: . 18: . 19: . 20: . 21: . 22: . 23: . 24: .
25: . 26: . 27: . 28: . 29: . 30: . 31: . 32: . 33: . 34: . 35: . 36: .
37: . 38: . 39: . 40: . 41: . 42: . 43: . 44: . 45: . 46: . 47: . 48: .
49: . 50: . 51: . 52: . 53: . 54: .
Module 1 Passed
___________________________________________________________________________
2) packet-memory-bootup --------------------> .
Error code --------------------------> 0 (DIAG_SUCCESS)
Total run count ---------------------> 0
Last test execution time ------------> n/a
First test failure time -------------> n/a
Last test failure time --------------> n/a
Last test pass time -----------------> n/a
Total failure count -----------------> 0
Consecutive failure count -----------> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
Number of errors found: 0
Cells with hard errors (failed two or more tests): 0
Cells with soft errors (failed one test, includes hard): 0
Suspect bad cells (uses a block that tested bad): 0
total buffers: 65536
bad buffers: 0 (0.0%)
good buffers: 65536 (100.0%)
Bootup test results:1
No errors.
___________________________________________________________________________
3) packet-memory-ongoing -------------------> U
Error code --------------------------> 0 (DIAG_SUCCESS)
Total run count ---------------------> 0
Last test execution time ------------> n/a
First test failure time -------------> n/a
Last test failure time --------------> n/a
Last test pass time -----------------> n/a
Total failure count -----------------> 0
Consecutive failure count -----------> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
Packet memory errors: 0 0
Current alert level: green
Per 5 seconds in the last minute:
0 0 0 0 0 0 0 0 0 0
0 0
Per minute in the last hour:
0 0 0 0 0 0 0 0 0 0
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-544
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show diagnostic result module
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
Per hour in the last day:
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0
Per day in the last 30 days:
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
Direct memory test failures per minute in the last hour:
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
Potential false positives: 0 0
Ignored because of rx errors: 0 0
Ignored because of cdm fifo overrun: 0 0
Ignored because of oir: 0 0
Ignored because isl frames received: 0 0
Ignored during boot: 0 0
Ignored after writing hw stats: 0 0
Ignored on high gigaport: 0
Ongoing diag action mode: Normal
Last 1000 Memory Test Failures:
Last 1000 Packet Memory errors:
First 1000 Packet Memory errors:
___________________________________________________________________________
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-545
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show diagnostic result module test
show diagnostic result module test
To display the resu lts o f the b ootup pack et memo ry test, use the show diag nos tic res ult module test
command. The o utput indicates whether the test passed, failed, or was not ru n.
show diagnos tic result module [N | all] [test test-id] [deta il]
Syntax Description
N
a ll
(Op tional) Specifies the mod ule nu mber.
(Op tional) Specifies all modu les.
test tes t-id
(Op tional) Specifies the nu mber for the tdr test on the platform.
detail
(Op tional) Specifies the dis play of detailed info rmation for analysis.
This option is recommended.
Defaults
Non-detailed results.
Command Modes
EXEC mode
Usage Guidelines
The detail keyword is in tend ed for use by Cisco sup port personnel when an alyzing failures .
Examples
This example s hows how to display the results of the bootup packet memory tests:
Switch# show diagnostic result module 6 detail
module 6:
Overall diagnostic result:PASS
Test results:(. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
1) linecard-online-diag --------------------> .
Error code --------------------------> 0 (DIAG_SUCCESS)
Total run count ---------------------> 1
Last test execution time ------------> Jan 21 2001 19:48:30
First test failure time -------------> n/a
Last test failure time --------------> n/a
Last test pass time -----------------> Jan 21 2001 19:48:30
Total failure count -----------------> 0
Consecutive failure count -----------> 0
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-546
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show diagno stic result module te st
Slot Ports Card Type
Diag Status
Diag Details
---- ----- -------------------------------------- ---------------- -----------6
48
10/100/1000BaseT (RJ45)V, Cisco/IEEE
Passed
None
Detailed Status
--------------. = Pass
L = Loopback failure
I = Ilc failure
E = SEEPROM failure
U = Unknown
S = Stub failure
P = Port failure
G = GBIC integrity check failure
Ports 1
.
2
.
3
.
4
.
5
.
6
.
7
.
8
.
9
.
10
.
11
.
12
.
13
.
14
.
15
.
16
.
Ports 17
.
18
.
19
.
20
.
21
.
22
.
23
.
24
.
25
.
26
.
27
.
28
.
29
.
30
.
31
.
32
.
Ports 33
.
34
.
35
.
36
.
37
.
38
.
39
.
40
.
41
.
42
.
43
.
44
.
45
.
46
.
47
.
48
.
___________________________________________________________________________
2) online-diag-tdr:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
---------------------------------------------------------------------------. U U U U U U U U U U U U U U U U U U U U U U U
Port 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
---------------------------------------------------------------------------U U U U U U U U U U U U U U U U U U U U U U U U
Error code --------------------------> 0 (DIAG_SUCCESS)
Total run count ---------------------> 1
Last test execution time ------------> Jan 22 2001 03:01:54
First test failure time -------------> n/a
Last test failure time --------------> n/a
Last test pass time -----------------> Jan 22 2001 03:01:54
Total failure count -----------------> 0
Consecutive failure count -----------> 0
Detailed Status
--------------TDR test is in progress on interface Gi6/1
___________________________________________________________________________
Switch#
Related Commands
Co mmand
diagnostic start
Description
Runs the sp ecified diag nostic test.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-547
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show diagnostic result module test 2
show diagnostic result module test 2
To display the results of the boo tup packet memory test, use the sho w dia gno stic result module test 2
command. The o utput indicates whether the test passed, failed, or was not ru n.
show diagnos tic result module N test 2 [detail]
Syntax Description
N
detail
Defaults
Non-detailed results.
Command Modes
EXEC mode
Specifies th e modu le number.
(Op tional) Specifies the dis play of detailed info rmation for analysis.
Usage Guidelines
The detail keyword is in tend ed for use by Cisco sup port personnel when an alyzing failures .
Examples
This example s hows how to display the results of the bootup packet memory tests:
Switch# show diagnostic result module 1 test 2
Test results: (. = Pass, F = Fail, U = Untested)
2) packet-memory-bootup ------------> .
This example s hows how to display detailed results from the bootup packet memory tests:
Switch# show diagnostic result module 2 test 2 detail
Test results: (. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
2) packet-memory-bootup ------------> .
Error code ------------------> 0 (DIAG_SUCCESS)
Total run count -------------> 0
Last test execution time ----> n/a
First test failure time -----> n/a
Last test failure time ------> n/a
Last test pass time ---------> n/a
Total failure count ---------> 0
Consecutive failure count ---> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
Number of errors found: 0
Cells with hard errors (failed two or more tests): 0
Cells with soft errors (failed one test, includes hard): 0
Suspect bad cells (uses a block that tested bad): 0
total buffers: 65536
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-548
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show diagnostic result module test 2
bad buffers: 0 (0.0%)
good buffers: 65536 (100.0%)
Bootup test results:
No errors.
Related Commands
Co mmand
diagnostic monitor action
Description
Directs the action of th e switch when it detects a pack et memory
failure.
show diagnostic result mo dule Displays the results from the on going packet memory test.
test 3
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-549
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show diagnostic result module test 3
show diagnostic result module test 3
To display the resu lts fro m th e ongo ing packet memory tes t, use th e show diagnostic result module
test 3 co mmand . The outpu t ind icates wheth er the test p assed, failed , or was not run.
show diagnos tic result module N test 3 [detail]
Syntax Description
N
detail
Defaults
Non-detailed results.
Command Modes
EXEC mode
M odule n umber.
(Op tional) Specifies the dis play of detailed info rmation for analysis.
Usage Guidelines
The detail keyword is in tend ed for use by Cisco sup port personnel when an alyzing failures .
Examples
This example s hows how to display the results from the on going pack et memo ry tests:
Switch# show diagnostic result module 1 test 3
Test results: (. = Pass, F = Fail, U = Untested)
3) packet-memory-ongoing -----------> .
This example s hows how to display the d etailed results from the ong oing packet memo ry tests:
Switch# show diagnostic result module 1 test 3 detail
Test results: (. = Pass, F = Fail, U = Untested)
___________________________________________________________________________
3) packet-memory-ongoing -----------> .
Error code ------------------> 0 (DIAG_SUCCESS)
Total run count -------------> 0
Last test execution time ----> n/a
First test failure time -----> n/a
Last test failure time ------> n/a
Last test pass time ---------> n/a
Total failure count ---------> 0
Consecutive failure count ---> 0
packet buffers on free list: 64557 bad: 0 used for ongoing tests: 979
Packet memory errors: 0 0
Current alert level: green
Per 5 seconds in the last minute:
0 0 0 0 0 0 0 0 0 0
0 0
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-550
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show diagnostic result module test 3
Per minute in the last hour:
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
Per hour in the last day:
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0
Per day in the last 30 days:
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
Direct memory test failures per minute in the last hour:
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0
Potential false positives: 0 0
Ignored because of rx errors: 0 0
Ignored because of cdm fifo overrun: 0 0
Ignored because of oir: 0 0
Ignored because isl frames received: 0 0
Ignored during boot: 0 0
Ignored after writing hw stats: 0 0
Ignored on high gigaport: 0
Ongoing diag action mode: Normal
Last 1000 Memory Test Failures: v
Last 1000 Packet Memory errors:
First 1000 Packet Memory errors:
Related Commands
Co mmand
Description
diagnostic monitor action
Directs the action of th e switch when it detects a pack et memory
failure.
show diagnostic result mo dule Displays the results of the bootup p acket memory test.
test 2
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-551
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show dot1x
show dot1x
To display the 80 2.1X statis tics and operational status for the entire switch or for a specified interface,
u se the s how dot1x command.
show dot1x [interface interface-id] | [s tatistics [interfa ce interfa ce-id]] | [all]
Syntax Description
interfa ce interfa ce-id
(Op tional) Disp lays the 802.1X status fo r the sp ecified port.
statistics
a ll
(Op tional) Displays 80 2.1 X statistics fo r th e switch or the specified interface.
(Op tional) Disp lays per-interface 80 2.1 X co nfiguration info rmation fo r all
in terfaces with a nondefault 802.1X con figuratio n.
Defaults
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Command History
Release
Usage Guidelines
If you do n ot specify an interface, the global p arameters and a summary are disp layed. If you specify an
in terface, th e details for that interface are d isplay ed .
Modification
1 2.1 (12 c)EW
Sup port for this comman d was introdu ced on the Cataly st 4 500 series s witch.
1 2.1 (19 )EW
1 2.2 (25 )EW
Display enh anced to s how the g uest-VLAN value.
Sup port fo r the 10-Gigabit Ethern et interface was introdu ced on th e Catalyst 4500
series switch.
Sup port fo r cu rrently assigned reau then tication timer (if the timer is con figured to
h onor th e Sessio n-Timeout value) was added.
1 2.2 (25 )EWA
1 2.2 (31 )SG
Sup port for port direction co ntrol and critical recovery was add ed.
If you enter the statistics keyword withou t the interface optio n, the statistics are d is play ed for all
in terfaces. If yo u enter the statistics key word with the interfa ce o ption, the statistics are displayed for
th e specified interface.
Expressio ns are case sen sitive. For example, if yo u enter exclude output, th e lines that contain output
are not displayed, bu t the lines th at contain Output are displayed.
The show dot1x co mmand d isplay s th e curren tly assign ed reauthenticatio n timer and time remaining
b efore reauthentication, if reauthentication is enab led .
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-552
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show dot1x
Examples
This examp le shows how to d isplay th e outpu t fro m the show dot1x command:
Switch# show dot1x
Sysauthcontrol = Disabled
Dot1x Protocol Version = 2
Dot1x Oper Controlled Directions = Both
Dot1x Admin Controlled Directions = Both
Critical Recovery Delay = 500
Critical EAP = Enabled
Switch#
This examp le shows how to d isplay th e 802.1X s tatistics for a specific port:
Switch# show dot1x interface fastethernet6/1
Dot1x Info for FastEthernet6/1
----------------------------------PAE
= AUTHENTICATOR
PortControl
= AUTO
ControlDirection
= Both
HostMode
= MULTI_DOMAIN
ReAuthentication
= Disabled
QuietPeriod
= 60
ServerTimeout
= 30
SuppTimeout
= 30
ReAuthPeriod
= 3600 (Locally configured)
ReAuthMax
= 2
MaxReq
= 2
TxPeriod
= 30
RateLimitPeriod
= 0
Dot1x Authenticator Client List
------------------------------Domain
= DATA
Supplicant
= 0000.0000.ab01
Auth SM State
= AUTHENTICATED
Auth BEND SM Stat = IDLE
Port Status
Authentication Method
Authorized By
Vlan Policy
= AUTHORIZED
= Dot1x
= Authentication Server
= 12
Domain
= VOICE
Supplicant
= 0060.b057.4687
Auth SM State
= AUTHENTICATED
Auth BEND SM Stat = IDLE
Port Status
= AUTHORIZED
Authentication Method
= Dot1x
Authorized By
= Authentication Server
Switch#
Note
Table 2 -15 p rovid es a partial list of the displayed fields. The remaining fields in the display show internal
state info rmation. For a detailed description of thes e state machines and their settin gs, refer to the
802.1X sp ecificatio n.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-553
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show dot1x
Table 2-15
show dot1x interface Field Description
Field
Description
PortStatus
Status of th e port (authorized or u nau thorized). The statu s o f a po rt is
displayed as au thorized if the dot1x port-control interface configu ration
co mmand is set to a uto an d h as successfully completed authentication .
Port Co ntrol
Setting of the dot1x port-control interface config uration command.
Mu ltiHosts
Setting of the dot1x multiple-hosts interface config uration comman d
(allowed or disallowed).
This is an ex ample of ou tput from th e show dot1x statistics interface gigabitethernet1/1 command.
Tab le 2-16 describes th e fields in the d is play.
Switch# show dot1x statistics interface gigabitethernet1/1
PortStatistics Parameters for Dot1x
-------------------------------------------TxReqId = 0
TxReq = 0
TxTotal = 0
RxStart = 0
RxLogoff = 0 RxRespId = 0 RxResp = 0
RxInvalid = 0 RxLenErr = 0 RxTotal= 0
RxVersion = 0 LastRxSrcMac 0000.0000.0000
Switch#
Table 2-16
show dot1x statistics Field Descriptions
Field
TxReq /TxReqId
Description
Number of EAP-request/iden tity frames that have been s ent.
TxTo tal
Number of EAPOL frames o f any ty pe that have been sent.
RxStart
Number of valid EAPOL-start frames that have been received.
RxLogoff
Number of EAPOL-logo ff frames that have been received.
RxRespId
Number of EAP-response/identity frames that h ave b een received.
RxResp
Number of valid EAP-respon se frames (other than respons e/identity
frames) that h ave b een received.
RxInvalid
Number of EAPOL frames th at hav e been received and have an
un reco gnized frame typ e.
RxLen Error
Number of EAPOL frames th at hav e been received in which the packet
bo dy len gth field is invalid.
RxTotal
Number of valid EAPOL frames of any type th at have been received.
RxVersion
Protocol v ersion number carried in the mo st recently received EAPOL
frame.
LastRxSrcMac
Source MAC add ress carried in th e most recently received EAPOL
frame.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-554
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show dot1x
Related Commands
Co mmand
dot1x critical
Description
Enables th e 802 .1X critical auth en tication on a po rt.
dot1x critical eapol
Enables s end ing EAPOL success packets when a po rt is
critically authorized partway through an EAP ex chang e.
dot1x critical recov ery delay
Sets the time interval between port rein itializatio ns.
dot1x critical vlan
dot1x g uest-vlan
dot1x max-reauth-req
Assig ns a critically authenticated port to a s pecific VLAN.
Enables a guest VLAN on a p er-port bas is .
Sets the maximum numb er o f times that the switch will
retransmit an EAP-Request/Iden tity frame to th e client
before restarting the authentication proces s.
dot1x port-control
Enables manual control o f the authorization state on a p ort.
mac-addres s-table notification
Enables M AC address no tification on a switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-555
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show environment
show environment
To display the enviro nmen t alarm, o peratio nal status, and current read ing for the chassis, use the show
env ironment command.
show env ironment [alarm] | [sta tus [chassis | fantray | powersupply | supervisor]] |
[temperature]
Syntax Description
Defaults
(Optional) Specifies the alarm status of the chassis.
(Optional) Specifies the operational status information.
(Optional) Specifies the operational status of th e chas sis.
(Optional) Specifies the status of the fan tray, an d shows fan tray power con sumption.
powersupply
supervisor
(Optional) Specifies the status of the power supply.
(Optional) Specifies the status of the sup ervisor eng in e.
temperature
(Optional) Specifies the current chass is temperature readings.
This command has no default setting s.
Command Modes
Examples
a larm
status
chassis
fantray
Priv ileged EXEC mo de
This example s hows how to display information about the environment alarms, operational status , and
current temp eratu re readin gs for th e chas sis:
Switch# show environment
no temperature alarms
Module Sensor
Temperature
Status
------+--------------------------+--------------------+-----------1
Air inlet
38C (56C,68C,71C)
ok
1
Air inlet remote
32C (46C,59C,62C)
ok
1
Air outlet
44C (66C,76C,79C)
ok
1
Air outlet remote
37C (60C,71C,74C)
ok
3
XPP
60C (85C,90C,95C)
ok
3
IFE
38C (85C,90C,95C)
ok
3
CONAN
48C (85C,90C,95C)
ok
3
CPU
50C (85C,90C,95C)
ok
4
XPP
76C (85C,90C,95C)
ok
4
IFE
44C (85C,90C,95C)
ok
4
CONAN
53C (85C,90C,95C)
ok
4
CPU
53C (85C,90C,95C)
ok
7
air inlet
32C (45C,60C,70C)
ok
7
air outlet
37C (61C,76C,86C)
ok
Power
Supply
-----PS1
PS2
Model No
---------------PWR-C45-1300ACV
none
Type
--------AC 1300W
-- --
Power supplies needed by system
Status
----------good
--
Fan
Sensor
------good
--
Inline
Status
------good
--
: 1
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-556
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show environment
Power supplies currently available : 1
Chassis Type : WS-C4507R+E
Power consumed by backplane : 40 Watts
Switch Bandwidth Utilization : 0%
Supervisor Led Color : Green
Module
Module
Module
Module
1 Status Led Color
3 Status Led Color
4 Status Led Color
7 Status Led Color
: Green
: Orange
: Green
: Green
PoE Led Color : Green
PoE Led Color : Green
Beacon Led Status : off
Fantray : Good
Fantray removal timeout : 30
Power consumed by Fantray : 135 Watts
This examp le shows how to d isplay in formatio n abou t th e env ironment alarms:
Switch# show environment alarm
no alarm
Switch#
This examp le shows how to d isplay in formatio n abou t th e power su pplies, chassis ty pe, and fan trays:
Switch# show environment status
Power
Supply Model No
Type
------ --------------- --------PS1
PWR-C45-1400AC
AC 1400W
PS2
none
-Power Supply
(Nos in Watts)
-------------PS1
PS2
Max
Inline
-----0
--
Min
Inline
-----0
--
Status
----------good
--
Max
System
-----1360
--
Min
System
-----1360
--
Fan
Sensor
-----good
-Absolute
Maximum
-------1400
--
Power supplies needed by system : 1
Chassis Type : WS-C4507R
Supervisor Led Color : Green
Fantray : good
Power consumed by Fantray : 50 Watts
Switch#
This examp le shows how to d isplay in formatio n abou t th e chass is:
Switch# show environment status chassis
Chassis Type :WS-C4507R
Switch#
This examp le shows how to d isplay in formatio n abou t th e fan tray:
Switch# show environment status fantray
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-557
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show environment
Fantray : good
Power consumed by Fantray : 50 Watts
Switch#
This example s hows how to display information about the p ower supp ly:
Switch# show environment status powersupply
Power
Supply Model No
Type
Status
------ --------------- --------- ------PS1
WS-X4008
AC 400W
good
PS2
WS-X4008
AC 400W
good
PS3
none
--Switch#
Fan
Sensor
-----good
good
--
This example s hows how to display information about the s uperviso r en gine:
Switch# show environment status supervisor
Supervisor Led Color :Green
Switch#
This example s hows how to display information about the temperature of the chassis:
Switch# show environment temperature
Module Sensor
Temperature
Status
------+--------------------------+--------------------+-----------1
Air inlet
38C (56C,68C,71C)
ok
1
Air inlet remote
32C (46C,59C,62C)
ok
1
Air outlet
44C (66C,76C,79C)
ok
1
Air outlet remote
37C (60C,71C,74C)
ok
3
XPP
60C (85C,90C,95C)
ok
3
IFE
38C (85C,90C,95C)
ok
3
CONAN
48C (85C,90C,95C)
ok
3
CPU
50C (85C,90C,95C)
ok
4
XPP
76C (85C,90C,95C)
ok
4
IFE
44C (85C,90C,95C)
ok
4
CONAN
53C (85C,90C,95C)
ok
4
CPU
53C (85C,90C,95C)
ok
7
air inlet
32C (45C,60C,70C)
ok
7
air outlet
37C (61C,76C,86C)
ok
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-558
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show errdisable detect
show errdisable detect
To disp lay the erro r disable detection status, use the show errdisable detect command.
show errdis able detect
Syntax Description
This comman d has no argu ments or keyword s.
Defaults
This comman d has no default settings.
Command Modes
Examples
Privileg ed EXEC mode
This examp le shows how to d isplay th e error disable d etectio n status :
Switch# show errdisable detect
ErrDisable Reason
Detection status
-------------------------------udld
Enabled
bpduguard
Enabled
security-violatio
Enabled
channel-misconfig
Disabled
psecure-violation
Enabled
vmps
Enabled
pagp-flap
Enabled
dtp-flap
Enabled
link-flap
Enabled
l2ptguard
Enabled
gbic-invalid
Enabled
dhcp-rate-limit
Enabled
unicast-flood
Enabled
storm-control
Enabled
ilpower
Enabled
arp-inspection
Enabled
Switch#
Related Commands
Co mmand
Description
errdisa ble detect
errdisa ble reco very
show interfaces status
Enables error-dis able detection.
Config ures the recovery mech anism variables.
Displays the interface status or a list of in terfaces in
error-disabled state.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-559
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show errdisable recovery
show errdisable recovery
To display erro r disable recovery timer information, use th e show errdisable recovery command.
show errdisable recovery
Syntax Description
This command has no arguments or keywo rds.
Defaults
This command has no default setting s.
Command Modes
Examples
Priv ileged EXEC mo de
This example s hows how to display recovery timer info rmation fo r erro r disable:
Switch# show errdisable recovery
ErrDisable Reason
Timer Status
-----------------------------udld
Disabled
bpduguard
Disabled
security-violatio
Disabled
channel-misconfig
Disabled
vmps
Disabled
pagp-flap
Disabled
dtp-flap
Disabled
link-flap
Disabled
l2ptguard
Disabled
psecure-violation
Disabled
gbic-invalid
Disabled
dhcp-rate-limit
Disabled
unicast-flood
Disabled
storm-control
Disabled
arp-inspection
Disabled
Timer interval:30 seconds
Interfaces that will be enabled at the next timeout:
Interface
--------Fa7/32
Related Commands
Errdisable reason
----------------arp-inspect
Command
Time left(sec)
-------------13
Descriptio n
errdisable detect
Enab les error-disable detection .
errdisable recovery
show interfa ces sta tus
Con figures the recovery mechanism variab les.
Displays the interface s tatus or a list of interfaces in
error-disabled state.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-560
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show etherchannel
show etherchannel
To disp lay Eth erChan nel information for a channel, u se the show etherchannel comman d.
show etherchannel [chann el-group] {port-channel | brief | detail | s umma ry | port | load-ba lance
| protoco l}
Syntax Description
cha nnel-group
port-channel
brief
(Optional) Number of the ch ann el group; valid values are from 1 to 64.
Displays port-channel info rmation.
Displays a su mmary of Eth erChan nel information .
detail
Displays detailed EtherCh an nel information.
summary
Displays a o ne-line s ummary per ch ann el group.
port
load-bala nce
Displays Eth erChan nel port info rmation.
Displays load-balance information .
protocol
Displays the enabled pro toco l.
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If you do not specify a channel g rou p, all channel gro ups are disp lay ed.
In the output below, the Passive port list field is displayed fo r Layer 3 port channels only. This field
means that th e phy sical interface, which is s till no t up , is co nfigu red to b e in the channel gro up (and
indirectly is in th e only po rt ch ann el in the channel grou p).
Examples
This examp le shows how to d isplay p ort-ch ann el information for a sp ecific grou p:
Switch# show etherchannel 1 port-channel
Port-channels in the group:
---------------------Port-channel: Po1
-----------Age of the Port-channel
= 02h:35m:26s
Logical slot/port
= 10/1
Number of ports in agport = 0
GC
= 0x00000000
HotStandBy port = null
Passive port list
= Fa5/4 Fa5/5
Port state
= Port-channel L3-Ag Ag-Not-Inuse
Ports in the Port-channel:
Index
Load
Port
------------------Switch#
This examp le shows how to d isplay lo ad-balan cing information :
Switch# show etherchannel load-balance
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-561
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show etherchannel
Source XOR Destination mac address
Switch#
This example s hows how to display a su mmary of information for a sp ecific gro up:
Switch# show etherchannel 1 brief
Group state = L3
Ports: 2
Maxports = 8
port-channels: 1 Max port-channels = 1
Switch#
This example s hows how to display detailed information for a sp ecific g rou p:
Switch# show etherchannel 1 detail
Group state = L3
Ports: 2
Maxports = 8
Port-channels: 1 Max Port-channels = 1
Ports in the group:
------------------Port: Fa5/4
-----------Port state
= EC-Enbld Down Not-in-Bndl Usr-Config
Channel group = 1
Mode = Desirable
Gcchange = 0
Port-channel = null
GC
= 0x00000000
Psudo-agport = Po1
Port indx
= 0
Load = 0x00
Flags: S - Device is sending Slow hello.
A - Device is in Auto mode.
Timers: H - Hello timer is running.
S - Switching timer is running.
C - Device is in Consistent state.
P - Device learns on physical port.
Q - Quit timer is running.
I - Interface timer is running.
Local information:
Port
Fa5/4
Flags State
d
U1/S1
Timers
Hello
Partner PAgP
Interval Count
Priority
1s
0
128
Learning Group
Method Ifindex
Any
0
Age of the port in the current state: 02h:33m:14s
Port: Fa5/5
-----------Port state
= EC-Enbld Down Not-in-Bndl Usr-Config
Channel group = 1
Mode = Desirable
Gcchange = 0
Port-channel = null
GC
= 0x00000000
Psudo-agport = Po1
Port indx
= 0
Load = 0x00
Flags: S - Device is sending Slow hello.
A - Device is in Auto mode.
Timers: H - Hello timer is running.
S - Switching timer is running.
C - Device is in Consistent state.
P - Device learns on physical port.
Q - Quit timer is running.
I - Interface timer is running.
Local information:
Port
Fa5/5
Flags State
d
U1/S1
Timers
Hello
Partner PAgP
Interval Count
Priority
1s
0
128
Learning Group
Method Ifindex
Any
0
Age of the port in the current state: 02h:33m:17s
Port-channels in the group:
---------------------Port-channel: Po1
-----------Age of the Port-channel
= 02h:33m:52s
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-562
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show etherchannel
Logical slot/port
GC
Passive port list
Port state
= 10/1
Number of ports in agport = 0
= 0x00000000
HotStandBy port = null
= Fa5/4 Fa5/5
= Port-channel L3-Ag Ag-Not-Inuse
Ports in the Port-channel:
Index
Load
Port
------------------Switch#
This examp le shows how to d isplay a one-line summary per channel group :
Switch# show etherchannel summary
Flags: D - down
P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
M - not in use, minimum links not
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
met
Number of channel-groups in use: 2
Number of aggregators:
2
Group
Port-channel Protocol
Ports
------+-------------+-----------+----------------------------------------------1
Po1(SD)
LACP
Gi1/23(H)
Gi1/24(H)
Switch#
This examp le shows how to d isplay EtherChannel p ort information for all p orts and all groups:
Switch# show etherchannel port
Channel-group listing:
----------------------Group: 1
---------Ports in the group:
------------------Port: Fa5/4
-----------Port state
= EC-Enbld Down Not-in-Bndl Usr-Config
Channel group = 1
Mode = Desirable
Gcchange = 0
Port-channel = null
GC
= 0x00000000
Psudo-agport = Po1
Port indx
= 0
Load = 0x00
Flags:
S - Device is sending Slow hello.
A - Device is in Auto mode.
Timers: H - Hello timer is running.
S - Switching timer is running.
C - Device is in Consistent state.
P - Device learns on physical port.
Q - Quit timer is running.
I - Interface timer is running.
Local information:
Port
Fa5/4
Flags State
d
U1/S1
Timers
Hello
Partner PAgP
Interval Count
Priority
1s
0
128
Learning Group
Method Ifindex
Any
0
Age of the port in the current state: 02h:40m:35s
Port: Fa5/5
------------
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-563
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show etherchannel
Port state
= EC-Enbld Down Not-in-Bndl Usr-Config
Channel group = 1
Mode = Desirable
Gcchange = 0
Port-channel = null
GC
= 0x00000000
Psudo-agport = Po1
Port indx
= 0
Load = 0x00
Flags: S - Device is sending Slow hello.
A - Device is in Auto mode.
Timers: H - Hello timer is running.
S - Switching timer is running.
C - Device is in Consistent state.
P - Device learns on physical port.
Q - Quit timer is running.
I - Interface timer is running.
<...output truncated...>
Switch#
This example s hows how to display the p roto col enabled :
Switch# show etherchannel protocol
Channel-group listing:
----------------------Group: 12
---------Protocol: PAgP
Group: 24
---------Protocol:
Switch#
Related Commands
-
(Mode ON)
Command
channel-group
interfa ce po rt-channel
Descriptio n
Assigns and co nfigu res an Eth erChan nel interface to an
EtherChannel g rou p.
Accesses or creates a port-channel in terface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-564
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show flowcontrol
show flowcontrol
To disp lay the per-in terface statu s and statistics related to flow contro l, use the show flowcontrol
co mmand .
show flowco ntro l [module slo t | interface in terface]
Syntax Description
module slo t
interface interface
Defaults
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
(Optional) Limits the display to in terfaces on a sp ecific mo dule.
(Optional) Dis play s th e status on a specific interface.
Table 2 -17 describes the field s in the show flowco ntro l command outpu t.
Table 2-17
show flowcontrol Command Output
Field
Description
Port
Module an d p ort numb er.
Send -Flowcontrol-Admin
Send -Flowcontrol-Oper
Receive-Flowcon trol-Admin
Flow-control ad ministration. Po ssible settings: on indicates the lo cal
port sends flow contro l to the far en d; off indicates the local port does
not send flow control to th e far end; desired indicates the local en d
sen ds flow control to th e far end if the far end suppo rts it.
Flow-control operation. Po ssible setting: disagree indicates the two
ports could n ot agree on a link protocol.
Flow-control operation. Po ssible setting: disagree indicates the two
ports could n ot agree on a link protocol.
Numb er o f pause frames received.
TxPau se
Examples
Flow-control ad ministration. Po ssible settings: on indicates the lo cal
port requires the far end to send flow con trol; off indicates the lo cal
port does not allow the far end to send flow co ntro l; desired indicates
the local end allows the far en d to send flow con trol.
Receive-Flowcon trol-Oper
RxPause
Numb er o f pause frames transmitted .
This examp le shows how to d isplay th e flow control status on all the Gigabit Ethernet interfaces:
Switch# show flowcontrol
Port
Send FlowControl Receive FlowControl
admin
oper
admin
oper
--------- -------- -------- -------- -------Te1/1
off
off
on
off
Te1/2
off
off
on
off
Gi1/3
off
off
desired on
RxPause TxPause
------- ------0
0
0
0
0
0
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-565
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show flowcontrol
Gi1/4
Gi1/5
Gi1/6
Gi3/1
Gi3/2
Gi3/3
Gi3/4
Gi3/5
Gi3/6
Switch#
off
off
off
off
off
off
off
off
off
off
off
off
off
off
off
off
off
off
desired
desired
desired
desired
desired
desired
desired
desired
desired
on
on
on
off
off
off
off
off
off
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
This example s hows how to display the flow control s tatus on mod ule 1:
Switch# show flowcontrol module 1
Port
Send FlowControl Receive FlowControl
admin
oper
admin
oper
------------ -------- -------- -------Gi1/1
desired off
off
off
Gi1/2
on
disagree on
on
Switch#
RxPause TxPause
------- ------0
0
0
0
This example s hows how to display the flow control s tatus on Gigab it Ethernet in terface 3/4:
Switch# show flowcontrol interface gigabitethernet3/4
Port
Send FlowControl Receive FlowControl RxPause TxPause
admin
oper
admin
oper
------------ -------- -------- -------------- ------Gi3/4
off
off
on
on
0
0
Switch#
This example s hows how to display the flow control s tatus on 10 -Gigab it Eth ernet in terface 1/1:
Switch# show flowcontrol interface tengigabitethernet1/1
Port
Send FlowControl Receive FlowControl RxPause TxPause
admin
oper
admin
oper
-------- -------- -------- -------------- ------off
off
on
off
0
0
--------Te1/1
Switch#
Related Commands
Command
Descriptio n
channel-group
Con figures a Gigabit Ethernet interface to send or receive
p ause frames.
Displays the interface s tatus or a list of interfaces in
error-disabled state.
show interfa ces sta tus
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-566
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show idprom
show idprom
To disp lay the IDPROMs for the chassis, s uperviso r en gine, modu le, power sup plies, fan trays, clock
module, and multiplexer (mux ) buffer, use the show idprom command.
show idprom {all | cha ssis | module [mod] | interfa ce int_name | supervisor | power-supply
number | fan-tray }
Syntax Description
Defaults
all
chass is
Display s in formatio n for all IDPROMs .
Display s in formatio n for th e chas sis IDPROMs.
module
mod
Display s in formatio n for th e modu le IDPROM s.
(Option al) Specifies th e modu le name.
interface int_n ame
supervisor
Display s in formatio n for th e GBIC o r SFP IDPROMs .
Display s in formatio n for th e supervisor engin e IDPROM s.
power-s upply numb er
fan-tray
Display s in formatio n for th e power su pply IDPROMs.
Display s in formatio n for th e fan tray IDPROMs.
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
Wh en yo u enter the sho w idprom interface command, th e outp ut lin es for Calib ration type and Rx
(receive) p ower measurement may n ot be disp layed fo r all GBICs.
Examples
This examp le shows how to d isplay IDPROM info rmation fo r module 4:
Switch# show idprom module 4
Module 4 Idprom:
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 4199
Idprom Size = 256
Block Count = 2
FRU Major Type = 0x4201
FRU Minor Type = 303
OEM String = Cisco Systems, Inc.
Product Number = WS-X4306
Serial Number = 00000135
Part Number = <tbd>
Hardware Revision = 0.2
Manufacturing Bits = 0x0000
Engineering Bits = 0x0000
Snmp OID = 0.0.0.0.0.0.0.0
Power Consumption = 0
RMA Failure Code = 0 0 0 0
Linecard Block Signature = 0x4201
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-567
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show idprom
Linecard Block Version = 1
Linecard Block Length = 24
Linecard Block Checksum = 658
Feature Bits = 0x0000000000000000
Card Feature Index = 50
MAC Base = 0010.7bab.9830
MAC Count = 6
Switch#
This example s hows how to display IDPROM in formatio n for th e GBICs o n th e Gigabit Ethernet
in terface 1/2:
Switch# show idprom interface gigabitethernet1/2
GBIC Serial EEPROM Contents:
Common Block:
Identifier
= GBIC [0x1]
Extended Id
= Not specified/compliant with defined MOD_DEF [0x0]
Connector
= SC connector [0x1]
Transceiver
Speed
= Not available [0x0]
Media
= Not available [0x0]
Technology
= Not available [0x0]
Link Length
= Not available [0x0]
GE Comp Codes
= Not available [0x0]
SONET Comp Codes = Not available [0x0]
Encoding
= 8B10B [0x1]
BR, Nominal
= 1300000000 MHz
Length(9u) in km = GBIC does not support single mode fibre, or the length
must be determined from the transceiver technology.
Length(9u)
= > 25.4 km
Length(50u)
= GBIC does not support 50 micron multi-mode fibre, or the
length must be determined from the transceiver technology.
Length(62.5u)
= GBIC does not support 62.5 micron multi-mode fibre, or
the length must be determined from transceiver technology.
Length(Copper)
= GBIC does not support copper cables, or the length must
be determined from the transceiver technology.
Vendor name
= CISCO-FINISAR
Vendor OUI
= 36965
Vendor Part No.
= FTR-0119-CSC
Vendor Part Rev. = B
Wavelength
= Not available
CC_BASE
= 0x1A
Extended ID Fields
Options
= Loss of Signal implemented TX_FAULT signal implemented TX_DISABLE is
implemented and disables the serial output [0x1A]
BR, max
= Unspecified
BR, min
= Unspecified
Vendor Serial No. = K1273DH
Date code
= 030409
Diag monitoring
= Implemented
Calibration type = Internal
Rx pwr measuremnt = Optical Modulation Amplitude (OMA)
Address change
= Required
CC_EXT
= 0xB2
Vendor Specific ID Fields:
20944D30 29 00 02 80 22 33 38 3D C7 67 83 E8 DF 65 6A AF
20944D40 1A 80 ED 00 00 00 00 00 00 00 00 00 38 23 3C 1B
0x0000
0x0010
SEEPROM contents (hex) size 128:
01 00 01 00 00 00 00 00 00 00 00 01 0D 00 00 FF
00 00 00 00 43 49 53 43 4F 2D 46 49 4E 49 53 41
)..."38=Gg^Ch_ej/
............8#<.
................
....CISCO-FINISA
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-568
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show idprom
0x0020 52 20 20 20 00 00 90 65 46 54 52 2D 30 31 31 39
0x0030 2D 43 53 43 20 20 20 20 42 20 20 20 00 00 00 1A
0x0040 00 1A 00 00 4B 31 32 37 33 44 48 20 20 20 20 20
0x0050 20 20 20 20 30 33 30 34 30 39 20 20 64 00 00 B2
0x0060 29 00 02 80 22 33 38 3D C7 67 83 E8 DF 65 6A AF
0x0070 1A 80 ED 00 00 00 00 00 00 00 00 00 38 23 3C 1B
Switch#
R
..^PeFTR-0119
-CSC
B
....
....K1273DH
030409 d..2
)..^@"38=Gg^C._ej.
.^@m.........8#<.
This examp le shows how to d isplay IDPROM info rmation fo r the 10 -Gigab it Ethernet in terface 1/1:
Switch# show idprom interface tengigabitethernet1/1
X2 Serial EEPROM Contents:
Non-Volatile Register (NVR) Fields
X2 MSA Version supported
:0xA
NVR Size in bytes
:0x100
Number of bytes used
:0xD0
Basic Field Address
:0xB
Customer Field Address
:0x77
Vendor Field Address
:0xA7
Extended Vendor Field Address
:0x100
Reserved
:0x0
Transceiver type
:0x2 =X2
Optical connector type
:0x1 =SC
Bit encoding
:0x1 =NRZ
Normal BitRate in multiple of 1M b/s :0x2848
Protocol Type
:0x1 =10GgE
Standards Compliance Codes :
10GbE Code Byte 0
10GbE Code Byte 1
SONET/SDH Code Byte 0
SONET/SDH Code Byte 1
SONET/SDH Code Byte 2
SONET/SDH Code Byte 3
10GFC Code Byte 0
10GFC Code Byte 1
10GFC Code Byte 2
10GFC Code Byte 3
Transmission range in 10m
Fibre Type :
Fibre Type Byte 0
Fibre Type Byte 1
:0x2 =10GBASE-LR
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x0
:0x3E8
:0x40 =NDSF only
:0x0 =Unspecified
Centre Optical Wavelength in 0.01nm steps - Channel 0 :0x1 0xFF 0xB8
Centre Optical Wavelength in 0.01nm steps - Channel 1 :0x0 0x0 0x0
Centre Optical Wavelength in 0.01nm steps - Channel 2 :0x0 0x0 0x0
Centre Optical Wavelength in 0.01nm steps - Channel 3 :0x0 0x0 0x0
Package Identifier OUI :0xC09820
Transceiver Vendor OUI :0x3400800
Transceiver vendor name :CISCO-OPNEXT,INC
Part number provided by transceiver vendor
:TRT5021EN-SMC-W
Revision level of part number provided by vendor :00
Vendor serial number
:ONJ08290041
Vendor manufacturing date code :2004072000
Reserved1 : 00 02 02 20 D1 00 00
Basic Field Checksum :0x10
Customer Writable Area :
0x00: 58 32 2D 31 30 47 42 2D 4C 52 20 20 20 20 20 20
0x10: 20 20 20 20 20 4F 4E 4A 30 38 32 39 30 30 34 31
0x20: 31 30 2D 32 30 33 36 2D 30 31 20 20 41 30 31 20
Vendor Specific :
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-569
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show idprom
0x00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x30: 00 00 00 00 11 E2 69 A9 2F 95 C6 EE D2 DA B3 FD
0x40: 9A 34 4A 24 CB 00 00 00 00 00 00 00 00 00 EF FC
0x50: F4 AC 1A D7 11 08 01 36 00
Switch#
This example s hows how to display IDPROM in formatio n for th e supervisor engine:
Switch# show idprom supervisor
Supervisor Idprom:
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 4153
Idprom Size = 256
Block Count = 2
FRU Major Type = 0x4101
FRU Minor Type = 333
OEM String = Cisco Systems, Inc.
Product Number = WS-X4014
Serial Number = JAB05320CCE
Part Number = 73-6854-04
Part Revision = 05
Manufacturing Deviation String = 0
Hardware Revision = 0.4
Manufacturing Bits = 0x0000
Engineering Bits = 0x0000
Snmp OID = 0.0.0.0.0.0.0.0
Power Consumption = 0
RMA Failure Code = 0 0 0 0
Supervisor Block Signature = 0x4101
Supervisor Block Version = 1
Supervisor Block Length = 24
Supervisor Block Checksum = 548
Feature Bits = 0x0000000000000000
Card Feature Index = 95
MAC Base = 0007.0ee5.2a44
MAC Count = 2
Switch#
This example s hows how to display IDPROM in formatio n for th e chass is:
Switch# show idprom chassis
Chassis Idprom:
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 4285
Idprom Size = 256
Block Count = 2
FRU Major Type = 0x4001
FRU Minor Type = 24
OEM String = Cisco Systems, Inc.
Product Number = WS-C4507R
Serial Number = FOX04473737
Part Number = 73-4289-02
Part Revision = 02
Manufacturing Deviation String = 0x00
Hardware Revision = 0.2
Manufacturing Bits = 0x0000
Engineering Bits = 0x0000
Snmp OID = 0.0.0.0.0.0.0.0
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-570
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show idprom
Chassis Block Signature = 0x4001
Chassis Block Version = 1
Chassis Block Length = 22
Chassis Block Checksum = 421
Feature Bits = 0x0000000000000000
MAC Base = 0004.dd42.2600
MAC Count = 1024
Switch#
This examp le shows how to d isplay IDPROM info rmation fo r power sup ply 1:
Switch# show idprom power-supply 1
Power Supply 0 Idprom:
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 10207
Idprom Size = 256
Block Count = 1
FRU Major Type = 0xAB01
FRU Minor Type = 8224
OEM String = Cisco Systems, Inc.
Product Number = WS-CAC-1440W
Serial Number = ACP05180002
Part Number = 34-XXXX-01
Part Revision = A0
Manufacturing Deviation String =
Hardware Revision = 1.1
Manufacturing Bits = 0x0000
Engineering Bits = 0x3031
Snmp OID = 9.12.3.65535.65535.65535.65535.65535
Power Consumption = -1
RMA Failure Code = 255 255 255 255
Power Supply Block Signature = 0xFFFF
PowerSupply Block Version = 255
PowerSupply Block Length = 255
PowerSupply Block Checksum = 65535
Feature Bits = 0x00000000FFFFFFFF
Current @ 110V = -1
Current @ 220V = -1
StackMIB OID = 65535
Switch#
This examp le shows how to d isplay IDPROM info rmation fo r the fan tray :
Switch# show idprom fan-tray
Fan Tray Idprom :
Common Block Signature = 0xABAB
Common Block Version = 1
Common Block Length = 144
Common Block Checksum = 19781
Idprom Size = 256
Block Count = 1
FRU Major Type = 0x4002
FRU Minor Type = 0
OEM String = "Cisco Systems"
Product Number = WS-X4502-fan
Serial Number =
Part Number =
Part Revision =
Manufacturing Deviation String =
Hardware Revision = 0.1
Manufacturing Bits = 0xFFFF
Engineering Bits = 0xFFFF
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-571
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show idprom
Snmp OID = 65535.65535.65535.65535.65535.65535.65535.65535
Power Consumption = -1
RMA Failure Code = 255 255 255 255
Switch#
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-572
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show interfaces
show interfaces
To disp lay traffic on a specific interface, use th e show interfaces command.
show interfaces [{{fastethernet mod/in terfa ce-n umber} | {gigabitethernet
mod /interfa ce-n umber} | {tengigabitethernet mod/interface-number } | {null
interface-numb er } | vlan vlan_ id} | status}]
Syntax Description
fas tethernet
mod /interfa ce-n umber
gigabitethernet
mod /interfa ce-n umber
tengigabitethernet
mod /interfa ce-n umber
null interface-number
Defaults
(Optional) Specifies the Fast Ethernet module and interface.
(Optional) Specifies the Gigabit Ethernet module and in terface.
(Optional) Specifies the 10-Gigabit Ethernet module and interface.
(Optional) Specifies the null interface; the valid valu e is 0.
vlan vlan _id
(Optional) Specifies the VLAN; valid values are from 1 to 4094.
sta tus
(Optional) Dis play s status information.
This comman d has no default settings.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
The statistics are collected per VLAN for Layer 2 s witched packets and Layer 3 switched p ackets. The
statistics are available for both unicast and multicast. The Lay er 3 switched packet cou nts are availab le
for both the in gress and egres s d irection s. Th e per-VLAN statistics are updated every 5 second s.
In some cases, the d uplex mod e that is disp layed by the s how interfaces command is different than that
displayed by th e show running-config command. The du plex mod e that is disp layed in the show
interfaces comman d is th e actual duplex mode that the interface is runn ing. The show interfaces
co mmand shows the operating mode for an interface, but the show running -config command shows the
co nfigured mode for an interface.
If you do not enter any keywo rds, all counters for all mo dules are displayed.
Line cards that support auto-M DIX configu ration on th eir co pper media p orts in clud e: WS-X4 124-RJ45,
WS-X414 8-RJ with hardware revision 3.0 or later, an d WS-X4 232-GB-RJ with hardware revision 3.0 or
later.
Examples
This examp le shows how to d isplay traffic for Gigabit Ethernet interface 2/5:
Switch# show interfaces gigabitethernet2/5
GigabitEthernet9/5 is up, line protocol is up (connected) (vlan-err-dis)
Hardware is C4k 1000Mb 802.3, address is 0001.64f8.3fa5 (bia 0001.64f8.3fa5)
Internet address is 172.20.20.20/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-573
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show interfaces
Keepalive set (10 sec)
Full-duplex, 1000Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L2 Switched: ucast: 8199 pkt, 1362060 bytes - mcast: 6980 pkt, 371952 bytes
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
300114 packets input, 27301436 bytes, 0 no buffer
Received 43458 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
15181 packets output, 1955836 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Switch#
This example s hows how to display traffic for 10-Gigabit Ethernet interface 1 /1:
Switch# show interfaces tengigabitethernet1/1
Name: Tengigabitethernet1/1
Switchport: Enabled
Administrative Mode: private-vlan promiscuous trunk
Operational Mode: private-vlan promiscuous (suspended member of bundle Po1)
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: none
Trunking Native Mode VLAN: none
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: 202 (VLAN0202) 303 (VLAN0303) 304 (VLAN0304)
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk
Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: 802.1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Administrative private-vlan mapping trunk: New 202 (VLAN0202) 303 (VLAN0303) 304
(VLAN0304) 204 (VLAN0204) 305 (VLAN0305) 306 (VLAN0306)
Operational private-vlan: 202 (VLAN0202) 303 (VLAN0303) 304 (VLAN0304)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Switch#
This example s hows how to verify the status of auto-MDIX on an RJ-45 port:
Note
You can verify the config uration setting an d th e operation al state of auto-MDIX on the interface by
enterin g th e show interfaces EXEC comman d. Th is field is applicable an d appears only o n th e
show interfa ces co mmand ou tput for 10/100 /1000BaseT RJ -45 copper po rts on sup ported linecards
in clud ing WS-X4124 -RJ45, WS-X414 8-RJ with hard ware revisio n 3.0 or later, an d WS-X4232 -GB-RJ
with hardware revision 3.0 or later.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-574
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show interfaces
FastEthernet6/3 is up, line protocol is up (connected)
Hardware is Fast Ethernet Port, address is 0003.6ba8.ee68 (bia 0003.6ba8.ee68)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is 10/100BaseTX
input flow-control is unsupported output flow-control is unsupported
Auto-MDIX on (operational: on)
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
157082 packets output, 13418032 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Switch#
This examp le shows how to d isplay status information for Gig abit Eth ernet interface 1/2:
Switch# show interfaces gigabitethernet1/2 status
Port
Name
Status
Vlan
Duplex
Gi1/2
notconnect
1
auto
Switch#
Speed Type
1000 1000-XWDM-RXONLY
This examp le shows how to d isplay status information for the interfaces on the supervis or engine:
Switch# show interfaces status
Port
Te1/1
Te1/2
Switch#
Name
Status
connected
connected
Vlan
1
1
Duplex
full
full
Speed Type
10G 10GBase-LR
10G 10GBase-LR
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-575
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show interfaces capabilities
show interfaces capabilities
To display the interface capabilities for an interface or for all the interfaces on a switch, use th e
show interfa ces ca pa bilities command.
show interfa ces ca pa bilities [{module mod}]
show interfa ces [interface interface-nu mber] capabilities
Syntax Description
module mo d
in terface
in terface-nu mber
Defaults
(Optio nal) Displays information fo r the s pecified module only.
(Optio nal) Interface ty pe; valid values are fastethernet, gigabitethernet,
tengig abitethernet, and port-channel .
(Optio nal) Po rt number.
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
The interface-number arg umen t d esign ates the mod ule and port n umber. Valid valu es fo r
in terface-nu mber dep en d o n th e chas sis and mod ule used. For example, if yo u have a 48-port
1 0/100-Mbps Fast Eth ernet RJ-21 (telco con nector) switching mod ule installed in a Catalyst 4507
chassis, valid valu es for the slot n umber are fro m 2 to 1 3 and valid values fo r the p ort n umber are 1 to 48.
Line cards th at sup port auto -MDIX con figuratio n on their copp er media ports include: WS-X412 4-RJ4 5,
WS-X4148-RJ with hardware revisio n 3.0 or higher, and WS-X4232-GB-RJ with hard ware revision 3.0
o r higher.
Examples
This example s hows how to display the in terface capabilities for a module:
Switch# show interfaces capabilities module 1
GigabitEthernet1/1
Model:
WS-X4516-Gbic
Type:
Unsupported GBIC
Speed:
1000
Duplex:
full
Trunk encap. type:
802.1Q,ISL
Trunk mode:
on,off,desirable,nonegotiate
Channel:
yes
Broadcast suppression:percentage(0-100), hw
Flowcontrol:
rx-(off,on,desired),tx-(off,on,desired)
VLAN Membership:
static, dynamic
Fast Start:
yes
Queuing:
rx-(N/A), tx-(4q1t, Sharing/Shaping)
CoS rewrite:
yes
ToS rewrite:
yes
Inline power:
no
SPAN:
source/destination
UDLD
yes
Link Debounce:
no
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-576
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show interfaces capabilities
Link Debounce Time:
no
Port Security
yes
Dot1x
yes
GigabitEthernet1/2
Model:
WS-X4516-Gbic
Type:
Unsupported GBIC
Speed:
1000
Duplex:
full
Trunk encap. type:
802.1Q,ISL
Trunk mode:
on,off,desirable,nonegotiate
Channel:
yes
Broadcast suppression:percentage(0-100), hw
Flowcontrol:
rx-(off,on,desired),tx-(off,on,desired)
VLAN Membership:
static, dynamic
Fast Start:
yes
Queuing:
rx-(N/A), tx-(4q1t, Sharing/Shaping)
CoS rewrite:
yes
ToS rewrite:
yes
Inline power:
no
SPAN:
source/destination
UDLD
yes
Link Debounce:
no
Link Debounce Time:
no
Port Security
yes
Dot1x
yes
Switch#
This examp le shows how to d isplay th e interface capab ilities fo r the 1 0-Gigab it Ethernet in terface 1/1:
Switch# show interfaces tengigabitethernet1/1 capabilities
TenGigabitEthernet1/1
Model:
WS-X4517-X2
Type:
10GBase-LR
Speed:
10000
Duplex:
full
Trunk encap. type:
802.1Q,ISL
Trunk mode:
on,off,desirable,nonegotiate
Channel:
yes
Broadcast suppression: percentage(0-100), hw
Flowcontrol:
rx-(off,on),tx-(off,on)
VLAN Membership:
static, dynamic
Fast Start:
yes
Queuing:
rx-(N/A), tx-(1p3q1t, Sharing/Shaping)
CoS rewrite:
yes
ToS rewrite:
yes
Inline power:
no
SPAN:
source/destination
UDLD:
yes
Link Debounce:
no
Link Debounce Time:
no
Port Security:
yes
Dot1x:
yes
Maximum MTU:
9198 bytes (Jumbo Frames)
Multiple Media Types: no
Diagnostic Monitoring: N/A
Switch#
This examp le shows how to d isplay th e interface capab ilities fo r Gigabit Ethern et interface 1 /1:
Switch# show interfaces gigabitethernet1/1 capabilities
GigabitEthernet1/1
Model:
WS-X4014-Gbic
Type:
No Gbic
Speed:
1000
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-577
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show interfaces capabilities
Duplex:
full
Trunk encap. type:
802.1Q,ISL
Trunk mode:
on,off,desirable,nonegotiate
Channel:
yes
Broadcast suppression:percentage(0-100), hw
Flowcontrol:
rx-(off,on,desired),tx-(off,on,desired)
VLAN Membership:
static, dynamic
Fast Start:
yes
Queuing:
rx-(N/A), tx-(4q1t, Sharing/Shaping)
CoS rewrite:
yes
ToS rewrite:
yes
Inline power:
no
SPAN:
source/destination
UDLD:
yes
Link Debounce:
no
Link Debounce Time:
no
Port Security:
yes
Dot1x:
yes
MTU Supported:
jumbo frames, baby giants
Switch#
This example s hows how to display the in terface capabilities for Fast Ethernet interface 3/1:
Switch# show interfaces fastethernet3/1 capabilities
FastEthernet3/1
Model:
WS-X4148-RJ-RJ-45
Type:
10/100BaseTX
Speed:
10,100,auto
Duplex:
half,full,auto
Trunk encap. type:
802.1Q,ISL
Trunk mode:
on,off,desirable,nonegotiate
Channel:
yes
Broadcast suppression:percentage(0-100), sw
Flowcontrol:
rx-(none),tx-(none)
VLAN Membership:
static, dynamic
Fast Start:
yes
Queuing:
rx-(N/A), tx-(4q1t, Shaping)
CoS rewrite:
yes
ToS rewrite:
yes
Inline power:
no
SPAN:
source/destination
UDLD:
yes
Link Debounce:
no
Link Debounce Time:
no
Port Security:
yes
Dot1x:
yes
MTU Supported:
no jumbo frames, baby giants
Switch#
This example s hows how to verify that the auto -MDIX configuration is supp orted on a p ort:
Switch# show interfaces fastethernet6/3 capabilities
FastEthernet6/3
Model:
WS-X4232-GB-RJ-RJ-45
Type:
10/100BaseTX
Speed:
10,100,auto
Duplex:
half,full,auto
Auto-MDIX
yes
Trunk encap. type:
802.1Q,ISL
Trunk mode:
on,off,desirable,nonegotiate
Channel:
yes
Broadcast suppression: percentage(0-100), hw
Flowcontrol:
rx-(none),tx-(none)
VLAN Membership:
static, dynamic
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-578
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show interfaces capabilities
Fast Start:
yes
Queuing:
rx-(N/A), tx-(1p3q1t, Sharing/Shaping)
CoS rewrite:
yes
ToS rewrite:
yes
Inline power:
no
SPAN:
source/destination
UDLD:
yes
Link Debounce:
no
Link Debounce Time:
no
Port Security:
yes
Dot1x:
yes
Maximum MTU:
1552 bytes (Baby Giants)
Multiple Media Types: no
Diagnostic Monitoring: N/A
Switch#
Related Commands
Co mmand
show interfaces counters
Description
Displays the traffic on the ph ysical interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-579
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show interfaces counters
show interfaces counters
To display the traffic on th e phys ical in terface, use the show interfaces counters comman d.
show interfa ces co unters [all | detail | erro rs | storm-control | trunk] [module mod ]
Syntax Description
a ll
(Optional) Displays all the interface cou nters including erro rs, trunk, and detail.
detail
errors
Defaults
(Optional) Dis play s th e detailed interface counters.
(Optional) Dis play s th e interface error coun ters.
storm-co ntro l
(Optional) Displays the numb er of packets discarded d ue to suppress ion o n the
interface.
trunk
module mo d
(Optional) Dis play s th e interface trunk counters.
(Optional) Limits the display to in terfaces on a sp ecific mo dule.
This command has no default setting s.
Command Modes
Priv ileged EXEC mo de
Usage Guidelines
If you d o n ot enter any key words, all the counters for all modules are displayed.
Examples
This example s hows how to display the error cou nters for a specific mod ule:
The disp lay for the storm-control keyword includes the s uppressed multicast bytes.
Switch# show interfaces counters errors module 1
Port
Gi1/1
Gi1/2
Port
Gi1/1
Gi1/2
Switch#
Align-Err
0
0
FCS-Err
0
0
Single-Col Multi-Col
0
0
0
0
Xmit-Err
0
0
Rcv-Err UnderSize
0
0
0
0
Late-Col Excess-Col Carri-Sen
0
0
0
0
0
0
Runts
0
0
Giants
0
0
This example s hows how to display the traffic that is seen by a sp ecific mo dule:
Switch# show interfaces counters module 1
Port
Gi1/1
Gi1/2
Port
Gi1/1
Gi1/2
Switch#
InOctets
0
0
InUcastPkts
0
0
InMcastPkts
0
0
InBcastPkts
0
0
OutOctets
0
0
OutUcastPkts
0
0
OutMcastPkts
0
0
OutBcastPkts
0
0
This example s hows how to display the trunk coun ters for a specific module:
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-580
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show interfaces counters
Switch# show interfaces counters trunk module 1
Port
Gi1/1
Gi1/2
Switch#
TrunkFramesTx
0
0
TrunkFramesRx
0
0
WrongEncap
0
0
This examp le shows how to d isplay th e number o f packets that are discarded d ue to sup pression:
Switch# show interfaces counters storm-control
Multicast Suppression : Enabled
Port
Fa5/35
Switch#
Related Commands
BcastSuppLevel
10.00%
TotalSuppressionDiscards
6278550
Co mmand
Description
show interfaces capabilities
Displays the interface capabilities for an interface or fo r all
the interfaces on a switch.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Re lease IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
2-581
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Serie s Switches
show interfaces description
show interfaces description
To display a description and status of an interface, use th e show interfaces description comman d.
show interfa ces [interface] description
Syntax Description
in terface
Defaults
This command has no default setting s.
Command Modes
Examples
(Optio nal) Typ e of in terface.
Priv ileged EXEC mo de
This example s hows how to display information for all interfaces:
Switch# show interfaces description
Interface Status
Protocol Description
PO0/0
admin down
down
First interface
PO0/1
admin down
down
Gi1/1
up
up
GigE to server farm
Switch#
Related Commands
Command
description (refer to Cisco IOS
d ocu mentation)
Descriptio n
Includes a specific description abou t the digital sig nal
processor (DSP) interface.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
2-582
OL_28738 -01
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
show interfaces link
show interfaces link
To disp lay how lo ng a cable has b een disconnected from an in terface, use the show interfaces link
co mmand :
show interfaces link [module mod_n um]
Syntax Description
module mod_n um
Defaults
This comman d has no default settings.
(Optional) Limits the display to in terfaces on a mod ule.
Command Modes
Privileg ed EXEC mode
Usage Guidelines
If the interface state is up, the co mmand disp lays 0:00 . If the in terface state is down, the time (in h ours ,
minutes, and secon ds) is displayed.
Examples
This examp le shows how to d isplay active link-level in formatio n:
Switch# show interfaces link
Port
Gi1/1
Gi1/2
Gi3/1
Gi3/2
Fa4/1
Fa4/2
Fa4/3
Fa4/4
Name
Down Time
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
This examp le shows how to d isplay in active link-level in formation:
Switch# show interfaces link
Port
Gi3/4
Gi3/5
Gi3/6
Gi4/1
Name
Down Time
1 minute 28 secs
1 minute 28 secs
1 minute 28 secs
1 minute 28 secs
In this examp le, the cab le has been disconnected from the port for 1 minute an d 2 8 second s.
Catalyst
