Cisco Systems 6500 Switch User Manual

Catalyst 6500 Series Switch
Command Reference
Release 8.1
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7815474=
Text Part Number: 78-15474-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.;
Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,
CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems
logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ
Net Readiness Scorecard, LightStream, MGX, MICA, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX,
Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO
are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0304R)
Catalyst 6500 Series Switch Command Reference
Copyright © 1999–2003 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
Preface
xxvii
Audience
xxvii
Organization
xxvii
Related Documentation
Conventions
xxvii
xxviii
Obtaining Documentation xxix
Cisco.com xxix
Documentation CD-ROM xxix
Ordering Documentation xxx
Documentation Feedback xxx
Obtaining Technical Assistance xxx
Cisco TAC Website xxx
Opening a TAC Case xxxi
TAC Case Priority Definitions xxxi
Obtaining Additional Publications and Information
CHAPTER
1
Command-Line Interfaces
xxxi
1-1
Switch CLI 1-1
Accessing the Switch CLI 1-1
Operating the Switch CLI 1-3
Using the CLI String Search 1-13
ROM Monitor CLI 1-17
Accessing the ROM Monitor CLI
Operating the ROM Monitor CLI
CHAPTER
2
1-17
1-17
Catalyst 6500 Series Switch and ROM Monitor Commands
alias
2-2
boot
2-4
cd
2-1
2-5
clear acllog
clear alias
clear arp
2-6
2-7
2-8
clear banner motd
2-9
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
iii
Contents
clear boot auto-config
2-10
clear boot device
2-11
clear boot system
2-12
clear cam
2-13
clear cam notification
2-14
clear channel statistics
clear config
2-16
clear config pvlan
clear cops
2-18
2-19
clear counters
2-21
clear crypto key rsa
clear dot1x config
clear ftp
2-15
2-22
2-23
2-24
clear gmrp statistics
2-25
clear gvrp statistics
2-26
clear igmp statistics
2-27
clear ip alias
2-28
clear ip dns domain
clear ip dns server
clear ip permit
clear ip route
2-29
2-30
2-31
2-33
clear kerberos clients mandatory
clear kerberos credentials forward
clear kerberos creds
2-36
clear kerberos realm
2-37
clear kerberos server
2-38
clear key config-key
2-40
clear l2protocol-tunnel statistics
clear lacp-channel statistics
2-41
2-42
2-43
clear localuser
clear log
2-35
2-39
clear l2protocol-tunnel cos
clear lda
2-34
2-45
2-46
clear log command
2-47
clear logging buffer
2-48
Catalyst 6500 Series Switch Command Reference—Release 8.1
iv
78-15474-01
Contents
clear logging callhome
2-49
clear logging callhome from
2-51
clear logging callhome reply-to
2-52
clear logging callhome severity
2-53
clear logging callhome smtp-server
clear logging level
2-55
clear logging server
clear mls cef
2-57
2-58
clear mls cef rpf statistics
clear mls entry
2-59
2-60
clear mls entry cef
2-62
clear mls exclude protocol
2-63
clear mls multicast statistics
clear mls nde flow
2-65
clear mls statistics
2-66
clear mls statistics entry
clear module password
clear multicast router
clear ntp server
2-64
2-68
2-70
2-71
2-72
clear ntp timezone
clear pbf
2-54
2-73
2-74
clear pbf-map
2-75
clear pbf vlan
2-77
clear port broadcast
2-78
clear port cops
2-79
clear port host
2-80
clear port qos cos
2-81
clear port security
2-82
clear pvlan mapping
clear qos acl
2-83
2-84
clear qos config
2-86
clear qos cos-dscp-map
2-87
clear qos dscp-cos-map
2-88
clear qos dscp-mutation-table-map
clear qos ipprec-dscp-map
2-89
2-90
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
v
Contents
clear qos mac-cos
clear qos map
2-91
2-92
clear qos policed-dscp-map
clear qos policer
2-95
clear qos statistics
clear radius
clear rcp
2-94
2-97
2-98
2-99
clear rgmp statistics
clear security acl
2-100
2-101
clear security acl capture-ports
clear security acl log flow
clear security acl map
clear snmp access
2-103
2-104
2-105
2-107
clear snmp access-list
2-108
clear snmp community
2-109
clear snmp community-ext
clear snmp group
2-111
clear snmp ifalias
2-112
clear snmp notify
2-113
clear snmp targetaddr
2-110
2-114
clear snmp targetparams
clear snmp trap
2-116
clear snmp user
2-117
clear snmp view
2-118
2-115
clear spantree detected-protocols
clear spantree mst
2-120
clear spantree portcost
2-121
clear spantree portinstancecost
clear spantree portinstancepri
clear spantree portpri
2-122
2-124
2-125
clear spantree portvlancost
clear spantree portvlanpri
clear spantree root
2-119
2-126
2-128
2-129
clear spantree statistics
clear spantree uplinkfast
2-131
2-133
Catalyst 6500 Series Switch Command Reference—Release 8.1
vi
78-15474-01
Contents
clear system info-log command
clear tacacs key
2-135
clear tacacs server
clear timezone
clear top
2-136
2-137
2-138
clear trunk
2-139
clear vlan
2-140
clear vlan counters
2-142
clear vlan mapping
2-143
clear vmps rcp
2-144
clear vmps server
2-145
clear vmps statistics
2-146
clear vtp pruneeligible
clear vtp statistics
commit
2-149
2-152
configure
2-153
confreg
2-155
context
2-157
2-159
delete
dev
2-147
2-150
commit lda
copy
2-134
2-165
2-166
dir—ROM monitor
dir—switch
disable
2-168
2-170
disconnect
2-171
download
2-172
enable
2-176
format
2-177
frame
fsck
2-167
2-179
2-180
history—ROM monitor
history—switch
l2trace
meminfo
2-182
2-183
2-184
2-187
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
vii
Contents
ping
2-188
pwd
2-191
quit
2-192
reconfirm vmps
reload
2-194
repeat
2-195
2-193
reset—ROM monitor
reset—switch
2-198
restore counters
rollback
2-203
session
2-204
set
2-197
2-202
2-205
set accounting commands
set accounting connect
set accounting exec
2-206
2-207
2-208
set accounting suppress
2-210
set accounting system
2-211
set accounting update
2-213
set acllog ratelimit
set alias
set arp
2-214
2-215
2-216
set authentication enable
set authentication login
2-218
2-220
set authorization commands
set authorization enable
2-224
set authorization exec
set banner lcd
2-222
2-226
2-228
set banner motd
2-229
set banner telnet
2-230
set boot auto-config
2-231
set boot config-register
2-232
set boot config-register auto-config
set boot device
set boot sync now
2-235
2-238
2-240
set boot system flash
2-241
Catalyst 6500 Series Switch Command Reference—Release 8.1
viii
78-15474-01
Contents
set cam
2-243
set cam notification
set cdp
2-245
2-248
set channelprotocol
2-250
set channel vlancost
2-252
set config acl nvram
2-254
set config mode
set cops
2-255
2-257
set crypto key rsa
2-259
set default portstatus
2-260
set dot1q-all-tagged
set dot1x
2-261
2-262
set enablepass
2-265
set errdisable-timeout
set errordetection
2-266
2-268
set fan-tray-version
2-270
set feature agg-link-partner
2-271
set feature dot1x-radius-keepalive
set feature mdg
set firewall
set ftp
2-273
2-274
2-275
set garp timer
set gmrp
2-277
2-278
set gmrp fwdall
2-279
set gmrp registration
set gmrp timer
set gvrp
2-280
2-281
2-283
set gvrp applicant
2-284
set gvrp dynamic-vlan-creation
set gvrp registration
set gvrp timer
set igmp
2-272
2-285
2-286
2-288
2-290
set igmp fastblock
2-291
set igmp fastleave
2-292
set igmp flooding
2-293
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
ix
Contents
set igmp leave-query-type
set igmp mode
2-294
2-295
set igmp querier
2-296
set igmp ratelimit
2-298
set igmp v3-processing
2-300
set inlinepower defaultallocation
set interface
2-303
set ip alias
set ip dns
2-302
2-306
2-307
set ip dns domain
2-308
set ip dns server
2-309
set ip fragmentation
set ip http port
2-311
set ip http server
set ip permit
2-312
2-313
set ip redirect
set ip route
2-310
2-315
2-316
set ip unreachable
2-318
set kerberos clients mandatory
2-319
set kerberos credentials forward
set kerberos local-realm
set kerberos realm
2-322
set kerberos server
2-323
set kerberos srvtab entry
2-321
2-324
set kerberos srvtab remote
set key config-key
2-326
2-327
set l2protocol-tunnel cos
2-328
set l2protocol-tunnel trunk
2-329
set lacp-channel system-priority
set lcperroraction
set lda
2-320
2-330
2-331
2-332
set length
set localuser
2-335
2-336
set logging buffer
set logging callhome
2-338
2-339
Catalyst 6500 Series Switch Command Reference—Release 8.1
x
78-15474-01
Contents
set logging callhome destination
set logging callhome from
2-341
2-343
set logging callhome reply-to
2-344
set logging callhome severity
2-345
set logging callhome smtp-server
set logging console
2-348
set logging history
set logging level
2-349
2-350
set logging server
2-353
set logging session
set logging telnet
2-355
2-356
set logging timestamp
set logout
2-347
2-357
2-358
set mls agingtime
2-359
set mls bridged-flow-statistics
set mls cef load-balance
2-363
set mls cef per-prefix-statistics
set mls exclude protocol
set mls flow
2-368
set mls rate
2-372
2-365
set mls statistics protocol
set module
2-364
2-366
set mls nde
set mls verify
2-362
2-373
2-374
2-376
set module name
2-378
set module power
2-379
set module shutdown
2-380
set msfcautostate
2-381
set msmautostate
2-382
set multicast router
2-383
set ntp broadcastclient
2-384
set ntp broadcastdelay
2-385
set ntp client
2-386
set ntp server
2-387
set ntp summertime
2-388
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xi
Contents
set ntp timezone
set password
set pbf
2-390
2-391
2-392
set pbf-map
2-394
set pbf vlan
2-396
set port arp-inspection
2-397
set port auxiliaryvlan
2-398
set port broadcast
set port channel
set port cops
2-400
2-402
2-406
set port debounce
set port disable
2-407
2-409
set port dot1q-all-tagged
set port dot1qtunnel
set port dot1x
2-410
2-412
2-414
set port duplex
2-417
set port enable
2-418
set port errdisable-timeout
set port flowcontrol
set port gmrp
2-420
2-422
set port gvrp
2-423
set port host
2-425
set port inlinepower
set port jumbo
2-426
2-428
set port l2protocol-tunnel
set port lacp-channel
set port macro
2-429
2-431
2-433
set port membership
set port name
2-436
2-438
set port negotiation
set port protocol
set port qos
2-419
2-439
2-440
2-442
set port qos autoqos
set port qos cos
2-444
2-446
set port qos policy-source
2-447
Catalyst 6500 Series Switch Command Reference—Release 8.1
xii
78-15474-01
Contents
set port qos trust
2-449
set port qos trust-device
set port qos trust-ext
2-451
2-452
set port rsvp dsbm-election
set port security
2-453
2-454
set port speed
2-457
set port sync-restart-delay
set port trap
2-458
2-459
set port unicast-flood
2-460
set port voice interface dhcp
set port vtp
2-464
set power redundancy
set prompt
2-467
2-468
set pvlan mapping
set qos
2-465
2-466
set protocolfilter
set pvlan
2-462
2-470
2-472
set qos acl default-action
set qos acl ip
2-473
2-476
set qos acl ipx
2-481
set qos acl mac
2-484
set qos acl map
2-486
set qos autoqos
2-488
set qos bridged-microflow-policing
set qos cos-dscp-map
2-490
set qos drop-threshold
2-491
set qos dscp-cos-map
2-493
set qos dscp-mutation-table-map
set qos ipprec-dscp-map
set qos mac-cos
set qos map
2-495
2-498
2-501
2-502
set qos policy-source
set qos rsvp
2-494
2-497
set qos policed-dscp-map
set qos policer
2-489
2-504
2-506
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xiii
Contents
set qos rxq-ratio
2-508
set qos statistics export
2-510
set qos statistics export aggregate
2-511
set qos statistics export destination
set qos statistics export interval
set qos statistics export port
set qos txq-ratio
set qos wred
set qos wrr
2-513
2-514
2-515
2-517
2-519
set radius attribute
2-521
set radius deadtime
set radius key
2-522
2-523
set radius retransmit
set radius server
2-526
set rcp username
set rgmp
2-528
set rspan
2-529
2-524
2-525
set radius timeout
2-527
set security acl adjacency
2-532
set security acl arp-inspection
set security acl capture-ports
2-533
2-535
set security acl feature ratelimit
set security acl ip
2-536
2-537
set security acl ipx
2-543
set security acl log
2-546
set security acl mac
2-548
set security acl map
2-550
set snmp
2-512
2-552
set snmp access
2-553
set snmp access-list
set snmp buffer
2-555
2-557
set snmp chassis-alias
set snmp community
2-558
2-559
set snmp community-ext
2-561
set snmp extendedrmon netflow
2-563
Catalyst 6500 Series Switch Command Reference—Release 8.1
xiv
78-15474-01
Contents
set snmp group
2-564
set snmp ifalias
2-565
set snmp notify
2-566
set snmp rmon
2-567
set snmp rmonmemory
2-568
set snmp targetaddr
2-569
set snmp targetparams
set snmp trap
2-573
set snmp user
2-576
set snmp view
2-578
set span
2-571
2-580
set spantree backbonefast
set spantree bpdu-filter
2-583
2-584
set spantree bpdu-guard
2-585
set spantree bpdu-skewing
set spantree channelcost
2-586
2-587
set spantree channelvlancost
2-589
set spantree defaultcostmode
2-590
set spantree disable
2-592
set spantree enable
2-594
set spantree fwddelay
2-596
set spantree global-default
set spantree guard
2-598
2-600
set spantree hello
2-602
set spantree link-type
2-604
set spantree macreduction
set spantree maxage
set spantree mode
set spantree mst
2-605
2-606
2-608
2-610
set spantree mst config
2-611
set spantree mst link-type
2-613
set spantree mst maxhops
2-614
set spantree mst vlan
2-615
set spantree portcost
2-616
set spantree portfast
2-618
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xv
Contents
set spantree portfast bpdu-filter
2-619
set spantree portfast bpdu-guard
set spantree portinstancecost
set spantree portinstancepri
set spantree portpri
2-621
2-623
2-625
set spantree portvlancost
2-626
set spantree portvlanpri
set spantree priority
set spantree root
2-620
2-629
2-631
2-633
set spantree uplinkfast
set summertime
2-638
set system baud
2-640
set system contact
2-636
2-641
set system core-dump
2-642
set system core-file
2-643
set system countrycode
2-644
set system crossbar-fallback
2-645
set system highavailability
2-646
set system highavailability versioning
set system info-log
2-649
set system location
2-651
set system modem
2-652
set system name
2-653
set system supervisor-update
2-654
set system switchmode allow
2-656
set system syslog-dump
set system syslog-file
set tacacs attempts
2-658
2-659
2-660
set tacacs directedrequest
set tacacs key
2-661
2-662
set tacacs server
set tacacs timeout
2-663
2-664
set test diagfail-action
set test diaglevel
set time
2-647
2-665
2-666
2-667
Catalyst 6500 Series Switch Command Reference—Release 8.1
xvi
78-15474-01
Contents
set timezone
2-668
set traffic monitor
set trunk
2-669
2-670
set udld
2-673
set udld aggressive-mode
set udld interval
set vlan
2-675
2-676
2-677
set vlan mapping
2-682
set vlan verify-port-provisioning
set vmps downloadmethod
set vmps downloadserver
set vmps server
2-686
2-689
2-690
set vtp pruneeligible
show accounting
show acllog
2-694
2-695
2-698
show aclmerge algo
show alias
show arp
2-699
2-700
2-701
show authentication
2-702
show authorization
show banner
show boot
2-703
2-704
2-705
show boot device
show cam
2-706
2-707
show cam agingtime
show cam count
2-710
2-711
show cam msfc
2-712
show cam notification
show cdp
2-685
2-687
set vmps state
set vtp
2-684
2-713
2-716
show channel
2-719
show channel group
2-724
show channel hash
2-728
show channel mac
2-730
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xvii
Contents
show channelprotocol
2-731
show channel traffic
show config
2-732
2-733
show config mode
2-739
show config qos acl
show cops
2-740
2-741
show counters
2-744
show crypto key
show default
2-750
2-751
show dot1q-all-tagged
show dot1x
2-752
2-753
show dvlan statistics
show environment
2-754
2-755
show errdisable-timeout
2-761
show errordetection
2-762
show fabric channel
2-763
show fabric status
show file
2-768
show firewall
show flash
show ftp
2-767
2-769
2-770
2-773
show garp timer
2-774
show gmrp configuration
show gmrp statistics
show gmrp timer
2-776
2-777
show gvrp configuration
show gvrp statistics
show ifindex
2-775
2-778
2-780
2-782
show igmp flooding
2-783
show igmp gda_status
2-784
show igmp leave-query-type
show igmp mode
2-785
2-786
show igmp querier information
show igmp ratelimit-info
show igmp statistics
2-787
2-788
2-789
Catalyst 6500 Series Switch Command Reference—Release 8.1
xviii
78-15474-01
Contents
show imagemib
2-791
show interface
2-792
show ip alias
2-794
show ip dns
2-795
show ip http
2-797
show ip permit
2-799
show ip route
2-801
show kerberos
2-803
show l2protocol-tunnel statistics
show lacp-channel
2-807
show lcperroraction
show lda
2-811
2-812
show localuser
show log
2-805
2-816
2-817
show log command
show logging
2-819
2-820
show logging buffer
2-822
show logging callhome
2-823
show logging callhome destination
show logging callhome from
2-825
2-827
show logging callhome reply-to
2-828
show logging callhome severity
2-829
show logging callhome smtp-server
show mac
2-831
show microcode
show mls
2-830
2-834
2-835
show mls acl-route
2-837
show mls cef exact-route
show mls cef interface
show mls cef mac
2-839
2-841
show mls cef rpf
2-842
show mls cef summary
show mls entry
2-838
2-844
2-846
show mls entry cef
2-852
show mls entry netflow-route
2-856
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xix
Contents
show mls exclude protocol
show mls multicast
show mls nde
2-858
2-859
2-863
show mls netflow-route
2-864
show mls pbr-route
2-865
show mls statistics
2-866
show mls verify
show module
2-870
2-871
show moduleinit
2-874
show msfcautostate
2-876
show msmautostate
2-877
show multicast group
2-878
show multicast group count
2-880
show multicast protocols status
show multicast router
2-882
show multicast v3-group
show netstat
2-892
show pbf
2-894
show port
2-884
2-885
show ntp
show pbf-map
2-881
2-897
2-898
show port arp-inspection
show port auxiliaryvlan
show port broadcast
2-907
2-909
show port capabilities
show port cdp
2-911
2-916
show port channel
show port cops
2-906
2-918
2-924
show port counters
2-926
show port debounce
2-928
show port dot1q-all-tagged
2-929
show port dot1q-ethertype
2-930
show port dot1qtunnel
show port dot1x
2-931
2-932
show port errdisable-timeout
2-934
Catalyst 6500 Series Switch Command Reference—Release 8.1
xx
78-15474-01
Contents
show port flowcontrol
2-936
show port inlinepower
2-938
show port jumbo
2-940
show port l2protocol-tunnel
show port lacp-channel
show port mac
2-941
2-942
2-945
show port mac-address
2-947
show port negotiation
show port prbs
2-949
2-950
show port protocol
2-951
show port qos
2-952
show port rsvp
2-955
show port security
2-956
show port spantree
show port status
2-959
2-960
show port sync-restart-delay
show port tdr
2-962
show port trap
2-964
show port trunk
2-965
show port unicast-flood
show port voice
2-967
2-968
show port voice active
show port voice fdl
2-971
2-975
show port voice interface
show port vtp
show proc
2-977
2-978
2-980
show protocolfilter
show pvlan
2-961
2-984
2-985
show pvlan capability
show pvlan mapping
2-987
2-989
show qos acl editbuffer
show qos acl info
2-992
show qos acl map
2-994
2-991
show qos acl resource-usage
2-996
show qos bridged-microflow-policing
2-997
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xxi
Contents
show qos info
2-998
show qos mac-cos
show qos maps
2-1004
2-1006
show qos policer
2-1009
show qos policy-source
show qos rsvp
2-1011
2-1012
show qos statistics
2-1013
show qos statistics export info
show qos status
show radius
show reset
2-1016
2-1017
show rate-limit
show rcp
2-1019
2-1020
2-1021
show rgmp group
2-1022
show rgmp statistics
show rspan
2-1015
2-1023
2-1024
show running-config
show security acl
2-1026
2-1029
show security acl arp-inspection
show security acl capture-ports
show security acl feature ratelimit
show security acl log
2-1033
2-1034
2-1035
show security acl map
2-1038
show security acl resource-usage
show snmp
2-1032
2-1039
2-1040
show snmp access
2-1042
show snmp access-list
show snmp buffer
2-1045
show snmp community
show snmp context
2-1044
2-1046
2-1048
show snmp counters
2-1049
show snmp engineid
2-1053
show snmp group
2-1054
show snmp ifalias
2-1056
show snmp notify
2-1057
Catalyst 6500 Series Switch Command Reference—Release 8.1
xxii
78-15474-01
Contents
show snmp rmonmemory
show snmp targetaddr
2-1059
2-1060
show snmp targetparams
show snmp user
2-1064
show snmp view
2-1066
show span
2-1062
2-1068
show spantree
2-1070
show spantree backbonefast
2-1074
show spantree blockedports
2-1075
show spantree bpdu-filter
2-1076
show spantree bpdu-guard
2-1077
show spantree bpdu-skewing
show spantree conflicts
2-1078
2-1080
show spantree defaultcostmode
show spantree guard
2-1082
2-1083
show spantree mapping
2-1085
show spantree mistp-instance
show spantree mst
2-1087
2-1089
show spantree mst config
show spantree portfast
2-1091
2-1093
show spantree portinstancecost
show spantree portvlancost
2-1095
show spantree statistics
2-1096
show spantree summary
2-1104
show spantree uplinkfast
show startup-config
show summertime
show system
2-1107
2-1109
2-1112
2-1113
show system highavailability
show system info-log
2-1117
2-1118
show system supervisor-update
show system switchmode
show tacacs
2-1119
2-1120
2-1121
show tech-support
show test
2-1094
2-1123
2-1126
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xxiii
Contents
show time
2-1131
show timezone
show top
2-1132
2-1133
show top report
show traffic
2-1135
2-1137
show trunk
2-1138
show udld
2-1141
show users
2-1143
show version
show vlan
2-1144
2-1147
show vlan counters
2-1152
show vlan verify-port-provisioning
show vmps
2-1155
show vmps mac
2-1157
show vmps statistics
show vmps vlan
show vtp
2-1158
2-1159
2-1160
show vtp domain
2-1162
show vtp statistics
slip
2-1154
2-1164
2-1166
squeeze
stack
2-1167
2-1168
switch
2-1169
switch console
switch fabric
sync
2-1171
2-1172
sysret
2-1173
tclquit
2-1174
tclsh
2-1170
2-1175
telnet
2-1176
test cable-diagnostics
test snmp trap
traceroute
unalias
undelete
2-1177
2-1179
2-1180
2-1183
2-1184
Catalyst 6500 Series Switch Command Reference—Release 8.1
xxiv
78-15474-01
Contents
unset=varname
varname=
verify
wait
2-1186
2-1187
2-1188
whichboot
write
2-1185
2-1189
2-1190
write tech-support
2-1193
APPENDIX
A
Acronyms
APPENDIX
B
Acknowledgments for Open-Source Software
A-1
B-1
INDEX
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xxv
Contents
Catalyst 6500 Series Switch Command Reference—Release 8.1
xxvi
78-15474-01
Preface
This preface describes the audience, organization, and conventions of this publication and provides
information on how to obtain related documentation.
Audience
This publication is for experienced network administrators who are responsible for configuring and
maintaining Catalyst 6500 series switches.
Organization
This publication is organized as follows:
Chapter
Title
Description
Chapter 1
Command-Line
Interfaces
Describes the two types of CLIs found on
Catalyst 6500 series switches.
Chapter 2
Catalyst 6500 Series
Switch and ROM
Monitor Commands
Lists alphabetically and provides detailed
information for all Catalyst 6500 series
switch and ROM-monitor commands.
Appendix A
Acronyms
Defines the acronyms used in this
publication.
Related Documentation
Other documents in the Catalyst 6500 series switch documentation set include:
•
Catalyst 6500 Series Installation Guide
•
Catalyst 6000 Series Installation Guide
•
Catalyst 6500 Series Module Installation Guide
•
Catalyst 6500 Series Software Configuration Guide
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xxvii
Preface
Conventions
•
System Message Guide—Catalyst 6500 Series, 4000 Family, Catalyst 2948G, and Catalyst 2980G
Switches
•
Catalyst 6500 Series Quick Software Configuration Guide
•
ATM Software Configuration Guide and Command Reference for the Catalyst 5000 Family and 6500
Series Switches
•
Release Notes for Catalyst 6500 Series
For information about MIBs, refer to:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Conventions
This publication uses the following conventions:
Convention
Description
boldface font
Commands, command options, and keywords are in
boldface.
italic font
Arguments for which you supply values are in italics.
[ ]
Elements in square brackets are optional.
{x|y|z}
Alternative keywords are grouped in braces and separated by
vertical bars.
[x|y|z]
Optional alternative keywords are grouped in brackets and
separated by vertical bars.
string
A nonquoted set of characters. Do not use quotation marks
around the string or the string will include the quotation
marks.
screen
font
Terminal sessions and information the system displays are in
font.
screen
boldface screen
Information you must enter is in boldface
screen
font.
font
italic screen font
Arguments for which you supply values are in italic screen
font.
^
The symbol ^ represents the key labeled Control—for
example, the key combination ^D in a screen display means
hold down the Control key while you press the D key.
< >
Nonprinting characters, such as passwords are in angle
brackets.
[ ]
Default responses to system prompts are in square brackets.
!, #
An exclamation point (!) or a pound sign (#) at the beginning
of a line of code indicates a comment line.
Catalyst 6500 Series Switch Command Reference—Release 8.1
xxviii
78-15474-01
Preface
Obtaining Documentation
Notes use the following conventions:
Note
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
publication.
Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and other technical
resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM
package, which may have shipped with your product. The Documentation CD-ROM is updated regularly
and may be more current than printed documentation. The CD-ROM package is available as a single unit
or through an annual or quarterly subscription.
Registered Cisco.com users can order a single Documentation CD-ROM (product number
DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html
All users can order annual or quarterly subscriptions through the online Subscription Store:
http://www.cisco.com/go/subscription
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xxix
Preface
Obtaining Technical Assistance
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from
the Networking Products MarketPlace:
http://www.cisco.com/en/US/partner/ordering/index.shtml
•
Nonregistered Cisco.com users can order documentation through a local account representative by
calling Cisco Systems Corporate Headquarters (California, USA.) at 408 526-7208 or, elsewhere in
North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click
Feedback at the top of the page.
You can send your comments in e-mail to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco
Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online
and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical
assistance.
Cisco TAC Website
The Cisco TAC website (http://www.cisco.com/tac) provides online documents and tools for
troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC
website is available 24 hours a day, 365 days a year.
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you
have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Catalyst 6500 Series Switch Command Reference—Release 8.1
xxx
78-15474-01
Preface
Obtaining Additional Publications and Information
Opening a TAC Case
The online TAC Case Open Tool (http://www.cisco.com/tac/caseopen) is the fastest way to open P3 and
P4 cases. (Your network is minimally impaired or you require product information). After you describe
your situation, the TAC Case Open Tool automatically recommends resources for an immediate
solution. If your issue is not resolved using these recommendations, your case will be assigned to a Cisco
TAC engineer.
For P1 or P2 cases (your production network is down or severely degraded) or if you do not have Internet
access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2
cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is “down” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
•
The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as
ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
•
Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new
and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking
Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design
Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:
http://www.ciscopress.com
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
xxxi
Preface
Obtaining Additional Publications and Information
•
Packet magazine is the Cisco quarterly publication that provides the latest networking trends,
technology breakthroughs, and Cisco products and solutions to help industry professionals get the
most from their networking investment. Included are networking deployment and troubleshooting
tips, configuration examples, customer case studies, tutorials and training, certification information,
and links to numerous in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/go/packet
•
iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet
business strategies for executives. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•
Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
•
Training—Cisco offers world-class networking training. Current offerings in network training are
listed at this URL:
http://www.cisco.com/en/US/learning/index.html
Catalyst 6500 Series Switch Command Reference—Release 8.1
xxxii
78-15474-01
C H A P T E R
1
Command-Line Interfaces
This chapter describes the command-line interfaces (CLI) available on the Catalyst 6500 series switches
and contains these sections:
•
Switch CLI, page 1-1
•
ROM Monitor CLI, page 1-17
For information regarding the ATM CLI and commands, refer to the ATM Software Configuration Guide
and Command Reference—Catalyst 5000 Family and 6500 Series Switches publication.
For information regarding the IDSM CLI and commands, refer to the Catalyst 6500 Series
Intrusion Detection System Module Installation and Configuration Note publication.
For definitions of terms and acronyms listed in this publication, see Appendix A, “Acronyms.”
Switch CLI
Catalyst 6500 series switches are multimodule systems. Commands you enter from the CLI can apply to
the entire system or to a specific module, port, or VLAN.
You can configure and maintain the Catalyst 6500 series switches by entering commands from the switch
CLI. The CLI is a basic command-line interpreter similar to the UNIX C shell. Using the CLI session
command, you can access the router configuration software and perform tasks such as history
substitution and alias creation.
Note
The Catalyst 6500 series consists of the Catalyst 6500 and 6000 series switches. The Catalyst 6500 series
consists of the Catalyst 6006, 6009, 6503, 6506, 6509, 6509-NEB, and 6513 switches. Throughout this
publication and all Catalyst 6500 series documents, the phrase Catalyst 6500 series switches refers to
these switches, unless otherwise noted.
Accessing the Switch CLI
You can access the switch CLI from a console terminal connected to an EIA/TIA-232 port or through a
Telnet session. The CLI allows fixed baud rates. Telnet sessions disconnect automatically after
remaining idle for a user-defined time period.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-1
Chapter 1
Command-Line Interfaces
Switch CLI
Note
EIA/TIA-232 was known as RS-232 before its acceptance as a standard by the Electronic Industries
Alliance and Telecommunications Industry Association.
Accessing the Switch CLI via the Console Port (EIA/TIA-232)
To access the switch through the console (EIA/TIA-232) port, perform these steps:
Task
Command
Step 1
From the Cisco Systems Console
prompt, press Return.
Step 2
<password>
At the prompt, enter the system
password. The Console> prompt
appears, indicating that you have
accessed the CLI in normal mode.
Step 3
Enter the necessary commands to
complete your desired tasks.
Appropriate commands
Step 4
When finished, exit the session.
quit
After connecting through the console port, you see this display:
Cisco Systems Console
Enter password:
Console>
Console>
Accessing the Switch CLI via Telnet
To access the switch through a Telnet session, you must first set the IP address for the switch. You can
open multiple sessions to the switch via Telnet.
To access the switch from a remote host with Telnet, perform these steps:
Task
Command
Step 1
telnet hostname | ip_addr
From the remote host, enter the
telnet command and the name or
IP address of the switch you want
to access.
Step 2
At the prompt, enter the password <password>
for the CLI. If no password has
been configured, press Return.
Step 3
Enter the necessary commands to
complete your desired tasks.
Appropriate commands
Step 4
When finished, exit the Telnet
session.
quit
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-2
78-15474-01
Chapter 1
Command-Line Interfaces
Switch CLI
After connecting through a Telnet session, you see this display:
host% telnet cat6000-1.cisco.com
Trying 172.16.44.30 ...
Connected to cat6000-1.
Operating the Switch CLI
This section describes command modes and functions that allow you to operate the switch CLI.
Accessing the Command Modes
The CLI has two modes of operation: normal and privileged. Both are password-protected. Use
normal-mode commands for everyday system monitoring. Use privileged commands for system
configuration and basic troubleshooting.
After you log in, the system enters normal mode, which gives you access to normal-mode commands
only. You can enter privileged mode by entering the enable command followed by the enable password.
Privileged mode is indicated by the word “enable” in the system prompt. To return to normal mode, enter
the disable command at the prompt.
The following example shows how to enter privileged mode:
Console> enable
Enter password: <password>
Console> (enable)
Using Command-Line Processing
Switch commands are not case sensitive. You can abbreviate commands and parameters as long as they
contain enough letters to be different from any other currently available commands or parameters. You
can scroll through the last 20 commands stored in the history buffer and enter or edit the command at
the prompt. (See Table 1-1.)
Table 1-1
Command-Line Processing Keystroke
Keystroke
Function
Ctrl-A
Jumps to the first character of the command line.
Ctrl-B or the left arrow key
Moves the cursor back one character.
Ctrl-C
Escapes and terminates prompts and tasks.
Ctrl-D
Deletes the character at the cursor.
Ctrl-E
Jumps to the end of the current command line.
Ctrl-F or the right arrow key
1
Moves the cursor forward one character.
Ctrl-K
Deletes from the cursor to the end of the command line.
Ctrl-L; Ctrl-R
Repeats current command line on a new line.
Ctrl-N or the down arrow key
Ctrl-P or the up arrow key
1
1
Enters next command line in the history buffer.
Enters previous command line in the history buffer.
Ctrl-U; Ctrl-X
Deletes from the cursor to the beginning of the command line.
Ctrl-W
Deletes last word typed.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-3
Chapter 1
Command-Line Interfaces
Switch CLI
Table 1-1
Command-Line Processing Keystroke (continued)
Keystroke
Function
Esc B
Moves the cursor back one word.
Esc D
Deletes from the cursor to the end of the word.
Esc F
Moves the cursor forward one word.
Delete key or Backspace key
Erases a mistake when entering a command; reenter the
command after using this key.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Using the Command-Line Editing Features
Catalyst 6500 series switch software includes an enhanced editing mode that provides a set of editing
key functions similar to those of the Emacs editor. You can enter commands in uppercase, lowercase, or
a mix of both. Only passwords are case sensitive. You can abbreviate commands and keywords to the
number of characters that allow a unique abbreviation.
For example, you can abbreviate the show command to sh. After entering the command at the system
prompt, press Return to execute the command.
Moving Around on the Command Line
Perform one of these tasks to move the cursor around on the command line for corrections or changes:
Task
Keystrokes
Move the cursor back one character.
Press Ctrl-B or press the left arrow key1.
Move the cursor forward one character. Press Ctrl-F or press the right arrow key1.
Move the cursor to the beginning of the Press Ctrl-A.
command line.
Move the cursor to the end of the
command line.
Press Ctrl-E.
Move the cursor back one word.
Press Esc B.
Move the cursor forward one word.
Press Esc F.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Completing a Partial Command Name
If you cannot remember a complete command name, press the Tab key to allow the system to complete
a partial entry. To do so, perform this task:
Task
Keystrokes
Complete a command name.
Enter the first few letters and press the
Tab key.
If your keyboard does not have a Tab key, press Ctrl-I instead.
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-4
78-15474-01
Chapter 1
Command-Line Interfaces
Switch CLI
In the following example, when you enter the letters conf and press the Tab key, the system provides the
complete command:
Console> (enable) conf<Tab>
Console> (enable) configure
If you enter a set of characters that could indicate more than one command, the system beeps to indicate
an error. Enter a question mark (?) to obtain a list of commands that begin with that set of characters. Do
not leave a space between the last letter and the question mark (?). For example, three commands in
privileged mode start with co. To see what they are, enter co? at the privileged prompt. The system
displays all commands that begin with co, as follows:
Console> (enable) co?
configure connect copy
Pasting in Buffer Entries
The system provides a buffer that contains the last ten items you deleted. You can recall these items and
paste them in the command line by performing this task:
Task
Keystrokes
Recall the most recent entry in the Press Ctrl-Y.
buffer.
Recall the next buffer entry.
Press Esc Y.
The buffer contains only the last ten items you have deleted or cut. If you press Esc Y more than ten
times, you cycle back to the first buffer entry.
Editing Command Lines That Wrap
The new editing command set provides a wraparound feature for commands that extend beyond a single
line on the screen. When the cursor reaches the right margin, the command line shifts ten spaces to the
left. You cannot see the first ten characters of the line, but you can scroll back and check the syntax at
the beginning of the command. To scroll back, perform this task:
Task
Keystrokes
Return to the beginning of a
command line to verify that you
have entered a lengthy command
correctly.
Press Ctrl-B or the left arrow key repeatedly until
you scroll back to the beginning of the command
entry, or press Ctrl-A to return directly to the
beginning of the line1.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Use line wrapping with the command history feature to recall and modify previous complex command
entries. See the “Using History Substitution” section on page 1-8 for information about recalling
previous command entries.
The system assumes your terminal screen is 80 columns wide. If your screen has a different width, enter
the terminal width command to tell the router the correct width of your screen.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-5
Chapter 1
Command-Line Interfaces
Switch CLI
Deleting Entries
Perform one of these tasks to delete command entries if you make a mistake or change your mind:
Task
Keystrokes
Erase the character to the left of the cursor.
Press the Delete or Backspace key.
Delete the character at the cursor.
Press Ctrl-D.
Delete from the cursor to the end of the
command line.
Press Ctrl-K.
Delete from the cursor to the beginning of the Press Ctrl-U or Ctrl-X.
command line.
Delete the word to the left of the cursor.
Press Ctrl-W.
Delete from the cursor to the end of the word. Press Esc D.
Scrolling Down a Line or a Screen
When you use the help facility to list the commands in a particular mode, the list is often longer than the
terminal screen can display. In such cases, a ---More--- prompt is displayed at the bottom of the screen.
To view the next line or screen, perform these tasks:
Note
Task
Keystrokes
Scroll down one line.
Press the Return key.
Scroll down one screen.
Press the Spacebar.
The ---More--- prompt is used for any output that has more lines than can be displayed on the terminal
screen, including show command output.
Scrolling to Specified Text
If you enter /text and press the Return key at the --More-- prompt, the display starts two lines above the
line containing the text string. If the text string is not found, “Pattern Not Found” is displayed. You can
also enter “n” at the --More-- prompt to search for the last entered text string. You can use this search
method on all show commands that use the more buffer to display screen by screen ouput. The following
is a list of show commands that do not use the more buffer and do not support this feature:
•
show cam
•
show mls
•
show tech-support
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-6
78-15474-01
Chapter 1
Command-Line Interfaces
Switch CLI
Redisplaying the Current Command Line
If you enter a command and the system suddenly sends a message to your screen, you can recall your
current command line entry. To do so, perform this task:
Task
Keystrokes
Redisplay the current command line.
Press Ctrl-L or Ctrl-R.
Transposing Mistyped Characters
If you mistype a command entry, you can transpose the mistyped characters by performing this task:
Task
Keystrokes
Transpose the character to the left of the
cursor with the character located at the
cursor.
Press Ctrl-T.
Controlling Capitalization
You can change words to uppercase or lowercase, or capitalize a set of letters, with simple keystroke
sequences:
Task
Keystrokes
Capitalize at the cursor.
Press Esc C.
Change the word at the cursor to lowercase.
Press Esc L.
Capitalize letters from the cursor to the end
of the word.
Press Esc U.
Designating a Keystroke as a Command Entry
You can use a particular keystroke as an executable command. Perform this task:
Task
Keystrokes
Insert a code to indicate to the system that the Press Ctrl-V or Esc Q.
keystroke immediately following should be
treated as a command entry, not an editing
key.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-7
Chapter 1
Command-Line Interfaces
Switch CLI
Using Command Aliases
Like regular commands, aliases are not case sensitive. However, unlike regular commands, some aliases
cannot be abbreviated. See Table 1-2 for a list of switch CLI aliases that cannot be abbreviated.
Table 1-2
Switch CLI Command Aliases
Alias
Command
batch
configure
di
show
earl
cam
exit
quit
logout
quit
Using History Substitution
Commands that you enter during each terminal session are stored in a history buffer, which stores the
last 20 commands you entered during a terminal session. History substitution allows you to access these
commands without retyping them by using special abbreviated commands. (See Table 1-3.)
Table 1-3
History Substitution Commands
Command
Function
To repeat recent commands:
!!
Repeat the most recent command.
!-nn
Repeat the nnth most recent command.
!n
Repeat command n.
!aaa
Repeat the command beginning with string aaa.
!?aaa
Repeat the command containing the string aaa.
To modify and repeat the most recent command:
^aaa^bbb
Replace string aaa with string bbb in the most recent
command.
To add a string to the end of a previous command and repeat it:
!!aaa
Add string aaa to the end of the most recent command.
!n aaa
Add string aaa to the end of command n.
!aaa bbb
Add string bbb to the end of the command beginning with
string aaa.
!?aaa bbb
Add string bbb to the end of the command containing string
aaa.
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-8
78-15474-01
Chapter 1
Command-Line Interfaces
Switch CLI
Accessing Command Help
To see a list of top-level commands and command categories, type help in normal or privileged mode.
Context-sensitive help (usage and syntax information) for individual commands can be seen by
appending help to any specific command. If you enter a command using the wrong number of arguments
or inappropriate arguments, usage and syntax information for that command is displayed. Additionally,
appending help to a command category displays a list of commands in that category.
Top-Level Commands and Command Categories
In normal mode, use the help command to display a list of top-level commands and command categories,
as follows:
Console> help
Commands:
---------------------------------------------------------------------cd
Set default flash device
dir
Show list of files on flash device
enable
Enable privileged mode
help
Show this help screen
history
Show contents of history substitution buffer
l2trace
Layer2 trace between hosts
ping
Send echo packets to hosts
pwd
Show default flash device
quit
Exit from the Admin session
session
Tunnel to ATM or Router module
set
Set commands, use 'set help' for more info
show
Show commands, use 'show help' for more info
traceroute
Trace the route to a host
verify
Verify checksum of file on flash device
wait
Wait for x seconds
whichboot
Which file booted
Console>
In privileged mode, enter the help command to display a list of top-level commands and command
categories, as follows:
Console> (enable) help
Commands:
---------------------------------------------------------------------cd
Set default flash device
clear
Clear, use 'clear help' for more info
commit
Commit ACL to hardware and NVRAM
configure
Configure system from network
copy
Copy files between TFTP/RCP/module/flash devices
delete
Delete a file on flash device
dir
Show list of files on flash device
disable
Disable privileged mode
disconnect
Disconnect user session
download
Download code to a processor
enable
Enable privileged mode
format
Format a flash device
help
Show this help screen
history
Show contents of history substitution buffer
l2trace
Layer2 trace between hosts
ping
Send echo packets to hosts
pwd
Show default flash device
quit
Exit from the Admin session
reconfirm
Reconfirm VMPS
reload
Force software reload to linecard
reset
Reset system or module
rollback
Rollback changes made to ACL in editbuffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-9
Chapter 1
Command-Line Interfaces
Switch CLI
session
set
show
slip
squeeze
switch
telnet
test
undelete
upload
verify
wait
whichboot
write
Console> (enable)
Tunnel to ATM or Router module
Set commands, use 'set help' for more info
Show commands, use 'show help' for more info
Attach/detach Serial Line IP interface
Reclaim space used by deleted files
Switch to standby <clock|supervisor>
Telnet to a remote host
Test command, use 'test help' for more info
Undelete a file on flash device
Upload code from a processor
Verify checksum of file on flash device
Wait for x seconds
Which file booted
Write system configuration to terminal/network
Command Categories
On some commands (such as clear, set, and show), typing help after the command provides a list of
commands in that category. For example, this display shows a partial list of commands for the clear
category:
Console> (enable) clear help
Clear commands:
---------------------------------------------------------------------------clear alias
Clear aliases of commands
clear arp
Clear ARP table entries
clear banner
Clear Message Of The Day banner
clear boot
Clear booting environment variable
clear cam
Clear CAM table entries
clear channel
Clear PAgP statistical information
.
.
.
Context-Sensitive Help
Usage and syntax information for individual commands can be seen by appending help to any specific
command. For example, the following display shows usage and syntax information for the set length
command:
Console> set length help
Usage: set length <screenlength> [default]
(screenlength = 5..512, 0 to disable 'more' feature)
Console>
Designating Modules, Ports, and VLANs
The Catalyst 6500 series modules (module slots), ports, and VLANs are numbered starting with 1. The
supervisor engine module is module 1, residing in the top slot. On each module, port 1 is the leftmost
port. To reference a specific port on a specific module, the command syntax is mod/port. For example,
3/1 denotes module 3, port 1. In some commands, such as set trunk, set cam, and set vlan, you can enter
lists of ports and VLANs.
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-10
78-15474-01
Chapter 1
Command-Line Interfaces
Switch CLI
You can designate ports by entering the module and port number pairs, separated by commas. To specify
a range of ports, use a dash (-) between the module number and port number pairs. Dashes take
precedence over commas. The following examples show several ways of designating ports:
Example 1: 2/1,2/3 denotes module 2, port 1 and module 2, port 3.
Example 2: 2/1-12 denotes module 2, ports 1 through 12.
Example 3: 2/1-2/12 also denotes module 2, ports 1 through 12.
Each VLAN is designated by a single number. You can specify lists of VLANs the same way you do for
ports. Individual VLANs are separated by commas (,); ranges are separated by dashes (-). In the
following example, VLANs 1 through 10 and VLAN 1000 are specified:
1-10,1000
Designating MAC Addresses, IP and IPX Addresses, and IP Aliases
Some commands require a MAC address that you must designate in a standard format. The MAC address
format must be six hexadecimal numbers separated by hyphens, as shown in this example:
00-00-0c-24-d2-fe
Some commands require an IP address. The IP address format is 32 bits, written as four octets separated
by periods (dotted decimal format). IP addresses are made up of a network section, an optional subnet
section, and a host section, as shown in this example:
126.2.54.1
If DNS is configured properly on the switch, you can use IP host names instead of IP addresses. For
information on configuring DNS, refer to the Catalyst 6500 Series Switch Software Configuration
Guide.
If the IP alias table is configured, you can use IP aliases in place of the dotted decimal IP address. This
is true for most commands that use an IP address, except commands that define the IP address or IP alias.
When entering the IPX address syntax, use the following format:
•
IPX net address—1..FFFFFFFE
•
IPX node address—x.x.x where x is 0..FFFF
•
IPX address—ipx_net.ipx_node (for example 3.0034.1245.AB45, A43.0000.0000.0001)
Using Command Completion Features
The command completion features consist of these functions:
•
Using Command Self-Repeat
•
Using Keyword Lookup
•
Using Partial Keyword Lookup
•
Using Command Completion
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-11
Chapter 1
Command-Line Interfaces
Switch CLI
Using Command Self-Repeat
Use the command self-repeat function to display matches to all possible keywords if a string represents
a unique match. If a unique match is not found, the longest matching string is provided. To display the
matches, enter a space after the last parameter and enter ?. Once the matches are displayed, the system
comes back to the prompt and displays the last command without the ?. In the following example, notice
how the system repeats the command entered without the ?:
Console> (enable) set mls nde
disable
Disable multilayer switching data export filter
enable
Enable multilayer switching data export filter
engineer
Engineer setting of the export filter
flow
Setting multilayer switching export filter
<collector_ip>
IP address
Console> (enable) set mls nde
Using Keyword Lookup
Use the keyword-lookup function to display a list of valid keywords and arguments for a command. To
display the matches, enter a space after the last parameter and enter ?. For example, five parameters are
used by the set mls command. To see these parameters, enter set mls ? at the privileged prompt. In the
following example, notice how the system repeats the command entered without the ?:
Console> (enable) set mls ?
agingtime
exclude
flow
nde
statistics
Console> (enable) set mls
Set agingtime for MLS cache entry
Set MLS excluded protocol ports
Set minimum flow mask
Configure Netflow Data Export
Add protocols to protocol statistics list
Using Partial Keyword Lookup
Use the partial keyword-lookup function to display a list of commands that begin with a specific set of
characters. To display the matches, enter ? immediately after the last parameter. For example, enter co?
at the privileged prompt to display a list of commands that start with co. The system displays all
commands that begin with co and repeats the command entered without the ?:
Console> (enable) co?
commit
configure
copy
Console> (enable) co
Commit ACL to hardware and NVRAM
Configure system from network
Copy files between TFTP/RCP/module/flash devices
Using Command Completion
Use the command completion function to complete a command or keyword. When you enter a unique
partial character string and press Tab, the system completes the command or keyword on the command
line. For example, if you enter co at the privileged prompt and press Tab, the system completes the
command as configure because it is the only command that matches the criteria.
If no completion can be done, no action is carried out and the system returns to the prompt and the last
command. The cursor appears immediately after the keyword, allowing you to enter additional
information.
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-12
78-15474-01
Chapter 1
Command-Line Interfaces
Switch CLI
Using the CLI String Search
The pattern in the command output is referred to as a string. The CLI string search feature allows you to
search or filter any show or more command output and allows you to search and filter at --More-prompts. This feature is useful when you need to sort though large amounts of output or if you want to
exclude output that you do not need to see.
With the search function, you can begin unfiltered output at the first line that contains a regular
expression you specify. You can then specify a maximum of one filter per command or start a new search
from the --More-- prompt.
A regular expression is a pattern (a phrase, number, or more complex pattern) that software uses to match
against show or more command output. Regular expressions are case sensitive and allow for complex
matching requirements. Examples of simple regular expressions are Serial, misses, and 138. Examples
of complex regular expressions are 00210..., ( is ), and [Oo]utput.
You can perform three types of filtering:
•
Use the begin keyword to begin output with the line that contains a specified regular expression.
•
Use the include keyword to include output lines that contain a specified regular expression.
•
Use the exclude keyword to exclude output lines that contain a specified regular expression.
You can then search this filtered output at the --More-- prompts.
Note
The CLI string search function does not allow you to search or filter backward through previous output;
filtering cannot be specified using HTTP access to the CLI.
Regular Expressions
A regular expression can be a single character that matches the same single character in the command
output or multiple characters that match the same multiple characters in the command output. This
section describes how to create both single-character patterns and multiple-character patterns and how
to create more complex regular expressions using multipliers, alternation, anchoring, and parentheses.
Single-Character Patterns
The simplest regular expression is a single character that matches the same single character in the
command output. You can use any letter (A-Z, a-z) or digit (0-9) as a single-character pattern. You can
also use other keyboard characters (such as ! or ~) as single-character patterns, but certain keyboard
characters have special meaning when used in regular expressions. Table 1-4 lists the keyboard
characters with special meaning.
Table 1-4
Characters with Special Meaning
Character
Special Meaning
.
Matches any single character, including white space.
*
Matches 0 or more sequences of the pattern.
+
Matches 1 or more sequences of the pattern.
?
Matches 0 or 1 occurrences of the pattern.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-13
Chapter 1
Command-Line Interfaces
Switch CLI
Table 1-4
Characters with Special Meaning (continued)
Character
Special Meaning
^
Matches the beginning of the string.
$
Matches the end of the string.
_ (underscore)
Matches a word delimiter. All alphanumeric characters and the underscore
itself (_) form a word.
To enter these special characters as single-character patterns, remove the special meaning by preceding
each character with a backslash (\). These examples are single-character patterns matching a dollar sign,
an underscore, and a plus sign, respectively.
\$ \_ \+
You can specify a range of single-character patterns to match against command output. For example, you
can create a regular expression that matches a string containing one of the following letters: a, e, i, o, or
u. One and only one of these characters must exist in the string for pattern matching to succeed. To
specify a range of single-character patterns, enclose the single-character patterns in square brackets
([ ]). For example,
[aeiou]
matches any one of the five vowels of the lowercase alphabet, while
[abcdABCD]
matches any one of the first four letters of the lower- or uppercase alphabet.
You can simplify ranges by entering only the end points of the range separated by a dash (-). Simplify
the previous range as follows:
[a-dA-D]
To add a dash as a single-character pattern in your range, include another dash and precede it with a
backslash:
[a-dA-D\-]
You can also include a right square bracket (]) as a single-character pattern in your range. To do so, enter
the following:
[a-dA-D\-\]]
The previous example matches any one of the first four letters of the lower- or uppercase alphabet, a
dash, or a right square bracket.
You can reverse the matching of the range by including a caret (^) at the start of the range. This example
matches any letter except the ones listed:
[^a-dqsv]
This example matches anything except a right square bracket (]) or the letter d:
[^\]d]
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-14
78-15474-01
Chapter 1
Command-Line Interfaces
Switch CLI
Multiple-Character Patterns
When creating regular expressions, you can also specify a pattern containing multiple characters. You
create multiple-character regular expressions by joining letters, digits, or keyboard characters that do not
have special meaning. For example, a4% is a multiple-character regular expression. Put a backslash in
front of the keyboard characters that have special meaning when you want to remove their special
meaning.
With multiple-character patterns, order is important. The regular expression a4% matches the character
a followed by a 4 followed by a % sign. If the string does not have a4%, in that order, pattern matching
fails. This multiple-character regular expression
a.
uses the special meaning of the period character to match the letter a followed by any single character.
With this example, the strings ab, a!, or a2 are all valid matches for the regular expression.
You can remove the special meaning of the period character by putting a backslash in front of it. In the
following expression
a\.
only the string a. matches this regular expression.
You can create a multiple-character regular expression containing all letters, all digits, all keyboard
characters, or a combination of letters, digits, and other keyboard characters. These examples are all
valid regular expressions:
telebit 3107 v32bis
Multipliers
You can create more complex regular expressions to match multiple occurrences of a specified regular
expression by using some special characters with your single- and multiple-character patterns. Table 1-5
lists the special characters that specify “multiples” of a regular expression.
Table 1-5
Special Characters Used as Multipliers
Character
Description
*
Matches 0 or more single- or multiple-character patterns.
+
Matches 1 or more single- or multiple-character patterns.
?
Matches 0 or 1 occurrences of the single- or multiple-character patterns.
This example matches any number of occurrences of the letter a, including none:
a*
This pattern requires that at least one letter a in the string is matched:
a+
This pattern matches the string bb or bab:
ba?b
This string matches any number of asterisks (*):
\**
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-15
Chapter 1
Command-Line Interfaces
Switch CLI
To use multipliers with multiple-character patterns, you enclose the pattern in parentheses. In the
following example, the pattern matches any number of the multiple-character string ab:
(ab)*
As a more complex example, this pattern matches one or more instances of alphanumeric pairs (but not
none; that is, an empty string is not a match):
([A-Za-z][0-9])+
The order for matches using multipliers (*, +, or ?) is to put the longest construct first. Nested constructs
are matched from outside to inside. Concatenated constructs are matched beginning at the left side of the
construct. Thus, the regular expression matches A9b3 but not 9Ab3 because the letters are specified
before the numbers.
Alternation
Alternation allows you to specify alternative patterns to match against a string. You separate the
alternative patterns with a vertical bar (|). Exactly one of the alternatives can match the string. For
example, the regular expression
codex | telebit
matches the string codex or the string telebit but not both codex and telebit.
Anchoring
You can match a regular expression pattern against the beginning or the end of the string. That is, you
can specify that the beginning or end of a string contains a specific pattern. You “anchor” these regular
expressions to a portion of the string using the special characters shown in Table 1-6.
Table 1-6
Special Characters Used for Anchoring
Character
Description
^
Matches the beginning of the string.
$
Matches the end of the string.
This regular expression matches a string only if the string starts with abcd:
^abcd
In contrast, this expression is in a range that matches any single letter, as long as it is not the letters a, b,
c, or d:
[^abcd]
With this example, the regular expression matches a string that ends with .12:
$\.12
Contrast these anchoring characters with the special character underscore (_). The underscore matches
the beginning of a string (^), the end of a string ($), parentheses ( ), space ( ), braces { }, comma (,), or
underscore (_). With the underscore character, you can specify that a pattern exist anywhere in the string.
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-16
78-15474-01
Chapter 1
Command-Line Interfaces
ROM Monitor CLI
For example:
_1300_
matches any string that has 1300 somewhere in the string. The string’s 1300 can be preceded by or end
with a space, brace, or comma. For example:
{1300- or {1300:
matches the regular expression, but 21300 and 13000 do not.
Using the underscore character, you can replace long regular expression lists, such as the following:
^1300$ ^1300(space) (space)1300 {1300, ,1300, {1300} ,1300, (1300
with
_1300_
ROM Monitor CLI
The ROM monitor is a ROM-based program that executes upon platform startup, reset, or when a fatal
exception occurs.
Accessing the ROM Monitor CLI
The system enters ROM-monitor mode if the switch does not find a valid system image, if the NVRAM
configuration is corrupted, or if the configuration register is set to enter ROM-monitor mode. From the
ROM-monitor mode, you can load a system image manually from Flash memory, from a network server
file, or from bootflash. You can also enter ROM-monitor mode by restarting the switch and pressing the
Break key during the first 60 seconds of startup.
Note
Break is always enabled for 60 seconds after rebooting the system, regardless of whether Break is
configured to be off by configuration register settings.
To connect through a terminal server, escape to the Telnet prompt, and enter the send break command
to break back to the ROM-monitor mode.
Operating the ROM Monitor CLI
The ROM monitor commands are used to load and copy system images, microcode images, and
configuration files. System images contain the system software. Microcode images contain microcode
to be downloaded to various hardware devices. Configuration files contain commands to customize
Catalyst 6500 series software.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
1-17
Chapter 1
Command-Line Interfaces
ROM Monitor CLI
The manual boot command has the following syntax:
Note
Enter the copy file-id {tftp | flash | file-id} command to obtain an image from the network.
•
boot—Boot from ROM
•
boot [-xv] [device:][imagename]—Boot from the local device. If you do not specify an image name,
the system defaults to the first valid file in the device. The image name is case sensitive.
Once you are in ROM-monitor mode, the prompt changes to rommon 1>. While you are in ROM-monitor
mode, each time you enter a command, the number in the prompt increments by one.
Catalyst 6500 Series Switch Command Reference—Release 8.1
1-18
78-15474-01
C H A P T E R
2
Catalyst 6500 Series Switch and ROM Monitor
Commands
This chapter contains an alphabetical listing of all switch and ROM monitor commands available on the
Catalyst 6500 series switches.
For information regarding ATM module-related commands, refer to the ATM Configuration Guide and
Command Reference—Catalyst 5000 and 6000 Family Switches.
For information regarding IDS module-related commands, refer to the Catalyst 6500 Series Intrusion
Detection System Module Installation and Configuration Note.
Except where specifically differentiated, the Layer 3 switching engine refers to one of the following:
•
Supervisor Engine 1 with Layer 3 Switching Engine WS-F6K-PFC (Policy Feature Card)
•
Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-1
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
alias
alias
To set and display command aliases, use the alias command.
alias [name=value]
Syntax Description
name=
(Optional) Name you give to the alias.
value
(Optional) Value of the alias.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Usage Guidelines
If value contains white space or other special (shell) characters, you must use quotation marks. If value
has a space as its last character, the next command line word is checked for an alias. (Normally, only the
first word on a command line is checked.)
Without an argument, this command prints a list of all aliased names with their values.
An equal sign (=) is required between the name and value of the alias.
You must issue a sync command to save your change. If you do not issue a sync command, the change
is not saved, and a reset removes your change.
Examples
This example shows how to display a list of available alias commands and how to create an alias for the
set command:
rommon 1 > alias
r=repeat
h=history
?=help
b=boot
ls=dir
i=reset
k=stack
rommon 2 > alias s=set
rommon 3 > alias
r=repeat
h=history
?=help
b=boot
ls=dir
i=reset
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-2
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
alias
k=stack
s=set
rommon 4 > s
PS1=rommon ! >
BOOT=bootflash:RTSYNC_llue_11,1;slot0:f1,1;
=========================================================================
Related Commands
unalias
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-3
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
boot
boot
To boot up an external process, use the boot command.
boot [-x] [-v] [device:][imagename]
Syntax Description
-x
(Optional) Load the image but do not execute.
-v
(Optional) Toggle verbose mode.
device:
(Optional) ID of the device.
imagename
(Optional) Name of the image.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Usage Guidelines
If you do not enter any arguments, the boot command boots the first image in bootflash. To specify an
image, enter the image name. To specify the device, enter the device ID.
If a device is not entered with an image name, the image is not booted.
If a device name is not recognized by the monitor, the monitor passes the device ID to the boot helper
image.
This command will not boot the MSFC if the PFC is not present in the Catalyst 6500 series switch.
Examples
This example shows how to use the boot command:
rommon 2 > boot bootflash:cat6000-sup.6-1-1.bin
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Uncompressing file:
##########################################################################################
##########################################################################################
################################################################################
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-4
78-15474-01
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
cd
cd
To set the default Flash device for the system, use the cd command.
cd [[m/]device:]
Syntax Description
m/
(Optional) Module number of the supervisor engine containing the Flash device.
device:
(Optional) Valid devices include bootflash and slot0.
Defaults
The default Flash device is bootflash.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
A colon (:) is required after the specified device.
With commands where the device is an option, if the default device is not specified, the device set by the
cd command is used.
Examples
This example shows how to set the system default Flash device to bootflash:
Console> cd bootflash:
Default flash device set to bootflash.
Console>
Related Commands
pwd
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-5
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear acllog
clear acllog
To disable ACL log rate limiting, use the clear acllog command.
clear acllog
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to disable ACL log rate limiting:
Console> (enable) clear acllog
ACL log rate limit is cleared.
If the ACLs-LOG were already applied, the rate limit mechanism will be disabled on system
restart, or after shut/no shut the interface.
Console> (enable)
Related Commands
set acllog ratelimit
show acllog
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-6
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear alias
clear alias
To clear the abbreviated versions of commands, use the clear alias command.
clear alias {name | all}
Syntax Description
name
Alternate identifier of the command.
all
Clears every alternate identifier previously created.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to erase the arpdel alias:
Console> (enable) clear alias arpdel
Command alias deleted.
Console> (enable)
This example shows how to erase all the aliases:
Console> (enable) clear alias all
Command alias table cleared. (1)
Console> (enable)
(1) indicates the number of command aliases cleared.
Related Commands
set alias
show alias
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-7
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear arp
clear arp
To delete a specific entry or all entries from the ARP table, use the clear arp command.
clear arp [all | dynamic | permanent | static] {ip_addr}
Syntax Description
all
(Optional) Clears all ARP entries.
dynamic
(Optional) Clears all dynamic ARP entries.
permanent
(Optional) Clears all permanent ARP entries.
static
(Optional) Clears all static ARP entries.
ip_addr
IP address to clear from the ARP table.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove IP address 198.133.219.209 from the ARP table:
Console> (enable) clear arp 198.133.219.209
ARP entry deleted.
Console> (enable)
This example shows how to remove all entries from the ARP table:
Console> (enable) clear arp all
ARP table cleared. (1)
Console> (enable)
(1) indicates the number of entries cleared.
This example shows how to remove all dynamically learned ARP entries:
Console> (enable) clear arp dynamic
Unknown host
Dynamic ARP entries cleared. (3)
Console> (enable)
This example shows how to clear all permanently entered ARP entries:
Console> (enable) clear arp permanent
Unknown host
Permanent ARP entries cleared.(5)
Console> (enable)
Related Commands
set arp
show arp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-8
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear banner motd
clear banner motd
To clear the message-of-the-day banner, use the clear banner motd command.
clear banner motd
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the message-of-the-day banner:
Console> (enable) clear banner motd
MOTD banner cleared
Console> (enable)
Related Commands
set banner motd
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-9
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear boot auto-config
clear boot auto-config
To clear the contents of the CONFIG_FILE environment variable used to specify the configuration files
used during bootup, use the clear boot auto-config command.
clear boot auto-config [mod]
Syntax Description
mod
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the auto-config file:
(Optional) Module number of the supervisor engine containing the Flash device.
Console> (enable) clear boot auto-config
CONFIG_FILE variable =
Console> (enable)
Related Commands
set boot auto-config
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-10
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear boot device
clear boot device
To clear the contents of the CONFIG_FILE environment variable used to specify the NAM startup
configuration files, use the clear boot device command.
clear boot device mod
Syntax Description
mod
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported by the NAM module only.
Examples
This example shows how to clear the NAM boot string from NVRAM for module 2:
Number of the module containing the Flash device.
Console> (enable) clear boot device 2
Device BOOT variable =
Console> (enable)
Related Commands
set boot device
show boot device
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-11
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear boot system
clear boot system
To clear the contents of the BOOT environment variable and the configuration register setting, use the
clear boot system command.
clear boot system all [mod]
clear boot system flash device:[filename] [mod]
Syntax Description
all
Clears the whole BOOT environment variable.
mod
(Optional) Module number of the supervisor engine containing the
Flash device.
flash
(Optional) Clears the Flash device.
device:
Name of the Flash device.
filename
(Optional) Filename of the Flash device.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the whole BOOT environment variable:
Console> (enable) clear boot system all
BOOT variable =
Console> (enable)
This example shows how to clear a specific device; note that the specified device is not listed:
Console> (enable) clear boot system flash bootflash:cat6000-sup.5-5-1.bin
BOOT variable = bootflash:cat6000-sup.6-1-1.bin,1;bootflash:cat6000-sup.5-5-2.
bin,1;
Console> (enable)
Related Commands
set boot system flash
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-12
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear cam
clear cam
To delete a specific entry or all entries from the CAM table, use the clear cam command.
clear cam mac_addr [vlan]
clear cam {dynamic | static | permanent} [vlan]
Syntax Description
mac_addr
One or more MAC addresses.
vlan
(Optional) Number of the VLAN; valid values are from 1 to 1000 and from
1025 to 4094.
dynamic
Clears the dynamic CAM entries from the CAM table.
static
Clears the static CAM entries from the CAM table.
permanent
Clears the permanent CAM entries from the CAM table.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove MAC address 00-40-0b-a0-03-fa from the CAM table:
Console> (enable) clear cam 00-40-0b-a0-03-fa
CAM table entry cleared.
Console> (enable)
This example shows how to clear dynamic entries from the CAM table:
Console> (enable) clear cam dynamic
Dynamic CAM entries cleared.
Console> (enable)
Related Commands
set cam
show cam
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-13
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear cam notification
clear cam notification
To clear the CAM notification counters and history log, use the clear cam notification command.
clear cam notification {all | counters | history}
Syntax Description
all
Clears the CAM notification counters and history log.
counters
Clears the CAM notification counters.
history
Clears the CAM notification history log.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the CAM notification counters and history log:
Console> (enable) clear cam notification all
MAC address notification counters and history log cleared.
Console> (enable)
This example shows how to clear the CAM notification counters:
Console> (enable) clear cam notification counters
MAC address notification counters cleared.
Console> (enable)
This example shows how to clear the CAM notification history log:
Console> (enable) clear cam notification history
MAC address notification history log cleared.
Console> (enable)
Related Commands
set cam notification
set snmp trap
show cam notification
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-14
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear channel statistics
clear channel statistics
To clear PAgP statistical information, use the clear channel statistics command.
clear channel statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear PAgP statistical information:
Console> (enable) clear channel statistics
PAgP statistics cleared.
Console> (enable)
Related Commands
show channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-15
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear config
clear config
To clear the system or module configuration information stored in NVRAM, use the clear config
command.
clear config {mod | rmon | all | snmpv3 | acl nvram | interface | sysinfo-log}
Syntax Description
mod
Number of the module.
rmon
Clears all RMON configurations, including the historyControlTable, the alarmTable,
the eventTable, and the ringStation ControlTable.
all
Clears all module and system configuration information, including the IP address.
snmpv3
Clears all SNMP version 3 configurations.
acl nvram
Clears all ACL configurations.
interface
Clears all interface configurations.
sysinfo-log
Clears all system information logging configurations.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you use a Multilayer Switch Module (MSM), you can enter the clear config command to clear the
portion of the MSM configuration retained by the Catalyst 6500 series switch supervisor engine. You
must clear the portion of the configuration kept by the MSM at the router level (at the router CLI
prompt).
Before using the clear config all command, save a backup of the configuration using the copy command.
Examples
This example shows how to delete the configuration information in NVRAM on module 2:
Console> (enable) clear config 2
This command will clear module 2 configuration.
Do you want to continue (y/n) [n]? y
..............................
Module 2 configuration cleared.
Console> (enable)
This example shows how to delete the configuration information stored in NVRAM on module 1
(the supervisor engine):
Console> (enable) clear config 1
This command will clear module 1 configuration.
Do you want to continue (y/n) [n]? y
......
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-16
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear config
Module 1 configuration cleared.
host%
This example shows how to delete all the configuration information for the Catalyst 6500 series
switches:
Console> (enable) clear config all
This command will clear all configuration in NVRAM.
Do you want to continue (y/n) [n]? y
...........................................
Connection closed by foreign host
host%
This example shows how to delete all the SNMP configuration information for the Catalyst 6500 series
switches:
Console> (enable) clear config snmpv3
This command will clear SNMPv3 configuration in NVRAM.
Do you want to continue (y/n) [n]? y
...........................................
Connection closed by foreign host
host%
This example shows how to delete all ACL configuration information from NVRAM:
Console> (enable) clear config acl nvram
ACL configuration has been deleted from NVRAM.
Warning:Use the copy commands to save the ACL configuration to a file
and the 'set boot config-register auto-config' commands to configure the
auto-config feature.
Console> (enable)
This example shows how to delete all system information logging configurations and return them to their
default settings:
Console> (enable) clear config sysinfo-log
Successfully cleared the system information logging configuration.
Console> (enable)
Related Commands
clear system info-log command
set config acl nvram
set system info-log
show config qos acl
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-17
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear config pvlan
clear config pvlan
To clear all private VLAN configurations in the system including port mappings, use the clear config
pvlan command.
clear config pvlan
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear all private VLAN configurations in the system:
Console> (enable) clear config pvlan
This command will clear all private VLAN configurations.
Do you want to continue (y/n) [n]? y
VLAN 15 deleted
VLAN 16 deleted
VLAN 17 deleted
VLAN 18 deleted
Private VLAN configuration cleared.
Console> (enable)
Related Commands
clear pvlan mapping
clear vlan
configure
set vlan
set pvlan
set pvlan mapping
show config
show pvlan
show pvlan mapping
show vlan
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-18
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear cops
clear cops
To clear Common Open Policy Service (COPS) configurations, use the clear cops command.
clear cops roles role1 [role2]...
clear cops all-roles
clear cops server all [diff-serv | rsvp]
clear cops server ipaddr [diff-serv | rsvp]
clear cops domain-name
Syntax Description
roles role#
Specifies the roles to clear.
all-roles
Clears all roles.
server
Specifies the COPS server.
all
Clears all server tables.
diff-serv
(Optional) Specifies the differentiated services server table.
rsvp
(Optional) Specifies the RSVP+ server table.
ipaddr
IP address or IP alias of the server.
domain-name Specifies the domain name of the server.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can use the clear cops all-roles command to clear all roles from all ports.
Examples
This example shows how to clear specific roles:
Console> (enable) clear cops roles backbone_port main_port
Roles cleared.
Console> (enable)
This example shows how to clear all roles:
Console> (enable) clear cops all-roles
All roles cleared.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-19
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear cops
This example shows how to clear all COPS servers:
Console> (enable) clear cops server all
All COPS servers cleared.
Console> (enable)
This example shows how to clear a specific COPS server:
Console> (enable) clear cops server my_server1
All COPS servers cleared.
Console> (enable)
This example shows how to clear the COPS domain name:
Console> (enable) clear cops domain-name
Domain name cleared.
Console> (enable)
Related Commands
set cops
show cops
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-20
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear counters
clear counters
To clear MAC counters, EtherChannel MAC counters, port counters, and the channel traffic percentile,
use the clear counters command.
clear counters [all | mod/ports]
Syntax Description
all
(Optional) Specifies all ports.
mod/ports
(Optional) Number of the module and the ports on the module.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a range of ports to be cleared, then all ports on the switch are cleared.
Examples
This example shows how to reset MAC and port counters to zero:
Console> (enable) clear counters
This command will reset all MAC and port counters reported in CLI and SNMP.
Do you want to continue (y/n) [n]? y
MAC and Port counters cleared.
Console> (enable)
This example shows how to reset MAC and port counters to zero for a specific module and port:
Console> (enable) clear counters 5/1
This command will reset MAC and port counters reported by the CLI for port(s) 5/1.
Do you want to continue (y/n) [n]? y
MAC and Port counters cleared.
Console> (enable)
Related Commands
restore counters
show port counters
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-21
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear crypto key rsa
clear crypto key rsa
To remove all RSA public-key pairs, use the clear crypto key rsa command.
clear crypto key rsa
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The crypto commands are supported on systems that run these image types only:
Examples
•
supk9 image—for example, cat6000-supk9.6-1-3.bin
•
supcvk9 image—for example, cat6000-supcvk9.6-1-3.bin
This example shows how to clear RSA key pairs:
Console> (enable) clear crypto key rsa
Do you really want to clear RSA keys (y/n) [n]? y
RSA keys has been cleared.
Console> (enable)
Related Commands
set crypto key rsa
show crypto key
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-22
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear dot1x config
clear dot1x config
To disable dot1x on all ports and return values to the default settings, use the clear dot1x config
command.
clear dot1x config
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to disable dot1x and return values to the default settings:
Console> (enable) clear dot1x config
This command will disable Dot1x and take values back to factory default.
Do you want to continue (y/n) [n]? y
Dot1x config cleared.
Console> (enable)
Related Commands
set port dot1x
show dot1x
show port dot1x
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-23
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ftp
clear ftp
To clear File Transfer Protocol (FTP) parameters, use the clear ftp command.
clear ftp [username | password | passive]
Syntax Description
username
(Optional) Clears the username for FTP connections.
password
(Optional) Clears the password for FTP connections.
passive
(Optional) Clears passive mode for FTP connections.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not enter any keywords, the system clears all FTP parameters.
Examples
This example shows how to clear the username for FTP connections:
Console> (enable) clear ftp username
Console> (enable)
This example shows how to clear the password for FTP connections:
Console> (enable) clear ftp password
Console> (enable)
This example shows how to clear passive mode for FTP connections:
Console> (enable) clear ftp passive
Console> (enable)
Related Commands
set ftp
show ftp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-24
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear gmrp statistics
clear gmrp statistics
To clear all the GMRP statistics information from a specified VLAN or all VLANs, use the clear gmrp
statistics command.
clear gmrp statistics {vlan | all}
Syntax Description
vlan
Number of the VLAN; valid values are from 1 to 1000 and from 1025 to 4094.
all
Specifies all VLANs.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear GMRP statistical information from all VLANs:
Console> (enable) clear gmrp statistics all
GMRP statistics cleared.
Console> (enable)
This example shows how to clear GMRP statistical information from VLAN 1:
Console> (enable) clear gmrp statistics 1
GMRP statistics cleared from VLAN 1.
Console> (enable)
Related Commands
show gmrp statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-25
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear gvrp statistics
clear gvrp statistics
To clear all the GVRP statistics information, use the clear gvrp statistics command.
clear gvrp statistics {mod/port | all}
Syntax Description
mod/port
Number of the module and port.
all
Specifies all ports.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear all GVRP statistical information:
Console> (enable) clear gvrp statistics all
GVRP statistics cleared for all ports.
Console> (enable)
This example shows how to clear GVRP statistical information for module 2, port 1:
Console> (enable) clear gvrp statistics 2/1
GVRP statistics cleared on port 2/1.
Console> (enable)
Related Commands
set gvrp
show gvrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-26
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear igmp statistics
clear igmp statistics
To clear IGMP snooping statistical information, use the clear igmp statistics command.
clear igmp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear IGMP statistical information:
Console> (enable) clear igmp statistics
IGMP statistics cleared.
Console> (enable)
Related Commands
set igmp
show igmp statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-27
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ip alias
clear ip alias
To clear IP aliases that were set using the set ip alias command, use the clear ip alias command.
clear ip alias {name | all}
Syntax Description
name
IP address alias to delete.
all
Specifies that all previously set IP address aliases be deleted.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete a previously defined IP alias named babar:
Console> (enable) clear ip alias babar
IP alias deleted.
Console> (enable)
Related Commands
set ip alias
show ip alias
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-28
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ip dns domain
clear ip dns domain
To clear the default DNS domain name, use the clear ip dns domain command.
clear ip dns domain
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the default DNS domain name:
Console> (enable) clear ip dns domain
Default DNS domain name cleared.
Console> (enable)
Related Commands
set ip dns domain
show ip dns
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-29
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ip dns server
clear ip dns server
To remove a DNS server from the DNS server listing, use the clear ip dns server command.
clear ip dns server {ip_addr | all}
Syntax Description
ip_addr
IP address of the DNS server you want to remove. An IP alias or a
host name that can be resolved through DNS can also be used.
all
Specifies all the IP addresses in the DNS server listing to be
removed.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove the DNS server at IP address 198.92.30.32 from the DNS server
listing:
Console> (enable) clear ip dns server 198.92.30.32
198.92.30.32 cleared from DNS table.
Console> (enable)
This example shows how to remove all DNS servers from the DNS server listing:
Console> (enable) clear ip dns server all
All DNS servers cleared
Console> (enable)
Related Commands
set ip dns server
show ip dns
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-30
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ip permit
clear ip permit
To remove a specified IP address and mask or all IP addresses and masks from the permit list, use the
clear ip permit command.
clear ip permit all
clear ip permit {ip_addr} [mask] [telnet | ssh | snmp | all]
Syntax Description
ip_addr
IP address to be cleared. An IP alias or a host name that can be resolved
through DNS can also be used.
mask
(Optional) Subnet mask of the specified IP address.
telnet
(Optional) Clears the entries in the Telnet permit list.
ssh
(Optional) Clears the entries in the SSH permit list.
snmp
(Optional) Clears the entries in the SNMP permit list.
all
(Optional) Clears all permit lists.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear ip permit all command clears the permit list but does not change the state of the IP permit
feature. A warning is displayed if all IP addresses are cleared from the permit list, and the feature is
enabled. If a mask other than the default (255.255.255.255) has been configured, you must provide both
the address and mask to clear a specific entry.
If the telnet, ssh, snmp, or all keyword is not specified, the IP address is removed from both the SNMP
and Telnet permit lists.
Examples
These examples show how to remove IP addresses:
Console> (enable) clear ip permit 172.100.101.102
172.100.101.102 cleared from IP permit list.
Console> (enable)
Console> (enable) clear ip permit 172.160.161.0 255.255.192.0 snmp
172.160.128.0 with mask 255.255.192.0 cleared from snmp permit list.
Console> (enable)
Console> (enable) clear ip permit 172.100.101.102 telnet
172.100.101.102 cleared from telnet permit list.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-31
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ip permit
Console> (enable) clear ip permit all
IP permit list cleared.
WARNING
IP permit list is still enabled.
Console> (enable)
Related Commands
set ip permit
show ip permit
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-32
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ip route
clear ip route
To delete IP routing table entries, use the clear ip route command.
clear ip route destination gateway
Syntax Description
destination
IP address of the host or network. An IP alias or a host name that
can be resolved through DNS can also be used.
gateway
IP address or alias of the gateway router.
Defaults
The default is destination. If the destination is not the active default gateway, the actual destination is
the default.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete the routing table entries using the clear ip route command:
Console> (enable) clear ip route 134.12.3.0 elvis
Route deleted.
Console> (enable)
Related Commands
set ip route
show ip route
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-33
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear kerberos clients mandatory
clear kerberos clients mandatory
To disable mandatory Kerberos authentication for services on the network, use the clear kerberos
clients mandatory command.
clear kerberos clients mandatory
Syntax Description
This command has no arguments or keywords.
Defaults
Kerberos clients are not set to mandatory.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not make Kerberos authentication mandatory and Kerberos authentication fails, the application
attempts to authenticate users using the default method of authentication for that network service. For
example, Telnet prompts for a password.
Examples
This example shows how to clear mandatory Kerberos authentication:
Console> (enable) clear kerberos clients mandatory
Kerberos clients mandatory cleared
Console> (enable)
Related Commands
set kerberos clients mandatory
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-34
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear kerberos credentials forward
clear kerberos credentials forward
To disable credentials forwarding, use the clear kerberos credentials forward command.
clear kerberos credentials forward
Syntax Description
This command has no arguments or keywords.
Defaults
The default is forwarding is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you have a ticket granting ticket (TGT) and are authenticated to a Kerberized switch, you can use the
TGT to authenticate to a host on the network. If forwarding is not enabled and you try to list credentials
after authenticating to a host, the output will show no Kerberos credentials are present.
Examples
This example shows how to disable Kerberos credentials forwarding:
Console> (enable) clear kerberos credentials forward
Kerberos credentials forwarding disabled
Console> (enable)
Related Commands
set kerberos clients mandatory
set kerberos credentials forward
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-35
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear kerberos creds
clear kerberos creds
To delete all the Kerberos credentials, use the clear kerberos creds command.
clear kerberos creds
Syntax Description
This command has no arguments or keywords.
Defaults
The command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you have a TGT and are authenticated to a Kerberized switch, you can use the TGT to authenticate to
a host on the network.
Examples
This example shows how to delete all Kerberos credentials:
Console> (enable) clear kerberos creds
Console> (enable)
Related Commands
set kerberos credentials forward
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-36
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear kerberos realm
clear kerberos realm
To clear an entry that maps the name of a Kerberos realm to a DNS domain name or a host name, use the
clear kerberos realm command.
clear kerberos realm {dns_domain | host} kerberos_realm
Syntax Description
dns_domain
DNS domain name to map to a Kerberos realm.
host
IP address or name to map to a Kerberos realm.
kerberos_realm
IP address or name of a Kerberos realm.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can map the name of a Kerberos realm to a DNS domain name or a host name with the set kerberos
realm command.
Examples
This example shows how to clear an entry mapping a Kerberos realm to a domain name:
Console> (enable) clear kerberos realm CISCO CISCO.COM
Kerberos DnsDomain-Realm entry CISCO - CISCO.COM deleted
Console> (enable)
Related Commands
set kerberos local-realm
set kerberos realm
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-37
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear kerberos server
clear kerberos server
To clear a specified Key Distribution Center (KDC) entry, use the clear kerberos server command.
clear kerberos server kerberos_realm {hostname | ip_address} [port_number]
Syntax Description
kerberos_realm
Name of a Kerberos realm.
hostname
Name of the host running the KDC.
ip_address
IP address of the host running the KDC.
port_number
(Optional) Number of the port on the module.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can specify to the switch which KDC to use in a Kerberos realm. This command clears a server entry
from the table.
Examples
This example shows how to clear a KDC server entered on the switch:
Console> (enable) clear kerberos server CISCO.COM 187.0.2.1 750
Kerberos Realm-Server-Port entry CISCO.COM-187.0.2.1-750 deleted
Console> (enable)
Related Commands
set kerberos server
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-38
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear key config-key
clear key config-key
To remove a private 3DES key, use the clear key config-key command.
clear key config-key string
Syntax Description
string
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove a private 3DES key:
Name of the 3DES key; the name should be no longer than eight bytes.
Console> (enable) clear key config-key abcd
Kerberos config key deleted
Console> (enable)
Related Commands
set key config-key
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-39
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear l2protocol-tunnel cos
clear l2protocol-tunnel cos
To clear the Layer 2 protocol tunneling CoS value for all ingress tunneling ports, use the clear
l2protocol-tunnel cos command.
clear l2protocol-tunnel cos
Syntax Description
This command has no arguments or keywords.
Defaults
The CoS value is restored to 5.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the Layer 2 protocol tunneling CoS value:
Console> (enable) clear l2protocol-tunnel cos
Default Cos set to 5.
Console> (enable)
Related Commands
clear l2protocol-tunnel statistics
set l2protocol-tunnel cos
set port l2protocol-tunnel
show l2protocol-tunnel statistics
show port l2protocol-tunnel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-40
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear l2protocol-tunnel statistics
clear l2protocol-tunnel statistics
To clear Layer 2 protocol tunneling statistics on a port or on all tunneling ports, use the clear
l2protocol-tunnel statistics command.
clear l2protocol-tunnel statistics [mod/port]
Syntax Description
mod/port
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a module and port number, the Layer 2 protocol tunneling statistics for all tunneling
ports and all VLANs are cleared.
Examples
This example shows how to clear the Layer 2 protocol tunneling statistics for a single port:
(Optional) Number of the module and port on the module. See the “Usage
Guidelines” section for more information.
Console> (enable) clear l2protocol-tunnel statistics 7/1
Layer 2 Protocol Tunneling statistics cleared on port 7/1.
Console> (enable)
Related Commands
clear l2protocol-tunnel cos
set l2protocol-tunnel cos
set port l2protocol-tunnel
show l2protocol-tunnel statistics
show port l2protocol-tunnel
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-41
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear lacp-channel statistics
clear lacp-channel statistics
To clear Link Aggregation Control Protocol (LACP) statistical information, use the clear lacp-channel
statistics command.
clear lacp-channel statistics
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
For differences between PAgP and LACP, refer to the “Guidelines for Port Configuration” section of the
“Configuring EtherChannel” chapter of the Catalyst 6500 Series Switch Software Configuration Guide.
Examples
This example shows how to clear LACP statistical information:
Console> (enable) clear lacp-channel statistics
LACP channel counters are cleared.
Console> (enable)
Related Commands
set channelprotocol
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-42
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear lda
clear lda
To remove the accelerated server load balancing (ASLB) MLS entries or MAC addresses from the
switch, use the clear lda command.
clear lda mls
clear lda mls [destination ip_addr_spec] [source ip_addr_spec] [protocol protocol
src-port src_port dst-port dst_port]
clear lda vip {all | vip | vip tcp_port}
clear lda mac {all | router_mac_address}
Syntax Description
mls
Removes an LDA MLS entry.
destination
ip_addr_spec
(Optional) Full destination IP address or a subnet address in these
formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit.
source
ip_addr_spec
(Optional) Full source IP address or a subnet address in these
formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit.
protocol
protocol
(Optional) Specifies additional flow information (protocol family
and protocol port pair) to be matched; valid values include tcp, udp,
icmp, or a decimal number for other protocol families.
src-port
src_port
(Optional) Specifies the number of the TCP/UDP source port
(decimal). Used with dst-port to specify the port pair if the protocol
is tcp or udp. 0 indicates “do not care.”
dst-port
dst_port
(Optional) Specifies the number of the TCP/UDP destination port
(decimal). Used with src-port to specify the port pair if the protocol
is tcp or udp. 0 indicates “do not care.”
vip all
Removes all VIP couples (set using the set lda command).
vip vip
Specifies a VIP.
vip vip
tcp_port
Specifies a VIP and port couple.
mac all
Clears all ASLB router MAC addresses.
mac
router_mac_
address
Clears a specific router MAC address.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-43
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear lda
Usage Guidelines
This command is supported only on switches configured with the Supervisor Engine 1 with Layer 3
Switching Engine WS-F6K-PFC (Policy Feature Card).
Entering the destination keyword specifies the entries matching the destination IP address specification,
entering the source keyword specifies the entries matching the source IP address specification, and
entering an ip_addr_spec can specify a full IP address or a subnet address. If you do not specify a
keyword, it is treated as a wildcard, and all entries are displayed.
When entering the ip_addr_spec, use the full IP address or a subnet address in one of the following
formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit.
If you do not enter any keywords, the LD is removed from the switch, and the LD configuration is
removed from NVRAM.
If you do not enter any keywords with the clear lda mls command, all ASLB MLS entries are cleared.
Examples
This example shows how to clear the ASLB MLS entry at a specific destination address:
Console> (enable) clear lda mls destination 172.20.26.22
MLS IP entry cleared.
Console> (enable)
This example shows how to delete a VIP and port pair (VIP 10.0.0.8, port 8):
Console> (enable) clear lda vip 10.0.0.8 8
Successfully deleted vip/port pairs.
Console> (enable)
This example shows how to clear all ASLB router MAC addresses:
Console> (enable) clear lda mac all
Successfully cleared Router MAC address.
Console> (enable)
This example shows how to clear a specific ASLB router MAC address:
Console> (enable) clear lda mac 1-2-3-4-5-6
Successfully cleared Router MAC address.
Console> (enable)
Related Commands
commit lda
set lda
show lda
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-44
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear localuser
clear localuser
To delete a local user account from the switch, use the clear localuser command.
clear localuser name
Syntax Description
name
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete a local user account:
Specifies the local user account.
Console> (enable) clear localuser troy
Local user cleared.
Console> (enable)
Related Commands
set localuser
show localuser
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-45
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear log
clear log
To delete module, system error log, or dump log entries, use the clear log command.
clear log [mod]
clear log dump
Syntax Description
mod
(Optional) Module number.
dump
Clears dump log entries.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a module number, the system error log for the entire system is erased.
Examples
This example shows how to clear the system error log:
Console> (enable) clear log
System error log cleared.
Console> (enable)
This example shows how to clear the dump log:
Console> (enable) clear log dump
Console> (enable)
Related Commands
show log
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-46
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear log command
clear log command
To clear the command log entry table, use the clear log command command.
clear log command [mod]
Syntax Description
mod
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The command log entry table is a history log of the commands sent to the switch from the console or Telnet.
Examples
This example shows how to clear the command log table for the switch:
(Optional) Number of the module.
Console> (enable) clear log command
Local-log cleared
Console> (enable)
This example shows how to clear the command log table for a specific module:
Console> (enable) clear log command 3
Module 3 log cleared.
Console> (enable)
Related Commands
show log command
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-47
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging buffer
clear logging buffer
To clear the system logging buffer, use the clear logging buffer command.
clear logging buffer
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the system logging buffer:
Console> (enable) clear logging buffer
System logging buffer cleared.
Console> (enable)
Related Commands
show logging buffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-48
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging callhome
clear logging callhome
To retore the CallHome default values or to clear a destination address used in the CallHome feature, use
the clear logging destination command.
clear logging callhome all
clear logging callhome destination {E_addr | all}
Syntax Description
all
Restores default values for CallHome functionality.
destination
Clears destination address for CallHome messages.
E_addr
E-mail or E-pager address to receive syslog messages.
all
Clears all destination addresses.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to restore all default values for CallHome functionality:
Console> (enable) clear logging callhome all
Removed all addresses from the callhome destination address table.
Cleared the from address field of callhome messages.
Cleared the reply-to address field of callhome messages.
Cleared callhome severity level to its default value of 2 (LOG_CRIT).
Removed all IP address from the callhome SMTP server table.
Callhome functionality is disabled.
Console> (enable)
This example shows how to clear the destination address adminboss@cisco.com from the list of
addresses receiving CallHome messages:
Console> (enable) clear logging callhome destination adminboss@cisco.com
Removed adminboss@cisco.com from the table of callhome destination addresses.
Console> (enable)
This example shows how to clear all destination addresses from the list of addresses receiving CallHome
messages:
Console> (enable) clear logging callhome destination all
Removed all addresses from the callhome destination address table.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-49
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging callhome
Related Commands
clear logging callhome from
clear logging callhome reply-to
clear logging callhome severity
clear logging callhome smtp-server
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome destination
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-50
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging callhome from
clear logging callhome from
To clear the From address used by the CallHome feature, use the clear logging from command.
clear logging callhome from
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the From address:
Console> (enable) clear logging callhome from
Cleared the from address field of callhome messages.
Console> (enable)
Related Commands
clear logging callhome
clear logging callhome reply-to
clear logging callhome severity
clear logging callhome smtp-server
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome from
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-51
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging callhome reply-to
clear logging callhome reply-to
To clear the Reply-to address used by the CallHome feature, use the clear logging reply-to command.
clear logging reply-to
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the Reply-to address:
Console> (enable) clear logging callhome reply-to
Cleared the reply-to address field of callhome messages.
Console> (enable)
Related Commands
clear logging callhome
clear logging callhome from
clear logging callhome severity
clear logging callhome smtp-server
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome reply-to
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-52
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging callhome severity
clear logging callhome severity
To clear the severity level used by the CallHome feature and return it to the default value of 2, use the
clear logging severity command.
clear logging severity
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the CallHome severity:
Console> (enable) clear logging callhome severity
Cleared callhome severity level to its default value of 2(LOG_CRIT).
Console> (enable)
Related Commands
clear logging callhome
clear logging callhome from
clear logging callhome reply-to
clear logging callhome smtp-server
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome severity
show logging callhome smtp-server
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-53
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging callhome smtp-server
clear logging callhome smtp-server
To clear an SMTP server from the list of CallHome SMTP servers, use the clear logging smtp-server
command.
clear logging callhome smtp-server {IP_addr | all}
Syntax Description
IP_addr
IP address of the SMTP server.
all
Clears all IP addresses.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the SMTP server 172.20.8.16 from the list of CallHome servers:
Console> (enable) clear logging callhome smtp-server 172.20.8.16
Removed 172.20.8.16 from the table of callhome SMTP servers.
Console> (enable)
This example shows how to clear all IP addresses from the list of CallHome servers:
Console> (enable) clear logging callhome smtp-server all
Removed all addresses from the callhome SMTP server table.
Console> (enable)
Related Commands
clear logging callhome
clear logging callhome from
clear logging callhome reply-to
clear logging callhome severity
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome smtp-server
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-54
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging level
clear logging level
To reset the logging level for a facility or for all facilities to their default settings, use the clear logging
level command.
clear logging level {facility | all}
Syntax Description
facility
Name of the facility to reset; facility types are listed in Table 2-1.
all
Resets all facilities.
Table 2-1
Facility Types
Facility Name
Definition
all
All facilities
acl
access control list
cdp
Cisco Discovery Protocol
cops
Common Open Policy Service Protocol
dtp
Dynamic Trunking Protocol
dvlan
Dynamic VLAN
earl
Enhanced Address Recognition Logic
filesys
file system facility
gvrp
GARP VLAN Registration Protocol
ip
Internet Protocol
kernel
Kernel
ld
ASLB facility
mcast
Multicast
mgmt
Management
mls
Multilayer Switching
pagp
Port Aggregation Protocol
protfilt
Protocol Filter
pruning
VTP pruning
privatevlan
Private VLAN facility
qos
Quality of Service
radius
Remote Access Dial-In User Service
rsvp
ReSerVation Protocol
security
Security
snmp
Simple Network Management Protocol
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-55
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging level
Table 2-1
Facility Types (continued)
Facility Name
Definition
spantree
Spanning Tree Protocol
sys
System
tac
Terminal Access Controller
tcp
Transmission Control Protocol
telnet
Terminal Emulation Protocol
tftp
Trivial File Transfer Protocol
udld
User Datagram Protocol
vmps
VLAN Membership Policy Server
vtp
Virtual Terminal Protocol
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to reset a specific facility back to its default settings:
Console> (enable) clear logging level dtp
Current session and default severities of facility <dtp> set to factory default values.
Console> (enable)
This example shows how to reset all facilities back to their default settings:
Console> (enable) clear logging level all
Current session and default severities of all facilities set to factory default values.
Console> (enable)
Related Commands
set logging level
show logging
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-56
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear logging server
clear logging server
To delete a syslog server from the system log server table, use the clear logging server command.
clear logging server ip_addr
Syntax Description
ip_addr
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete a syslog server from the configuration:
IP address of the syslog server to be deleted.
Console> (enable) clear logging server 171.69.192.207
System log server 171.69.192.207 removed from system log server table.
Console> (enable)
Related Commands
set logging server
show logging
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-57
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls cef
clear mls cef
To clear Cisco Express Forwarding (CEF) summary statistics, use the clear mls cef command.
clear mls cef
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported on Catalyst 6500 series switches configured with the Supervisor Engine 2
with Layer 3 Switching Engine II (PFC2) only.
Examples
This example shows how to clear CEF summary information:
Console> (enable) clear mls cef
CEF statistics cleared.
Console> (enable)
Related Commands
show mls cef summary
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-58
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls cef rpf statistics
clear mls cef rpf statistics
To clear the counters for packets and bytes that failed the hardware RPF check, use the clear mls cef rpf
statistics command.
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command only clears the counters related to the hardware RPF check. To configure RPF, you must
access the CLI on the MSFC. For more information about accessing the CLI on the MSFC, refer to the
“Command Line Interface” chapter of the Catalyst 6500 Series MSFC Cisco IOS Command Reference,
12.2SX.
Examples
This example shows how to clear MLS CEF RPF statistics:
Console> (enable) clear mls cef rpf statistics
RPF statistics cleared.
Console> (enable)
Related Commands
show mls cef rpf
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-59
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls entry
clear mls entry
To clear MLS entries in the Catalyst 6500 series switches, use the clear mls entry command.
clear mls entry [ip | ipx] all
clear mls entry ip destination ip_addr_spec [source ip_addr_spec] [protocol protocol]
[src-port src_port] [dst-port dst_port]
clear mls entry ipx destination ipx_addr_spec
Syntax Description
ip
(Optional) Specifies IP MLS.
ipx
(Optional) Specifies IPX MLS.
all
Clears all MLS entries.
destination
Specifies the destination IP address.
ip_addr_spec
Full IP address or a subnet address in these formats: ip_addr,
ip_addr/netmask, or ip_addr/maskbit.
source ip_addr_spec
(Optional) Specifies the source IP address.
protocol protocol
(Optional) Specifies additional flow information (protocol family and
protocol port pair) to be matched; valid values are 0 to 255 or ip, ipinip,
icmp, igmp, tcp, and udp.
src-port src_port
(Optional) Specifies the source port IP address; valid values are 1 to 65535,
dns, ftp, smtp, telnet, x (X-Windows), www.
dst-port dst_port
(Optional) Specifies the destination port IP address; valid values are 1 to
65535, dns, ftp, smtp, telnet, x (X-Windows), www.
ipx_addr_spec
Full IPX address or a subnet address in these formats: src_net/[mask],
dest_net.dest_node, or dest_net/mask.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported on systems configured with the Supervisor Engine 2 with Layer 3
Switching Engine II (PFC2). To clear entries on systems configured with the Supervisor Engine 2 with
Layer 3 Switching Engine II (PFC2), you must enter the clear mls entry cef command.
When entering the IPX address syntax, use the following format:
•
IPX net address—1..FFFFFFFE
•
IPX node address—x.x.x where x is 0..FFFF
•
IPX address—ipx_net.ipx_node (for example 3.0034.1245.AB45, A43.0000.0000.0001)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-60
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls entry
Up to 16 routers can be included explicitly as MLS-RPs.
To use a router as an MLS, you must meet these conditions:
•
The router must be included (either explicitly or automatically) in the MLS-SE.
•
The MLS feature must be enabled in the Catalyst 6500 series switches.
•
The Catalyst 6500 series switches must know the router’s MAC-VLAN pairs.
Use the following syntax to specify an IP subnet address:
•
ip_subnet_addr—This is the short subnet address format. The trailing decimal number 00 in an IP
address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00
indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00
indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can
identify only a subnet address of 8, 16, or 24 bits.
•
ip_addr/subnet_mask—This is the long subnet address format. For example,
172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet
address of any bit number. To provide more flexibility, the ip_addr is a full host address, such as
172.22.253.1/255.255.252.00.
•
ip_addr/maskbits—This is the simplified long subnet address format. The mask bits specify the
number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet
address. The ip_addr is a full host address, such as 193.22.253.1/22, which has the same subnet
address as the ip_subnet_addr.
If you do not use the all argument in the clear mls entry command, you must specify at least one of the
other three keywords (source, destination, or protocol) and its arguments.
If no value or 0 is entered for src_port and dest_port, all entries are cleared.
When you remove a Multilayer Switch Module (MSM) from the Catalyst 6500 series switch, it is
removed immediately from the inclusion list and all the MLS entries for the MSM are removed.
Examples
This example shows how to clear the MLS entries with destination IP address 172.20.26.22:
Console> (enable) clear mls entry destination 172.20.26.22
Multilayer switching entry cleared.
Console> (enable)
This example shows how to clear specific IP MLS entries for destination IP address 172.20.26.22:
Console> (enable) clear mls entry ip destination 172.20.26.22 source 172.20.22.113 protocol tcp 520 320
Multilayer switching entry cleared
Console> (enable)
This example shows how to clear specific IPX MLS entries for a destination IPX address:
Console> (enable) clear mls entry ipx destination 1.00e0.fefc.6000 source 3.0034.1245.AB45
IPX Multilayer switching entry cleared
Console> (enable)
Related Commands
show mls entry
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-61
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls entry cef
clear mls entry cef
To clear CEF adjacency statistics, use the clear mls entry cef command.
clear mls entry cef adjacency
clear mls entry cef ip [[ip_addr/]mask_len] adjacency
clear mls entry cef ipx [[ipx_addr/]mask_len] adjacency
Syntax Description
ip
Specifies IP entries.
ipx
Specifies IPX entries.
ip_addr
(Optional) IP address of the entry.
mask_len
(Optional) Mask length associated with the IP or IPX address of
the entry; valid values are from 0 to 32.
ipx_addr
(Optional) IPX address of the entry.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported on Catalyst 6500 series switches configured with the Supervisor Engine 2
with Layer 3 Switching Engine II (PFC2).
To clear MLS entries on systems configured with the Supervisor Engine 1 with Layer 3
Switching Engine WS-F6K-PFC (Policy Feature Card), enter the clear mls entry command.
The ipx_addr value is entered as 32-bit hexadecimal digits.
Examples
This example shows how to clear all adjacencies associated with CEF entries:
Console> (enable) clear mls cef entry adjacency
Adjacency statistics has been cleared.
Console> (enable)
Related Commands
show mls entry cef
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-62
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls exclude protocol
clear mls exclude protocol
To remove a protocol port that has been excluded from shortcutting using the set mls exclude protocol
command, use the clear mls exclude protocol command.
clear mls exclude protocol tcp | udp | both port
Syntax Description
tcp
Specifies a TCP port.
udp
Specifies a UDP port.
both
Specifies that the port be applied to both TCP and UDP traffic.
port
Number of the port.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set TCP packets in a protocol port to be hardware switched:
Console> (enable) clear mls exclude protocol tcp 25
TCP packets with protocol port 25 will be MLS switched.
Console> (enable)
Related Commands
set mls exclude protocol
show mls exclude protocol
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-63
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls multicast statistics
clear mls multicast statistics
To remove MLS multicast statistics maintained by the MSFC on the switch, use the clear mls multicast
statistics command.
clear mls multicast statistics [mod]
Syntax Description
mod
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter the clear mls multicast statistics command on a Catalyst 6500 series switch without MLS,
this warning message is displayed:
(Optional) Number of the MSFC; valid values are 15 and 16.
MLS Multicast is not supported on feature card.
If you place the MFSC on a supervisor engine installed in slot 1, the MFSC is recognized as module 15.
If you install the supervisor engine in slot 2, the MFSC is recognized as module 16.
The mod option is not supported on switches configured with the Supervisor Engine 2 with Layer 3
Switching Engine II (PFC2).
Examples
This example shows how to clear MLS statistics on a switch configured with the Supervisor Engine 1
with Layer 3 Switching Engine WS-F6K-PFC (Policy Feature Card):
Console> (enable) clear mls multicast statistics
All statistics for the MLS routers in include list are cleared.
Console> (enable)
This example shows how to clear MLS statistics on a switch configured with the Supervisor Engine 2
with Layer 3 Switching Engine II (PFC2):
Console> (enable) clear mls multicast statistics
All statistics cleared.
Console> (enable)
Related Commands
show mls statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-64
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls nde flow
clear mls nde flow
To reset the NDE filters in the Catalyst 6500 series switches, use the clear mls nde flow command.
clear mls nde flow
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Clearing both exclusion and inclusion filters results in exporting of all flows.
Examples
This example shows how to clear the NDE exclusion and inclusion filters and export all flows:
Console> (enable) clear mls nde flow
Netflow data export filter cleared.
Console> (enable)
Related Commands
set mls nde
show mls exclude protocol
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-65
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls statistics
clear mls statistics
To clear hardware-installed MLS statistics entries, use the clear mls statistics command.
clear mls statistics
clear mls statistics protocol {protocol port} | all
Syntax Description
statistics
Clears total packets switched and total packets exported (for NDE).
statistics protocol
Clears protocols for statistics collection.
protocol
Number of the protocol in the protocol statistics list.
port
Number of the port.
all
Clears all entries from the statistics protocol list.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To use a router as an MLS, you must meet these conditions:
•
The router must be included (either explicitly or automatically) in the MLS-SE.
•
The MLS feature must be enabled in the Catalyst 6500 series switches.
•
Catalyst 6500 series switches must know the MAC-VLAN pairs on the router.
If you enter any of the clear mls statistics commands on a Catalyst 6500 series switch without MLS,
this warning message displays:
Feature not supported in hardware.
When you remove an MSM from the Catalyst 6500 series switch, it is removed immediately from the
inclusion list and all the MLS entries for the MSM are removed.
Examples
This example shows how to clear IP MLS statistics, including total packets switched and total packets
exported (for NDE):
Console> (enable) clear mls statistics
Netflow data export statistics cleared.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-66
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls statistics
This example shows how to clear protocol 17, port 19344 from the statistics collection:
Console> (enable) clear mls statistics protocol 17 19344
Protocol 17 port 1934 cleared from protocol statistics list.
Console> (enable)
Related Commands
set mls statistics protocol
show mls statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-67
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls statistics entry
clear mls statistics entry
To clear statistics for MLS entries, use the clear mls statistics entry command.
clear mls statistics entry [ip | ipx] all
clear mls statistics entry ip [destination ip_addr_spec] [source ip_addr_spec]
[protocol protocol] [src-port src_port] [dst-port dst_port]
clear mls statistics entry ipx destination ipx_addr_spec
Syntax Description
ip
(Optional) Specifies IP MLS.
ipx
(Optional) Specifies IPX MLS.
all
Purges all matching MLS entries.
destination
(Optional) Specifies the destination IP address.
ip_addr_spec
(Optional) Full IP address or a subnet address in these formats:
ip_addr, ip_addr/netmask, or ip_addr/maskbit.
source
(Optional) Specifies the source IP address.
protocol protocol
(Optional) Specifies additional flow information (protocol family
and protocol port pair) to be matched; valid values are from 0 to
255 or ip, ipinip, icmp, igmp, tcp, and udp.
src-port src_port
(Optional) Specifies the source port IP address; valid values are
from 1 to 65535, dns, ftp, smtp, telnet, x (X-Windows), www.
dst-port dst_port
(Optional) Specifies the destination port IP address; valid values
are from 1 to 65535, dns, ftp, smtp, telnet, x (X-Windows), www.
ipx_addr_spec
(Optional) Full IPX address or a subnet address in these formats:
src_net/[mask], dest_net.dest_node, or dest_net/mask.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify the ip keyword or do not enter a keyword, the command supports IP MLS. If you specify
the ipx keyword, the command supports IPX only.
When you remove an MSM from the Catalyst 6500 series switch, it is removed immediately from the
inclusion list and all the MLS entries for the MSM are removed.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-68
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear mls statistics entry
When entering the IPX address syntax, use the following format:
•
IPX net address—1..FFFFFFFE
•
IPX node address—x.x.x where x is 0..FFFF
•
IPX address—ipx_net.ipx_node (for example 3.0034.1245.AB45, A43.0000.0000.0001)
Up to 16 routers can be included explicitly as MLS-RPs.
To use a router as an MLS, you must meet these conditions:
•
The router must be included (either explicitly or automatically) in the MLS-SE.
•
The MLS feature must be enabled in the Catalyst 6500 series switches.
•
Catalyst 6500 series switches must know the router’s MAC-VLAN pairs.
Use the following syntax to specify an IP subnet address:
•
ip_subnet_addr—This is the short subnet address format. The trailing decimal number 00 in an IP
address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00
indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00
indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can
identify only a subnet address of 8, 16, or 24 bits.
•
ip_addr/subnet_mask—This is the long subnet address format. For example,
172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet
address of any bit number. To provide more flexibility, the ip_addr is a full host address, such as
172.22.253.1/255.255.252.00.
•
ip_addr/maskbits—This is the simplified long subnet address format. The mask bits specify the
number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet
address. The ip_addr is a full host address, such as 193.22.253.1/22, which has the same subnet
address as the ip_subnet_addr.
A 0 value for src_port and dest_port clears all entries. Unspecified options are treated as wildcards, and
all entries are cleared.
If you enter any of the clear mls commands on a Catalyst 6500 series switch without MLS, this warning
message displays:
Feature not supported in hardware.
Examples
This example shows how to clear all specific MLS entries:
Console> (enable) clear mls statistics entry ip all
Multilayer switching entry cleared
Console> (enable)
This example shows how to clear specific IPX MLS entries for a destination IPX address:
Console> (enable) clear mls statistics entry ipx destination 1.0002.00e0.fefc.6000
MLS IPX entry cleared.
Console> (enable)
Related Commands
show mls
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-69
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear module password
clear module password
To clear the password set by the password [username] NAM command, use the clear module password
command.
clear module password mod
Syntax Description
mod
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported by the NAM only.
Number of the NAM.
The password [username] command is a NAM command and not a supervisor engine console
command.
A message is displayed when the password is successfully cleared. See the “Examples” section for an
example of the message.
Examples
This example shows how to clear the password from the NAM:
Console> (enable) clear module password 6
Module 6 password cleared.
Console> (enable) 2000 Apr 07 11:03:06 %SYS-5-MOD_PASSWDCLR:Module 6 password cl
eared from telnet/10.6.1.10/tester
Console> (enable)
Related Commands
password (refer to the NAM Installation and Configuration Note)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-70
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear multicast router
clear multicast router
To clear manually configured multicast router ports from the multicast router port list, use the clear
multicast router command.
clear multicast router {mod/port | all}
Syntax Description
mod/port
Number of the module and the port on the module.
all
Specifies all multicast router ports to be cleared.
Defaults
The default configuration has no multicast router ports configured.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear multicast router port 1 on module 3:
Console> (enable) clear multicast router 3/1
Port 3/1 cleared from multicast router port list.
Console> (enable)
Related Commands
set multicast router
show multicast router
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-71
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ntp server
clear ntp server
To remove one or more servers from the NTP server table, use the clear ntp server command.
clear ntp server {ip_addr | all}
Syntax Description
ip_addr
IP address of the server to remove from the server table.
all
Specifies all server addresses in the server table to be removed.
Defaults
The default configuration has no NTP servers configured.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove a specific NTP server from the server table:
Console> (enable) clear ntp server 172.20.22.191
NTP server 172.20.22.191 removed.
Console> (enable)
This example shows how to remove all NTP servers from the server table:
Console> (enable) clear ntp server all
All NTP servers cleared.
Console> (enable)
Related Commands
set ntp server
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-72
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear ntp timezone
clear ntp timezone
To return the time zone to its default, UTC, use the clear ntp timezone command.
clear ntp timezone
Syntax Description
This command has no arguments or keywords.
Defaults
The default time zone is UTC.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear ntp timezone command functions only when NTP is running. If you set the time manually
and NTP is disengaged, the clear ntp timezone command has no effect.
Examples
This example shows how to clear the time zone:
Console> (enable) clear ntp timezone
This command will clear NTP timezone and summertime zonename
Do you want to continue (y/n) [n]? y
Timezone name and offset cleared
Console> (enable)
Related Commands
set ntp timezone
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-73
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear pbf
clear pbf
To remove the MAC address for the PFC2, use the clear pbf command.
clear pbf
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Refer to the “Configuring Policy-Based Forwarding” section of Chapter 16, “Configuring Access
Control,” in the Catalyst 6500 Series Switch Software Configuration Guide for detailed information
about PBF.
Examples
Console> (enable) clear pbf
PBF cleared
Console> (enable)
Related Commands
set pbf
show pbf
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-74
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear pbf-map
clear pbf-map
To clear PBF map information, use the clear pbf-map command.
clear pbf-map {vlan vlan} | all | {ip_addr_1} {mac_addr_1} {vlan_1} {ip_addr_2}
{mac_addr_2} {vlan_2}
Syntax Description
vlan vlan
Clears the ACL with the name PBF_MAP_ACL_vlan and the adjacency
table used by this ACL.
all
Clears all adjacency information and ACLs that were created by entering
the set pbf-map command.
ip_addr_1
IP address of host 1.
mac_addr_1
MAC address of host 1.
vlan_1
Number of the first VLAN.
ip_addr_2
IP address of host 2.
mac_addr_2
MAC address of host 2.
vlan_2
Number of the second VLAN.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enter clear pbf-map {ip_addr_1} {mac_addr_1} {vlan_1} {ip_addr_2} {mac_addr_2}
{vlan_2}, all ACEs that were created by entering the set pbf-map command are cleared, except permit
ip any any. This command removes entries that enable traffic between hosts with ip_addr_1 and
ip_addr_2 on the two specified VLANs.
Use the clear pbf-map command to delete the redirect-to-adjacency ACEs and adjacency information
contained in the PBF_MAP_ACL_(VLAN_ID) ACL.
Use the clear security acl command to clear all other ACE types that are part of the
PBF_MAP_ACL_(VLAN_ID) ACL.
If entries were already deleted by using the clear security acl command, a message displays stating that
the specified entries were already cleared.
Examples
This example shows how to clear the ACL with the name PBF_MAP_ACL_11:
Console> (enable) clear pbf-map vlan 11
ACL 'PBF_MAP_ACL_11' successfully deleted.
Console> (enable) Commit operation successfull.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-75
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear pbf-map
This example shows how to clear all adjacency information and ACLs that were created by entering the
set pbf-map command:
Console> (enable) clear pbf-map all
ACL 'PBF_MAP_ACL_11' successfully deleted.
Console> (enable)
ACL 'PBF_MAP_ACL_22' successfully deleted.
Console> (enable)
This example shows how to clear all entries that enable traffic between the two specified hosts:
Console> (enable) clear pbf-map 1.1.1.1 0-0-0-0-0-1 11 2.2.2.2 0-0-0-0-0-2 22
ACL 'PBF_MAP_ACL_11' successfully committed.
Console> (enable)
ACL 'PBF_MAP_ACL_22' successfully committed.
Console> (enable)
Related Commands
clear security acl
set pbf-map
show pbf-map
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-76
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear pbf vlan
clear pbf vlan
To clear PBF-enabled VLANs and remove them from NVRAM, use the clear pbf vlan command.
clear pbf vlan vlan
Syntax Description
vlan
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Using the clear pbf command does not clear the VLANs enabled for PBF. The clear pbf command does clear
the Layer 2 table entries associated with the VLANs (because the MAC address is no longer valid). You must
explicitly clear the PBF-enabled VLANs to remove them from NVRAM by entering the clear pbf vlan
vlan_list command.
VLAN number.
You can specify a range of VLANs in the CLI.
Examples
This example shows how to clear PBF on VLANs 11 and 12:
Console> (enable) clear pbf vlan 11-12
PBF disabled on vlan(s) 11-12
Console> (enable)
Related Commands
set pbf vlan
show pbf
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-77
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear port broadcast
clear port broadcast
To disable broadcast/multicast suppression on one or more ports, use the clear port broadcast
command.
clear port broadcast mod/port
Syntax Description
mod/port
Defaults
The default configuration has broadcast/multicast suppression cleared (that is, unlimited
broadcast/multicast traffic allowed).
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to disable broadcast/multicast suppression:
Number of the module and the port on the module.
Console> (enable) clear port broadcast 2/1
Broadcast traffic unlimited on ports 2/1.
Console> (enable)
Related Commands
set port broadcast
show port broadcast
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-78
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear port cops
clear port cops
To clear port roles, use the clear port cops command.
clear port cops mod/port roles role1 [role2]...
clear port cops mod/port all-roles
Syntax Description
mod/port
Number of the module and the port on the module.
roles role#
Specifies the roles to clear.
all-roles
Clears all roles.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear port cops command detaches the roles from the port only; it does not remove them from the
global table.
Examples
This example shows how to remove specific roles from a port:
Console> (enable) clear port cops 3/1 roles backbone_port main_port
Roles cleared for port(s) 3/1-4.
Console> (enable)
This example shows how to remove all roles from a port:
Console> (enable) clear port cops 3/1 all-roles
All roles cleared for port 3/1-4.
Console> (enable)
Related Commands
set port cops
show port cops
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-79
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear port host
clear port host
To clear the port configuration for optimizing a host connection, use the clear port host command.
clear port host mod/port
Syntax Description
mod/port
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Number of the module and the port on the module.
The clear port host command sets channel mode to auto, disables spanning tree PortFast, and sets the
trunk mode to auto.
Examples
This example shows how to remove specific roles from a port:
Console> (enable) clear port host 5/5
Port(s) 5/5 trunk mode set to auto.
Spantree port 5/5 fast start disabled.
Port(s) 5/5 channel mode set to auto.
Console> (enable)
Related Commands
set port host
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-80
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear port qos cos
clear port qos cos
To return the values set by the set port qos cos command to the default settings for all specified ports,
use the clear port qos cos command.
clear port qos mod/ports.. cos
Syntax Description
mod/ports..
Defaults
The default CoS for a port is 0.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to return the values set by the set port qos cos command to the default settings
for module 2, port 1:
Number of the module and ports on the module.
Console> (enable) clear port qos 2/1 cos
Port 2/1 qos cos setting cleared.
Console> (enable)
Related Commands
set port qos cos
show port qos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-81
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear port security
clear port security
To clear all MAC addresses or a specific MAC address from the list of secure MAC addresses on a port,
use the clear port security command.
clear port security mod/port {mac_addr | all}
Syntax Description
mod/port
Number of the module and the port on the module.
mac_addr
MAC address to be deleted.
all
Removes all MAC addresses.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove a specific MAC address from a list of secure addresses on the port:
Console> (enable) clear port security 4/1 00-11-22-33-44-55
00-11-22-33-44-55 cleared from secure address list list for port 4/1.
Console> (enable)
Related Commands
set port security
show port security
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-82
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear pvlan mapping
clear pvlan mapping
To delete a private VLAN mapping, use the clear pvlan mapping command.
clear pvlan mapping primary_vlan {isolated_vlan | community_vlan | twoway_community_vlan}
mod/port
clear pvlan mapping mod/port
Syntax Description
primary_vlan
Number of the primary VLAN.
isolated_vlan
Number of the isolated VLAN.
community_vlan
Number of the community VLAN.
twoway_community_vlan
Number of the two-way community VLAN.
mod/port
Number of the module and promiscuous port.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify the mapping to clear, all the mappings of the specified promiscuous ports are
cleared.
Examples
This example shows how to clear the mapping of VLAN 902 to 901, previously set on ports 3/2-5:
Console> (enable) clear pvlan mapping 901 902 3/2-5
Successfully cleared mapping between 901 and 902 on 3/2-5
Console> (enable)
Related Commands
clear config pvlan
clear vlan
set pvlan
set pvlan mapping
set vlan
show pvlan
show pvlan mapping
show vlan
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-83
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos acl
clear qos acl
To remove various ACL configurations, use the clear qos acl command.
clear qos acl acl_name [editbuffer_index]
clear qos acl default-action {ip | ipx | mac | all}
clear qos acl map {acl_name} {mod/port | vlan} [input]
clear qos acl map {acl_name | mod/port | vlan | all} [input]
Syntax Description
acl_name
Unique name that identifies the list to which the entry belongs.
editbuffer_index
(Optional) ACE position in the ACL.
default-action
Removes default actions.
ip
Clears IP ACE default actions.
ipx
Clears IPX ACE default actions.
mac
Clears MAC-layer ACE default actions.
all
Clears all ACE default actions.
map
Detaches an ACL.
mod/port
Number of the module and the port on the module.
vlan
Number of the VLAN; valid values are from 1 to 1000 and from
1025 to 4094.
all
Detaches an ACL from all interfaces.
input
(Optional) Removes the ACL from the ingress interface. See the
“Usage Guidelines” section for more information.
Defaults
The default is no ACLs are attached.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Changes you make by entering this command are saved to NVRAM and hardware only after you enter
the commit command.
Use the show qos acl editbuffer command to display the ACL list.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-84
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos acl
Examples
This example shows how to detach an ACL from all interfaces:
Console> (enable) clear qos acl map my_acl all
Hardware programming in progress...
ACL my_acl is detached from all interfaces.
Console> (enable)
This example shows how to detach an ACL from a specific VLAN:
Console> (enable) clear qos acl map ftp_acl 4
Hardware programming in progress...
ACL ftp_acl is detached from vlan 4.
Console> (enable)
This example shows how to delete a specific ACE:
Console> (enable) clear qos acl my_ip_acl 1
ACL my_ip_acl ACE# 1 is deleted.
my_ip_acl editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to delete an ACL:
Console> (enable) clear qos acl my_ip_acl
ACL my_ip_acl is deleted.
my_ip_acl editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to detach a specific ACL from all interfaces:
Console> (enable) clear qos acl map my_acl all
Hardware programming in progress...
ACL my_acl is detached from all interfaces.
Console> (enable)
This example shows how to detach a specific ACL from a specific VLAN:
Console> (enable) clear qos acl map ftp_acl 4
Hardware programming in progress...
ACL ftp_acl is detached from vlan 4.
Console> (enable)
This example shows how to delete IP ACE default actions configured by the set qos acl default-action
command:
Console> (enable) clear qos acl default-action ip
Hardware programming in progress...
QoS default-action for IP ACL is restored to default setting.
Console> (enable)
This example shows how to clear Qos ACL mapping between an ACL named “test” and VLAN 1 on the
ingress interface:
Console> (enable) clear qos acl map test 1
Successfully cleared mapping between ACL test and VLAN 1 on input side.
Console> (enable)
Related Commands
commit
rollback
set qos acl map
show qos acl editbuffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-85
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos config
clear qos config
To the default settings and delete the CoS assigned to MAC addresses, use the clear qos config
command to return the values set by the set qos command.
clear qos config
Syntax Description
This command has no arguments or keywords.
Defaults
The default is QoS is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to return the values set by the set qos command to the default settings and
delete the CoS assigned to MAC addresses:
Console> (enable) clear qos config
This command will disable QoS and take values back to factory default.
Do you want to continue (y/n) [n]? y
QoS config cleared.
Console> (enable)
Related Commands
set qos
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-86
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos cos-dscp-map
clear qos cos-dscp-map
To clear CoS-to-DSCP mapping set by the set qos cos-dscp-map command and return to the default
setting, use the clear qos cos-dscp-map command.
clear qos cos-dscp-map
Syntax Description
This command has no arguments or keywords.
Defaults
The default CoS-to-DSCP configuration is listed in Table 2-2.
Table 2-2
CoS-to-DSCP Default Mapping
CoS
0
1
2
3
4
5
6
7
DSCP
0
8
16
24
32
40
48
56
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the CoS-to-DSCP mapping table:
Console> (enable) clear qos cos-dscp-map
QoS cos-dscp-map setting restored to default.
Console> (enable)
Related Commands
set qos cos-dscp-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-87
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos dscp-cos-map
clear qos dscp-cos-map
To clear DSCP-to-CoS mapping set by the set qos dscp-cos-map command and return to the default
setting, use the clear qos dscp-cos-map command.
clear qos dscp-cos-map
Syntax Description
This command has no arguments or keywords.
Defaults
The default DSCP-to-CoS configuration is listed in Table 2-3.
Table 2-3
DSCP-to-CoS Default Mapping
DSCP
0 to 7
8 to 15
16 to 23 24 to 31 32 to 39 40 to 47 48 to 55 56 to 63
CoS
0
1
2
3
4
5
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the DSCP-to-CoS mapping table:
6
7
Console> (enable) clear qos dscp-cos-map
QoS dscp-cos-map setting restored to default.
Console> (enable)
Related Commands
set qos dscp-cos-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-88
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos dscp-mutation-table-map
clear qos dscp-mutation-table-map
To clear the DSCP mutation table map, use the clear qos dscp-mutation-table-map command.
clear qos dscp-mutation-table-map {all | vlan | mutation_table_id}
Syntax Description
all
Clears all VLANs from DSCP mutation table mapping.
vlan
Numbers of the VLANs to be cleared from DSCP mutation table mapping.
mutation_table_id
Number of the mutation table to be cleared; valid values are from 1 to 15.
See the “Usage Guidelines” section for more information.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is available only on PFC3.
If you enter a mutation_table_id argument, all VLANs in the specified mutation table are set to mutation
table 0, which is the default mutation table number.
Examples
This example shows how to clear VLANs 3 through 33 from the mutation tables:
Console> (enable) clear qos dscp-mutation-table-map 3-33
VLAN(s) 3-33 are removed from mutation-id-maps.
Console> (enable)
This example shows how to clear all VLANs from the mutation tables:
Console> (enable) clear qos dscp-mutation-table-map all
All VLANs are removed from mutation-id-maps.
Console> (enable)
This example shows how to clear mutation table 3:
Console> (enable) clear qos dscp-mutation-table-map 3
QoS dscp-mutation-map for mutation-table-id 3 is restored to default.
Console> (enable)
Related Commands
set qos dscp-mutation-table-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-89
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos ipprec-dscp-map
clear qos ipprec-dscp-map
To reset the mapping set by the set qos ipprec-dscp-map command to the default setting, use the clear
qos ipprec-dscp-map command.
clear qos ipprec-dscp-map
Syntax Description
This command has no arguments or keywords.
Defaults
The default IP precedence-to-DSCP configuration is listed in Table 2-4.
Table 2-4
IP Precedence-to-DSCP Default Mapping
IPPREC
0
1
2
3
4
5
6
7
DSCP
0
8
16
24
32
40
48
56
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the IP precedence-to-DSCP mapping table:
Console> (enable) clear qos ipprec-dscp-map
QoS ipprec-dscp-map setting restored to default.
Console> (enable)
Related Commands
set qos ipprec-dscp-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-90
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos mac-cos
clear qos mac-cos
To clear the values set by the set qos mac-cos command, use the clear qos mac-cos command.
clear qos mac-cos dest_mac [vlan]
clear qos mac-cos all
Syntax Description
dest_mac
Number of the destination host MAC address.
vlan
(Optional) Number of the VLAN; valid values are from 1 to 1000
and from 1025 to 4094.
all
Clears CoS values for all MAC/VLAN pairs.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If the vlan value is not entered, all entries for the MAC address are cleared.
Examples
This example shows how to clear the values set by the set qos mac-cos command and return to the
default settings for all MAC address and VLAN pairs:
Console> (enable) clear qos mac-cos all
All CoS to Mac/Vlan entries are cleared.
Console> (enable)
This example shows how to clear the values set by the set qos mac-cos command and return to the
default settings for a specific MAC address:
Console> (enable) clear qos mac-cos 1-2-3-4-5-6 1
CoS to Mac/Vlan entry for mac 01-02-03-04-05-06 vlan 1 is cleared.
Console> (enable)
Related Commands
set qos mac-cos
show qos mac-cos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-91
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos map
clear qos map
To return the values to the default settings, use the clear qos map command.
clear qos map port_type tx | rx
Syntax Description
Defaults
port_type
Port type; valid values are 2q2t, 1p3q1t, and 1p2q2t for transmit and 1p1q4t and 1p1q0t
for receive. See the “Usage Guidelines” section for additional information.
tx | rx
Specifies the transmit or receive queue.
The default mappings for all ports are shown in Table 2-5 and Table 2-6 and apply to all ports.
Table 2-5
Default Transmit Queue and Drop-Threshold Mapping of CoS Values
Port Type
Drop Threshold Type
Low Delay
(Queue 2)
High Delay
(Queue 1)
Priority Delay
(Queue 3)
2q2t
Low drop (Threshold 2)
7, 6
3, 2
N/A
High drop (Threshold 1)
5, 4
1, 0
N/A
Low drop (Threshold 2)
7
3, 2
N/A
High drop (Threshold 1)
5, 4
1, 0
5
1p2q2t
Table 2-6
Default Receive Drop-Threshold Mapping of CoS Values
Port Type
Threshold 1
(highest drop)
Threshold 2
Threshold 3
Threshold 4
(lowest drop)
Priority
Queue
1p1q0t
0, 1
2, 3
4, 5
7
6
1p1q4t
0, 1
2, 3
4, 5
7
6
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The 1p2q1t and 1p1q8t port types are not supported.
Examples
This example shows how to return the values to the default settings:
Console> (enable) clear qos map 2q2t
This command will take map values back to factory default.
QoS map cleared.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-92
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos map
Related Commands
set qos map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-93
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos policed-dscp-map
clear qos policed-dscp-map
To reset the policer-to-dscp mapping table to the defaults, use the clear qos policed-dscp-map.
clear qos policed-dscp-map [normal-rate | excess-rate]
Syntax Description
normal-rate
(Optional) Restores the map associated with the normal rate to the default value. See
the “Usage Guidelines” section for more information.
excess-rate
(Optional) Restores the map associated with the excess rate to the default value.
Defaults
The default is the identity function; for example, DSCP 63 to policed DSCP 63 and DSCP 62 to policed
DSCP 62.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify the normal-rate keyword or the excess-rate keyword, only normal rate mappings
are cleared and restored to the default settings.
Examples
This example shows how to reset the normal rate mapping to the default settings:
Console> (enable) clear qos policed-dscp-map
QoS normal-rate policed-dscp-map setting restored to default.
Console> (enable)
This example shows how to reset the excess rate mapping to the default settings:
Console> (enable) clear qos policed-dscp-map excess-rate
QoS excess-rate policed-dscp-map setting restored to default.
Console> (enable)
Related Commands
set qos policed-dscp-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-94
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos policer
clear qos policer
To clear policing rules from NVRAM, use the clear qos policer command.
clear qos policer microflow microflow_name | all
clear qos policer aggregate aggregate_name | all
Syntax Description
microflow
microflow_name
Specifies the name of the microflow policing rule.
aggregate
aggregate_name
Specifies the name of the aggregate policing rule.
all
Clears all policing rules.
Defaults
This command has no default setting in systems configured with the Supervisor Engine 1 with Layer 3
Switching Engine (PFC); in systems configured with Supervisor Engine 2 with Layer 3 Switching
Engine II (PFC2), the default is to apply the given map to the normal rate only.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Policing is the process by which the switch limits the bandwidth consumed by a flow of traffic. Policing
can mark or drop traffic.
You cannot clear an entry that is currently being used in an ACE. You must first detach the ACEs from
the interface.
You cannot use the all keyword if a microflow rate limit is currently being used in an ACE.
The normal and excess keywords are supported on systems configured with the Supervisor Engine 2
with Layer 3 Switching Engine II (PFC2) only. With these keywords, you can specify a map for the
normal rate and one for the excess rate. Because this selection is optional in the CLI, the default
(unspecified) action is to apply the given map to the normal rate only.
Examples
This example shows how to clear a specific microflow policing rule:
Console> (enable) clear qos policer microflow my_micro
my_micro QoS microflow policer cleared.
Console> (enable)
This example shows how to clear all microflow policing rules:
Console> (enable) clear qos policer microflow all
All QoS microflow policers cleared.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-95
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos policer
This example shows how to clear a specific aggregate policing rule:
Console> (enable) clear qos policer aggregate my_micro
my_micro QoS microflow policer cleared.
Console> (enable)
This example shows how to clear all aggregate policing rules:
Console> (enable) clear qos policer aggregate all
All QoS aggregate policer cleared.
Console> (enable)
Related Commands
set qos policer
show qos policer
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-96
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear qos statistics
clear qos statistics
To clear QoS statistic counters, use the clear qos statistics command.
clear qos statistics [aggregate-policer [policer_name]]
Syntax Description
aggregate-policer
(Optional) Clears QoS aggregate policer statistics.
policer_name
(Optional) Name of the aggregate policer.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter the clear qos statistics command without the entering the aggregate-policer keyword, all
QoS statistics are cleared, including all QoS aggregate policer statistics.
If you enter the aggregate-policer keyword without specifying a policer name, all aggregate policer
statistics are cleared.
Examples
This example shows how to clear the QoS statistic counters:
Console> (enable) clear qos statistics
QoS statistical cleared.
Console> (enable)
This example shows how to clear all QoS aggregate policer statistics:
Console> (enable) clear qos statistics aggregate-policer
QoS aggregate policers statistical counters cleared.
Console> (enable)
This example shows how to clear the QoS aggregate policer statistics for aggr_1:
Console> (enable) clear qos statistics aggregate-policer aggr_1
Aggregate policer 'aggr_1' statistical counters cleared.
Console> (enable)
Related Commands
show qos statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-97
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear radius
clear radius
To clear one or all of the RADIUS servers from the RADIUS server table or remove a shared key entry,
use the clear radius command.
clear radius server all
clear radius server ipaddr
clear radius key
Syntax Description
server
Specifies RADIUS servers.
all
Specifies all RADIUS servers.
ipaddr
Number of the IP address or IP alias.
key
Specifies the RADIUS shared key.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The ipaddr value is an IP alias or an IP address in dot notation; for example, 101.102.103.104.
Examples
This example shows how to clear the RADIUS key:
Console> (enable) clear radius key
Radius server key cleared.
Console> (enable)
This example shows how to clear a specific RADIUS server from the RADIUS server table:
Console> (enable) clear radius server 128.56.45.32
128.56.45.32 cleared from radius server table.
Console> (enable)
Related Commands
set radius key
set radius server
show radius
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-98
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear rcp
clear rcp
To clear rcp information for file transfers, use the clear rcp command.
clear rcp
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear rcp information:
Console> (enable) clear rcp
Console> (enable)
Related Commands
set rcp username
show rcp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-99
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear rgmp statistics
clear rgmp statistics
To clear RGMP statistics information for all VLANs, use the clear rgmp statistics command.
clear rgmp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the RGMP statistics on the switch:
Console> (enable) clear rgmp statistics
RGMP statistics cleared.
Console> (enable)
Related Commands
set rgmp
show rgmp statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-100
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear security acl
clear security acl
To remove a specific access control entry (ACE) or all ACEs from a VACL and to delete the VACLs
from the edit buffer, use the clear security acl command.
clear security acl all
clear security acl acl_name
clear security acl capture-ports {all | mod/ports}
clear security acl log flow
clear security acl acl_name [editbuffer_index]
clear security acl adjacency adjacency_name
clear security acl map {acl_name [vlan] | vlan | all}
clear security acl arp-inspection statistics [acl_name]
Syntax Description
all
Removes ACEs for all the VACLs.
acl_name
Name of the VACL whose ACEs are to be removed.
capture-ports
Removes ports from the capture list.
all
Removes all ports from the capture list.
mod/ports
Variable to remove specific port from the capture list; mod/num is the number of
the module and the port on the module.
log flow
Removes logging table flow entries.
editbuffer_index
(Optional) Index number of the ACE in the VACL.
adjacency
Removes an adjacency ACE.
adjacency_name
Name of the adjacency ACE.
map
Clears security ACL to a VLAN mapping.
vlan
Variable to clear ACL mappings for a specific VLAN.
all
Clears all ACL VLAN mappings.
arp-inspection
statistics
Clears ARP inspection statistics.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-101
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear security acl
Usage Guidelines
Changes you make by entering this command are saved to NVRAM and hardware only after you enter
the commit command.
Use the show security acl command to display the VACL list.
The adjacency ACE cannot be cleared before the redirect ACE. The redirect ACE and the adjacency ACE
in PBF VACLs should be cleared in the following order:
1.
Clear the redirect ACE.
2.
Commit the VACL.
3.
Clear the adjacency ACE.
4.
Commit the adjacency.
When you enter the clear security acl arp-inspection statistics command, if you do not specify an ACL
name, the system clears all counters for ARP inspection global statistics and ARP inspection statistics
for all ACLs.
Examples
This example shows how to remove ACEs for all the VACLs:
Console> (enable) clear security acl all
All editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to remove a specific ACE from a specific VACL:
Console> (enable) clear security acl IPACL1 2
IPACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to remove an adjacency ACE:
Console> (enable) clear security acl adjacency a_1
a_1 editbuffer modified. Use ’commit’ command to apply changes.
Console> (enable)
This example shows how to clear the ARP inspection global statistics and the ARP inspection statistics
for all ACLs:
Console> (enable) clear security acl arp-inspection statistics
Console> (enable)
Related Commands
commit
rollback
show security acl
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-102
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear security acl capture-ports
clear security acl capture-ports
To remove a port from the capture port list, use the clear security acl capture-ports command.
clear security acl capture-ports {mod/ports...}
Syntax Description
mod/ports...
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved in NVRAM. This command does not
require that you enter the commit command.
Number of the module and the ports on the module.
If you have several ports and a few are removed, the remaining ports continue to capture the traffic.
Examples
This example shows how to remove entries from the capture port list:
Console> (enable) clear security acl capture-ports 1/1,2/1
Successfully cleared the following ports:
1/1,2/1
Console> (enable)
Related Commands
set security acl capture-ports
show security acl capture-ports
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-103
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear security acl log flow
clear security acl log flow
To clear all flows in the security ACL log table, use the clear security acl log flow command.
clear security acl log flow
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported on systems configured with Supervisor Engine 2 with Layer 3 Switching
Engine II (PFC2) only.
Examples
This example shows how to clear all flows in the security ACL log table:
Console> (enable) clear security acl log flow
Security acl log table cleared successfully
Console> (enable)
Related Commands
set security acl log
show security acl log
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-104
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear security acl map
clear security acl map
To remove VACL-to-VLAN mapping, use the clear security acl map command.
clear security acl map acl_name vlan
clear security acl map {acl_name | vlan | all}
Syntax Description
acl_name
Name of the VACL whose VLAN is to be deleted.
vlan
Number of the VLAN whose mapping is to be deleted; valid values are
from 1 to 1000 and from 1025 to 4094.
all
Removes all VACL-to-VLAN mappings.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Changes you make by entering this command are saved to NVRAM; you do not need to enter the commit
command.
Use the show security acl command to display the ACL list.
Examples
This example shows how to remove a VACL-to-VLAN mapping from a specific VLAN:
Console> (enable) clear security acl map ip1 3
Map deletion in progress.
Successfully cleared mapping between ACL ip1 and VLAN 3.
Console> (enable)
This example shows how to remove a specific VACL-to-VLAN mapping from all VLANs:
Console> (enable) clear security acl map ip1
Map deletion in progress.
Successfully cleared mapping between ACL ip1 and VLAN 5.
Successfully cleared mapping between ACL ip1 and VLAN 8.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-105
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear security acl map
This example shows how to remove all VACL-to-VLAN mappings from a specific VLAN:
Console> (enable) clear security acl map 5
Map deletion in progress.
Successfully cleared mapping between ACL ipx1 and VLAN 5.
Successfully cleared mapping between ACL mac2 and VLAN 5.
Console> (enable)
This example shows how to remove all VACL-to-VLAN mappings from all VLANs:
Console> (enable) clear security acl map all
Map deletion in progress.
Successfully cleared mapping between ACL ip2 and VLAN 12.
Successfully cleared mapping between ACL ipx1 and VLAN 12.
Successfully cleared mapping between ACL ipx1 and VLAN 45.
Successfully cleared mapping between ACL ip2 and VLAN 47.
Successfully cleared mapping between ACL ip3 and VLAN 56.
Console> (enable)
Related Commands
commit
rollback
show security acl
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-106
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp access
clear snmp access
To remove the access rights of an SNMP group, use the clear snmp access command.
clear snmp access [-hex] {groupname} {security-model {v1 | v2c}}
clear snmp access {security-model v3 {noauthentication | authentication | privacy}}
[context [-hex] contextname]
Syntax Description
-hex
(Optional) Displays the groupname or contextname in a hexadecimal
format.
groupname
SNMP access table name.
security-model v1 | v2c Specifies the security model v1 or v2c.
security-model v3
Specifies security model v3.
noauthentication
Specifies groups with security model type set to noauthentication.
authentication
Specifies groups with security model type authentication protocol.
privacy
Specifies groups with security model type privacy.
context contextname
(Optional) Specifies the name of a context string.
Defaults
The default contextname is a NULL string.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname (nonprintable delimiters for this parameter), you must use
a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example,
00:ab:34.
If you do not enter a context name, a NULL context string is used.
Examples
This example shows how to clear SNMP access for a group:
Console> (enable) clear snmp access cisco-group security-model v3 authentication
Cleared snmp access cisco-group version v3 level authentication.
Console> (enable)
Related Commands
set snmp access
show snmp access
show snmp context
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-107
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp access-list
clear snmp access-list
To clear the IP address of a host that is associated with an access list number, use the clear snmp
access-list command.
clear snmp access-list access_number IP_address [[IP_address] ...]
Syntax Description
access_number
Number that specifies a list of hosts that are permitted to use a specific
community string; valid values are 1 to 65535.
IP_address
IP address that is associated with the access list. See the “Usage Guidelines”
section for more information.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify more than one IP address, separate each IP address with a space.
Examples
This example shows how to clear the IP address of a host from access list number 2:
Console> (enable) clear snmp access-list 2 172.20.60.8
Access number 2 no longer associated with 172.20.60.8
Console> (enable)
This example shows how to clear all IP address from access list number 101:
Console> (enable) clear snmp access-list 101
All IP addresses associated with access-number 101 have been cleared.
Console> (enable)
Related Commands
set snmp access-list
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-108
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp community
clear snmp community
To clear an SNMP community table, use the clear snmp community command.
clear snmp community index [-hex] {index_name}
Syntax Description
index
Specifies clearing an index.
-hex
(Optional) Displays the index_name value in a hexadecimal format.
index_name
Name of the SNMP index.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the index_name value (nonprintable delimiters for this parameter), you
must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for
example, 00:ab:34.
If you do not enter an index_name value, a NULL context string is used.
Examples
This example shows how to clear SNMP access for a group:
Console> (enable) clear snmp community index ind1
Cleared snmp community ind1.
Console> (enable)
Related Commands
set snmp community
show snmp community
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-109
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp community-ext
clear snmp community-ext
To clear an existing community string, use the clear snmp community-ext command.
clear snmp community-ext community_string
Syntax Description
community_string
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you clear a community string, corresponding entries in the vacmAccessTable and
vacmSecurityToGroup tables are also removed.
Examples
This example shows how to clear an existing community string:
Name of the SNMP community.
Console> (enable) clear snmp community-ext public1
Community string public1 has been removed.
Console>(enable)
Related Commands
set snmp community-ext
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-110
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp group
clear snmp group
To remove the SNMP user from an SNMP group, use the clear snmp group command.
clear snmp group [-hex] groupname {user [-hex] username} {security-model {v1 | v2c | v3}}
Syntax Description
-hex
(Optional) Displays the groupname and username as a hexadecimal
format.
groupname
Name of the SNMP group that defines an access control.
user
Specifies the SNMP group username.
username
Name of the SNMP user.
security model
v1 | v2c | v3
Specifies security model v1, v2c, or v3.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the groupname value or the username value (nonprintable delimiters for
these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits
separated by a colon (:); for example, 00:ab:34.
Examples
This example shows how to remove an SNMP user from a group:
Console> (enable) clear snmp group cisco-group user joe security-model v3
Cleared snmp group cisco-group user joe version v3.
Console> (enable)
Related Commands
set snmp group
show snmp group
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-111
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp ifalias
clear snmp ifalias
To clear an SNMP interface alias, use the clear snmp ifalias command.
clear snmp ifalias {ifindex | all}
Syntax Description
ifindex
Interface index number.
all
Clears all interface aliases.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear SNMP interface index 1:
Console> (enable) clear snmp ifalias 1
Console> (enable)
This example shows how to clear all SNMP interface aliases:
Console> (enable) clear snmp ifalias all
Console> (enable)
Related Commands
set snmp ifalias
show snmp ifalias
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-112
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp notify
clear snmp notify
To clear the SNMP notifyname in the snmpNotifyTable, use the clear snmp notify command.
clear snmp notify [-hex] {notifyname}
Syntax Description
-hex
(Optional) Displays the notifyname value as a hexadecimal format.
notifyname
Identifier to index the snmpNotifyTable.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the notifyname value (nonprintable delimiters for this parameter), you
must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for
example, 00:ab:34.
Examples
This example shows how to clear an SNMP notifyname from the snmpNotifyTable:
Console> (enable) clear snmp notify joe
Cleared SNMP notify table joe.
Console> (enable)
Related Commands
set snmp notify
show snmp notify
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-113
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp targetaddr
clear snmp targetaddr
To clear the SNMP target address entry in the TargetAddressTable, use the clear snmp targetaddr
command.
clear snmp targetaddr [-hex] {addrname}
Syntax Description
-hex
(Optional) Displays the addrname value as a hexadecimal format.
addrname
Name of the target agent; the maximum length is 32 bytes.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the addrname value (nonprintable delimiters for this parameter), you
must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for
example, 00:ab:34.
Examples
This example shows how to clear an SNMP target address entry in the snmpTargetAddressTable:
Console> (enable) clear snmp targetaddr joe
Cleared SNMP targetaddr joe.
Console> (enable)
Related Commands
set snmp targetaddr
show snmp targetaddr
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-114
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp targetparams
clear snmp targetparams
To clear the SNMP target parameters used in the snmpTargetParamsTable, use the clear snmp
targetparams command.
clear snmp targetparams [-hex] {paramsname}
Syntax Description
-hex
(Optional) Displays the paramsname value as a hexadecimal format.
paramsname Name of the target parameter in the snmpTargetParamsTable; the
maximum length is 32 bytes.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the paramsname value (nonprintable delimiters for this parameter), you
must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for
example, 00:ab:34.
Examples
This example shows how to remove the SNMP target parameters:
Console> (enable) clear snmp targetparams joe
Cleared SNMP targetparams table joe.
Console> (enable)
Related Commands
set snmp targetparams
show snmp targetparams
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-115
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp trap
clear snmp trap
To clear an entry from the SNMP trap receiver table, use the clear snmp trap command.
clear snmp trap {rcvr_addr} [all]
Syntax Description
rcvr_addr
IP address or IP alias of the trap receiver (the SNMP management
station) to clear.
all
(Optional) Specifies every entry in the SNMP trap receiver table.
Defaults
The default configuration has no entries in the SNMP trap receiver table.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear an entry from the SNMP trap receiver table:
Console> (enable) clear snmp trap 192.122.173.82
SNMP trap receiver deleted.
Console> (enable)
Related Commands
set snmp trap
show port counters
test snmp trap
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-116
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp user
clear snmp user
To remove an SNMP user, use the clear snmp user command.
clear snmp user [-hex] {username} [remote engineid]
Syntax Description
-hex
(Optional) Displays the username value as a hexadecimal format.
username
Name of the user on the host that connects to the agent.
remote engineid
(Optional) Specifies the username value on a remote SNMP engine.
Defaults
If a remote engine ID is not provided, the default local SNMP engine ID is used.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the username value (nonprintable delimiters for this parameter), you
must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for
example, 00:ab:34.
Examples
This example shows how to remove a user from an SNMP group:
Console> (enable) clear snmp user joe
Cleared SNMP user joe.
Console> (enable)
This example shows how to remove a user on a remote SNMP engine:
Console> (enable) clear snmp user joe remote 00:00:00:09:00:d0:00:4c:18:00
Cleared SNMP user.
Console> (enable)
Related Commands
set snmp user
show snmp user
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-117
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear snmp view
clear snmp view
To remove the MIB view entry from the vacmViewTreeFamilyTable, use the clear snmp view
command.
clear snmp view [-hex] {viewname subtree}
Syntax Description
-hex
(Optional) Displays the viewname value as a hexadecimal format.
viewname
Name of a MIB view.
subtree
Name of the subtree.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the viewname value (nonprintable delimiters for this parameter), you
must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for
example, 00:ab:34.
A MIB subtree used with a mask defines a view subtree that can be in OID format or a text name mapped
to a valid OID.
Examples
This example shows how to clear the SNMP MIB viewname:
Console> (enable) clear snmp view myview 1.1.3
Cleared snmp view myview with subtree 1.1.3
Console> (enable)
Related Commands
set snmp view
show snmp view
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-118
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree detected-protocols
clear spantree detected-protocols
To detect legacy bridges and the boundary ports of the MST region, use the clear spantree
detected-protocols command.
clear spantree detected-protocols mod/port
Syntax Description
mod/port
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear spantree detected-protocols command is available in MST mode and Rapid-PVST+ mode
only and is not saved in NVRAM. If you do not specify a mod/port number when you enter the clear
spantree detected-protocols command, protocol detection occurs on all connected ports.
Number of the module and the port on the module. See “Usage Guidelines” for more
information.
The clear spantree detected-protocols command and the set spantree mst redetect-protocol
command have the same functionality.
Examples
This example shows how to set protocol detection of legacy bridges and boundary ports on port 2 or
module 3:
Console> (enable) clear spantree detected-protocols 3/2
Spanning tree protocol detection forced on port 3/2
Console> (enable)
Related Commands
clear spantree mst
set spantree mode
set spantree mst config
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-119
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree mst
clear spantree mst
To clear the mapping of VLANs to an MST instance, use the clear spantree mst command.
clear spantree mst instance [vlan vlans]
Syntax Description
instance
Number of the instance or range of instances; valid values are from 0 to 15.
See the “Usage Guidelines” section for more information.
vlan vlans
(Optional) Specifies the VLAN number; valid values are from 1 to 1005 and
from 1025 to 4094.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter only one instance number, you also can enter a VLAN number. If you enter a range of
instance numbers, you cannot enter a VLAN number.
If you do not specify a VLAN, all VLANs are unmapped from the specified instance and added to MST
instance 0 (IST).
Examples
This example shows you how to clear VLAN 2 from MST instance 2:
Console> (enable) clear spantree mst 2 vlan 2
Console> (enable)
Related Commands
show spantree mst
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-120
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portcost
clear spantree portcost
To clear the port cost of a port on the switch, use the clear spantree portcost command.
clear spantree portcost mod/port [mst]
Syntax Description
mod/port
Number of the module and the port on the module.
mst
(Optional) Restores the default path cost to an MST instance on a port.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to restore the default path cost on a port:
Console> (enable) clear spantree portcost 3/1
Port 3/1 is using the cost 0.
Console> (enable)
This example shows how to restore the default path cost to all MST instances on a port:
Console> (enable) clear spantree portcost 8/1 mst
Port 8/1 MST is using the cost 20000 in MST mode.
Console> (enable)
Related Commands
set spantree portcost
show spantree statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-121
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portinstancecost
clear spantree portinstancecost
To restore the default path cost to an instance on a port, use the clear spantree portinstancecost
command.
clear spantree portinstancecost mod/port [mst] instances
Syntax Description
Defaults
mod/port
Number of the module and the port on the module.
mst
(Optional) Restores the default path cost to an MST instance on a port.
instances
Number of the instance; valid values are from 0 to 15.
The default path cost is based on port speed; see Table 2-7 for default settings.
Table 2-7
Default Port Cost—Short Mode
Port Speed
Default Port Cost
4 Mb
250
10 Mb
100
16 Mb
62
100 Mb
19
155 Mb
14
1 Gb
4
10 Gb
2
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is valid in MISTP and MST modes only.
Examples
This example shows how to restore the default path cost to an instance on a port:
Console> (enable) clear spantree portinstancecost 5/1 2
Port 5/1 mistp-instance 1-16 have path cost 200000.
Console> (enable)
This example shows how to restore the default path cost to all MST instances on a port:
Console> (enable) clear spantree portinstancecost 8/1 mst 0-15
Port 8/1 MST Instance 0-15 have path cost 20000.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-122
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portinstancecost
Related Commands
set spantree portinstancecost
show spantree statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-123
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portinstancepri
clear spantree portinstancepri
To restore the default path cost to an instance on a port, use the clear spantree portinstancepri
command.
clear spantree portinstancepri mod/port [mst] [instances]
Syntax Description
mod/port
Number of the module and the port on the module.
mst
(Optional) Resets the spanning tree port MST instance priority.
instances
(Optional) Number of the instance; valid values are from 0 to 15.
Defaults
The default is the port priority is set to 0 with no instances specified.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is valid in MISTP and MST modes only.
Examples
This example shows how to reset the spanning tree port instance priority:
Console> (enable) clear spantree portinstancepri 5/1 2
Port 5/1 instances 1-16 using portpri 32.
Console> (enable)
This example shows how to reset the spanning tree port priority for all MST instances:
Console> (enable) clear spantree portinstancepri 8/1 mst 0-15
Port 8/1 MST Instances 0-15 using portpri 32
Console> (enable)
Related Commands
set spantree portinstancepri
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-124
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portpri
clear spantree portpri
To clear the port priority of a port on the switch, use the clear spantree portpri command.
clear spantree portpri mod/port [mst]
Syntax Description
mod/port
Number of the module and the port on the module.
mst
(Optional) Resets the MST port priority.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the spanning tree port priority:
Console> (enable) clear spantree portpri 3/1
Port 3/1 is using the cost 32.
Console> (enable)
This example shows how to clear the MST port priority:
Console> (enable) clear spantree portpri 8/1 mst
Port 8/1 is using the priority 32 in MST mode.
Console> (enable)
Related Commands
set spantree portpri
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-125
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portvlancost
clear spantree portvlancost
To restore the default path cost to a VLAN on a port, use the clear spantree portvlancost command.
clear spantree portvlancost mod/port [vlans]
Syntax Description
Defaults
mod/port
Number of the module and the port on the module.
vlans
(Optional) Number of the VLAN; valid values are from 1 to 1000 and from
1025 to 4094.
The default path cost is based on port speed; see Table 2-8 and Table 2-9 for default settings.
Table 2-8
Default Port Cost—Short Mode
Port Speed
Default Port Cost
4 Mb
250
10 Mb
100
16 Mb
62
100 Mb
19
155 Mb
14
1 Gb
4
10 Gb
2
Table 2-9
Default Port Cost—Long Mode
Port Speed
Default Port Cost
100 Kb
200,000,000
1 Mb
20,000,000
10 Mb
2,000,000
100 Mb
200,000
1 Gb
20,000
10 Gb
2,000
100 Gb
200
1 Tb
20
10 Tb
2
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-126
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portvlancost
Usage Guidelines
This command is valid in PVST+ mode only.
If you do not specify a VLAN, all VLANs are cleared.
Examples
These examples show how to restore the default path cost to a VLAN on a port:
Console> (enable) clear spantree portvlancost 2/10 1-10
Port 2/10 VLANs 11-21 have path cost 6
Port 2/10 VLANs 1-10,22-1000 have path cost 10.
Console> (enable)
Console> (enable) clear spantree portvlancost 2/10
Port 2/10 VLANs 1-1000 have path cost 10.
Console> (enable)
Related Commands
set spantree portvlancost
show spantree statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-127
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree portvlanpri
clear spantree portvlanpri
To reset the spanning tree port VLAN priority, use the clear spantree portvlanpri command.
clear spantree portvlanpri mod/port [vlans]
Syntax Description
mod/port
Number of the module and the port on the module.
vlans
(Optional) Number of the VLAN; valid values are from 1 to 1000
and from 1025 to 4094.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to reset the spanning tree port VLAN priority:
Console>
Port 1/2
Port 1/2
Console>
Related Commands
(enable) clear spantree portvlanpri 1/2 23-40
vlans 3,6-20,23-1000 using portpri 32
vlans 1-2,4-5,21-22 using portpri 30
(enable)
set spantree portvlanpri
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-128
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree root
clear spantree root
To restore the spanning tree bridge priority, hello time, maxage, and forward delay on the switch to their
default values, use the clear spantree root command.
clear spantree root [vlans]
clear spantree root mistp-instance instances
clear spantree root mst instances
Syntax Description
Defaults
vlans
(Optional) Number of the VLAN; valid values are from 1 to 1000
and from 1025 to 4094.
mistp-instance
instances
Specifies the instance number; valid values are from 1 to 16.
mst instances
Specifies the MST instance number; valid values are 0 to 15.
The defaults are as follows:
•
switch priority is 32768
•
forward delay is 15 seconds
•
hello time is 2 seconds
•
maxage is 20 seconds
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the spanning tree root on a range of VLANs:
Console> (enable)
VLANs 1-20 bridge
VLANs 1-20 bridge
VLANs 1-20 bridge
VLANs 1-20 bridge
clear spantree root 1-20
priority set to 32678.
hello time set to 2 seconds.
max aging time set to 20 seconds.
forward delay set to 15 seconds.
This example shows how to clear the spanning tree root on two specific VLANs:
Console> (enable) clear spantree root 22,24
VLANs 22,24 bridge priority set to 32678.
VLANs 22,24 bridge hello time set to 2 seconds.
VLANs 22,24 bridge max aging time set to 20 seconds.
VLANs 22,24 bridge forward delay set to 15 seconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-129
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree root
This example shows how to clear the spanning tree root on an instance:
Console>
Instance
Instance
Instance
Instance
Console>
(enable)
1 bridge
1 bridge
1 bridge
1 bridge
(enable)
clear spantree root mistp-instance 1
priority set to 32768.
max aging time set to 20.
hello time set to 2.
forward delay set to 15.
This example shows how to clear the spanning tree root on an MST instance:
Console> (enable) clear spantree root mst 0
MST Instance s 0 bridge priority set to 32768.
Instances 0 bridge max aging time set to 20.
Instances 0 bridge hello time set to 2.
Instances 0 bridge forward delay set to 15.
Console> (enable)
Related Commands
set spantree root
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-130
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree statistics
clear spantree statistics
To clear the spanning tree statistics, use the clear spantree statistics command.
clear spantree statistics mod/port
clear spantree statistics vlans
clear spantree statistics mistp-instance instances
clear spantree statistics mst instances
clear spantree statistics bpdu
Syntax Description
mod/port
Number of the module and the port on the module.
vlans
(Optional) Number of the VLAN; valid values are from 1 to 1000
and from 1025 to 4094.
mistp-instance
instances
Specifies the instance number; valid values are from 1 to 16.
mst instances
Specifies the MST instance number; valid values are from 0 to 15.
bpdu
Clears the spanning tree BPDU counters. See the “Usage
Guidelines” section for more information.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enter the clear spantree statistics bpdu command, the counters for transmitted, received,
processed, and dropped BPDUs and the rate of these BPDUs are cleared.
Examples
This example shows how to clear the spanning tree statistics for VLAN 1:
Console> (enable) clear spantree statistics 1
Cleared all VLAN counters for VLAN 1
Statistics cleared for vlans 1
Console> (enable)
This example shows how to clear the spanning tree statistics for a port:
Console> (enable) clear spantree statistics 3/1
Statistics cleared for module 3/1
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-131
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree statistics
This example shows how to clear the spanning tree statistics for an instance:
Console> (enable) clear spantree statistics mistp-instance 2
Statistics cleared for instances 2
Console> (enable)
This example shows how to clear the spanning tree statistics for an MST instance:
Console> (enable) clear spantree statistics mst 0
Statistics cleared for MST instance: 0
Console> (enable)
This example shows how to clear the counter statistics for spanning tree BPDUs:
Console> (enable) clear spantree statistics bpdu
Spanning tree BPDU statistics cleared on the switch.
Console> (enable)
Related Commands
show spantree statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-132
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear spantree uplinkfast
clear spantree uplinkfast
To turn off the UplinkFast feature and to return the switch priority and port costs to the default settings,
use the clear spantree uplinkfast command.
clear spantree uplinkfast
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
In some cases, this command could cause load balancing on the switch to be lost.
Examples
This example shows how to turn off the UplinkFast feature and to return the switch priority to the default
settings:
Console> (enable) clear spantree uplinkfast
This command will cause all portcosts, portvlancosts, and the
bridge priority on all vlans to be set to default.
Do you want to continue (y/n) [n]? y
VLANs 1-1005 bridge priority set to 32768.
The port cost of all bridge ports set to default value.
The portvlancost of all bridge ports set to default value.
uplinkfast disabled for bridge.
Console> (enable)
Related Commands
set spantree uplinkfast
show spantree uplinkfast
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-133
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear system info-log command
clear system info-log command
To remove a show command from the system information logging index, use the clear system info-log
command command.
clear system info-log command {all | index_number}
Syntax Description
all
Removes all show commands from the system information logging index.
index_number
Removes a specific show command entry from the system information
logging index; valid values are from 1 to 15.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To display the index numbers of the show commands in the system information logging index, enter the
show system info-log command.
Examples
This example shows how to remove the second show command from the system information logging
index:
Console> (enable) clear system info-log command 2
Successfully cleared the configured command.
Console> (enable)
This example shows how to remove all show commands from the system information logging index:
Console> (enable) clear system info-log command all
Successfully cleared all the system commands configured.
Console> (enable)
Related Commands
clear config
set system info-log
show system info-log
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-134
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear tacacs key
clear tacacs key
To remove the key setting used for TACACS+ authentication and encryption, use the clear tacacs key
command.
clear tacacs key
Syntax Description
This command has no arguments or keywords.
Defaults
The default key value is null.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the key setting used for authentication and encryption:
Console> (enable) clear tacacs key
TACACS server key cleared.
Console> (enable)
Related Commands
set tacacs key
show tacacs
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-135
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear tacacs server
clear tacacs server
To remove a host from the list of TACACS+ servers, use the clear tacacs server command.
clear tacacs server ip_addr
Syntax Description
ip_addr
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove a server from the list of TACACS+ servers:
IP address of the server to be removed from the list of TACACS+
servers.
Console> (enable) clear tacacs server 170.1.2.20
170.1.2.20 cleared from TACACS table
Console> (enable)
Related Commands
show tacacs
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-136
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear timezone
clear timezone
To return the time zone to its default, UTC, use the clear timezone command.
clear timezone
Syntax Description
This command has no arguments or keywords.
Defaults
The default time zone is UTC.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear timezone command functions only when NTP is running. If you set the time manually and
NTP is disengaged, the clear timezone command has no effect.
Examples
This example shows how to clear the time zone:
Console> (enable) clear timezone
Timezone name and offset cleared.
Console> (enable)
Related Commands
set timezone
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-137
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear top
clear top
To stop the TopN process, use the clear top command.
clear top {all | report_num}
Syntax Description
all
Stops all nonpending TopN results.
report_num
TopN report number to kill; valid values are from 1 to 5.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear top all command will not kill any pending TopN reports. Only the reports with a done status
are killed.
You can terminate TopN processes without the background option (use the show top background
command to find out if the background option is used) by pressing Ctrl-C in the same Telnet/console
session or by entering the clear top [report_num] command from a separate Telnet/console session. The
prompt is not printed before the TopN report is completely displayed. Other commands will be blocked
until the report has been displayed.
Examples
This example shows how to stop the TopN 1 process from a console session:
Console> (enable) clear top 1
10/29/1998,12:05:38:MGMT-5: TopN report 1 killed by Console//.
Console> (enable)
This example shows how to stop the TopN 4 process from a Telnet session:
Console> (enable) clear top 4
10/29/1998,12:06:00:MGMT-5: TopN report 4 killed by telnet/172.22.34.2/.
Console> (enable)
Related Commands
show top
show top report
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-138
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear trunk
clear trunk
To restore a trunk port to its default trunk type and mode or to clear specific VLANs from the allowed
VLAN list for a trunk port, use the clear trunk command.
clear trunk mod/port [vlans]
Syntax Description
mod/port
Number of the module and the port on the module.
vlans
(Optional) Number of the VLAN to remove from the allowed
VLAN list; valid values are from 2 to 1005 and 1025 to 4094.
Defaults
For all ports except Multilayer Switch Module (MSM) ports, the default is auto negotiate. For MSM
ports, the default is off negotiate mode.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify VLANs, those VLANs are removed from the list of VLANs allowed on the trunk. Default
VLANs cannot be cleared on the trunk.
Traffic for the removed VLANs are not forwarded over a trunk port. To add VLANs that you have
removed, use the set trunk mod/port vlans command.
If you are trying to clear extended-range VLANs and sufficient space in NVRAM is not available, a
warning message displays and the command fails.
Examples
This example shows how to clear VLANs 200 through 500 from the trunk port on port 2 of module 1:
Console>
Removing
Port 1/2
Console>
(enable) clear trunk 1/2 200-500
Vlan(s) 200-500 from allowed list.
allowed vlans modified to 1-199,501-1000.
(enable)
This example shows the output if you attempt to clear a trunk when not enough NVRAM space is
available:
Console> (enable) clear trunk 2/18 1030-1999
Failed to clear extended range vlans from allowed list.
Not enough NVRAM space. Use the ‘set trunk’ command to restore
some existing entries to the default value.
Console> (enable)
Related Commands
set trunk
show trunk
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-139
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vlan
clear vlan
To delete an existing VLAN from a management domain or to clear VLANs that are secured by a
Firewall Services Module, use the clear vlan command.
clear vlan vlans
clear vlan {vlans} firewall-vlan {mod}
Syntax Description
vlans
Number of the VLAN; valid values are from 2 to 1000 and from 1025 to 4094.
firewall-vlan
Clears VLANs that are secured by a Firewall Services Module.
mod
Number of the module.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Follow these guidelines for deleting VLANs:
•
When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from
all switches in the same VTP domain.
•
When you delete a normal-range VLAN in VTP transparent mode, the VLAN is deleted only on the
current switch.
•
You can delete an extended-range VLAN only on the switch where it was created.
When you clear a VLAN, all ports assigned to that VLAN become inactive. However, the VLAN port
assignments are retained until you move the ports to another VLAN. If the cleared VLAN is reactivated,
all ports that are still configured on that VLAN are also reactivated. A warning is displayed if you clear
a VLAN that exists in the mapping table.
When you clear a private VLAN (primary, isolated, or community), the ports are set to inactive and are
not assigned to any VLAN. The private VLAN mappings for the selected VLAN are also cleared. ACL
to VLAN mappings are also deleted.
Examples
This example shows how to clear existing VLAN 4000 from a management domain:
Console> (enable) clear vlan 4000
This command will de-activate all ports on vlan 4
in the entire management domain
Do you want to continue(y/n) [n]? y
VLAN 4 deleted
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-140
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vlan
Related Commands
set vlan
show vlan
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-141
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vlan counters
clear vlan counters
To return the software-cached counters to 0 for all VLANs, use the clear vlan counters command.
clear vlan counters {vlans | all}
Syntax Description
vlans
Number of the VLAN or range of VLANs; valid values are from 1 to 1005
and from 1025 to 4094
all
Clears counters for all VLANs.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear counters for VLAN 1005:
Console> (enable) clear vlan counters 1005
This command will reset vlan couters for vlan 1005
Do you want to continue (y/n) [n]?y
Console> (enable)
Related Commands
show vlan counters
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-142
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vlan mapping
clear vlan mapping
To delete existing IEEE 802.1Q VLAN-to-ISL VLAN mappings or reserved-to-nonreserved VLAN
mapping, use the clear vlan mapping command.
clear vlan mapping dot1q {dot1q_vlan | all}
clear vlan mapping reserved {reserved_vlan | all}
Syntax Description
dot1q dot1q_vlan
Clears the IEEE 802.1Q VLAN-to-ISL VLAN mapping.
dot1q all
Clears all IEEE 802.1Q VLAN-to-ISL VLAN mappings.
reserved
reserved_vlan
Clears the specified reserved-to-nonreserved VLAN mapping.
reserved all
Clears all reserved-to-nonreserved VLAN mappings.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you clear a VLAN, all ports assigned to that VLAN become inactive. However, the VLAN port
assignments are retained until you move the ports to another VLAN. If the cleared VLAN is reactivated,
all ports that are still configured on that VLAN are also reactivated.
Examples
This example shows how to clear an existing mapped VLAN from the dot1q mapping table:
Console> (enable) clear vlan mapping dot1q 444
Vlan Mapping 444 Deleted.
Console> (enable)
This example shows how to clear all mapped VLANs from the mapping table:
Console> (enable) clear vlan mapping dot1q all
All Vlan Mapping Deleted.
Console> (enable)
This example shows how to clear mapped reserved VLANs from the mapping table:
Console> (enable) clear vlan mapping reserved 1007
Vlan Mapping 1007 Deleted.
Console> (enable)
Related Commands
set vlan
show vlan
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-143
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vmps rcp
clear vmps rcp
To delete the VMPS rcp username from the VMPS server table, use the clear vmps rcp command.
clear vmps rcp username
Syntax Description
username
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not enter a username, all rcp usernames are deleted.
Examples
This example shows how to clear a specific VMPS rcp username from the VMPS table:
Username up to 14 characters long.
Console> (enable) clear vmps rcp jdoe
Console> (enable)
Related Commands
set rcp username
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-144
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vmps server
clear vmps server
To delete a VMPS server from the VMPS server table, use the clear vmps server command.
clear vmps server ip_addr
Syntax Description
ip_addr
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear a VMPS server from the VMPS table:
IP address or host name of the VMPS server to be deleted.
Console> (enable) clear vmps server 192.168.255.255
VMPS domain server 192.168.255.255 cleared from VMPS table.
Console> (enable)
This example shows the results of trying to clear a nonexistent VMPS server from the VMPS table:
Console> (enable) clear vmps server 192.168.255.255
VMPS domain server 192.168.255.255 not in VMPS table.
Console> (enable)
Related Commands
reconfirm vmps
set vmps server
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-145
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vmps statistics
clear vmps statistics
To delete existing VMPS statistics, use the clear vmps statistics command.
clear vmps statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete existing VMPS statistics:
Console> (enable) clear vmps statistics
VMPS and dynamic vlan statistics cleared.
Console> (enable)
Related Commands
show vmps statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-146
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vtp pruneeligible
clear vtp pruneeligible
To specify which VLANs in the VTP domain are ineligible for pruning, use the clear vtp pruneeligible
command.
clear vtp pruneeligible vlans...
Syntax Description
vlans...
Defaults
The default is VLANs 2 through 1005 are eligible for pruning.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates
if no stations belong to that VLAN out a particular switch port. Use the set vtp command to enable VTP
pruning.
Number of VLANs to make pruning ineligible; valid values are
from 1 to 1005.
By default, VLANs 2 through 1000 are pruning eligible. Use the clear vtp pruneeligible command to
make VLANs pruning ineligible.
If VLANs are pruning ineligible, use the set vtp pruneeligible command to make the VLANs pruning
eligible again.
Examples
This example shows how to make VLANs 200 through 500 pruning ineligible:
Console> (enable) clear vtp pruneeligible 200-500
Vlans 1,200-500,1001-1005 will not be pruned on this device.
VTP domain Company modified.
Console> (enable)
Related Commands
set vtp
set vtp pruneeligible
show vtp domain
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-147
2
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
clear vtp statistics
clear vtp statistics
To delete VTP statistics, use the clear vtp statistics command.
clear vtp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear VTP statistics:
Console> (enable) clear vtp statistics
vtp statistics cleared.
Console> (enable)
Related Commands
set vtp
show vtp statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-149
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
commit
commit
To commit all ACEs or a specific ACE in NVRAM that has not been written to hardware, use the
commit command.
commit qos acl {acl_name | all | adjacency}
commit security acl {acl_name | all | adjacency}
Syntax Description
qos acl
Specifies QoS ACEs.
acl_name
Name that identifies the VACL whose ACEs are to be committed.
all
Commits ACEs for all the ACLs.
adjacency
Commits adjacency table entries.
security acl
Specifies security ACEs.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The commit command commits all ACEs in NVRAM that have not been written to hardware. Any
committed ACL with no ACEs is deleted. We recommend that you enter ACEs in batches and enter the
commit command to save all of them in hardware and NVRAM.
Examples
This example shows how to commit a specific QoS ACE to NVRAM:
Console> (enable) commit qos acl my_acl
Hardware programming in progress...
ACL my_acl is committed to hardware.
Console> (enable)
This example shows how to commit a specific security ACE to NVRAM:
Console> (enable) commit security acl IPACL2
ACL commit in progress.
ACL IPACL2 is committed to hardware.
Console> (enable)
This example shows how to commit an adjacency table entry to NVRAM:
Console> (enable) commit security acl adjacency
Commit operation in progress.
Adjacency successfully committed.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-150
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
commit
Related Commands
rollback
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-151
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
commit lda
commit lda
To commit ASLB configuration that has not been written to hardware to NVRAM, use the commit lda
command.
commit lda
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to commit ASLB configuration to NVRAM:
Console> (enable) commit lda
Commit operation in progress...
Successfully committed Local Director Accelerator.
Console> (enable)
Related Commands
clear lda
set lda
show lda
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-152
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
configure
configure
To download a configuration file from an rcp server or the network and execute each command in that
file, use the configure command.
configure {host file}[rcp]
configure network
Syntax Description
host
IP address or IP alias of the host.
file
Name of the file.
rcp
(Optional) Specifies rcp as the file transfer method.
network
Specifies interactive prompting for the host and the file.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Refer to the Catalyst 6500 Series Switch Software Configuration Guide on how to construct a
configuration file to download using the configure command.
Following is a sample file called system5.cfg in the /tftpboot directory:
begin
show time
set ip alias conc7 198.133.219.207
set ip alias montreux 198.133.119.42
set ip alias cres 192.122.174.42
set prompt system5>
set password
# empty string old password
pingpong
pingpong
end
#
Each line contains a command, except lines that begin with ! or #.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-153
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
configure
Examples
This example shows how to download the system5.cfg configuration file from the 192.122.174.42 host:
Console> (enable) configure 192.122.174.42 system5.cfg
Configure using system5.cfg from 192.122.174.42 (y/n) [n]? y
/
Done. Finished Network Download. (446 bytes)
>> show time
Wed May 19 1999, 17:42:50
>> set ip alias conc7 198.133.219.207
IP alias added.
>> set ip alias montreux 198.133.219.40
IP alias added.
>> set ip alias cres 192.122.174.42
IP alias added.
>> set prompt system5>
>> set password
Enter old password:
Enter new password: pingpong
Retype new password: pingpong
Password changed.
system5> (enable)
Related Commands
copy
show config
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-154
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
confreg
confreg
To configure the configuration register utility, use the confreg command.
confreg [num]
Syntax Description
num
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Usage Guidelines
Executed with the confreg argument num, the VCR changes to match the number specified.
(Optional) Valid values are 0 = ROM monitor, 1 = boot helper
image, and 2 to 15 = boot system.
Without the argument, confreg dumps the contents of the VCR in English and allows you to alter the
contents.
You are prompted to change or keep the information held in each bit of the VCR. In either case, the new
VCR value is written into NVRAM and does not take effect until you reset or power cycle the platform.
You must issue a sync command to save your change. Otherwise, the change is not saved and a reset
removes your change.
Examples
This example shows how to use the confreg command:
rommon 7 > confreg
Configuration Summary
enabled are:
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]:
enable “diagnostic mode”? y/n [n]: y
enable “use net in IP bcast address”? y/n [n]:
enable “load rom after netboot fails”? y/n [n]:
enable “use all zero broadcast”? y/n [n]:
enable “break/abort has effect”? y/n [n]:
enable “ignore system config info”? y/n [n]:
change console baud rate? y/n [n]: y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
change the boot characteristics? y/n [n]: y
y
[0]:
0
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-155
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
confreg
enter to boot:
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
[0]: 0
Configuration Summary
enabled are:
diagnostic mode
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n
[n]:
You must reset or power cycle for new config to take effect
Related Commands
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-156
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
context
context
To display the context of a loaded image, use the context command.
context
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Usage Guidelines
The context from the kernel mode and process mode of a booted image are displayed, if available.
Examples
This example shows how to display the context of a loaded image:
rommon
Kernel
Reg
-----zero
AT
v0
v1
a0
a1
a2
a3
t0
t1
t2
t3
t4
t5
t6
t7
HI
EPC
Stat
6 > context
Level Context:
MSW
LSW
---------- ---------: 00000000
00000000
: 00000000
3e800000
: 00000000
00000003
: 00000000
00000000
: 00000000
0000002b
: 00000000
00000003
: 00000000
00000000
: 00000000
60276af8
: 00000000
00000b84
: 00000000
3e800004
: 00000000
00000239
: 00000000
34008301
: ffffffff
ffff83fd
: 00000000
0000003f
: 00000000
00000000
: ffffffff
ffffffff
: 00000000
00000008
: 00000000
60033054
: 34408302
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reg
----s0
s1
s2
s3
s4
s5
s6
s7
t8
t9
k0
k1
gp
sp
s8
ra
LO
ErrPC
Cause
MSW
LSW
---------- ---------: 00000000
34008301
: 00000000
00000001
: 00000000
00000003
: 00000000
00000000
: 00000000
60276af8
: ffffffff
ffffffff
: 00000000
60276c58
: 00000000
0000000a
: 00000000
34008300
: ffffffff
ac000000
: 00000000
00000400
: 00000000
6024eb5c
: 00000000
60252920
: 00000000
60276a98
: 00000000
601fbf33
: 00000000
6006d380
: 00000000
00000000
: ffffffff
bfc070c8
: 00002020
Process Level Context:
Reg
MSW
LSW
------ ---------- ---------zero
: 00000000
00000000
AT
: 00000000
3e820000
v0
: 00000000
00000081
v1
: 00000000
00000074
|
|
|
|
|
|
Reg
----s0
s1
s2
s3
MSW
LSW
---------- ---------: 00000000
00000074
: 00000000
60276c58
: 00000000
601fbac0
: 00000000
00000036
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-157
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
context
a0
a1
a2
a3
t0
t1
t2
t3
t4
t5
t6
t7
HI
EPC
Stat
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
00000000
00000000
00000000
00000000
00000000
00000000
00000000
ffffffff
00000000
00000000
00000000
ffffffff
00000000
00000000
34008303
00000400
60276c58
00000074
00000000
00000400
00000400
00000000
ffff00ff
600dcc10
0000003f
00000000
ffffffff
00000008
600dfd38
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
s4
s5
s6
s7
t8
t9
k0
k1
gp
sp
s8
ra
LO
ErrPC
Cause
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
00000000
ffffffff
00000000
00000000
00000000
ffffffff
00000000
00000000
00000000
ffffffff
00000000
00000000
00000000
ffffffff
ffffffff
0000000f
ffffffff
60276c58
0000000a
34008300
ac000000
30408401
30410000
60252920
80007ce8
601fbf33
600dfd20
00000000
ffffffff
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-158
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
copy
copy
To upload or download a Flash image or a switch configuration to or from a Flash device, rcp server, or
TFTP server, use the copy command.
copy file-id {tftp | rcp | flash | file-id | config}
copy tftp {flash | file-id | config}
copy rcp {flash | file-id | config}
copy flash {tftp | rcp | file-id | config}
copy config {flash | file-id | tftp | rcp} [all]
copy acl config {flash | file-id | tftp | rcp}
copy cfg1 {tftp | rcp | flash | config | cfg2} [all]
copy cfg2 {tftp | rcp | flash | config | cfg1} [all]
copy ftp {flash | file-id | config}
Syntax Description
Defaults
file-id
Format used to specify the file on the Flash device, where the format is
m/device:filename.
m/ = Option that gives access to different modules, such as the standby
supervisor engine or an Ethernet module.
device: = Device where the Flash resides.
filename = Name of the configuration file.
tftp
Allows you to copy to or from a TFTP server.
rcp
Specifies the file be copied to or from an rcp server.
flash
Supports downloading of multiple modules.
config
Allows you to copy the configuration to Flash memory, another Flash device,
or a file on a TFTP server.
acl config
Copies the ACL configuration manually to a file. See the “Usage Guidelines”
section before using this command.
cfg1
Specifies the first startup configuration file on the supervisor engine.
cfg2
Specifies the second startup configuration file on the supervisor engine.
all
(Optional) Specifies that the entire configuration be copied to the specified
destination configuration file.
ftp
Allows you to copy to or from an FTP server.
If a source or destination device is not given, the one specified by the cd command is used. If a
destination filename is omitted, the source filename is used.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-159
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
copy
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use the copy command to perform these tasks:
Caution
•
Download a system image or configuration file from a TFTP or rcp server to a Flash device.
•
Upload a system image or configuration file from a Flash device to a TFTP or rcp server.
•
Configure the switch using a configuration file on a Flash device or on a TFTP or rcp server.
•
Copy the current configuration to a Flash device or to a TFTP or rcp server.
•
Manually copy the ACL configuration to a file.
Manual copying can only be used if acl config is set to flash and you enable the auto-config append
option. If you disable the append option, the configuration clears before executing the auto-config file;
see the set boot config-register auto-config command.
If you do not specify the source or destination device, the command uses the ones specified by the cd
command. If you omit the destination filename, the source filename is used.
The copy config, copy cfg1, and copy cfg2 commands copy only nondefault commands to the
destination configuration file. Use the keyword all to copy both default and nondefault configurations.
If you do not specify a source or destination Flash device, the default Flash device (specified by the cd
command) is used. Use the pwd command to display the current default Flash device. If you omit the
destination filename, the system uses the source filename.
The system stores image and configuration files in the sysname.cfg file when you define a system name
using the set system name command; otherwise, it uses the default myswitch.cfg file.
A colon (:) is required after the specified device.
If you use the flash keyword as the copy source or destination, you are prompted for the Flash device
name.
If you are copying a software image to multiple intelligent switching modules of the same type, use the
flash keyword as the copy destination. The switch automatically determines which modules to copy the
image to based on the header in the source image file. If you want to copy a software image to a single
intelligent switching module in a switch with multiple modules of the same type, you must specify the
destination file-id as m/bootflash: (do not specify a filename).
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-160
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
copy
Examples
This example shows how to use the copy command to upload the switch configuration to a file named
cat.cfg on the slot0 Flash device:
Console> (enable) copy config slot0:cat.cfg
Upload configuration to slot0:cat.cfg
649324 bytes available on device slot0, proceed (y/n) [n]? y
.........
.........
.........
........
.........
.
/
Configuration has been copied successfully. (10200 bytes)
Console> (enable)
This example shows how to use the copy command to upload the switch configuration to a file named
lab2.cfg on the TFTP server:
Console> (enable) copy config tftp:lab2.cfg
IP address or name of remote host [172.20.22.7]? y
Upload configuration to tftp:lab2.cfg (y/n) [n]? y
.........
.........
.........
.
/
Configuration has been copied successfully. (10299 bytes).
Console> (enable)
This example shows how to use the copy command to upload the switch configuration to the cat.cfg file
on the slot0 Flash device:
Console> (enable) copy config flash
Flash device [bootflash]? slot0:
Name of file to copy to [test_image]? cat.cfg
Upload configuration to slot0:cat.cfg
749124 bytes available on device slot0, proceed (y/n) [n]? y
.........
.........
.........
........
.
/
Configuration has been copied successfully. (200345 bytes).
Console> (enable)
These examples show how to use the copy command to download a configuration from a TFTP server:
Console> (enable) copy slot0:cat.cfg config
Configure using slot0:cat.cfg (y/n) [n]? y
/
Finished download. (10900 bytes)
>> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set prompt Console>
>> set length 24 default
Screen length set to 24.
>> set logout 20
..........
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-161
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
copy
Console> (enable) copy tftp config
IP address or name of remote host? 172.20.22.7
Name of configuration file? cat.cfg
Configure using cat.cfg from 172.20.22.7 (y/n) [n]? y
/
Finished network download. (10900 bytes)
>> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set prompt Console>
>> set length 24 default
Screen length set to 24.
>> set logout 20
...........
Console> (enable)
Console> (enable) copy flash config
Flash device [bootflash]?
Name of configuration file? test.cfg
Configure using bootflash:test.cfg (y/n) [n]? y
/
Finished download. (10900 bytes)
>> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set prompt Console>
>> set length 24 default
Screen length set to 24.
>> set logout 20
.....
Console> (enable)
This example shows how to copy the running configuration to an rcp server for storage:
Console> (enable) copy config rcp
IP address or name of remote host []? 172.20.52.3
Name of file to copy to []? cat6000_config.cfg
Upload configuration to rcp:cat6000_config.cfg, (y/n) [n]? y
.....
..........
.......
..........
...........
..
/
Configuration has been copied successfully.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-162
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
copy
This example shows how to configure a Catalyst 6500 series switch using a configuration file
downloaded from an rcp server:
Console> (enable) copy rcp config
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? dns-config.cfg
Configure using rcp:dns-config.cfg (y/n) [n]? y
/
Finished network download. (134 bytes)
>>
>> set ip dns server 172.16.10.70 primary
172.16.10.70 added to DNS server table as primary server.
>> set ip dns server 172.16.10.140
172.16.10.140 added to DNS server table as backup server.
>> set ip dns enable
DNS is enabled
>> set ip dns domain corp.com
Default DNS domain name set to corp.com
Console> (enable)
This example shows how to upload an image from a remote host into Flash using an rcp server:
Console> (enable) copy rcp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat6000-sup-d.6-1-1.bin
Flash device [bootflash]?
Name of file to copy to [cat6000-sup-d.6-1-1.bin]?
4369664 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console> (enable)
This example shows how to download a configuration to the first startup configuration file (cfg1) on a
supervisor engine:
Console> (enable) copy tftp cfg1
IP address or name of remote host [172.20.32.10]?
Name of file to copy from [/tftpboot/my.cfg]?
Download config file from /tftpboot/my.cfg to cfg1 (y/n) [n]?
.........
File has been copied to cfg1.
Console> (enable)
This example shows how to copy the ACL configuration to a bootflash file manually:
Console> (enable) copy acl config bootflash:switchapp.cfg
Upload configuration to bootflash:dan.cfg
2843644 bytes available on device bootflash, proceed (y/n) [n]? y
.........
.........
/
Configuration has been copied successfully.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-163
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
copy
Related Commands
clear ftp
configure
set boot config-register
set boot config-register auto-config
set ftp
show ftp
write
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-164
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
delete
delete
To delete a configuration file, use the delete command.
delete [[m/]device:]filename
Syntax Description
m/
(Optional) Module number of the supervisor engine containing the Flash
device.
device:
(Optional) Device where the Flash resides.
filename
Name of the configuration file.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A colon (:) is required after the specified device.
Examples
This example shows how to delete the cat6000-sup-d.5-5-1.bin configuration file from the Flash device
and then verify the deletion by entering the show flash command:
Console> (enable) delete bootflash:cat6000-sup-d.5-5-1.bin
Console> (enable)
Console> (enable) show flash
-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name
1 .D ffffffff 5415406e 3300b8
25 3080247 Jan 12 2000 13:22:46
cat6000-sup-d.6-1-1.bin
2 .. ffffffff 762950d6 6234d0
25 3093399 Jan 13 2000 12:33:14
cat6000-sup-d.6-1-1.bin
1428272 bytes available (6173904 bytes used)
Console> (enable)
Related Commands
dir—switch
show flash
squeeze
undelete
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-165
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
dev
dev
To list the device IDs available on a switch, use the dev command.
dev
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Examples
This example shows how to use the dev command:
rommon 10 > dev
Devices in device table:
id name
bootflash: bootflash
slot0: PCMCIA slot 0
eprom: eprom
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-166
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
dir—ROM monitor
dir—ROM monitor
To list the files of the named device, use the dir command.
dir device
Syntax Description
device
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Examples
This example shows how to use the dir command:
ID of the device.
rommon 11 > dir flash:
File size
65 bytes (0x41)
2229799 bytes (0x220627)
Checksum
0xb49d
0x469e
File name
clev/oddfile65
clev/sierra-k.Z
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-167
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
dir—switch
dir—switch
To display a list of files on a Flash memory device, use the dir command.
dir [[m/]device:][filename] [all | deleted | long]
Syntax Description
m/
(Optional) Module number of the supervisor engine containing the Flash
device.
device:
(Optional) Device where the Flash resides.
filename
(Optional) Name of the configuration file.
all
(Optional) Displays all files, deleted or not.
deleted
(Optional) Displays only deleted files.
long
(Optional) Displays files that have not been deleted, in long format.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Normal and privileged.
Usage Guidelines
A colon (:) is required after the specified device.
When you specify the all keyword, the file information is displayed in long format.
When you omit all keywords (all, deleted, or long), the system displays file information in short format.
Short format is shown in Table 2-10.
Table 2-10 Short Format
Column Heading
Description
#
File index number
length
File length
date/time
Date and time the file was created
name
Filename
When you use one of the keywords (all, deleted, or long), the system displays file information in long
format. The long format is shown in Table 2-11.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-168
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
dir—switch
Table 2-11 Long Format
Examples
Column Heading
Description
#
File index number
ED
Letter to indicate whether the file contains an error (E) or is
deleted (D)
type
File type (1 = configuration file, 2 = image file); when the file type is
unknown, the system displays a zero or FFFFFFFF in this field
crc
File cyclic redundancy check
seek
Offset into the file system of the next file
nlen
Filename length
length
File length
date/time
Date and time the file was created
name
Filename
This example shows how to display the file information in short format:
Console> (enable) dir
-#- -length- -----date/time------ name
1 6061822 Mar 03 2000 15:42:49 cat6000-sup.6-1-1.bin
2 6165044 Mar 13 2000 14:40:15 cat6000-sup.5-5-1.bin
3763660 bytes available (12227124 bytes used)
Console> (enable)
This example shows how to display the file information in long format:
Console> (enable) dir long
-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name
1 .. ffffffff f3a3e7c1 607f80
24 6061822 Mar 03 2000 15:42:49 cat6000-sup.
6-1-1.bin
2 .. ffffffff aa825ac6 be9234
24 6165044 Mar 13 2000 14:40:15 cat6000-sup.
5-5-1.bin
3763660 bytes available (12227124 bytes used)
Console> (enable)
Related Commands
show flash
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-169
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
disable
disable
To return to normal mode from privileged mode, use the disable command.
disable
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to return to normal mode:
Console> (enable) disable
Console>
Related Commands
enable
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-170
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
disconnect
disconnect
To close an active console port or Telnet session, use the disconnect command.
disconnect {ip_addr | console}
Syntax Description
ip_addr
IP address or IP alias.
console
Denotes an active console port.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If multiple sessions from the same IP address exist, the disconnect command checks if the current
process is also from the same IP address. If it is not, all Telnet sessions from the specified IP address are
disconnected. If it is, all sessions, other than the current session, are disconnected. The system prompts
whether or not to disconnect the current Telnet session. You can answer n and remain connected or
answer y and be disconnected.
Examples
This example shows how to close a Telnet session to host 198.134.214.4:
Console> (enable) disconnect 198.134.214.4
Telnet session from 198.134.214.4 disconnected. (1)
Console> (enable)
This example shows how to close the current console session:
Console> (enable) disconnect console
Console session disconnected.
Console> (enable)
Related Commands
telnet
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-171
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
download
download
To copy a software image from a specified host to the Flash memory of a designated module, use the
download command.
download host file [mod] [rcp]
download serial
download vmps
download boot flash_device:filename mod_num
download epld file [mod [force]]
Syntax Description
host
Name or IP address of host.
file
Name of file to be downloaded.
mod
(Optional) Number of the module to receive the downloaded image.
rcp
(Optional) Specifies rcp as the file transfer method.
serial
Specifies download through a serial port.
vmps
Downloads VMPS.
boot
Downloads an image to the boot ROM of a module.
flash_device: Name of the software image to be downloaded.
filename
mod_num
Number of the module to receive the downloaded image.
epld
Updates the module’s Erasable Programmable Logic Device
(EPLD) image file.
file
Name of the EPLD image file.
force
(Optional) Updates the existing EPLD image file on the module
with the new EPLD image regardless of the version of the existing
image.
Defaults
If a module number is not specified, the image is downloaded to all modules for which the image is valid.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Catalyst 6500 series switches download new code to the processors using Kermit serial download
through the EIA/TIA-232 console port.
The download command downloads code to the module Flash memory. Catalyst 6500 series switch
software rejects an image if it is not a valid image for the module.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-172
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
download
The download serial command uses Kermit through the serial EIA/TIA-232 console port. The
download serial command is not allowed from a Telnet session.
Before you can execute the download vmps command successfully, you must use the set vmps
downloadserver command to configure the IP address of the TFTP server and the name of the VMPS
configuration file on that server. If the IP address of the TFTP server is not configured, the
download vmps command reports an error. If the configuration filename is not configured, the
download vmps command uses the default filename vmps-config-database.1.
After a successful download, the new VMPS information replaces any existing information. If there are
not enough resources to build the new configuration database, the VMPS is made inactive.
If you specify the module number, the download goes to the specified module, but the download will
fail if the module is of a different type than is indicated by the download header. If you do not specify
the module number, the download goes to all modules of that type.
Caution
After starting the serial download using Kermit, do not attempt to abort the serial download by pressing
Ctrl-C. Pressing Ctrl-C interrupts the download process and could leave the switch in a problematic
state. If the switch is in a problematic state as a result of pressing Ctrl-C, reboot the switch.
If you enter the download epld file command without specifying a module, the new EPLD image is
downloaded to all compatible modules where the new EPLD image version is greater than the existing
version on the module. If the download epld file mod command is used with the force keyword, the
existing EPLD image on a module is upgraded with the new EPLD image regardless of the version level
of the existing image.
Caution
Examples
If you remove the module while the EPLD image is updating, the module might not come back online.
This example shows how to download the c6000_spv11.bin file from the mercury host to the supervisor
engine (by default):
Console>
Download
\
Finished
FLASH on
(enable) download mercury c6000_spv11.bin
image c6000_spv11.bin from mercury to module 1FLASH (y/n) [n]? y
network single module download. (2418396 bytes)
Catalyst:
Type
Intel 28F008
Address
20000000
Location
NMP (P3) 4MB SIM
Erasing flash sector...done.
Programming flash sector...done.
Erasing flash sector...done.
Programming flash sector...done.
The system needs to be reset to run the new image.
Console> (enable)
This example shows how to download the acpflash_1111.bbi file from the mercury host to module 3:
Console> (enable) download mercury acpflash_1111.bbi 3
This command will reset Module 3.
Download image acpflash_1111.bbi from mercury to Module 3 FLASH (y/n) [n]? y
/
Done. Finished network download. (1964012 bytes)
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-173
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
download
This sample session shows how to connect to a remote terminal from a Sun workstation and how to use
the download serial command to copy a software image to the supervisor engine:
[At local Sun workstation]
host% kermit
C-Kermit 5A(172) ALPHA, 30 Jun 95, SUNOS 4.0 (BSD)
Type ? or ’help’ for help
C-Kermit> set line /dev/ttyb
C-Kermit> c
Connecting to /dev/ttyb, speed 9600.
The escape character is ^ (ASCII 28).
Type the escape character followed by C to get back,
or followed by ? to see other options.
Console> enable
Enter Password:
Console> (enable) set system baud 19200
^\C
[Back at local Sun workstation]
C-Kermit> set speed 19200
/dev/ttyb, 19200 bps
C-Kermit> c
Connecting to /dev/ttyb, speed 19200.
The escape character is ^ (ASCII 28).
Type the escape character followed by C to get back,
or followed by ? to see other options.
Console> (enable) download serial
Download Supervisor image via console port (y/n) [n]? y
Concentrator Boot ROM (Ver 1.00)
Waiting for DOWNLOAD!!
Return to your local Machine by typing its escape sequence
Issue Kermit send command from there[ Send ‘Filename‘]
^\C
[Back at Local System]
C-Kermit> send c6000_xx.bin
SF
c6000_xx.bin => C6000_XX.BIN, Size: 1233266
X to cancel file, CR to resend current packet
Z to cancel group, A for status report
E to send Error packet, Ctrl-C to quit immediately: ..........................
...............................................................................
...... [OK]
ZB
C-Kermit> quit
host%
This example shows how to download a ROM image to module 9:
Console> (enable) download boot bootflash:boot542.ubin 9
Warning!! This command replaces the existing boot code on Module 9.
Please verify with TAC that the file specified is appropriate for WS-X6408-GBIC.
Use this command with caution.
Do you want to continue (y/n) [n]? y
Download boot image start...
Download boot code completed.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-174
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
download
This example shows how to upgrade the EPLD image in force mode on the module in slot 5:
Console> (enable) download epld aq_cr128_art.bin 5 force
CCCCCC
Device found requiring upgrade in slot 5.
########################################################
#
W A R N I N G
#
#
#
# Any disruptions to the module during programming may #
# leave the module or system in an inconsistent state. #
# Please ensure that the system or module does not get #
# switched off or reset during the programming process.#
# Programming may take a minute or two, depending on
#
# the number of devices updated. Please wait for the #
# module to come back online before continuing.
#
#
#
#
W A R N I N G
#
########################################################
This command may reset module 5.
Updating fabric modules may significantly affect system performance while the update is
occurring.
Do you wish to update the devices in slot 5 (y/n) [n]? y
Updating programmable devices in slot 5. This may take a minute...
JAM Message -> Device #1 Silicon ID is ALTERA98(00)
JAM Message -> programming 7K device(s)...
JAM Message -> verifying 7K device(s)...
JAM Message -> DONE
Programming successful, updating EPLD revisions.
2002 Aug 09 06:32:22 %SYS-4-NVLOG:EpldUpdate:Module 5 EPLD A updated from rev 1 to rev 1
Waiting for module to come online.
..........2002 Aug 09 06:32:33 %SYS-5-MOD_OK:Module 5 is online
.
################################################################################
E P L D
P R O G R A M M I N G
C O M P L E T E
Found 1 devices requiring upgrades, 1 attempted, 1 updated, 0 failed
################################################################################
Console> (enable) 2002 Aug 09 06:32:34 %SYS-4-NVLOG:EpldUpdate:Module 5 EPLD A s
prom updated to rev 1
Console> (enable)
Related Commands
reset—switch
set system supervisor-update
show flash
show rcp
show system supervisor-update
show version
show vmps
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-175
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
enable
enable
To activate privileged mode, use the enable command. In privileged mode, additional commands are
available, and certain commands display additional information.
enable
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The (enable) in the prompt indicates that the system is in privileged mode and that commands can be
entered.
Examples
This example shows how to enter privileged mode:
Console> enable
Enter password:
Console> (enable)
Related Commands
disable
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-176
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
format
format
To format bootflash or a Flash PC card (a Flash device must be formatted before it can be used), use the
format command.
format [spare spare-num] [m/]device1: [[device2:][monlib-filename]]
Syntax Description
spare spare_num
(Optional) Indicates the number of spare sectors to reserve when
other sectors fail.
m/
(Optional) Module number of the supervisor engine containing the
Flash device.
device1:
Flash device to be formatted.
device2:
(Optional) Flash device that contains the monlib file to be used to
format device1:.
monlib-filename
(Optional) Name of the monlib file.
Defaults
The default number of spare sectors is 0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A colon (:) is required after the specified device.
You can reserve up to 16 spare sectors for use when other sectors fail. If you do not reserve a spare sector
and later some sectors fail, you will have to reformat the entire Flash memory, which will erase all
existing data.
The monlib file is the ROM monitor library used by the ROM monitor to access files in the Flash file
system. It is also compiled into the system image. In the command syntax, device1: is the device to
format and device2: contains the monlib file to use.
When you omit the [[device2:][monlib-filename]] argument, the system formats device1: using the
monlib that is bundled with the system software.
When you omit device2: from the [[device2:][monlib-filename]] argument, the system formats device1:
using the named monlib file from the device specified by the cd command.
When you omit monlib-filename from the [[device2:][monlib-filename]] argument, the system formats
device1: using the monlib file from device2:. When you specify the whole [[device2:][monlib-filename]]
argument, the system formats device1: using the specified monlib file from the specified device.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-177
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
format
You can also specify device1:monlib-filename as the device and filename to be used, as follows:
format device1: [device1: [monlib-filename]]
If monlib-filename is omitted, the system formats device1: using the built-in monlib file on the device.
Examples
Note
When the system cannot find a monlib file, the system terminates the formatting process.
Note
If the Flash device has a volume ID, you must provide the volume ID to format the device. The volume
ID is displayed using the show flash m/device: filesys command.
This example shows how to format a Flash PC card:
Console> (enable) format slot0:
All sectors will be erased, proceed (y/n) [n]?y
Enter volume id (up to 31 characters):
Formatting sector 1
Format device slot0 completed.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-178
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
frame
frame
To display an individual stack frame, use the frame command.
frame [-d | -p] [num]
Syntax Description
-d
(Optional) Specifies a monitor context.
-p
(Optional) Specifies a booted image process level context.
num
(Optional) Number of the frame to display, where 0 = youngest frame.
Defaults
The default is a booted image kernel context, which is the youngest frame.
Command Types
ROM monitor command.
Command Types
Normal.
Usage Guidelines
The minus sign (-) is required with the -d and -p options.
Examples
This example shows how to use the frame command to specify a booted image process level context,
frame 1:
rommon 6 > frame -p 1
Stack Frame 1, SP = 0x80007ed8, Size = 32 bytes
[0x80007ed8 : sp + 0x000] = 0x6031de50
[0x80007edc : sp + 0x004] = 0x6031c000
[0x80007ee0 : sp + 0x008] = 0x00000000
[0x80007ee4 : sp + 0x00c] = 0x80007ec4
[0x80007ee8 : sp + 0x010] = 0x00000002
[0x80007eec : sp + 0x014] = 0x00000000
[0x80007ef0 : sp + 0x018] = 0x60008770
[0x80007ef4 : sp + 0x01c] = 0x600087f0
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-179
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
fsck
fsck
To check a Flash file system for damage and to repair any problems, use the fsck command.
fsck [m/]device: [automatic]
Syntax Description
m/
(Optional) Number of the module that contains the Flash device.
device:
Name of the Flash device; valid device names are disk0: and disk1:.
automatic
(Optional) Specifies automatic mode. See the “Usage Guidelines” section
for more information.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
In automatic mode, problems are fixed automatically and you are not prompted to confirm any changes
that will be made to the file system.
Examples
This example shows how to check a file system for damage and to make repairs. First, enter the dir
command to list files on a device and to display the file that is corrupted:
Console> (enable) dir disk0:
3
-rw556
Mar
4
-rw556
Mar
5
-rw556
Mar
6
-rw258048
Mar
CORRUPTED
Console> (enable)
06
06
06
06
2049
2049
2049
2049
16:26:16
16:26:16
16:26:16
16:26:16
t1
t2
t3
t4
128090112 bytes available (16384 bytes used)
Then, enter the fsck command to repair the corrupted file:
Console> (enable) fsck disk0:
Checking the partition table and boot sector...
Checking FAT, Files and Directories...
File size of disk0:/t4 is not correct, correcting it
Reclaiming unused space...
Updating FAT...
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-180
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
fsck
Enter the dir command again to see that the corrupted file is corrected:
Console> (enable) dir disk0:
3
-rw556
Mar
4
-rw556
Mar
5
-rw556
Mar
6
-rw4096
Mar
CORRECT
Console> (enable)
Related Commands
06
06
06
06
2049
2049
2049
2049
16:26:16
16:26:16
16:26:16
16:26:16
t1
t2
t3
t4
dir—switch
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-181
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
history—ROM monitor
history—ROM monitor
To display the command history (the last 16 commands executed in the ROM monitor environment), use
the history command. This command is aliased to “h” by the ROM monitor for convenience.
history
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Examples
This example shows how to use the history command:
rommon 13 > history
1
help
2
break -s 0x20090
3
break -s 10090
4
break -s 0xa0001000
5
cont
6
help
7
dev
8
dir
9
dir bootflash:
10 dis
11 dis 0xa0001000
12 dis 0xbe000000
13 history
=============================================================================
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-182
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
history—switch
history—switch
To show the contents of the command history buffer, use the history command.
history
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The history buffer size is fixed at 20 commands. See the “Command-Line Interfaces” chapter for
detailed information about the command history feature.
Examples
In this example, the history command lists the contents of the command history buffer:
Console>
1
2
Console>
history
1
2
3
Console>
history
help
history
!2
help
history
history
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-183
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
l2trace
l2trace
To display the Layer 2 path taken by the packets that start at a specified source address and end at a
specified destination address, use the l2trace command.
l2trace src_mac_addr dest_mac_addr [vlan] [detail]
l2trace src_ip_addr dest_ip_addr [detail]
Syntax Description
src_mac_addr
Source MAC address.
dest_mac_addr
Destination MAC address.
vlan
(Optional) Number of the VLAN.
src_ip_addr
Source IP address or alias.
dest_ip_addr
Destination IP address or alias.
detail
(Optional) Specifies detailed information.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Types
Privileged.
Usage Guidelines
All the intermediate devices should be Catalyst 5000 family or Catalyst 6500 series switches running
supervisor engine software release 6.1 or later. Catalyst 4500 series switches must be running supervisor
engine software release 6.2 or later.
The l2trace command displays the Layer 2 path when the specified source and destination addresses
belong to the same VLAN. If you specify source and destination addresses that belong to different
VLANs, l2trace aborts with an error message.
You must enable CDP on all the Catalyst 4500 series, Catalyst 5000 family, or Catalyst 6500 series
switches in the network.
When the switch detects a device (in the Layer 2 path) that does not belong to the Catalyst 4500 series,
Catalyst 5000 family, or Catalyst 6500 series switches, the switch continues to send Layer 2 trace
queries and lets them time out.
This command is rejected if you enter a multicast source or destination MAC address.
If a source or the destination address belongs to multiple VLANs, you must specify the VLAN to be used for
determining the Layer 2 path.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-184
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
l2trace
The Layer 2 trace feature is not supported when multiple devices are attached to one port through hubs
(for example, multiple CDP neighbors detected on a port). When more than one CDP neighbor is
detected on the port, l2trace is aborted.
If you specify the IP address of the source and destination systems instead of the MAC addresses, the switch
looks at the ARP table to determine the IP address to MAC address mapping of the source and destination
systems. If an ARP entry exists for the specified IP address, the corresponding MAC address is used. If no
matching ARP entry exists, the system does an ARP query and tries to resolve the IP address. If this is the
case, a restriction is imposed that requires the source and destination systems to be in the same subnet as the
switch in order for the ARP query to be resolved.
Examples
This example shows how to display the Layer 2 packet path for a specified source and destination MAC
address:
Console> (enable) l2trace 00-01-22-33-44-55 10-22-33-44-55-66 detail
l2trace vlan number is 10.
00-01-22-33-44-55 found in C5500 named wiring-1 on port 4/1 10Mb half duplex
C5500: wiring-1: 192.168.242.10: 4/1 10Mb half duplex -> 5/2 100MB full duplex
C5000: backup-wiring-1: 192.168.242.20: 1/1 100Mb full duplex -> 3/1-4 FEC attached
C5000: backup-core-1: 192.168.242.30: 4/1-4 FEC attached -> 1/1-2 GEC attached
C6000: core-1: 192.168.242.40: 1/1-2 GEC attached -> 2/1 10MB half duplex.
10-22-33-44-55-66 found in C6000 named core-1 on port 2/1 10MB half duplex.
Console> (enable)
This example shows how to display the Layer 2 packet path for a specified source and destination IP
alias:
Console> (enable) l2trace user-1-pc user-2-pc detail
Mapping IP address to MAC Address
user-1-pc -> 00-01-22-33-44-55
user-2-pc -> 10-22-33-44-55-66
l2trace vlan number is 10
00-01-22-33-44-55 found in C5500 named wiring-1 on port 4/1 10Mb half duplex
C5500: wiring-1: 192.168.242.10: 4/1 10Mb half duplex -> 5/2 100MB full duplex
C5000: backup-wiring-1: 192.168.242.20: 1/1 100Mb full duplex -> 3/1-4 FEC attached
C5000: backup-core-1: 192.168.242.30: 4/1-4 FEC attached -> 1/1-2 GEC attached
C6000: core-1: 192.168.242.40: 1/1-2 GEC attached -> 2/1 10MB half duplex.
10-22-33-44-55-66 found in C6000 named core-1 on port 2/1 10MB half duplex.
Console> (enable)
This example shows how to display a summary of Layer 2 packet path information for a specified source
and destination IP address:
Console> (enable) l2trace 9.7.0.7 9.7.0.6
Starting L2 Trace
sc0 :9.7.0.7 : 3/7
4/16 :9.7.0.2 : 4/10
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-185
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
l2trace
This example shows how to display a summary of Layer 2 packet path information for a specified source
and destination MAC address:
Console> (enable) l2trace 00-01-22-33-44-55 10-22-33-44-55-66
Starting L2 Trace
sc0 :9.7.0.7 : 3/7
4/16 :9.7.0.2 : 4/10
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-186
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
meminfo
meminfo
To display information about the main memory, packet memory, and NVRAM, use the meminfo
command. With the -l option, the supported DRAM configurations are displayed.
meminfo [-l]
Syntax Description
-l
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Usage Guidelines
The minus sign (-) is required with the -l option.
Examples
This example shows how to use the meminfo command:
(Optional) Specifies the long listing, which displays the DRAM configurations.
rommon 9 > meminfo
Main memory size: 16 MB in 32 bit mode.
Available main memory starts at 0xa000e000, size 16328KB
IO (packet) memory size: 25 percent of main memory.
NVRAM size: 32KB
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-187
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
ping
ping
To send ICMP echo-request packets to another node on the network, use the ping command. You can
also use the ping command without arguments to configure ping.
ping -s host
ping -s host [packet_size] [packet_count]
ping
Syntax Description
Defaults
-s
Causes ping to send one datagram per second, printing one line of output
for every response received.
host
IP address or IP alias of the host.
packet_size
(Optional) Number of bytes in a packet, from 56 to 1472 bytes.
packet_count
(Optional) Number of packets to send; valid values are from 0 to
2,147,483,647.
The defaults for ping -s are as follows:
•
packet_size is 56 bytes
•
packet_count is 2,147,483,647
The defaults for ping with no arguments are as follows:
•
packet_size is 56 bytes
•
packet_count is 5
•
Wait time is 2 seconds
•
Target IP address is none (this is a mandatory field)
•
Source address is the host IP address
Command Types
Switch command.
Command Modes
Normal or privileged.
Usage Guidelines
General ping command guidelines are as follows:
•
Press Ctrl-C to stop pinging.
•
Continuous ping means that, unless you press Ctrl-C to stop pinging, packets are generated
continually and dispatched to the host.
•
The actual packet size is 8 bytes larger than the size you specify because the switch adds
header information.
•
Normal response—The normal response occurs in 1 to 10 seconds, depending on network traffic.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-188
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
ping
The guidelines for the ping -s command are as follows:
•
The maximum waiting time before timing out is 2 seconds.
•
A new ping packet is generated after 1 second of sending the previous packet, regardless of whether
or not an echo-reply is received.
•
If you do not enter a packet count, continuous ping results.
•
Network or host unreachable—The switch found no corresponding entry in the route table.
•
Destination does not respond—If the host does not respond, a “no answer from host” appears in
2 seconds.
•
Destination unreachable—The gateway for this destination indicates that the destination is
unreachable.
The guidelines for the ping command without arguments are as follows:
•
The ping host command is accepted in normal mode only. The parameters take the default values
automatically.
•
The target IP address is a mandatory field to be entered.
•
The maximum waiting time is configurable.
•
A new ping packet is generated only when an echo-reply is received.
•
Entering a packet count of 0 results in continuous ping.
•
Returns output only when a response is received or you press Return.
•
Available in privileged mode only.
•
When configuring ping, you must either press Return or enter a response. Valid responses and
appropriate values are as follows:
– Target IP address: IP address or host name of the destination node you plan to ping.
– Number of Packets: Number of ping packets to be sent to the destination address; valid values
are from 0 to 2,147,483,647 (0 specifies continuous ping).
– Datagram size: Size of the ping packet; valid values are from 56 to 1472 bytes.
– Timeout in seconds: Timeout interval; valid values are from 0 to 3600 seconds.
– Source IP Address [(default)]: IP address or IP alias of the source.
Examples
This example shows how to ping a host with IP alias elvis a single time:
Console> ping elvis
!!!!!
-----172.20.52.19 PING Statistics-----5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/1/1
Console>
This example shows how to ping a host with IP alias elvis once per second until you press Ctrl-C to stop
pinging:
Console> ping -s elvis
ping elvis: 56 data bytes
64 bytes from elvis: icmp_seq=0.
64 bytes from elvis: icmp_seq=1.
64 bytes from elvis: icmp_seq=2.
64 bytes from elvis: icmp_seq=3.
time=11 ms
time=8 ms
time=8 ms
time=7 ms
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-189
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
ping
64 bytes from elvis: icmp_seq=4. time=11 ms
64 bytes from elvis: icmp_seq=5. time=7 ms
64 bytes from elvis: icmp_seq=6. time=7 ms
^C
----elvis PING Statistics---7 packets transmitted, 7 packets received, 0% packet loss
round-trip (ms) min/avg/max = 7/8/11
Console>
This example shows how to configure ping:
Console> (enable) ping
Target IP Address []: 172.20.52.19
Number of Packets [5]: 6
Datagram Size [56]: 75
Timeout in seconds [2]: 1
Source IP Address [172.20.52.18]:
!!!!!!
----172.20.52.19 PING Statistics---6 packets transmitted, 6 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/1/1
Console> (enable)
Related Commands
set interface
set ip route
show interface
show ip route
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-190
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
pwd
pwd
To show the current setting of the cd command, use the pwd command.
pwd [[m/]device:]
Syntax Description
m/
(Optional) Module number of the supervisor engine containing the
Flash device.
device:
(Optional) Device where the Flash resides.
Defaults
If no module number or device is specified, pwd defaults to the first module of the active device.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A colon (:) is required after the specified device.
Examples
This example shows how to use the pwd command to display the current listing of the cd command:
Console> cd slot0:
Default flash device set to slot0.
Console> pwd
slot0
Related Commands
cd
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-191
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
quit
quit
To exit a CLI session, use the quit command.
quit
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The exit and logout commands perform the same function as the quit command.
Examples
This example shows how to quit a CLI session:
Console> quit
Connection closed by foreign host.
host%
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-192
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
reconfirm vmps
reconfirm vmps
To reconfirm the current dynamic port VLAN membership assignments with the VMPS server, use the
reconfirm vmps command.
reconfirm vmps
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
VMPS database changes are not conveyed automatically to switches participating in VMPS. Therefore,
after making a VMPS database change, use this command on VMPS clients and servers to apply the
database changes.
Examples
This example shows how to reconfirm the current dynamic port VLAN membership with VMPS:
Console> (enable) reconfirm vmps
reconfirm process started
Use 'show dvlan statistics' to see reconfirm status
Console> (enable)
Related Commands
show dvlan statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-193
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
reload
reload
To force a module to accept a download through SCP, use the reload command. This command resets
the module and prompts you to initiate a download when the reset is complete.
reload module
Syntax Description
module
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is used if a module is accidently reset during the downloading of an image. After the
reset, a normal download will not work. You must enter the reload module command followed by the
download host file [mod] command.
Examples
This example shows how to reset module 3 and download the acpflash_1111.bbi file from the mercury
host to the module:
Number of the module.
Console> (enable) reload 3
Console> (enable) download mercury acpflash_1111.bbi 3
This command will reset Module 3.
Download image acpflash_1111.bbi from mercury to Module 3 FLASH (y/n) [n]? y
/
Done. Finished network download. (1964012 bytes)
Console> (enable)
Related Commands
download
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-194
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
repeat
repeat
To repeat a command, use the repeat command.
repeat [num | string]
Syntax Description
number
(Optional) Number of the command.
string
(Optional) Command string.
Defaults
If no argument is specified, the last command is repeated.
Command Types
ROM monitor command.
Command Modes
Normal.
Usage Guidelines
The optional command number (from the history buffer list) or match string specifies which command
to repeat.
In the match string, the most recent command to begin with the specified string is executed again.
If the string contains white space, you must use quotation marks.
This command is usually aliased to the letter “r.”
Examples
These examples show how to use the repeat command. You use the history command to display the list
of previously entered commands:
rommon 22 > history
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
dir
dir bootflash:
dis
dis 0xa0001000
dis 0xbe000000
history
meminfo
meminfo -l
meminfo
meminfo -l
meninfo
meminfo
meminfo -l
meminfo -l
history
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-195
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
repeat
rommon 23 > repeat dir
dir bootflash:
File size
1973032 bytes (0x1e1b28)
rommon 24 > repeat
dir bootflash:
File size
1973032 bytes (0x1e1b28)
rommon 25 > repeat 15
meminfo -l
Checksum
File name
0xdadf5e24
llue
Checksum
File name
0xdadf5e24
llue
Main memory size: 16 MB.
Packet memory size: 0 MB
Main memory size: 0x1000000
Available main memory starts at 0xa000e000, size 0xff2000
NVRAM size: 0x20000
Parity Map for the DRAM Banks
Socket 0 in Bank 0 Has No Parity
Socket 1 in Bank 0 Has No Parity
Socket 0 in Bank 1 Has No Parity
Socket 1 in Bank 1 Has No Parity
==========================================================================
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-196
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
reset—ROM monitor
reset—ROM monitor
To perform a soft reset of the switch, use the reset ROM monitor command.
reset [-s]
Syntax Description
-s
Defaults
The default Flash device is slot0.
Command Types
ROM monitor command.
Command Modes
Normal.
Usage Guidelines
This command will not boot the MSFC if the PFC is not present in the Catalyst 6500 series switch.
Examples
This example shows how to use the reset command:
(Optional) Resets the entire switch.
rommon 26 > reset
System Bootstrap, Version 3.1(1.69)
Copyright (c) 1994-1997 by cisco Systems, Inc.
Supervisor processor with 16384 Kbytes of main memory
rommon 1 >
===========================================================================
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-197
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
reset—switch
reset—switch
To restart the system or an individual module, schedule a system reset, or cancel a scheduled reset, use
the reset command.
reset [mod | system | mindown]
reset [mindown] at {hh:mm} [mm/dd] [reason]
reset [mindown] in [hh:] {mm} [reason]
reset [cancel]
reset {mod} [bootdevice[,bootdevice]]
Syntax Description
mod
(Optional) Number of the module to be restarted.
system
(Optional) Resets the system.
mindown
(Optional) Performs a reset as part of a minimal downtime software
upgrade in a system with a redundant supervisor engine.
at
Schedules a system reset at a specific future time.
hh:mm
Hour and minute of the scheduled reset.
mm/dd
(Optional) Month and day of the scheduled reset.
reason
(Optional) Reason for the reset.
in
Schedules a system reset in a specific time.
hh
(Optional) Number of hours into the future to reset the switch.
mm
Number of minutes into the future to reset the switch.
cancel
(Optional) Cancels the scheduled reset.
mod
Number of the Network Analysis Module (NAM) or Intrusion
Detection System Module (IDSM).
bootdevice
(Optional) Boot device identification; for format guidelines, see the
“Usage Guidelines” section.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a module number (either a switching module or the active supervisor engine
module), the command resets the entire system.
You can use the reset mod command to switch to the redundant supervisor engine, where mod is the
module number of the active supervisor engine.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-198
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
reset—switch
You can use the reset mindown command to reset the switch as part of a minimal downtime software
upgrade in a system with a redundant supervisor engine. For complete information on performing a
minimal downtime software upgrade, refer to the Catalyst 6500 Series Software Configuration Guide
for your switch.
Caution
If you make configuration changes after entering the reset mindown command but before the active
supervisor engine resets, the changes are not saved. Input from the CLI is still accepted by the switch
while the redundant supervisor engine is reset. Changes that you make to the configuration between the
time when you enter the reset mindown command and the time when the supervisor engine comes
online running the new software image are not saved or synchronized with the redundant supervisor
engine.
If you reset an intelligent module (such as the Catalyst 6500 series MSM or MSFC), both the module
hardware and software are completely reset.
When entering the bootdevice, use the format device[:device_qualifier] where:
Examples
•
device = pcmcia, hdd, network
•
device_qualifier hdd = number from 1 to 99
•
pcmcia = slot0 or slot1
This example shows how to reset the supervisor engine on a Catalyst 6500 series switch with redundant
supervisor engines:
Console> (enable) reset 1
This command will force a switch-over to the standby supervisor module
and disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Connection closed by foreign host.
host%
This example shows how to reset module 4:
Console> (enable) reset 4
This command will reset module 4 and may disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Resetting module 4...
Console> (enable)
This example shows how to schedule a system reset for a specific future time:
Console> (enable) reset at 20:00
Reset scheduled at 20:00:00, Wed Mar 15 2000.
Proceed with scheduled reset? (y/n) [n]? y
Reset scheduled for 20:00:00, Wed Mar 15 2000 (in 0 day 5 hours 40 minutes).
Console> (enable)
This example shows how to schedule a reset for a specific future time and include a reason for the reset:
Console> (enable) reset at 23:00 3/15 Software upgrade to 6.1(1).
Reset scheduled at 23:00:00, Wed Mar 15 2000.
Reset reason: Software upgrade to 6.1(1).
Proceed with scheduled reset? (y/n) [n]? y
Reset scheduled for 23:00:00, Wed Mar 15 2000 (in 0 day 8 hours 39 minutes).
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-199
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
reset—switch
This example shows how to schedule a reset with minimum downtime for a specific future time and
include a reason for the reset:
Console> (enable) reset mindown at 23:00 3/15 Software upgrade to 6.1(1).
Reset scheduled at 23:00:00, Wed Mar 15 2000.
Reset reason: Software upgrade to 6.1(1).
Proceed with scheduled reset? (y/n) [n]? y
Reset mindown scheduled for 23:00:00, Wed Mar 15 2000 (in 0 day 8 hours 39 minutes).
Console> (enable)
This example shows how to schedule a reset after a specified time:
Console> (enable) reset in 5:20 Configuration update
Reset scheduled in 5 hours 20 minutes.
Reset reason: Configuration update
Proceed with scheduled reset? (y/n) [n]? y
Reset scheduled for 19:56:01, Wed Mar 15 2000 (in 5 hours 20 minutes).
Reset reason: Configuration update
Console> (enable)
This example shows how to cancel a scheduled reset:
Console> (enable) reset cancel
Reset cancelled.
Console> (enable)
Related Commands
commit
show reset
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-200
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
reset—switch
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-201
78-15474-01
2F2
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
restore counters
restore counters
To restore MAC and port counters, use the restore counters command.
restore counters [all | mod/ports]
Syntax Description
all
(Optional) Specifies all ports.
mod/ports
(Optional) Number of the module and the ports on the module.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a range of ports to be restored, then all ports on the switch are restored.
Examples
This example shows how to restore MAC and port counters:
Console> (enable) restore counters all
This command will restore all counter values reported by the CLI to the hardware counter
values.
Do you want to continue (y/n) [n]? y
MAC and Port counters restored.
Console> (enable)
Related Commands
clear counters
show port counters
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-202
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
rollback
rollback
To clear changes made to the ACL edit buffer since its last save, use the rollback command. The ACL
is rolled back to its state at the last commit command.
rollback qos acl {acl_name | all}
rollback security acl {acl_name | all | adjacency}
Syntax Description
qos acl
Specifies QoS ACEs.
acl_name
Name that identifies the VACL whose ACEs are to be affected.
all
Rolls back all ACLs.
security acl
Specifies security ACEs.
adjacency
Rolls back all adjacency tables.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the edit buffer of a specific QoS ACL:
Console> (enable) rollback qos acl ip-8-1
Rollback for QoS ACL ip-8-1 is successful.
Console> (enable)
This example shows how to clear the edit buffer of a specific security ACL:
Console> (enable) rollback security acl IPACL1
IPACL1 editbuffer modifications cleared.
Console> (enable)
Related Commands
commit
show qos acl info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-203
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
session
session
To open a session with a module (for example, the MSM, NAM, or ATM), use the session command.
This command allows you to use the module-specific CLI.
session mod
Syntax Description
mod
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After you enter this command, the system responds with the Enter Password: prompt, if one is configured
on the module.
Number of the module.
To end the session, enter the quit command.
Use the session command to toggle between router and switch sessions.
For information on ATM commands, refer to the ATM Software Configuration Guide and Command
Reference for the Catalyst 5000 Family and 6500 Series Switches.
For information on NAM commands, refer to the Catalyst 6000 Family Network Analysis Module
Installation and Configuration Note and the Catalyst 6500 Series and Cisco 7600 Series Network
Analysis Module Command Reference.
Examples
This example shows how to open a session with an MSM (module 4):
Console> session 4
Trying Router-4...
Connected to Router-4.
Escape character is `^]'.
Router>
Related Commands
quit
switch console
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-204
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set
set
To display all of the ROM monitor variable names with their values, use the set command.
set
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
ROM monitor command.
Command Modes
Normal.
Examples
This example shows how to display all of the ROM monitor variable names with their values:
rommon 2 > set
PS1=rommon ! >
BOOT=
?=0
Related Commands
varname=
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-205
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting commands
set accounting commands
To enable command event accounting on the switch, use the set accounting commands command.
set accounting commands enable {config | enable | all} [stop-only] {tacacs+}
set accounting commands disable
Syntax Description
enable
Enables the specified accounting method for commands.
config
Permits accounting for configuration commands only.
enable
Permits accounting for enable mode commands only.
all
Permits accounting for all commands.
stop-only
(Optional) Applies the accounting method at the command end.
tacacs+
Specifies TACACS+ accounting for commands.
disable
Disables accounting for commands.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send records at the end of the event only using a TACACS+ server:
Console> (enable) set accounting commands enable config stop-only tacacs+
Accounting set to enable for commands-config events in stop-only mode.
Console> (enable)
Related Commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set accounting update
set tacacs server
show accounting
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-206
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting connect
set accounting connect
To enable accounting of outbound connection events on the switch, use the set accounting connect
command.
set accounting connect enable {start-stop | stop-only} {tacacs+ | radius}
set accounting connect disable
Syntax Description
enable
Enables the specified accounting method for connection events.
start-stop Applies the accounting method at the start and stop of the connection event.
stop-only Applies the accounting method at the end of the connection event.
tacacs+
Specifies TACACS+ accounting for connection events.
radius
Specifies RADIUS accounting for connection events.
disable
Disables accounting of connection events.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable
accounting.
Examples
This example shows how to enable accounting on Telnet and remote login sessions, generating records
at stop only using a TACACS+ server:
Console> (enable) set accounting connect enable stop-only tacacs+
Accounting set to enable for connect events in stop-only mode.
Console> (enable)
Related Commands
set accounting commands
set accounting exec
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-207
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting exec
set accounting exec
To enable accounting of normal login sessions on the switch, use the set accounting exec command.
set accounting exec enable {start-stop | stop-only} {tacacs+ | radius}
set accounting exec disable
Syntax Description
enable
Enables the specified accounting method for normal login sessions.
start-stop
Specifies the accounting method applies at the start and stop of the
normal login sessions.
stop-only
Specifies the accounting method applies at the end of the normal
login sessions.
tacacs+
Specifies TACACS+ accounting for normal login sessions.
radius
Specifies RADIUS accounting for normal login sessions.
disable
Disables accounting for normal login sessions.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable
accounting.
Examples
This example shows how to enable accounting of normal login sessions, generating records at start and
stop using a RADIUS server:
Console> (enable) set accounting exec enable start-stop radius
Accounting set to enable for exec events in start-stop mode.
Console> (enable)
This example shows how to enable accounting of normal login sessions, generating records at stop using
a TACACS+ server:
Console> (enable) set accounting exec enable stop-only tacacs+
Accounting set to enable for exec events in stop-only mode.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-208
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting exec
Related Commands
set accounting commands
set accounting connect
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-209
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting suppress
set accounting suppress
To enable or disable suppression of accounting information for a user who has logged in without a
username, use the set accounting suppress command.
set accounting suppress null-username {enable | disable}
Syntax Description
null-username
Specifies users must have a user ID.
enable
Enables suppression for a specified user.
disable
Disables suppression for a specified user.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to suppress accounting information for users without a username:
Console> (enable) set accounting suppress null-username enable
Accounting will be suppressed for user with no username.
Console> (enable)
This example shows how to include users without the username accounting event information:
Console> (enable) set accounting suppress null-username disable
Accounting will be not be suppressed for user with no username.
Console> (enable)
Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting system
set accounting update
set tacacs server
show accounting
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-210
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting system
set accounting system
To enable accounting of system events on the switch, use the set accounting system command.
set accounting system enable {start-stop | stop-only} {tacacs+ | radius}
set accounting system disable
Syntax Description
enable
Enables the specified accounting method for system events.
start-stop
Specifies the accounting method applies at the start and stop of the
system event.
stop-only
Specifies the accounting method applies at the end of the system
event.
tacacs+
Specifies TACACS+ accounting for system events.
radius
Specifies RADIUS accounting for system events.
disable
Disables accounting for system events.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable
accounting.
Examples
This example shows how to enable accounting for system events, sending records only at the end of the
event using a RADIUS server:
Console> (enable) set accounting system enable stop-only radius
Accounting set to enable for system events in start-stop mode.
Console> (enable)
This example shows how to enable accounting for system events, sending records only at the end of the
event using a TACACS+ server:
Console> (enable) set accounting system enable stop-only tacacs+
Accounting set to enable for system events in start-stop mode.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-211
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting system
Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-212
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set accounting update
set accounting update
To configure the frequency of accounting updates, use the set accounting update command.
set accounting update {new-info | {periodic [interval]}}
Syntax Description
new-info
Specifies an update when new information is available.
periodic
Specifies an update on a periodic basis.
interval
(Optional) Periodic update interval time; valid values are from 1 to
71582 minutes.
Defaults
The default is accounting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send accounting updates every 200 minutes:
Console> (enable) set accounting update periodic 200
Accounting updates will be periodic at 200 minute intervals.
Console> (enable)
This example shows how to send accounting updates only when there is new information:
Console> (enable) set accounting update new-info
Accounting updates will be sent on new information only.
Console> (enable)
Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set tacacs server
show accounting
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-213
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set acllog ratelimit
set acllog ratelimit
To limit the number of packets sent to the route processor CPU for bridged ACEs, use the set acllog
ratelimit command.
set acllog ratelimit rate
Syntax Description
rate
Defaults
ACL log rate limiting is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After entering the set acllog ratelimit command or the clear acllog command, you must either reset the
route processor or perform a shut/not shut on the route processor interfaces that have ACEs with the log
keyword applied.
Number of packets per second; valid values are 1 to 1000. See the “Usage Guidelines”
section for more information.
After entering the set acllog ratelimit command, the reset or shut/no shut action causes the bridged
ACEs to be redirected to the route processor with rate limiting.
To disable ACL log rate limiting, enter the clear acllog command. After entering the clear acllog
command, the reset or shut/no shut action causes the system to return to its previous behavior. The bridge
action remains unchanged.
If the number of packets per second is greater than the rate that you specify, the packets that exceed the
specified rate are dropped.
A rate value of 500 is recommended.
Examples
This example shows how to enable ACL logging and to specify a rate of 500 for rate limiting:
Console> (enable) set acllog ratelimit 500
If the ACLs-LOG were already applied, the rate limit mechanism will be effective on system
restart, or after shut/no shut the interface.
Console> (enable)
Related Commands
clear acllog
show acllog
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-214
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set alias
set alias
To define aliases (shorthand versions) of commands, use the set alias command.
set alias name command [parameter] [parameter]
Syntax Description
name
Alias being created.
command
Command for which the alias is being created.
parameter
(Optional) Parameters that apply to the command for which an alias is being
created.
Defaults
The default is no aliases are configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
You can set a maximum of 100 aliases on the switch.
For additional information about the parameter value, see the specific command for information about
applicable parameters.
Examples
This example shows how to set the alias for the clear arp command as arpdel:
Console> (enable) set alias arpdel clear arp
Command alias added.
Console> (enable)
Related Commands
clear alias
show alias
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-215
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set arp
set arp
To add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for
the table, use the set arp command.
set arp [dynamic | permanent | static] {ip_addr hw_addr}
set arp agingtime agingtime
Syntax Description
dynamic
(Optional) Specifies that entries are subject to ARP aging updates.
permanent
(Optional) Specifies that permanent entries are stored in NVRAM until they
are removed by the clear arp or clear config command.
static
(Optional) Specifies that entries are not subject to ARP aging updates.
ip_addr
IP address or IP alias to map to the specified MAC address.
hw_addr
MAC address to map to the specified IP address or IP alias.
agingtime
Sets the period of time after which an ARP entry is removed from the ARP
table.
agingtime
Number of seconds that entries will remain in the ARP table before being
deleted; valid values are from 0 to 1,000,000 seconds. Setting this value to 0
disables aging.
Defaults
The default is no ARP table entries exist; ARP aging is set to 1200 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When entering the hw_addr value, use a 6-hexadecimal byte MAC address in canonical
(00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format.
Static (nonpermanent) entries remain in the ARP table until you reset the active supervisor engine.
Examples
This example shows how to configure a dynamic ARP entry mapping that will age out after the
configured ARP aging time:
Console> (enable) set arp dynamic 198.133.219.232 00-00-0c-40-0f-bc
ARP entry added.
Console> (enable)
This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800
ARP aging time set to 1800 seconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-216
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set arp
This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after
a system reset:
Console> (enable) set arp permanent 198.146.232.23 00-00-0c-30-0f-bc
Permanent ARP entry added as
198.146.232.23 at 00-00-0c-30-0f-bc on vlan 5
Console> (enable)
This example shows how to configure a static ARP entry, which will be removed from the ARP cache
after a system reset:
Console> (enable) set arp static 198.144.239.22 00-00-0c-50-0f-bc
Static ARP entry added as
198.144.239.22 at 00-00-0c-50-0f-bc on vlan 5
Console> (enable)
Related Commands
clear arp
show arp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-217
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authentication enable
set authentication enable
To enable authentication using the TACACS+, RADIUS, or Kerberos server to determine if you have
privileged access permission, use the set authentication enable command.
set authentication enable {radius | tacacs | kerberos} enable [console | telnet | http | all]
[primary]
set authentication enable {enable | disable} [console | telnet | http | all] [primary]
set authentication enable local {enable | disable} [console | telnet | http | all] [primary]
set authentication enable attempt count [console | telnet]
set authentication enable lockout time [console | telnet]
Syntax Description
radius
Specifies RADIUS authentication for login.
tacacs
Specifies TACACS+ authentication for login.
kerberos
Specifies Kerberos authentication for login.
enable
Enables the specified authentication method for login.
console
(Optional) Specifies the authentication method for console sessions.
telnet
(Optional) Specifies the authentication method for Telnet sessions.
http
(Optional) Specifies the specified authentication method for HTTP
sessions.
all
(Optional) Applies the authentication method to all session types.
primary
(Optional) Specifies the specified authentication method be tried
first.
disable
Disables the specified authentication method for login.
local
Specifies local authentication for login.
attempt
count
Specifies the number of connection attempts before initiating an
error; valid values are 0, from 3 to 10, and 0 to disable.
lockout time
Specifies the lockout timeout; valid values are from 30 to 600
seconds, and 0 to disable.
Defaults
Local authentication is enabled for console and Telnet sessions. RADIUS, TACACS+, and Kerberos are
disabled for all session types. If authentication is enabled, the default attempt count is 3.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-218
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authentication enable
Usage Guidelines
Use authentication configuration for both console and Telnet connection attempts unless you use the
console or telnet keywords to specify the authentication methods for each connection type individually.
Examples
This example shows how to use the TACACS+ server to determine if a user has privileged access
permission:
Console> (enable) set authentication enable tacacs enable
tacacs enable authentication set to enable for console, telnet and http session.
Console> (enable)
This example shows how to use the local password to determine if the user has privileged access
permission:
Console> (enable) set authentication enable local enable
local enable authentication set to enable for console, telnet and http session.
Console> (enable)
This example shows how to use the RADIUS server to determine if a user has privileged access
permission for all session types:
Console> (enable) set authentication enable radius enable
radius enable authentication set to enable for console, telnet and http session.
Console> (enable)
This example shows how to use the TACACS+ server to determine if a user has privileged access
permission for all session types:
Console> (enable) set authentication enable tacacs enable console
tacacs enable authentication set to enable for console session.
Console> (enable)
This example shows how to set the Kerberos server to be used first:
Console> (enable) set authentication enable kerberos enable primary
kerberos enable authentication set to enable for console, telnet and http session as
primary authentication method.
Console> (enable)
This example shows how to limit enable mode login attempts:
Console> (enable) set authentication enable attempt 5
Enable mode authentication attempts for console and telnet logins set to 5.
Console> (enable)
This example shows how to set the enable mode lockout time for both console and Telnet connections:
Console> (enable) set authentication enable lockout 50
Enable mode lockout time for console and telnet logins set to 50.
Console> (enable)
Related Commands
set authentication login
show authentication
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-219
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authentication login
set authentication login
To enable TACACS+, RADIUS, or Kerberos as the authentication method for login, use the set
authentication login command.
set authentication login {radius | tacacs | kerberos} enable [console | telnet | http | all]
[primary]
set authentication login {radius | tacacs | kerberos} disable [console | telnet | http | all]
set authentication login {enable | disable} [console | telnet | http | all]
set authentication login local {enable | disable} [console | telnet | http | all]
set authentication login attempt count [console | telnet]
set authentication login lockout time [console | telnet]
Syntax Description
radius
Specifies the use of the RADIUS server password to determine if you have
access permission to the switch.
tacacs
Specifies the use of the TACACS+ server password to determine if you have
access permission to the switch.
kerberos
Specifies the Kerberos server password to determine if you have access
permission to the switch.
enable
Enables the specified authentication method for login.
console
(Optional) Specifies the authentication method for console sessions.
telnet
(Optional) Specifies the authentication method for Telnet sessions.
http
(Optional) Specifies the authentication method for HTTP sessions.
all
(Optional) Specifies the authentication method for all session types.
primary
(Optional) Specifies that the method specified is the primary authentication
method for login.
disable
Disables the specified authentication method for login.
local
Specifies a local password to determine if you have access permission to the
switch.
attempt
count
Specifies the number of login attempts before initiating an error; valid values
are 0, from 3 to 10, and 0 to disable.
lockout
time
Specifies the lockout timeout; valid values are from 30 to 43200 seconds, and
0 to disable.
Defaults
Local authentication is the primary authentication method for login.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-220
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authentication login
Usage Guidelines
This command allows you to choose the authentication method for the web interface. If you configure
the authentication method for the HTTP session as RADIUS, then the username or password is validated
using the RADIUS protocol, and TACACS+ and Kerberos authentication is set to disable for the HTTP
sessions. By default, the HTTP login is validated using the local login password.
You can specify the authentication method for console, telnet, http, or all by entering the console,
telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication
method default is for all sessions.
Examples
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnet
tacacs login authentication set to disable for the telnet sessions.
Console> (enable)
This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable console
radius login authentication set to disable for the console sessions.
Console> (enable)
This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnet
kerberos login authentication set to disable for the telnet sessions.
Console> (enable)
This example shows how to set TACACS+ authentication access as the primary method for HTTP
sessions:
Console> (enable) set authentication login tacacs enable http primary
tacacs login authentication set to enable for HTTP sessions as primary authentification
method.
Console> (enable)
This example shows how to limit login attempts:
Console> (enable) set authentication login attempt 5
Login authentication attempts for console and telnet logins set to 5.
Console> (enable)
This example shows how to set the lockout time for both console and Telnet connections:
Console> (enable) set authentication login lockout 50
Login lockout time for console and telnet logins set to 50.
Console> (enable)
Related Commands
set authentication enable
show authentication
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-221
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authorization commands
set authorization commands
To enable authorization of command events on the switch, use the set authorization commands
command.
set authorization commands enable {config | enable | all} {option} {fallbackoption}
[console | telnet | both]
set authorization commands disable [console | telnet | both]
Syntax Description
enable
Enables the specified authorization method for commands.
config
Permits authorization for configuration commands only.
enable
Permits authorization for enable mode commands only.
all
Permits authorization for all commands.
option
Switch response to an authorization request; valid values are
tacacs+, if-authenticated, and none. See the “Usage Guidelines”
section for valid value definitions.
fallbackoption
Switch fallback response to an authorization request if the
TACACS+ server is down or not responding; valid values are
tacacs+, deny, if-authenticated, and none. See the “Usage
Guidelines” section for valid value definitions.
disable
Disables authorization of command events.
console
(Optional) Specifies the authorization method for console sessions.
telnet
(Optional) Specifies the authorization method for Telnet sessions.
both
(Optional) Specifies the authorization method for both console and
Telnet sessions.
Defaults
The default is authorization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
tacacs+ specifies the TACACS+ authorization method.
•
deny does not let you proceed.
•
if-authenticated allows you to proceed with your action if you have been authenticated.
•
none allows you to proceed without further authorization in case the TACACS+ server does not
respond.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-222
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authorization commands
Examples
This example shows how to enable authorization for all commands with the if-authenticated option and
none fallbackoption:
Console> (enable) set authorization commands enable all if-authenticated none
Successfully enabled commands authorization.
Console> (enable)
This example shows how to disable command authorization:
Console> (enable) set authorization commands disable
Successfully disabled commands authorization.
Console> (enable)
Related Commands
set authorization enable
set authorization exec
show authorization
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-223
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authorization enable
set authorization enable
To enable authorization of privileged mode sessions on the switch, use the set authorization enable
command.
set authorization enable enable {option} {fallbackoption} [console | telnet | both]
set authorization enable disable [console | telnet | both]
Syntax Description
enable
Enables the specified authorization method.
option
Switch response to an authorization request; valid values are tacacs+,
if-authenticated, and none. See the “Usage Guidelines” section for valid
value definitions.
fallbackoption
Switch fallback response to an authorization request if the TACACS+
server is down or not responding; valid values are tacacs+, deny,
if-authenticated, and none. See the “Usage Guidelines” section for valid
value definitions.
disable
Disables the authorization method.
console
(Optional) Specifies the authorization method for console sessions.
telnet
(Optional) Specifies the authorization method for Telnet sessions.
both
(Optional) Specifies the authorization method for both console and Telnet
sessions.
Defaults
The default is authorization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
tacacs+ specifies the TACACS+ authorization method.
•
deny does not let you proceed.
•
if-authenticated allows you to proceed with your action if you have authentication.
•
none allows you to proceed without further authorization in case the TACACS+ server does not
respond.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-224
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authorization enable
Examples
This example shows how to enable authorization of configuration commands in enable, privileged login
mode, sessions:
Console> (enable) set authorization enable enable if-authenticated none
Successfully enabled enable authorization.
Console> (enable)
This example shows how to disable enable mode authorization:
Console> (enable) set authorization enable disable
Successfully disabled enable authorization.
Console> (enable)
Related Commands
set authorization commands
set authorization exec
show authorization
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-225
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authorization exec
set authorization exec
To enable authorization of exec, normal login mode, session events on the switch, use the set
authorization exec command.
set authorization exec enable {option} {fallbackoption} [console | telnet | both]
set authorization exec disable [console | telnet | both]
Syntax Description
enable
Enables the specified authorization method.
option
Switch response to an authorization request; valid values are tacacs+,
if-authenticated, and none. See the “Usage Guidelines” section for valid
value definitions.
fallbackoption
Switch fallback response to an authorization request if the TACACS+
server is down or not responding; valid values are tacacs+, deny,
if-authenticated, and none. See the “Usage Guidelines” section for valid
value definitions.
disable
Disables authorization method.
console
(Optional) Specifies the authorization method for console sessions.
telnet
(Optional) Specifies the authorization method for Telnet sessions.
both
(Optional) Specifies the authorization method for both console and Telnet
sessions.
Defaults
The default is authorization is denied.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
tacacs+ specifies the TACACS+ authorization method.
•
deny fails authorization if the TACACS+ server does not respond.
•
if-authenticated allows you to proceed with your action if the TACACS+ server does not respond
and you have authentication.
•
none allows you to proceed without further authorization if the TACACS+ server does not respond.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-226
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set authorization exec
Examples
This example shows how to enable authorization of configuration commands in exec, normal login
mode, sessions:
Console> (enable) set authorization exec enable if-authenticated none
Successfully enabled exec authorization.
Console> (enable)
This example shows how to disable exec mode authorization:
Console> (enable) set authorization exec disable
Successfully disabled exec authorization.
Console> (enable)
Related Commands
set authorization commands
set authorization enable
show authorization
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-227
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set banner lcd
set banner lcd
To configure the Catalyst 6500 series Switch Fabric Module LCD user banner, use the set banner lcd
command.
set banner lcd c [text] c
Syntax Description
c
Delimiting character used to begin and end the message.
text
(Optional) Message of the day.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The user banner cannot contain more than 800 characters, including tabs. Tabs display as eight
characters but use only one character of memory.
After you configure the user banner, it is sent to all Catalyst 6500 series Switch Fabric Modules in the
switch.
The Switch Fabric Module front panel has a 2 line by 20 character LCD display. To see the LCD user
banner, push the SELECT button on the front panel and scroll to the USER CONFIGURATION option.
Push the NEXT button to see the user banner.
To clear the LCD user banner, use the set banner lcd cc command.
Examples
This example shows how to set the Catalyst 6500 series Switch Fabric Module LCD user banner:
Console> (enable) set banner lcd &HelloWorld!&
LCD banner set
Console> (enable)
Related Commands
set banner motd
set banner telnet
show banner
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-228
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set banner motd
set banner motd
To program an MOTD banner to appear before session login, use the set banner motd command.
set banner motd c [text] c
Syntax Description
c
Delimiting character used to begin and end the message.
text
(Optional) Message of the day.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The MOTD banner cannot contain more than 3,070 characters, including tabs. Tabs display as eight
characters but take only one character of memory.
You can use either the clear banner motd command or the set banner motd cc command to clear the
message-of-the-day banner.
Examples
This example shows how to set the message of the day using the pound sign (#) as the delimiting
character:
Console> (enable) set banner motd #
** System upgrade at 6:00am Tuesday.
** Please log out before leaving on Monday. #
MOTD banner set.
Console> (enable)
This example shows how to clear the message of the day:
Console> (enable) set banner motd ##
MOTD banner cleared.
Console> (enable)
Related Commands
clear banner motd
set banner lcd
set banner telnet
show banner
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-229
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set banner telnet
set banner telnet
To display or suppress the “Cisco Systems Console” Telnet banner message, use the set banner telnet
command.
set banner telnet {enable | disable}
Syntax Description
enable
Displays the Telnet banner.
disable
Suppresses the Telnet banner.
Defaults
The “Cisco Systems Console” Telnet banner message is enabled.
Command Types
Switch.
Command Modes
Privileged.
Examples
This example shows how to display the Telnet banner message:
Console> (enable) set banner telnet enable
Cisco Systems Console banner will be printed at telnet.
Console> (enable)
This example shows how to suppress the Telnet banner message:
Console> (enable) set banner telnet disable
Cisco Systems Console banner will not be printed at telnet.
Console> (enable)
Related Commands
set banner lcd
set banner motd
show banner
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-230
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot auto-config
set boot auto-config
To specify one or more configuration files to use to configure the switch at bootup, use the set boot
auto-config command. The list of configuration files is stored in the CONFIG_FILE environment
variable.
set boot auto-config device:filename [;device:filename...] [mod]
Syntax Description
device:
Device where the startup configuration file resides.
filename
Name of the startup configuration file.
mod
(Optional) Module number of the supervisor engine containing the Flash device.
Defaults
The default CONFIG_FILE is slot0:switch.cfg.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set boot auto-config command always overwrites the existing CONFIG_FILE environment variable
settings. (You cannot prepend or append a file to the variable contents.)
If you specify multiple configuration files, you must separate the files with a semicolon (;).
To set the recurrence on other supervisor engines and switches, use the set boot config-register
auto-config command.
Examples
This example shows how to specify a single configuration file environment variable:
Console> (enable) set boot auto-config slot0:cfgfile2
CONFIG_FILE variable = slot0:cfgfile2
WARNING: nvram configuration may be lost during next bootup,
and re-configured using the file(s) specified.
Console> (enable)
This example shows how to specify multiple configuration file environment variables:
Console> (enable) set boot auto-config slot0:cfgfile;slot0:cfgfile2
CONFIG_FILE variable = slot0:cfgfile1;slot0:cfgfile2
WARNING: nvram configuration may be lost during next bootup,
and re-configured using the file(s) specified.
Console> (enable)
Related Commands
set boot config-register
set boot system flash
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-231
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot config-register
set boot config-register
To configure the boot configuration register value, use the set boot config-register command.
set boot config-register 0xvalue [mod]
set boot config-register baud {1200 | 2400 | 4800 | 9600 | 19200 | 38400} [mod]
set boot config-register ignore-config {enable | disable} [mod]
set boot config-register boot {rommon | bootflash | system} [mod]
Syntax Description
Defaults
0xvalue
Sets the 16-bit configuration register value.
mod
(Optional) Module number of the supervisor engine containing the Flash
device.
baud 1200 |
2400 | 4800 |
9600 | 19200 |
38400
Specifies the console baud rate.
ignore-config
Sets the ignore-config feature.
enable
Enables the specified feature.
disable
Disables the specified feature.
boot
Specifies the boot image to use on the next restart.
rommon
Specifies booting from the ROM monitor.
bootflash
Specifies booting from the bootflash.
system
Specifies booting from the system.
The defaults are as follows:
•
Configuration register value is 0x10F, which causes the switch to boot from what is specified by the
BOOT environment variable.
•
Baud rate is set to 9600.
•
ignore-config parameter is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
We recommend that you use only the rommon and system options with the set boot config-register
boot command.
Each time you enter one of the set boot config-register commands, the system displays all current
configuration-register information (the equivalent of entering the show boot command).
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-232
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot config-register
The baud rate specified in the configuration register is used by the ROM monitor only and is different
from the baud rate specified by the set system baud command.
When you enable the ignore-config feature, the system software ignores the configuration. Enabling the
ignore-config parameter is the same as entering the clear config all command; that is, it clears the entire
configuration stored in NVRAM the next time the switch is restarted.
Examples
This example shows how to specify booting from the ROM monitor:
Console> (enable) set boot config-register boot rommon
Configuration register is 0x100
ignore-config: disabled
console baud: 9600
boot: the ROM monitor
Console> (enable)
This example shows how to specify the default 16-bit configuration register value:
Console> (enable) set boot config-register 0x12f
Configuration register is 0x12f
break: disabled
ignore-config: disabled
console baud: 9600
boot: image specified by the boot system commands
Console> (enable)
This example shows how to change the ROM monitor baud rate to 4800:
Console> (enable) set boot config-register baud 4800
Configuration register is 0x90f
ignore-config: disabled
console baud: 4800
boot: image specified by the boot system commands
Console> (enable)
This example shows how to ignore the configuration information stored in NVRAM the next time the
switch is restarted:
Console> (enable) set boot config-register ignore-config enable
Configuration register is 0x94f
ignore-config: enabled
console baud: 4800
boot: image specified by the boot system commands
Console> (enable)
This example shows how to specify rommon as the boot image to use on the next restart:
Console> (enable) set boot config-register boot rommon
Configuration register is 0x100
ignore-config: disabled
console baud: 9600
boot: the ROM monitor
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-233
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot config-register
Related Commands
copy
set boot auto-config
set boot system flash
set config acl nvram
show boot
show config
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-234
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot config-register auto-config
set boot config-register auto-config
To configure auto-config file dispensation, use the set boot config-register auto-config command.
set boot config-register auto-config {recurring | non-recurring} [mod]
set boot config-register auto-config {overwrite | append}
set boot config-register auto-config sync {enable | disable}
Syntax Description
Defaults
recurring
Sets auto-config to recurring and specify the switch retains the contents of the
CONFIG_FILE environment variable after the switch is reset or power cycled
and configured.
non-recurring
Sets auto-config to nonrecurring and cause the switch to clear the contents of
the CONFIG_FILE environment variable after the switch is reset or power
cycled and before the switch is configured.
mod
(Optional) Module number of the supervisor engine containing the Flash
device.
overwrite
Causes the auto-config file to overwrite the NVRAM configuration.
append
Causes the auto-config file to append to the file currently in the NVRAM
configuration.
sync enable |
disable
Enables or disables synchronization of the auto-config file.
The defaults are as follows:
•
overwrite
•
non-recurring
•
sync is disable
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The auto-config overwrite command clears the NVRAM configuration before executing the Flash
configuration file. The auto-config append command executes the Flash configuration file before
clearing the NVRAM configuration.
If you delete the auto-config Flash files on the supervisor engine, the files will also be deleted on the
standby supervisor engine.
If you enter the sync enable keywords, this enables synchronization to force the configuration files to
synchronize automatically to the redundant supervisor engine. The files are kept consistent with what is
on the active supervisor engine.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-235
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot config-register auto-config
If you use the set boot auto-config bootflash:switch.cfg with the overwrite option, you must use the
copy config bootflash:switch.cfg command to save the switch configuration to the auto-config file.
If you use the set boot auto-config bootflash:switchapp.cfg with the append option, you can use the
copy acl config bootflash:switchapp.cfg command to save the switch configuration to the auto-config
file.
If the ACL configuration location is set to Flash memory, the following message is displayed after every
commit operation for either security or QoS. Use the copy command to save your ACL configuration to
Flash memory. If you reset the system and you made one or more commits but did not copy commands
to one of the files specified in the CONFIG_FILE variable, the following message displays:
Warning: System ACL configuration has been modified but not saved to Flash.
The files used with the recurring and non-recurring options are those specified by the CONFIG_FILE
environment variable.
Examples
This example shows how to specify the ACL configuration Flash file at system startup:
Console> (enable) set boot auto-config bootflash:switchapp.cfg
Console> (enable) set boot config-register auto-config recurring
Console> (enable)
This example shows how to ignore the configuration information stored in NVRAM the next time the
switch is restarted:
Console> (enable) set boot config-register auto-config non-recurring
Configuration register is 0x2102
ignore-config: disabled
auto-config: non-recurring, overwrite, auto-sync disabled
console baud: 9600
boot: image specified by the boot system commands
Console> (enable)
This example shows how to append the auto-config file to the file currently in the NVRAM
configuration:
Console> (enable) set boot config-register auto-config append
Configuration register is 0x2102
ignore-config: disabled
auto-config: non-recurring, append, auto-sync disabled
console baud: 9600
boot: image specified by the boot system commands
Console> (enable)
This example shows how to use the auto-config overwrite option to save the ACL configuration to a
bootflash file:
Console>
Console>
Console>
Console>
Caution
(enable) copy config bootflash: switch.cfg
(enable) set boot auto-config bootflash:switch.cfg
(enable) set boot config-register auto-config overwrite
(enable)
The following two examples assume that you have saved the ACL configuration to the
bootflash:switchapp.cfg file.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-236
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot config-register auto-config
This example shows how to enable synchronization of the auto-config file:
Console> (enable) set boot config-register auto-config sync enable
Configuration register is 0x2102
ignore-config: disabled
auto-config: non-recurring, append, auto-sync enabled
console baud: 9600
boot: image specified by the boot system commands
Console> (enable)
This example shows how to disable synchronization of the auto-config file:
Console> (enable) set boot config-register auto-config sync disable
Configuration register is 0x2102
ignore-config: disabled
auto-config: non-recurring, append, auto-sync disabled
console baud: 9600
boot: image specified by the boot system commands
Console> (enable)
Related Commands
set boot config-register
set boot system flash
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-237
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot device
set boot device
To set the Network Analysis Module (NAM) or Intrusion Detection System (IDS) boot environment, use
the set boot device command.
set boot device bootseq[,bootseq] mod [mem-test-full]
Syntax Description
bootseq
Device where the startup configuration file resides; see the “Usage
Guidelines” section for format guidelines. The second bootseq is optional.
mod
Number of the module containing the Flash device.
mem-test-full Specifies a full memory test.
Defaults
The default is a partial memory test.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enter the set boot device command, the existing boot string in the supervisor engine NVRAM
is always overwritten.
When entering the bootseq, use the format bootdevice[:bootdevice-qualifier] where:
•
bootdevice is the device where the startup configuration file resides; valid values are pcmcia, hdd,
or network.
•
bootdevice-qualifier is the name of the startup configuration file; valid values for hdd are from 1 to
99, and valid values for pcmcia are slot0 or slot1.
The colon between bootdevice and bootdevice-qualifier is required.
You can enter multiple bootseqs by separating each entry with a comma; 15 is the maximum number of
boot sequences you can enter.
The supervisor engine does not validate the boot device you specify, but stores the boot device list in
NVRAM.
This command is supported by the NAM or IDS only.
Examples
This example shows how to specify the boot environment to boot to the maintenance partition of the
NAM on module 2:
Console> (enable) set boot device hdd:2 2
Device BOOT variable = hdd:2
Warning: Device list is not verified but still set in the boot string.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-238
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot device
This example shows how to specify multiple boot environments on module 5:
Console> (enable) set boot device hdd,hdd:5,pcmcia:slot0,network,hdd:6 5
Device BOOT variable = hdd,hdd:5,pcmcia:slot0,network,hdd:6
Warning:Device list is not verified but still set in the boot string.
Console> (enable)
Related Commands
clear boot device
show boot device
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-239
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot sync now
set boot sync now
To immediately initiate synchronization of the system image between the active and redundant
supervisor engine, use the set boot sync now command.
set boot sync now
Syntax Description
This command has no arguments or keywords.
Defaults
The default is synchronization is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set boot sync now command is similar to the set boot config-register auto-config command with
the sync keyword added. The set boot sync now command initiates synchronization to force the
configuration files to synchronize automatically to the redundant supervisor engine. The files are kept
consistent with what is on the active supervisor engine.
Examples
This example shows how to initiate synchronization of the auto-config file:
Console> (enable) set boot sync now
Console> (enable)
Related Commands
set boot auto-config
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-240
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot system flash
set boot system flash
To set the BOOT environment variable that specifies a list of images the switch loads at startup, use the
set boot system flash command.
set boot system flash device:[filename] [prepend] [mod]
Syntax Description
device:
Device where the Flash resides.
filename
(Optional) Name of the configuration file.
prepend
(Optional) Places the device first in the list of boot devices.
mod
(Optional) Module number of the supervisor engine containing the Flash device.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A colon (:) is required after the specified device.
You can enter several boot system commands to provide a problem-free method for booting the switch.
The system stores and executes the boot system commands in the order in which you enter them.
Remember to clear the old entry when building a new image with a different filename in order to use the
new image.
If the file does not exist (for example, if you entered the wrong filename), then the filename is appended
to the bootstring, and this message displays, “Warning: File not found but still added in the bootstring.”
If the file does exist, but is not a supervisor engine image, the file is not added to the bootstring, and this
message displays, “Warning: file found but it is not a valid boot image.”
Examples
This example shows how to append the filename cat6000-sup.5-5-1.bin on device bootflash to the BOOT
environment variable:
Console> (enable) set boot system flash bootflash:cat6000-sup.5-5-1.bin
BOOT variable = bootflash:cat6000-sup.5-4-1.bin,1;bootflash:cat6000-sup.5-5-1.bin,1;
Console> (enable)
This example shows how to prepend cat6000-sup.5-5-1.bin to the beginning of the boot string:
Console> (enable) set boot system flash bootflash:cat6000-sup.5-5-1.bin prepend
BOOT variable = bootflash:cat6000-sup.5-5-1.bin,1;bootflash:cat6000-sup.5-4-1.bin,1;
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-241
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set boot system flash
Related Commands
clear boot system
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-242
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cam
set cam
To add entries into the CAM table, set the aging time for the CAM table, and configure traffic filtering
from and to a specific host, use the set cam command.
set cam {dynamic | static | permanent} {unicast_mac | route_descr} mod/port [vlan]
set cam {static | permanent} {multicast_mac} mod/ports.. [vlan]
set cam {static | permanent} filter {unicast_mac} vlan
set cam agingtime vlan agingtime
Syntax Description
Defaults
dynamic
Specifies entries are subject to aging.
static
Specifies entries are not subject to aging.
permanent
Specifies permanent entries are stored in NVRAM until they are
removed by the clear cam or clear config command.
unicast_mac
MAC address of the destination host used for a unicast.
route_descr
Route descriptor of the “next hop” relative to this switch; valid values
are from 0 to 0xffff.
mod/port
Number of the module and the port on the module.
vlan
(Optional) Number of the VLAN; valid values are from 1 to 1005 and
from 1025 to 4094.
multicast_mac
MAC address of the destination host used for a multicast.
mod/ports..
Number of the module and the ports on the module.
filter
Specifies a traffic filter entry.
agingtime
Sets the period of time after which an entry is removed from the table.
agingtime
Number of seconds (0 to 1,000,000) dynamic entries remain in the
table before being deleted.
The default configuration has a local MAC address, spanning tree address (01-80-c2-00-00-00), and
CDP multicast address for destination port 1/3 (the supervisor engine). The default aging time for all
configured VLANs is 300 seconds.
The vlan variable is required when you configure the traffic filter entry.
Setting the aging time to 0 disables aging.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-243
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cam
Usage Guidelines
If the given MAC address is a multicast address (the least significant bit of the most significant byte is
set to 1) or broadcast address (ff-ff-ff-ff-ff-ff) and you specify multiple ports, the ports must all be in the
same VLAN. If the given address is a unicast address and you specify multiple ports, the ports must be
in different VLANs.
The MSM does not support the set cam command.
If you enter a route descriptor with no VLAN parameter specified, the default is the VLAN already
associated with the port. If you enter a route descriptor, you may only use a single port number (of the
associated port).
The MAC address and VLAN for a host can be stored in the NVRAM it is maintained even after a reset.
The vlan value is optional unless you are setting CAM entries to dynamic, static, or permanent for a
trunk port, or if you are using the agingtime keyword.
If port(s) are trunk ports, you must specify the VLAN.
Static (nonpermanent) entries remain in the table until you reset the active supervisor engine.
Enter the route_descr variable as two hexadecimal bytes in the following format: 004F. Do not use a “-”
to separate the bytes.
Note
Examples
Static CAM entries that are configured on the active supervisor engine are lost after fast switchover.
You must reconfigure CAM entries after fast switchover.
This example shows how to set the CAM table aging time to 300 seconds:
Console> (enable) set cam agingtime 1 300
Vlan 1 CAM aging time set to 300 seconds.
Console> (enable)
This example shows how to add a unicast entry to the table for module 2, port 9:
Console> (enable) set cam static 00-00-0c-a0-03-fa 2/9
Static unicast entry added to CAM table.
Console> (enable)
This example shows how to add a permanent multicast entry to the table for module 1, port 1, and
module 2, ports 1, 3, and 8 through 12:
Console> (enable) set cam permanent 01-40-0b-a0-03-fa 1/1,2/1,2/3,2/8-12
Permanent multicast entry added to CAM table.
Console> (enable)
This example shows how to add a traffic filter entry to the table:
Console> (enable) set cam static filter 00-02-03-04-05-06 1
Filter entry added to CAM table.
Console> (enable)
Related Commands
clear cam
show cam
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-244
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cam notification
set cam notification
To enable notification when a MAC address change occurs to the CAM table and to set the time between
notifications, use the set cam notification command.
set cam notification {enable | disable}
set cam notification {added | removed} {enable | disable} {mod/port}
set cam notification historysize log_size
set cam notification interval time
set cam notification move {enable | disable}
set cam notification threshold {enable | disable}
set cam notification threshold limit percentage
set cam notification theshold interval time
Syntax Description
Defaults
enable
Enables notification that a change has occurred.
disable
Disables notification that a change has occurred.
added
Specifies notification when a MAC address is learned.
removed
Specifies notification when a MAC address is deleted.
mod/port
Number of the module and the port.
historysize
Creates a notification history log.
log_size
Number of entries in the notification history log; valid sizes are between 0
and 500 entries.
interval
Sets the maximum wait time between notifications.
time
Time between notification; valid values are greater than or equal to 0
(specified in seconds).
move
Specifies MAC move notifications.
threshold
Sets parameters for CAM usage monitoring
limit
Sets CAM usage monitoring percentage.
percentage
Percentage of usage monitoring.
By default, notification is disabled.
By default, the interval time is set to 1 second.
By default, the history size is set to 1 entry.
Command Types
Switch command.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-245
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cam notification
Command Modes
Privileged.
Usage Guidelines
You can globally disable notifications using the set cam notification disable command, but the other
notification configuration settings will remain configured. The notification configuration settings can be
reset using the clear config command. The clear cam notification command can be used to clear the
history log or reset notification counters.
If you set the interval time to 0, the switch will send notifications immediately. There is an impact on
the performance of the switch when you set the interval time to zero (0).
You can configure the switch to generate MAC notification SNMP traps using the set snmp enable
macnotification command. MAC notification SNMP traps are generated even when the history log size
is set to zero (0).
Examples
This example shows how to enable notification when a MAC address change occurs to the CAM table:
Console> (enable) set cam notification enable
MAC address change detection globally enabled
Be sure to specify which ports are to detect MAC address changes
with the 'set cam notification [added|removed] enable <m/p> command.
SNMP traps will be sent if 'set snmp trap enable macnotification' has been set.
Console> (enable)
This example shows how to enable notification when a new MAC address is added to ports 1-4 on
module 3 in the CAM table:
Console> (enable) set cam notification added enable 3/1-4
MAC address change notifications for added addresses are
enabled on port(s) 3/1-4
Console> (enable)
This example shows how to enable notification when a new MAC address is added to the CAM table on
ports 1-4 on module 2:
Console> (enable) set cam notification added enable 2/1-4
MAC address change notifications for added addresses are
enabled on port(s) 2/1-4
Console> (enable)
This example shows how to enable notification when a MAC address is deleted from the CAM table of
ports 3-6 on module 3:
Console> (enable) set cam notification removed enable 3/3-6
MAC address change notifications for removed addresses are
enabled on port(s) 3/3-6
This example shows how to set the history log size to 300 entries:
Console> (enable) set cam notification historysize 300
MAC address change history log size set to 300 entries
Console> (enable)
This example shows how to set the interval time to 10 seconds between notifications:
Console> (enable) set cam notification interval 10
MAC address change notification interval set to 10 seconds
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-246
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cam notification
Related Commands
clear cam
clear cam notification
set cam
set snmp trap
show cam
show cam notification
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-247
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cdp
set cdp
To enable, disable, or configure Cisco Discovery Protocol (CDP) features globally on all ports or on
specified ports, use the set cdp command.
set cdp {enable | disable} {mod/ports...}
set cdp interval interval
set cdp holdtime holdtime
set cdp version v1 | v2
set cdp format device-id {mac-address | other}
Syntax Description
enable
Enables the CDP feature.
disable
Disables the CDP feature.
mod/ports..
Number of the module and the ports on the module.
interval
Specifies the CDP message interval value.
interval
Number of seconds the system waits before sending a message;
valid values are from 5 to 900 seconds.
holdtime
Specifies the global Time-To-Live value.
holdtime
Number of seconds for the global Time-To-Live value; valid values
are from 10 to 255 seconds.
version
v1 | v2
Specifies the CDP version number.
format
device-id
Sets the device-ID TLV format.
mac-address Specifies that the device-ID TLV carry the MAC address of the
sending device in ASCII, in canonical format.
other
Specifies that the device’s hardware serial number concatenated
with the device name between parenthesis.
Defaults
The default system configuration has CDP enabled. The message interval is set to 60 seconds for every
port; the default Time-To-Live value has the message interval globally set to 180 seconds. The default
CDP version is version 2.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-248
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cdp
Usage Guidelines
The set cdp version command allows you to globally set the highest version number of CDP packets to
send.
If you enter the global set cdp enable or disable command, CDP is globally configured. If CDP is
globally disabled, CDP is automatically disabled on all interfaces, but the per-port enable (or disable)
configuration is not changed. If you globally enable CDP, whether CDP is running on an interface or not
depends on its per-port configuration.
If you configure CDP on a per-port basis, you can enter the mod/ports... value as a single module and
port or a range of ports; for example, 2/1-12,3/5-12.
Examples
This example shows how to enable the CDP message display for port 1 on module 2:
Console> (enable) set cdp enable 2/1
CDP enabled on port 2/1.
Console> (enable)
This example shows how to disable the CDP message display for port 1 on module 2:
Console> (enable) set cdp disable 2/1
CDP disabled on port 2/1.
Console> (enable)
This example shows how to specify the CDP message interval value:
Console> (enable) set cdp interval 400
CDP interval set to 400 seconds.
Console> (enable)
This example shows how to specify the global Time-To-Live value:
Console> (enable) set cdp holdtime 200
CDP holdtime set to 200 seconds.
Console> (enable)
This example shows how to set the device ID format to MAC address:
Console> (enable) set cdp format device-id mac-address
Device Id format changed to MAC-address
Console> (enable)
Related Commands
show cdp
show port cdp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-249
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set channelprotocol
set channelprotocol
To set the protocol that manages channeling on a module, use the set channelprotocol command.
set channelprotocol {pagp | lacp} mod
Syntax Description
pagp
Specifies PAgP.
lacp
Specifies LACP.
mod
Number of the module.
Defaults
The default for the channel protocol is PAgP.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
LACP is supported on all Ethernet interfaces.
PAgP and LACP manage channels differently. When all the ports in a channel get disabled, PAgP
removes them from its internal channels list; show commands do not display the channel. With LACP,
when all the ports in a channel get disabled, LACP does not remove the channel; show commands
continue to display the channel even though all its ports are down. To determine if a channel is actively
sending and receiving traffic with LACP, use the show port command to see if the link is up or down.
LACP does not support half-duplex links. If a port is in active/passive mode and becomes half duplex,
the port is suspended (and a syslog message is generated). The port is shown as “connected” using the
show port command and as “not connected” using the show spantree command. This discrepancy is
because the port is physically connected but never joined spanning tree. To get the port to join spanning
tree, either set the duplex to full or set the channel mode to off for that port.
For more information about PAgP and LACP, refer to the “Configuring EtherChannel” chapter of the
Catalyst 6500 Series Switch Software Configuration Guide.
Examples
This example shows how to set PAgP for module 3:
Console> (enable) set channelprotocol pagp 3
Channeling protocol set to PAGP for module(s) 3.
Console> (enable)
This example shows how to set LACP for modules 2, 4, 5, and 6:
Console> (enable) set channelprotocol lacp 2,4-6
Channeling protocol set to LACP for module(s) 2,4,5,6.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-250
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set channelprotocol
Related Commands
clear lacp-channel statistics
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
set spantree channelvlancost
show channelprotocol
show lacp-channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-251
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set channel vlancost
set channel vlancost
To set the channel VLAN cost, use the set channel vlancost command.
set channel vlancost channel_id cost
Syntax Description
channel_id
Number of the channel identification; valid values are from 769 to 896.
cost
Port costs of the ports in the channel.
Defaults
The default is the VLAN cost is updated automatically based on the current port VLAN costs of the
channeling ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you do not enter the cost, the cost is updated based on the current port VLAN costs of the
channeling ports.
You can configure only one channel at a time.
Note
The set channel vlancost command creates a “set spantree portvlancost” entry for each port in the
channel. You must then manually reenter the set spantree portvlancost command for at least one port
in the channel, specifying the VLAN or VLANs that you want associated with the port. When you
associate the desired VLAN or VLANs with one port, all ports in the channel are automatically updated.
Refer to Chapter 6, “Configuring EtherChannel,” in the Catalyst 6500 Series Switch Software
Configuration Guide for more information.
Note
With software releases 6.2(1) and earlier, the 6- and 9-slot Catalyst 6500 series switches support a
maximum of 128 EtherChannels.
With software releases 6.2(2) and later, due to the port ID handling by the spanning tree feature, the
maximum supported number of EtherChannels is 126 for a 6- or 9-slot chassis and 63 for a 13-slot
chassis. Note that the 13-slot chassis was first supported in software release 6.2(2).
Examples
This example shows how to set the channel 769 path cost to 10:
Console> (enable) set channel vlancost 769 10
Port(s) 1/1-2 vlan cost are updated to 24.
Channel 769 vlancost is set to 10.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-252
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set channel vlancost
After you enter this command, you must reenter the set spantree portvlancost command so that the
desired VLAN or VLANs are associated with all the channel ports.
This example shows how to associate the channel 769 path cost to 10 for VLAN 1 through VLAN 1005:
Console>
Port 1/1
Port 1/1
Port 1/2
Console>
Related Commands
(enable) set spantree portvlancost 1/1 cost 24 1-1005
VLANs 1025-4094 have path cost 19.
VLANs 1-1005 have path cost 24.
VLANs 1-1005 have path cost 24.
(enable)
set spantree portvlancost
show channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-253
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set config acl nvram
set config acl nvram
To copy the current committed ACL configuration from DRAM back into NVRAM, use the set config
acl nvram command.
set config acl nvram
Syntax Description
This command has no arguments or keywords.
Defaults
The default is NVRAM.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command fails if there is not enough space in NVRAM.
This command copies the current committed configuration to NVRAM; this configuration might be
different from the configuration in the auto-config file. After the ACL configuration is copied into
NVRAM, you must turn off the auto-config options using the clear boot auto-config command.
Examples
This example shows how to copy the ACL configuration to NVRAM:
Console> (enable) set config acl nvram
ACL configuration copied to NVRAM.
Console> (enable)
Related Commands
clear config
copy
set boot config-register
set boot system flash
show boot
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-254
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set config mode
set config mode
To change the configuration mode from a binary model to a text model or to automatically save the
system configuration in text mode in NVRAM, use the set config mode command.
set config mode binary
set config mode text {nvram | device:file-id}
set config mode text auto-save {enable | disable}
set config mode text auto-save interval mins
Syntax Description
Defaults
binary
Sets the system configuration mode to a binary model.
text
Sets the system configuration mode to a text model.
nvram
Specifies the saved configuration be stored in NVRAM.
device:file-id
Name of the device and filename where the saved configuration will be stored.
auto-save
Specifies saving the text configuration in NVRAM automatically.
enable
Enables saving the text configuration in NVRAM automatically.
disable
Disables saving the text configuration in NVRAM automatically.
interval
Sets the time interval between occurrences of saving the text configuration in
NVRAM; see the “Usage Guidelines” section for more information.
mins
(Optional) Number of minutes between occurrences of saving the text configuration
in NVRAM; valid values are from 30 minutes to 64800 minutes (45 days).
The default setting of this command is binary, saving the configuration to NVRAM.
The number of minutes between occurrences of saving the text configuration in NVRAM is 30 minutes.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can specify the time interval between occurrences of saving the text configuration in NVRAM even
if the system is in binary mode. If you do not specify the number of minutes after entering the interval
keyword, the interval is set to the default of 30 minutes.
The text configuration is not saved automatically in NVRAM unless the auto-save feature is enabled. To
enable the auto-save feature, you must first set the system configuration mode to text and configure the
system to save the text configuration in NVRAM. If the system configuration mode is set to a binary
model, you cannot enable the auto-save feature.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-255
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set config mode
Examples
This example shows how to set the configuration mode to binary:
Console> (enable) set config mode binary
System configuration copied to NVRAM. Configuration mode set to binary.
Console> (enable)
This example shows how to set the configuration mode to text and designate the location and filename
for saving the text configuration file:
Console> (enable) set config mode text bootflash:switch.cfg
Binary system configuration has been deleted from NVRAM. Configuration mode set to text.
Use the write memory command to save configuration changes. System configuration file set
to: bootflash:switch.cfg
The file specified will be used for configuration during the next bootup.
Console> (enable)
This example shows how to enable the auto-save feature when the configuration is set to text mode and
the system is configured to save the text configuration in NVRAM:
Console> (enable) set
auto-save feature has
auto-save feature has
Please do a write mem
expiry of the timer
Console> (enable)
config mode text auto-save enable
been enabled
started
manually if you plan to reboot the switch or any card before first
This example shows the message that is displayed if you attempt to enable the auto-save feature when
the configuration is not set to text mode and the system is not configured to save the text configuration
in NVRAM:
Console> (enable) set config mode text auto-save enable
auto-save cannot be enabled unless config mode is set to text and config file is stored in
nvram.
Use the 'set config mode text nvram' command to enable automatic saving of the system
configuration to nvram
Console> (enable)
This example shows how to set the interval between saves to 2880 minutes:
Console> (enable) set config mode text auto-save interval 2880
auto-save interval set to 2880 minutes
Console> (enable)
This example shows how to set the interval between saves to the default setting of 30 minutes:
Console> (enable) set config mode text auto-save interval
auto-save interval set to 30 minutes
Console> (enable)
Related Commands
show config mode
write
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-256
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cops
set cops
To configure COPS functionality, use the set cops command.
set cops server ipaddress [port] [primary] [diff-serv | rsvp]
set cops domain-name domain_name
set cops retry-interval initial incr max
Syntax Description
Defaults
server
Sets the name of the COPS server.
ipaddress
IP address or IP alias of the server.
port
(Optional) Number of the TCP port the switch connects to on the
server.
primary
(Optional) Specifies the primary server.
diff-serv
(Optional) Sets the COPS server for differentiated services.
rsvp
(Optional) Sets the COPS server for RSVP+.
domain-name
domain_name
Specifies the domain name of the switch.
retry-interval
Specifies the retry interval in seconds.
initial
Initial timeout value; valid values are from 0 to 65535 seconds.
incr
Incremental value; valid values are from 0 to 65535 seconds.
max
Maximum timeout value; valid values are from 0 to 65535 seconds.
The defaults are as follows:
•
The retry interval default values are initial = 30 seconds, incr = 30 seconds, max = 5 minutes.
•
The default domain-name is a string of length zero.
•
No PDP servers are configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure the names or addresses of up to two policy decision point (PDP) servers. One must
be the primary, and the optional second server is a secondary, or backup, PDP server.
The COPS domain name can be set globally only; there is no option to set it for each COPS client.
Names such as the server, domain-name, and roles can contain a maximum of 31 characters; longer
names are truncated to 31 characters. Valid letters are a-z, A-Z, 0-9, ., - and _. Names cannot start with
an underscore (_). The names are not case sensitive for matching, but are case sensitive for display.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-257
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set cops
When specifying the retry-interval, the total of the initial timeout value and the incremental value
(increment on each subsequent failure) may not exceed the maximum timeout value.
Examples
This example shows how to configure a server as a primary server:
Console> (enable) set cops server 171.21.34.56 primary
171.21.34.56 added to COPS server table as primary server.
Console> (enable)
This example shows how to configure a server as a primary RSVP+ server:
Console> (enable) set cops server 171.21.34.56 primary rsvp
171.21.34.56 added to COPS server table as primary server for RSVP.
Console> (enable)
This example shows how to configure a server as a secondary (or backup) server:
Console> (enable) set cops server my_server2
my_server2 added to the COPS server table as backup server.
Console> (enable)
This example shows how to set the domain name:
Console> (enable) set cops domain-name my_domain
Domain name set to my_domain.
Console> (enable)
This example shows how to set the retry interval:
Console> (enable) set cops retry-interval 15 1 30
Connection retry intervals set.
Console> (enable)
This example shows the display output if the total of the initial timeout value and the incremental value
you entered exceeds the maximum timeout value:
Console> (enable) set cops retry-interval 15 1 10
The initial timeout plus the increment value may not exceed the max value.
Console> (enable)
Related Commands
clear cops
show cops
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-258
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set crypto key rsa
set crypto key rsa
To generate and configure an RSA key pair, use the set crypto key rsa command.
set crypto key rsa nbits [force]
Syntax Description
nbits
Size of the key; valid values are 512 to 2048 bits.
force
(Optional) Regenerates the keys and suppress the warning prompt of
overwriting existing keys.
Defaults
The command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The crypto commands are supported on systems that run these image types only:
•
supk9 image—for example, cat6000-supk9.6-1-3.bin
•
supcvk9 image—for example, cat6000-supcvk9.6-1-3.bin
If you do not enter the force keyword, the set crypto key command is saved into the configuration file and
you will have to use the clear config all command to clear the RSA keys.
The nbits value is required.
To support SSH login, you first must generate an RSA key pair.
Examples
This example shows how to create an RSA key:
Console> (enable) set crypto key rsa 1024
Generating RSA keys.... [OK]
Console> (enable)
Related Commands
clear crypto key rsa
show crypto key
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-259
78-15474-01
22 2
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set default portstatus
set default portstatus
To set the default port status, use the set default portstatus command.
set default portstatus {enable | disable}
Syntax Description
enable
Activates default port status.
disable
Deactivates default port status.
Defaults
The default is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enter the clear config all command, or if a configuration loss occurs, all ports collapse into
VLAN 1. This situation might cause a security and network instability problem. During a configuration
loss, when you enter the set default portstatus command, all ports are put into a disable state, and the
traffic flowing through the ports is blocked. You can then manually configure the ports back to the
enable state.
This command is not saved in the configuration file.
After you set the default port status, the default port status does not clear when you enter the clear config
all command.
Examples
This example shows how to disable the default port status:
Console> (enable) set default portstatus disable
port status set to disable.
Console> (enable)
Related Commands
show default
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-260
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set dot1q-all-tagged
set dot1q-all-tagged
To change all existing and new dot1q trunks to the dot1q-only mode, use the set dot1q-all-tagged
command.
set dot1q-all-tagged {enable | disable}
Syntax Description
enable
Enables dot1q-tagged-only mode.
disable
Disables dot1q-tagged-only mode.
Defaults
The 802.1Q tagging feature is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable dot1q-tagged-only, all data packets are sent out tagged and all received untagged data
packets are dropped on all 802.1Q trunks.
You cannot enable the dot1q tunneling feature on a port until dot1q-tagged-only mode is enabled.
You cannot disable dot1q-tagged-only mode on the switch until dot1q tunneling is disabled on all the
ports on the switch.
The optional all keyword is not supported.
Note
Policy-based forwarding (PBF) does not work with 802.1Q tunnel traffic. PBF is supported on Layer 3
IP unicast traffic, but it is not applicable to Layer 2 traffic. At the intermediate (PBF) switch, all 802.1Q
tunnel traffic appears as Layer 2 traffic.
If you enable dot1q-tagged globally, the dot1q-tagged per-port setting controls whether or not frames are
tagged. If you disable dot-1q-tagged globally, the default group is never tagged and the per-port setting
has no effect.
Examples
This example shows how to enable dot1q tagging:
Console> (enable) set dot1q-all-tagged enable
Dot1q tagging is enabled
Console> (enable)
Related Commands
set port dot1qtunnel
show dot1q-all-tagged
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-261
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set dot1x
set dot1x
To configure dot1x on a system, use the set dot1x command.
set dot1x system-auth-control {enable | disable}
set dot1x {quiet-period | tx-period | re-authperiod} seconds
set dot1x {supp-timeout | server-timeout} seconds
set dot1x max-req count
set dot1x shutdown-timeout seconds
Syntax Description
system-auth-control
Specifies authentication for the system.
enable
Enables the specified dot1x function.
disable
Disables the specified dot1x function.
quiet-period seconds
Specifies the idle time between authentication attempts; valid values
are from 0 to 65535 seconds.
tx-period seconds
Specifies the time for the retransmission of EAP-Request/Identity
frame; valid values are from 0 to 65535 seconds. See the “Usage
Guidelines” section for additional information.
re-authperiod seconds Specifies the time constant for the retransmission reauthentication time;
valid values are from 1 to 65535 seconds.
supp-timeout seconds Specifies the time constant for the retransmission of EAP-Request
packets; valid values are from 0 to 65535 seconds. See the “Usage
Guidelines” section for additional information.
Defaults
server-timeout
seconds
Specifies the time constant for the retransmission of packets by the
backend authenticator to the authentication server; valid values are from
1 to 65535 seconds. See the “Usage Guidelines” section for additional
information.
max-req count
Specifies the maximum number of times that the state machine
retransmits an EAP-Request frame to the supplicant before it times
out the authentication session; valid values are from 1 to 10.
shutdown-timeout
seconds
Specifies the amount time that a port is shut down after a security
violation; valid values are from 1 to 65535 seconds. See the “Usage
Guidelines” section for additional information.
The default settings are as follows:
•
system-auth-control is enabled
•
quiet-period is 60 seconds
•
tx-period is 30 seconds
•
re-authperiod is 3600 seconds
•
supp-timeout is 30 seconds
•
server-timeout is 30 seconds
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-262
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set dot1x
•
max-req count is 2
•
shutdown-timeout is 300 seconds
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set the system-auth-control, the following applies:
•
The enable keyword allows you to control each port’s authorization status per the port-control
parameter set using the set port dot1x command.
•
The disable keyword allows you to make all ports behave as though the port-control parameter is
set to force-authorized.
If you do not enable reauthentication, reauthentication does not automatically occur after authentication has
occurred.
When the supplicant does not notify the authenticator that it received the EAP-request/identity packet,
the authenticator waits a period of time (set by entering the tx-period seconds parameter), and then
retransmits the packet.
When the supplicant does not notify the backend authenticator that it received the EAP-request packet,
the backend authenticator waits a period of time (set by entering the supp-timeout seconds parameter),
and then retransmits the packet.
When the authentication server does not notify the backend authenticator that it received specific
packets, the backend authenticator waits a period of time (set by entering the server-timeout seconds
parameter), and then retransmits the packets.
When you enter the set dot1x dhcp-relay-agent command, you can enter more than one VLAN.
To activate the shutdown-timeout timer on a port, enter the set port dot1x mod/port shutdown-timeout
command.
Examples
This example shows how to set the system authentication control:
Console> (enable) set dot1x system-auth-control enable
dot1x authorization enabled.
Console> (enable)
This example shows how to set the idle time between authentication attempts:
Console> (enable) set dot1x quiet-period 45
dot1x quiet-period set to 45 seconds.
Console> (enable)
This example shows how to set the retransmission time:
Console> (enable) set dot1x tx-period 15
dot1x tx-period set to 15 seconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-263
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set dot1x
This example shows you how to specify the reauthentication time:
Console> (enable) set dot1x re-authperiod 7200
dot1x re-authperiod set to 7200 seconds
Console> (enable)
This example shows you how to specify the retransmission of EAP-Request packets by the authenticator to
the supplicant:
Console> (enable) set dot1x supp-timeout 15
dot1x supp-timeout set to 15 seconds.
Console> (enable)
This example shows how to specify the retransmission of packets by the backend authenticator to the
authentication server:
Console> (enable) set dot1x server-timeout 15
dot1x server-timeout set to 15 seconds.
Console> (enable)
This example shows how to specify the maximum number of packet retransmissions:
Console> (enable) set dot1x max-req 5
dot1x max-req set to 5.
Console> (enable)
This example shows how to enable authentication for the DHCP Relay Agent on VLANs 1 through 5
and 24:
Console> (enable) set dot1x dhcp-relay-agent enable 1-5,24
dot1x dhcp-relay-agent enabled for vlans 1-5, 24.
Console> (enable)
This example shows how to disable authentication for the DHCP Relay Agent on VLAN 1:
Console> (enable) set dot1x dhcp-relay-agent disable 1
dotx dhcp-relay-agent disable for vlan 1
Console> (enable)
Related Commands
clear dot1x config
set port dot1x
show dot1x
show port dot1x
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-264
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set enablepass
set enablepass
To change the password for the privileged level of the CLI, use the set enablepass command.
set enablepass
Syntax Description
This command has no arguments or keywords.
Defaults
The default configuration has no enable password configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Passwords are case sensitive and may be 0 to 19 characters in length, including spaces.
The command prompts you for the old password. If the password you enter is valid, you are prompted
to enter a new password and to verify the new password.
Examples
This example shows how to establish a new password:
Console> (enable) set enablepass
Enter old password: <old_password>
Enter new password: <new_password>
Retype new password: <new_password>
Password changed.
Console> (enable)
Related Commands
enable
set password
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-265
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set errdisable-timeout
set errdisable-timeout
To configure a timeout to automatically reenable ports that are in the errdisable state, use the set
errdisable-timeout command.
set errdisable-timeout {enable | disable} {reason}
set errdisable-timeout interval {interval}
Syntax Description
Defaults
enable
Enables errdisable timeout.
disable
Disables errdisable timeout.
reason
Reason for the port being in errdisable state; valid values are arp-inspection,
bcast-suppression, bpdu-guard, channel-misconfig, cross-fallback,
duplex-mismatch, gl2pt-ingress-loop, gl2pt-threshold-exc, udld, other, all.
interval
interval
Specifies the timeout interval; valid values are from 30 to 86400 seconds (30
seconds to 24 hours).
By default, all the errdisable state reasons are disabled globally; whenever there are no reasons enabled,
the timer is stopped.
By default, the timeout is set to disable, and the interval value is set at 300 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A port enters errdisable state for the following reasons (these reasons appear as configuration options
within the set errdisable-timeout enable command):
•
ARP inspection
•
Broadcast suppression
•
BPDU port-guard
•
Channel misconfiguration
•
Crossbar failure
•
Duplex mismatch
•
Layer 2 protocol tunnel misconfiguration
•
Layer 2 protocol tunnel threshold exceeded
•
UDLD
•
Other (reasons other than the above)
•
All (apply errdisable timeout for all of the above reasons)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-266
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set errdisable-timeout
You can enable or disable errdisable timeout for each of the reasons that are listed. If you specify "other,"
all ports errdisabled by causes other than the reasons listed are enabled for errdisable timeout. If you
specify "all," all ports errdisabled for any reason are enabled for errdisable timeout.
You can manually prevent a port from being reenabled by setting the errdisable timeout for that port to
disable using the set port errdisable-timeout mod/port disable command.
Examples
This example shows how to enable an errdisable timeout due to a BPDU port-guard event:
Console> (enable) set errdisable-timeout enable bpdu-guard
Successfully enabled errdisable-timeout for bpdu-guard.
Console> (enable)
This example shows how to set an errdisable timeout interval to 450 seconds:
Console> (enable) set errdisable-timeout interval 450
Successfully set errdisable timeout to 450 seconds.
Console> (enable)
This example shows how to set an errdisable timeout for broadcast suppression events:
Console> (enable) set errdisable-timeout enable bcast-suppression
Successfully enabled errdisable timeout for bcast-suppression.
Console> (enable)
This example shows how to set an errdisable timeout for ARP inspection events:
Console> (enable) set errdisable-timeout enable arp-inspection
Successfully enabled errdisable-timeout for arp-inspection.
Console> (enable)
Related Commands
set port errdisable-timeout
show errdisable-timeout
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-267
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set errordetection
set errordetection
To enable or disable various error detections, use the set errordetection command.
set errordetection inband enable | disable
set errordetection memory enable | disable
set errordetection portcounters enable | disable
Syntax Description
Defaults
inband
Detects errors in the inband (sc0) interface.
enable
Enables the specified error detection.
disable
Disables the specified error detection.
memory
Detects memory corruption.
portcounters
Monitors and polls port counters.
The defaults are as follows:
•
Inband error detection is disabled.
•
Port counter error detection is disabled.
•
Memory error detection is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set errordetection command is useful for monitoring the switch. If an error is detected, a syslog
message informs you that a problem exists before noticeable performance degradation occurs. For
example:
Examples
•
set errordetection inband—Displays the type of inband failure occurrence, such as inband stuck,
resource errors, and inband fail when you start the switch.
•
set errordetection memory—Displays the address where the memory corruption occurred.
•
set errordetection portcounters—Displays the module and port number and the counter that had
the problem between two consecutive polls.
This example shows how to enable memory error detection:
Console> (enable) set errordetection memory enable
Memory error detection enabled.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-268
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set errordetection
Related Commands
show errordetection
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-269
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set fan-tray-version
set fan-tray-version
To set the version for the fan tray in the chassis, use the set fan-tray-version command.
set fan-tray-version {1 | 2}
Syntax Description
1
Specifies version 1 for a lower-powered fan tray.
2
Specifies version 2 for a higher-powered fan tray.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set fan-tray-version command informs the software of the fan tray type so that the software can
make the right cooling and power consumption adjustments for the chassis. The fan tray version is stored
in the backplane IDPROM.
You must enter set fan-tray-version 2 before installing a higher-powered fan tray. You must enter
set fan-tray-version 1 before downgrading to a lower-powered fan tray.
Use a higher-powered fan tray with a Supervisor Engine 720 with the 2500W or 4000W power supply.
Enter the show environment cooling command to display the fan tray version for the chassis.
Examples
This example shows how to set the fan tray version:
Console> (enable) set fan-tray-version 2
Programming successful for Chassis Serial EEPROM.
Fan tray version set to 2
Console> (enable)
Related Commands
show environment
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-270
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set feature agg-link-partner
set feature agg-link-partner
To enable or disable the aggressive link partner feature, use the set feature agg-link-partner command.
set feature agg-link-partner {enable | disable}
Syntax Description
enable
Enables the aggressive link partner feature.
disable
Disables the aggressive link partner feature.
Defaults
The aggressive link partner feature is disabled globally.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable this feature, you reduce the possibility of aggressive link partners causing excessive
collisions. Excessive collisions can lead to excessive alignment errors and runts.
The aggressive link partner feature works only on half duplex 10/100 ports.
The set feature agg-link-partner command is a global command so when you enable or disable this
feature, all related modules in the chassis are enabled or disabled.
Examples
This example shows how to enable the aggressive link partner feature:
Console> (enable) set feature agg-link-partner enable
Aggressive link partner feature enabled.
Console> (enable)
This example shows how to disable the aggressive link partner feature:
Console> (enable) set feature agg-link-partner disable
Aggressive link partner feature disabled.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-271
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set feature dot1x-radius-keepalive
set feature dot1x-radius-keepalive
To enable or disable the 802.1X RADIUS keepalive state, use the set feature dot1x-radius-keepalive
command.
set feature dot1x-radius-keepalive {enable | disable}
Syntax Description
enable
Enables 802.1X RADIUS keepalive state.
disable
Disables 802.1X RADIUS keepalive state.
Defaults
RADIUS keepalive state is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To check whether or not configured RADIUS servers are alive, the switch can send out a dummy
username for authentication. In reply to the dummy username, the RADIUS servers send an access
rejection.
To turn off attempts to authenticate that test the RADIUS servers, enter the set feature
dot1x-radius-keepalive disable command. If you disable this feature, the switch does not check the
status of the servers, and the RADIUS server logs do not fill with dummy attempts.
Examples
This example shows how to disable the 802.1X RADIUS keepalive state feature:
Console> (enable) set feature dot1x-radius-keepalive enable
dot1x radius-keepalive state enabled.
Console> (enable)
Related Commands
show dot1x
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-272
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set feature mdg
set feature mdg
To enable or disable the multiple default gateway feature, use the set feature mdg command.
set feature mdg {enable | disable}
Syntax Description
enable
Enables the multiple default gateway.
disable
Disables the multiple default gateway.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enable the multiple default gateway feature, the Catalyst 6500 series switch pings the default
gateways every 10 seconds to verify that the gateways are still available.
Examples
This example shows how to enable the multiple default gateway feature:
Console> (enable) set feature mdg enable
Multiple Gateway feature enabled.
Console> (enable)
This example shows how to disable the multiple default gateway feature:
Console> (enable) set feature mdg disable
Multiple Gateway feature disabled.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-273
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set firewall
set firewall
To configure the parameters for a Firewall Services Module (FWSM), use the set firewall command.
set firewall multiple-vlan-interfaces {enable | disable}
Syntax Description
multiple-vlan-interfaces
Sets the multiple VLAN interface feature for an FWSM.
enable
Enables multiple VLAN interfaces for an FWSM.
disable
Disables multiple VLAN interfaces for an FWSM.
Defaults
The multiple VLAN interface feature is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Disabling the multiple VLAN interface feature sets the FWSM to single VLAN interface mode.
Examples
This example shows how to enable the multiple VLAN feature on a firewall module:
Console> (enable) set firewall multiple-vlan-interfaces enable
This command will enable multiple vlan feature for all firewall modules in the
chassis .Can result in traffic bypassing the firewall module
Do you want to continue (y/n) [n]?y
Multiple vlan feature enabled for firewall
Console> (enable)
This example shows how to disable the multiple VLAN feature on a firewall module:
Console> (enable) set firewall multiple-vlan-interfaces disable
This command will disable multiple vlan feature for all firewall modules in the chassis.
Do you want to continue (y/n) [n]?y
Multiple vlan feature disabled for firewalls. All layer 3 firewall vlan interfaces have
been brought down on MSFC
Please remove all the layer 3 firewall vlan interfaces from MSFC using no interface
command on MSFC.
Console> (enable)
Related Commands
show firewall
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-274
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ftp
set ftp
To configure File Transfer Protocol (FTP) parameters, use the set ftp command.
set ftp username new_ftp_username
set ftp password new_ftp_password
set ftp passive
Syntax Description
username
Specifies a username for FTP connections.
new_ftp_username
Username for FTP.
password
Specifies a password for FTP connections.
new_ftp_password
Password for FTP.
passive
Makes the FTP connection in passive mode.
Defaults
The FTP mode is set to passive.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
For security reasons, the new_ftp_password argument is not stored in NVRAM. The password is
encrypted by using a proprietary encryption algorithm.
The FTP mode is passive. To clear the FTP passive mode, use the clear ftp passive command.
Examples
This example shows how to specify a username for FTP connections:
Console> (enable) set ftp username dkoya
Ftp username set to dkoya.
Console> (enable)
This example shows how to specify a password for FTP connections:
Console> (enable) set ftp password mypassword
Ftp password set.
Console> (enable)
This example shows how to set the FTP mode to passive:
Console> (enable) set ftp passive
Ftp passive mode set.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-275
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ftp
Related Commands
clear ftp
show ftp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-276
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set garp timer
set garp timer
To adjust the values of the join, leave, and leaveall timers, use the set garp timer command.
set garp timer {timer_type} {timer_value}
Syntax Description
timer_type
Type of timer; valid values are join, leave, and leaveall.
timer_value
Timer values in milliseconds; valid values are from 1 to 2147483647 milliseconds.
Defaults
The defaults are the join timer is 200 milliseconds, the leave timer is 600 milliseconds, and the leaveall
timer is 10000 milliseconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The modified timer values are applied to all General Attribute Registration Protocol (GARP)
applications (for example, GMRP and GVRP) timer values.
You must maintain the following relationship for the various timer values:
Caution
Examples
•
Leave time must be greater than or equal to three times the join time.
•
Leaveall time must be greater than the leave time.
Set the same GARP application (for example, GMRP and GVRP) timer values on all Layer 2-connected
devices. If the GARP timers are set differently on the Layer 2-connected devices, GARP applications
will not operate successfully.
This example shows how to set the join timer value for all the ports on all the VLANs:
Console> (enable) set garp timer join 100
GMRP/GARP Join timer value is set to 100 milliseconds.
Console> (enable)
This example shows how to set the leave timer value for all the ports on all the VLANs:
Console> (enable) set garp timer leave 300
GMRP/GARP Leave timer value is set to 300 milliseconds.
Console> (enable)
Related Commands
set gmrp timer
set gvrp timer
show garp timer
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-277
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gmrp
set gmrp
To enable or disable GARP Multicast Registration Protocol (GMRP) on the switch in all VLANs on all
ports, use the set gmrp command.
set gmrp {enable | disable}
Syntax Description
enable
Enables GMRP on the switch.
disable
Disables GMRP on the switch.
Defaults
The default is GMRP is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You cannot enable GMRP if IGMP snooping is already enabled.
Examples
This example shows how to enable GMRP on the switch:
Console> (enable) set gmrp enable
GMRP is enabled.
Console> (enable)
This example shows how to disable GMRP on the switch:
Console> (enable) set gmrp disable
GMRP is disabled.
Console> (enable)
This example shows the display if you try to enable GMRP on the switch with IGMP enabled:
Console> (enable) set gmrp enable
Disable IGMP to enable GMRP snooping feature.
Console> (enable)
Related Commands
show gmrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-278
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gmrp fwdall
set gmrp fwdall
To enable or disable the Forward All feature on a specified port or module and port list, use the set gmrp
fwdall command.
set gmrp fwdall {enable | disable} mod/port...
Syntax Description
enable
Enables GMRP Forward All on a specified port.
disable
Disables GMRP Forward All on a specified port.
mod/port...
Number of the module and the ports on the module.
Defaults
The default is the Forward All feature is disabled for all ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Forward All indicates that a port is interested in receiving all the traffic for all the multicast groups.
If the port is trunking, then this feature is applied to all the VLANs on that port.
Examples
This example shows how to enable GMRP Forward All on module 5, port 5:
Console> (enable) set gmrp fwdall enable 5/5
GMRP Forward All groups option enabled on port(s) 5/5.
Console> (enable)
This example shows how to disable the GMRP Forward All on module 3, port 2:
Console> (enable) set gmrp service fwdall disable 3/2
GMRP Forward All groups option disabled on port(s) 3/2.
Console> (enable)
Related Commands
show gmrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-279
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gmrp registration
set gmrp registration
To specify the GMRP registration type, use the set gmrp registration command.
set gmrp registration {normal | fixed | forbidden} mod/port...
Syntax Description
normal
Specifies dynamic GMRP multicast registration and deregistration on the port.
fixed
Specifies the multicast groups currently registered on the switch are applied to the
port, but any subsequent registrations or deregistrations do not affect the port. Any
registered multicast groups on the port are not deregistered based on the GARP
timers.
forbidden
Specifies that all GMRP multicasts are deregistered and prevent any further GMRP
multicast registration on the port.
mod/port...
Number of the module and the ports on the module.
Defaults
The default is administrative control is normal.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must return the port to normal registration mode to deregister multicast groups on the port.
GMRP supports a total of 3072 multicast addresses for the whole switch.
Examples
This example shows how to set the registration type to fixed on module 3, port 3:
Console> (enable) set gmrp registration fixed 3/3
GMRP Registration is set to Fixed for port(s) 3/3.
Console> (enable)
This example shows how to set the registration type to forbidden on module 1, port 1:
Console> (enable) set gmrp registration forbidden 1/1
GMRP Registration is set to Forbidden for port(s) 1/1.
Console> (enable)
Related Commands
show gmrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-280
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gmrp timer
set gmrp timer
To adjust the values of the join, leave, and leaveall timers, use the set gmrp timer command.
set gmrp timer {timer_type} {timer_value}
Syntax Description
timer_type
Type of timer; valid values are join, leave, and leaveall.
timer_value
Timer values in milliseconds; valid values are from 1 to
2147483647 milliseconds.
Defaults
The default is the join timer is 200 milliseconds, the leave timer is 600 milliseconds, and the leaveall
timer is 10000 milliseconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must maintain the following relationship for the various timer values:
Examples
•
Leave time must be greater than or equal to three times the join time.
•
Leaveall time must be greater than the leave time.
Caution
Set the same GARP application (for example, GMRP and GVRP) timer values on all Layer 2-connected
devices. If the GARP timers are set differently on the Layer 2-connected devices, GARP applications
will not operate successfully.
Note
The modified timer values are applied to all GARP application (for example, GMRP and GVRP) timer
values.
This example shows how to set the join timer value to 100 milliseconds for all the ports on all the
VLANs:
Console> (enable) set gmrp timer join 100
GARP Join timer value is set to 100 milliseconds.
Console> (enable)
This example shows how to set the leave timer value to 300 milliseconds for all the ports on all the
VLANs:
Console> (enable) set gmrp timer leave 300
GARP Leave timer value is set to 300 milliseconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-281
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gmrp timer
This example shows how to set the leaveall timer value to 20000 milliseconds for all the ports on all the
VLANs:
Console> (enable) set gmrp timer leaveall 20000
GARP LeaveAll timer value is set to 20000 milliseconds.
Console> (enable)
Related Commands
set garp timer
set gvrp timer
show gmrp timer
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-282
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gvrp
set gvrp
To enable or disable GARP VLAN Registration Protocol (GVRP) globally in the switch or on a per-port
basis, use the set gvrp command.
set gvrp {enable | disable} [mod/port]
Syntax Description
enable
Enables GVRP on the switch.
disable
Disables GVRP on the switch.
mod/port
(Optional) Number of the module and port on the module.
Defaults
The default is GVRP is globally set to disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable VTP pruning, VTP pruning runs on all the GVRP-disabled trunks.
To run GVRP on a trunk, you need to enable GVRP both globally on the switch and individually on the
trunk.
Examples
This example shows how to enable GVRP globally on the switch:
Console> (enable) set gvrp enable
GVRP enabled.
Console> (enable)
This example shows how to disable GVRP:
Console> (enable) set gvrp disable
GVRP disabled.
Console> (enable)
This example shows how to enable GVRP on module 2, port 1:
Console> (enable) set gvrp enable 2/1
GVRP enabled on port 2/1.
Console> (enable)
Related Commands
set garp timer
set gvrp timer
show gmrp timer
show gvrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-283
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gvrp applicant
set gvrp applicant
To specify whether or not a VLAN is declared out of blocking ports, use the set gvrp applicant
command.
set gvrp applicant {normal | active} {mod/port...}
Syntax Description
normal
Disallows the declaration of any VLAN out of blocking ports.
active
Enforces the declaration of all active VLANs out of blocking ports.
mod/port..
Number of the module and the ports on the module.
Defaults
The default is GVRP applicant set to normal.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To run GVRP on a trunk, you need to enable GVRP both globally on the switch and individually on the
trunk.
On a port connected to a device that does not support the per-VLAN mode of STP, the port state may
continuously cycle from blocking to listening to learning, and back to blocking. To prevent this, you
must enter the set gvrp applicant active mod/port... command on the port to send GVRP VLAN
declarations when the port is in the STP blocking state.
Examples
This example shows how to enforce the declaration of all active VLANs out of specified blocking ports:
Console> (enable) set gvrp applicant active 4/2-3,4/9-10,4/12-24
Applicant was set to active on port(s) 4/2-3,4/9-10,4/12-24.
Console> (enable)
This example shows how to disallow the declaration of any VLAN out of specified blocking ports:
Console> (enable) set gvrp applicant normal 4/2-3,4/9-10,4/12-24
Applicant was set to normal on port(s) 4/2-3,4/9-10,4/12-24.
Console> (enable)
Related Commands
show gvrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-284
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gvrp dynamic-vlan-creation
set gvrp dynamic-vlan-creation
To enable or disable dynamic VLAN creation, use the set gvrp dynamic-vlan-creation command.
set gvrp dynamic-vlan-creation {enable | disable}
Syntax Description
enable
Enables dynamic VLAN creation.
disable
Disables dynamic VLAN creation.
Defaults
The default is dynamic VLAN creation is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enable dynamic VLAN creation only when VTP is in transparent mode and no ISL trunks exist
in the switch.
This feature is not allowed when there are 802.1Q trunks that are not configured with GVRP.
Examples
This example shows how to enable dynamic VLAN creation:
Console> (enable) set gvrp dynamic-vlan-creation enable
Dynamic VLAN creation enabled.
Console> (enable)
This example shows what happens if you try to enable dynamic VLAN creation and VTP is not in
transparent mode:
Console> (enable) set gvrp dynamic-vlan-creation enable
VTP has to be in TRANSPARENT mode to enable this feature.
Console> (enable)
This example shows how to disable dynamic VLAN creation:
Console> (enable) set gvrp dynamic-vlan-creation disable
Dynamic VLAN creation disabled.
Console> (enable)
Related Commands
set vtp
show gvrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-285
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gvrp registration
set gvrp registration
To set the administrative control of an outbound port and apply to all VLANs on the trunk, use the set
gvrp registration command. GVRP registration commands are entered on a per-port basis.
set gvrp registration {normal | fixed | forbidden} mod/port...
Syntax Description
normal
Allows dynamic registering and deregistering each VLAN (except
VLAN 1) on the port.
fixed
Supports manual VLAN creation and registration, prevent VLAN
deregistration, and register all VLANs known to other ports.
forbidden
Specifies that all the VLANs (except VLAN 1) are statically
deregistered from the port.
mod/port...
Number of the module and the ports on the module.
Defaults
The default administrative control is normal.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set VLAN registration, you are communicating to the switch that the VLAN is interested in
the users that are connecting to this port and that the VLAN’s broadcast and multicast traffic is allowed
to be sent to the port.
For static VLAN configuration, you should set the mod/port... control to fixed or forbidden if the
mod/port... will not receive or process any GVRP message.
For each dynamically configured VLAN on a port, you should set the mod/port... control to normal
(default), except for VLAN 1; GVRP registration mode for VLAN 1 is always fixed and is not
configurable. VLAN 1 is always carried by 802.1Q trunks on which GVRP is enabled.
When GVRP is running, you can create a VLAN through a GVRP trunk port only if you enter the set
gvrp dynamic-vlan-creation enable and the set gvrp registration normal commands.
Examples
This example shows how to set the administrative control to normal on module 3, port 7:
Console> (enable) set gvrp registration normal 3/7
Registrar Administrative Control set to normal on port 3/7.
Console> (enable)
This example shows how to set the administrative control to fixed on module 5, port 10:
Console> (enable) set gvrp registration fixed 5/10
Registrar Administrative Control set to fixed on Port 5/10.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-286
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gvrp registration
This example shows how to set the administrative control to forbidden on module 5, port 2:
Console> (enable) set gvrp registration forbidden 5/2
Registrar Administrative Control set to forbidden on port 5/2.
Console> (enable)
Related Commands
show gvrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-287
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gvrp timer
set gvrp timer
To adjust the values of the join, leave, and leaveall timers, use the set gvrp timer command.
set gvrp timer {timer_type} {timer_value}
Syntax Description
timer_type
Type of timer; valid values are join, leave, and leaveall.
timer_value
Timer values in milliseconds; valid values are from 1 to
2147483647 milliseconds.
Defaults
The default is the join timer is 200 milliseconds, the leave timer is 600 milliseconds, and the leaveall
timer is 10000 milliseconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must maintain the following relationship for the various timer values:
Examples
•
Leave time must be greater than or equal to three times the join time.
•
Leaveall time must be greater than the leave time.
Caution
Set the same GARP application (for example, GMRP and GVRP) timer values on all Layer 2-connected
devices. If the GARP timers are set differently on the Layer 2-connected devices, GARP applications
will not operate successfully.
Note
The modified timer values are applied to all GARP application (for example, GMRP and GVRP) timer
values.
This example shows how to set the join timer value to 100 milliseconds for all the ports on all the
VLANs:
Console> (enable) set gvrp timer join 100
GVRP/GARP Join timer value is set to 100 milliseconds.
Console> (enable)
This example shows how to set the leave timer value to 300 milliseconds for all the ports on all the
VLANs:
Console> (enable) set gvrp timer leave 300
GVRP/GARP Leave timer value is set to 300 milliseconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-288
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set gvrp timer
This example shows how to set the leaveall timer value to 20000 milliseconds for all the ports on all the
VLANs:
Console> (enable) set gvrp timer leaveall 20000
GVRP/GARP LeaveAll timer value is set to 20000 milliseconds.
Console> (enable)
Related Commands
set garp timer
show gvrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-289
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp
set igmp
To enable or disable Internet Group Management Protocol (IGMP) snooping on the switch, use the
set igmp command.
set igmp {enable | disable}
Syntax Description
enable
Enables IGMP snooping on the switch.
disable
Disables IGMP snooping on the switch.
Defaults
The default is IGMP snooping is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
IGMP must be disabled to run GMRP.
If your system is configured with a Supervisor Engine 1, you must enable one of the multicast services
(IGMP snooping or GMRP) on the switch in order to use IP MMLS.
Examples
This example shows how to enable IGMP snooping on the switch:
Console> (enable) set igmp enable
IGMP feature for IP multicast enabled
Console> (enable)
This example shows how to disable IGMP snooping on the switch:
Console> (enable) set igmp disable
IGMP Snooping is disabled.
Console> (enable)
This example shows the display if you try to enable GMRP on the switch with IGMP enabled:
Console> (enable) set igmp enable
Disable GMRP to enable IGMP snooping feature.
Console> (enable)
Related Commands
clear igmp statistics
set rgmp
show igmp statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-290
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp fastblock
set igmp fastblock
To enable or disable the IGMP version 3 fast-block mechanism on the switch, use the set igmp fastblock
command.
set igmp fastblock {enable | disable}
Syntax Description
enable
Enables the IGMP version 3 fast-block mechanism.
disable
Disables the IGMP version 3 fast-block mechanism.
Defaults
By default, the IGMP version 3 fast-block mechanism is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable the fast-block mechanism on the switch:
Console> (enable) set igmp fastblock enable
IGMP V3 fastblock enabled
Console> (enable)
This example shows how to disable the fast-block mechanism on the switch:
Console> (enable) set igmp fastblock disable
IGMP V3 fastblock disabled
Console> (enable)
Related Commands
set igmp v3-processing
show multicast v3-group
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-291
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp fastleave
set igmp fastleave
To enable or disable Internet Group Management Protocol (IGMP) fastleave processing, use the
set igmp fastleave command.
set igmp fastleave {enable | disable}
Syntax Description
enable
Enables IGMP fastleave processing.
disable
Disables IGMP fastleave processing.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This command shows how to enable IGMP fastleave processing:
Console> (enable) set igmp fastleave enable
IGMP fastleave set to enable.
Warning: Can cause disconnectivity if there are more than one host joining the same group
per access port.
Console> (enable)
This command shows how to disable IGMP fastleave processing:
Console> (enable) set igmp fastleave disable
IGMP fastleave set to disable.
Console> (enable)
Related Commands
clear igmp statistics
set igmp
show multicast protocols status
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-292
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp flooding
set igmp flooding
To activate or to prevent flooding of multicast traffic after the last host leaves a multicast group, enter
the set igmp flooding command.
set igmp flooding {enable | disable}
Syntax Description
enable
Activates multicast flooding.
disable
Prevents multicast flooding.
Defaults
IGMP flooding is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
For more information about IGMP flooding, refer to the “Understanding How IGMP Snooping Works”
section of the “Configuring Multicast Services” chapter of the Catalyst 6500 Series Switch Software
Configuration Guide.
Examples
This example shows how to prevent the flooding of multicast traffic after the last host leaves a multicast
group:
Console> (enable) set igmp flooding disable
IGMP Flooding disabled
Console> (enable)
This example shows how to enable the flooding of multicast traffic after the last host leaves a multicast
group:
Console> (enable) set igmp flooding enable
IGMP Flooding enabled (default)
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-293
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp leave-query-type
set igmp leave-query-type
To set the type of query to be sent when a port receives a leave message, use the set igmp
leave-query-type command.
set igmp leave-query-type {mac-gen-query | general-query | auto-mode}
Syntax Description
mac-gen-query
Specifies sending a MAC-based general query on receiving a leave
message.
general-query
Specifies sending a general query on receiving a leave message.
auto-mode
Specifies sending a group-specific query if no version 1 hosts are detected.
Defaults
By default, a MAC-based general query is sent when a port receives a leave message.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to send a MAC-based general query:
Console> (enable) set igmp leave-query-type mac-gen-query
Console> (enable)
This example shows how to send a general query:
Console> (enable) set igmp leave-query-type general-query
Console> (enable)
This example shows how to send a group-specific query if no version 1 hosts are detected:
Console> (enable) set igmp leave-query-type auto-mode
IGMP Leave Query Type set to Auto-Type
Console> (enable)
Related Commands
show igmp leave-query-type
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-294
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp mode
set igmp mode
To set the IGMP snooping mode, use the set igmp mode command.
set igmp mode {igmp-only | igmp-cgmp | auto}
Syntax Description
igmp-only
Specifies IGMP snooping only.
igmp-cgmp
Specifies IGMP and CGMP modes.
auto
Overrides the dynamic switching of IGMP snooping modes.
Defaults
The default is IGMP mode is auto.
Command Types
Switch.
Command Modes
Privileged.
Usage Guidelines
The switch dynamically chooses either IGMP-only or IGMP-CGMP mode, depending on the traffic
present on the network. IGMP-only mode is used in networks with no CGMP devices. IGMP-CGMP
mode is used in networks with both IGMP and CGMP devices. Auto mode overrides the dynamic
switching of the modes.
Examples
This example shows how to set the IGMP mode to IGMP-only:
Console> (enable) set igmp mode igmp-only
IGMP mode set to igmp-only
Console> (enable)
This example shows how to set the IGMP mode to auto:
Console> (enable) set igmp mode auto
IGMP mode set to auto
Console> (enable)
Related Commands
show igmp mode
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-295
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp querier
set igmp querier
To configure the IGMP querier for a specific VLAN, use the set igmp querier command.
set igmp querier {enable | disable} vlan
set igmp querier vlan {qi | oqi} seconds
set igmp querier address vlan ip_addr
Syntax Description
Defaults
enable
Enables the IGMP querier for a VLAN.
disable
Disables the IGMP querier for a VLAN.
vlan
Number of the VLAN.
qi
Sets the querier interval for the VLAN.
oqi
Sets the other querier interval for the VLAN.
seconds
Range of the querier interval or the other querier interval in seconds; valid values are from
1 to 65535 seconds.
address
Sets the querier IP address for the VLAN.
ip_addr
IP address for the VLAN.
IGMP querier is disabled.
The default value for qi is 125 seconds.
The default value for oqi is 300 seconds.
The default value for ip_addr is 0.0.0.0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must enable IGMP querier on every VLAN for which switch querier functionality is required. In the
absence of general queries, the oqi value is the amount of time a switch waits before electing itself as
the querier.
Examples
This example shows how to enable the IGMP querier for VLAN 4001:
Console> (enable) set igmp querier enable 4001
IGMP switch querier enabled for VLAN 4001
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-296
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp querier
This example shows how to set the querier interval to 130 seconds for VLAN 4001:
Console> (enable) set igmp querier 4001 qi 130
QI for VLAN 4001 set to 130 second(s)
Console> (enable)
Related Commands
show igmp querier information
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-297
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp ratelimit
set igmp ratelimit
To enable or disable IGMP rate limiting or to set the rate limit for IGMP snooping packets, use the
set igmp ratelimit command.
set igmp ratelimit {enable | disable}
set igmp ratelimit {dvmrp | general-query | mospf1 | mospf2 | pimv2} rate
Syntax Description
Defaults
enable
Enables IGMP rate limiting.
disable
Disables IGMP rate limiting.
dvmrp
Sets the IGMP rate limit for Distance Vector Multicast Routing Protocol
(DVMRP) packets.
general-query
Sets the IGMP rate limit for general query packets.
mospf1
Sets the IGMP rate limit for Multicast Extensions of OSPF (MOSPF) version 1
packets.
mospf2
Sets the IGMP rate limit for Multicast Extensions of OSPF (MOSPF) version 2
packets.
pimv2
Sets the IGMP rate limit for Protocol Independent Multicast (PIM) version 2
packets.
rate
Rate limit; valid values are from 1 to 65535 packets per 30 seconds.
IGMP rate limiting is disabled.
The default rate limits are as follows:
•
dvmrp is 100 packets.
•
general-query is 100 packets.
•
mospf1 is 100 packets.
•
mospf2 is 100 packets.
•
pimv2 is 100 packets.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set igmp ratelimit {enable | disable} command is supported in both text and binary configuration
modes.
If IGMP rate limiting and multicast are enabled, multicast router ports might age out sporadically
because the rate of the multicast control packets (such as PIMv2 hellos or IGMP general queries)
exceeds the IGMP rate limit watermarks that were configured. The default value for these watermarks
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-298
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp ratelimit
is 100. We recommend that you increase the PIMv2 hello ratelimit to 3000 by entering set igmp
ratelimit pimv2 3000. You can also increase the IGMP general queries rate limit; we recommend that
you set the value to 500 by entering set igmp ratelimit general-query 500.
Examples
This example shows how to enable IGMP rate limiting:
Console> (enable) set igmp ratelimit enable
IGMP Ratelimiting enabled
Console> (enable)
This example shows how to set the IGMP rate limit for MOSPF2 to 550 packets per every 30 seconds:
Console> (enable) set igmp ratelimit mospf2 550
MOSPF2 Watermark set to allow 550 messages in 30 seconds
Console> (enable)
This example shows how to set the IGMP ratel limit for PIMv2 1000 packets per every 30 seconds:
Console> (enable) set igmp ratelimit pimv2 1000
PIMV2 Watermark set to allow 1000 messages in 30 seconds
Console> (enable)
Related Commands
show igmp ratelimit-info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-299
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp v3-processing
set igmp v3-processing
To explicitly enable or disable IGMP version 3 snooping, use the set igmp v3-processing command.
set igmp v3-processing {enable | disable}
Syntax Description
enable
Enables IGMP version 3 snooping.
disable
Disables IGMP version 3 snooping.
Defaults
By default, IGMP version 3 snooping is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
IGMP version 3 is supported only on Supervisor Engine 2. Supervisor Engine 1, Supervisor Engine 1A,
and Supervisor Engine 720 do not support this feature.
If IGMP version 3 processing is disabled, any previous IGMP version 3 snooping entries are cleared.
These IGMP version 3 entries are relearned as IGMP version 2 (GDA-based) entries after the switch
receives an IGMP version 3 report. Any subsequent IGMP version 3 reports for other multicast sources
or groups are also processed as version 2 reports.
Note
Examples
IGMP version 3 processing and the multicast multilayer switching (MMLS) feature cannot be
enabled at the same time. To enable IGMP version 3 processing, you must disable MMLS from the
Multilayer Switch Feature Card (MSFC). If you attempt to enable IGMP version 3 processing when
MMLS is enabled, a warning displays to indicate that IGMP version 3 processing will be enabled
after MMLS is disabled from the MSFC.
This example shows how to enable IGMP version 3 processing:
Console> (enable) set igmp v3-processing enable
IGMP V3 processing enabled
Console> (enable)
This example shows how to disable IGMP version 3 processing:
Console> (enable) set igmp v3-processing disable
IGMP V3 processing disabled
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-300
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set igmp v3-processing
Related Commands
set igmp fastblock
show multicast v3-group
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-301
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set inlinepower defaultallocation
set inlinepower defaultallocation
To set the default power allocation for a port, use the set inlinepower defaultallocation command.
set inlinepower defaultallocation value
Syntax Description
value
Defaults
The default is 15400 milliwatts.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set inlinepower defaultallocation command is global and only affects Cisco IP phones.
Caution
Default power allocation; valid values are from 4000 to 15400 milliwatts.
The set inlinepower defaultallocation command can be harmful when there is not enough power in the
system to bring up all connected inline power devices. If you set a small value for the power allocation,
all connected inline power devices initially will be powered up. However, after receiving CDP messages,
the system will learn that devices are consuming more power and deny power to some of the ports.
Setting a small value might also result in the overdrawing of power for some time with unanticipated
results, such as hardware failures and unexpected resets.
7000 milliwatts is the maximum power supported for these modules: WS-X6148-RJ21V,
WS-X6148-RJ45V, WS-X6348-RJ21V, and WS-X6348-RJ45V.
Examples
This example shows how to set the default power allocation to 9500 milliwatts:
Console> (enable) set inlinepower defaultallocation 9500
Default inline power allocation set to 9500 mWatt per applicable port
Console> (enable)
Related Commands
set port inlinepower
show environment
show port inlinepower
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-302
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set interface
set interface
To configure the in-band and Serial Line Internet Protocol (SLIP) interfaces on the switch, use the set
interface command.
set interface {sc0 | sl0 | sc1} {up | down}
set interface sl0 slip_addr dest_addr
set interface sc0 [vlan] [ip_addr[netmask [broadcast]]]
set interface sc0 [vlan] [ip_addr/netmask [broadcast]]
set interface sc0 dhcp {renew | release}
set interface sc1 [vlan] [ip_addr[netmask [broadcast]]]
set interface sc1 [vlan] [ip_addr/netmask [broadcast]]
Syntax Description
sc0
Specifies the sc0 in-band interface.
sl0
Specifies the SLIP interface.
sc1
Specifies the sc1 in-band interface.
up
Brings the interface into operation.
down
Brings the interface out of operation.
slip_addr
IP address of the console port.
dest_addr
IP address of the host to which the console port will be connected.
vlan
(Optional) Number of the VLAN to be assigned to the interface; valid values are
from 1 to 1005 and from 1025 to 4094.
ip_addr
(Optional) IP address.
/netmask
(Optional) Subnet mask.
broadcast
(Optional) Broadcast address.
dhcp
Performs Dynamic Host Configuration Protocol (DHCP) operations on the sc0
interface.
renew
Renews the lease on a DHCP-learned IP address.
release
Releases a DHCP-learned IP address back to the DHCP IP address pool.
Defaults
The default configuration is the in-band interface (sc0) in VLAN 1 with the IP address, subnet mask, and
broadcast address set to 0.0.0.0. The default configuration for the SLIP interface (sl0) is that the IP
address and broadcast address are set to 0.0.0.0.0.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-303
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set interface
Usage Guidelines
The set interface sc0 dchp command is valid only when the address is learned from the DHCP server
and available in privileged mode only.
Two configurable network interfaces are on a Catalyst 6500 series switch: in-band (sc0) and SLIP (sl0).
Configuring the sc0 interface with an IP address and subnet mask allows you to access the switch CLI
via Telnet from a remote host. You should assign the sc0 interface to an active VLAN configured on the
switch (the default is VLAN 1). Make sure the IP address you assign is in the same subnet as other
stations in that VLAN.
Configuring the sl0 interface with an IP address and destination address allows you to make a
point-to-point connection to a host through the console port. Use the slip attach command to activate
SLIP on the console port (you will not be able to access the CLI via a terminal connected to the console
port until you use the slip detach command to deactivate SLIP on the console port).
When you specify the netmask value, this indicates the number of bits allocated to subnetting in the
hostid section of the given Class A, B, or C address. For example, if you enter an IP address for the sc0
interface as 172.22.20.7, the hostid bits for this Class B address is 16.
If you enter the netmask value in length of bits, for example, 204.20.22.7/24, the range for length is from
0 to 31 bits. If you do not enter the netmask value, the number of bits is assumed to be the natural
netmask.
Examples
This example shows how to use set interface sc0 and set interface sl0 from the console port. It also
shows how to bring down interface sc0 using a terminal connected to the console port:
Console> (enable) set interface sc0 192.20.11.44/255.255.255.0
Interface sc0 IP address and netmask set.
Console> (enable) set interface sl0 192.200.10.45 192.200.10.103
Interface sl0 SLIP and destination address set.
Console> (enable) set interface sc0 down
Interface sc0 administratively down.
Console> (enable)
This example shows how to set the IP address for sc0 through a Telnet session. Note that the default
netmask for that IP address class is used (for example, a Class C address uses 255.255.255.0, and a
Class B uses 255.255.0.0):
Console> (enable) set interface sc0 192.200.11.40
This command may disconnect active telnet sessions.
Do you want to continue (y/n) [n]? y
Interface sc0 IP address set.
This example shows how to take the interface out of operation through a Telnet session:
Console> (enable) set interface sc0 down
This command will inactivate telnet sessions.
Do you want to continue (y/n) [n]? y
Interface sc0 administratively down.
This example shows how to assign the sc0 interface to a particular VLAN:
Console> (enable) set interface sc0 5
Interface sc0 vlan set.
Console> (enable)
This example shows what happens when you assign the sc0 interface to a nonactive VLAN:
Console> (enable) set interface sc0 200
Vlan is not active, user needs to set vlan 200 active
Interface sc0 vlan set.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-304
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set interface
This example shows how to release a DHCP-learned IP address back to the DHCP IP address pool:
Console> (enable) set interface sc0 dhcp release
Releasing IP address...Done
Console> (enable)
This example shows how to renew a lease on a DHCP-learned IP address:
Console> (enable) set interface sc0 dhcp renew
Renewing IP address...Done
Console> (enable)
This example shows how to set the IP address for sc1 from the console port:
Console> (enable) set interface sc1 10.6.33.15 255.255.255.0
set interface sc1 10.6.33.15 255.255.255.0
Interface sc1 IP address and netmask set.
Console> (enable)
Related Commands
show interface
slip
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-305
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip alias
set ip alias
To add aliases of IP addresses, use the set ip alias command.
set ip alias name ip_addr
Syntax Description
name
Name of the alias being defined.
ip_addr
IP address of the alias being defined.
Defaults
The default configuration is one IP alias (0.0.0.0) configured as the default.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to define an IP alias of mercury for IP address 192.122.174.234:
Console> (enable) set ip alias mercury 192.122.174.234
IP alias added.
Console> (enable)
Related Commands
clear ip alias
show ip alias
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-306
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip dns
set ip dns
To enable or disable DNS, use the set ip dns command.
set ip dns {enable | disable}
Syntax Description
enable
Enables DNS.
disable
Disables DNS.
Defaults
The default is DNS is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable DNS:
Console> (enable) set ip dns enable
DNS is enabled.
Console> (enable)
This example shows how to disable DNS:
Console> (enable) set ip dns disable
DNS is disabled.
Console> (enable)
Related Commands
show ip dns
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-307
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip dns domain
set ip dns domain
To set the default DNS domain name, use the set ip dns domain command.
set ip dns domain name
Syntax Description
name
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify a domain name on the command line, the system attempts to resolve the host name as
entered. If the system cannot resolve the host name as entered, it appends the default DNS domain name
as defined with the set ip dns domain command. If you specify a domain name with a trailing dot, the
program considers this to be an absolute domain name.
Examples
This example shows how to set the default DNS domain name:
DNS domain name.
Console> (enable) set ip dns domain yow.com
DNS domain name set to yow.com.
Console> (enable)
Related Commands
clear ip dns domain
show ip dns
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-308
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip dns server
set ip dns server
To set the IP address of a Domain Name System (DNS) server, use the set ip dns server command.
set ip dns server ip_addr [primary]
Syntax Description
ip_addr
IP address of the DNS server.
primary
(Optional) Configures a DNS server as the primary server.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure up to three DNS name servers as backup. You can also configure any DNS server as
the primary server. The primary server is queried first. If the primary server fails, the backup servers are
queried.
If DNS is disabled, you must use the IP address with all commands that require explicit IP addresses or
manually define an alias for that address. The alias has priority over DNS.
Examples
These examples show how to set the IP address of a DNS server:
Console> (enable) set ip dns server 198.92.30.32
198.92.30.32 added to DNS server table as primary server.
Console> (enable) set ip dns server 171.69.2.132 primary
171.69.2.132 added to DNS server table as primary server.
Console> (enable) set ip dns server 171.69.2.143 primary
171.69.2.143 added to DNS server table as primary server.
This example shows what happens if you enter more than three DNS name servers as backup:
Console> (enable) set ip dns server 161.44.128.70
DNS server table is full. 161.44.128.70 not added to DNS server table.
Related Commands
clear ip dns server
show ip dns
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-309
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip fragmentation
set ip fragmentation
To enable or disable the fragmentation of IP packets bridged between FDDI and Ethernet networks, use
the set ip fragmentation command.
set ip fragmentation {enable | disable}
Syntax Description
enable
Permits fragmentation for IP packets bridged between FDDI and
Ethernet networks.
disable
Disables fragmentation for IP packets bridged between FDDI and
Ethernet networks.
Defaults
The default value is IP fragmentation is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If IP fragmentation is disabled, packets are dropped.
Note that FDDI and Ethernet networks have different maximum transmission units (MTUs).
Examples
This example shows how to disable IP fragmentation:
Console> (enable) set ip fragmentation disable
Bridge IP fragmentation disabled.
Console> (enable)
Related Commands
show ip route
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-310
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip http port
set ip http port
To configure the TCP port number for the HyperText Transfer Protocol (HTTP) server, use the set ip
http port command.
set ip http port {default | port-number}
Syntax Description
default
Specifies the default HTTP server port number (80).
port-number
Number of the TCP port for the HTTP server; valid values are from 1 to
65535.
Defaults
The default TCP port number is 80.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the IP HTTP port default:
Console> (enable) set ip http port default
HTTP TCP port number is set to 80.
Console> (enable)
This example shows how to set the IP HTTP port number:
Console> (enable) set ip http port 2398
HTTP TCP port number is set to 2398.
Console> (enable)
Related Commands
set ip http server
show ip http
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-311
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip http server
set ip http server
To enable or disable the HTTP server, use the set ip http server command.
set ip http server {enable | disable}
Syntax Description
enable
Enables the HTTP server.
disable
Disables the HTTP server.
Defaults
The default is the HTTP server is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable the HTTP server:
Console> (enable) set ip http server enable
HTTP server is enabled.
Console> (enable)
This example shows the system response when the HTTP server-enabled command is not supported:
Console> (enable) set ip http server enable
Feature not supported.
Console> (enable)
This example shows how to disable the HTTP server:
Console> (enable) set ip http server disable
HTTP server disabled.
Console> (enable)
Related Commands
set ip http port
show ip http
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-312
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip permit
set ip permit
To enable or disable the IP permit list and to specify IP addresses to be added to the IP permit list, use
the set ip permit command.
set ip permit {enable | disable}
set ip permit {enable | disable} [telnet | ssh | snmp]
set ip permit addr [mask] [telnet | ssh | snmp | all]
Syntax Description
enable
Enables the IP permit list.
disable
Disables the IP permit list.
telnet
(Optional) Specifies the Telnet IP permit list.
ssh
(Optional) Specifies the SSH IP permit list.
snmp
(Optional) Specifies the SNMP IP permit list.
addr
IP address to be added to the IP permit list. An IP alias or host name that can be
resolved through DNS can also be used.
mask
(Optional) Subnet mask of the specified IP address.
all
(Optional) Specifies all entries in the IP permit list be removed.
Defaults
The default is IP permit list is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can achieve the same functionality of the IP permit list by using VLAN access control lists (VACLs).
VACLs are handled by hardware (PFC), and the processing is considerably faster. For VACL
configuration information, refer to the Catalyst 6500 Series Switch Software Configuration Guide.
You can configure up to 100 entries in the permit list. If you enable the IP permit list, but the permit list
has no entries configured, a caution displays on the screen.
Make sure you enter the entire disable keyword when entering the set ip permit disable command. If
you abbreviate the keyword, the abbreviation is interpreted as a host name to add to the IP permit list.
If you do not specify the snmp, ssh, telnet, or all keyword, the IP address is added to both the SNMP
and Telnet permit lists.
You enter the mask in dotted decimal format, for example, 255.255.0.0.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-313
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip permit
Examples
This example shows how to add an IP address to the IP permit list:
Console> (enable) set ip permit 192.168.255.255
192.168.255.255 added to IP permit list.
Console> (enable)
This example shows how to add an IP address using an IP alias or host name to both the SNMP and Telnet
permit lists:
Console> (enable) set ip permit batboy
batboy added to IP permit list.
Console> (enable)
This example shows how to add a subnet mask of the IP address to both the SNMP and Telnet permit
lists:
Console> (enable) set ip permit 192.168.255.255 255.255.192.0
192.168.255.255 with mask 255.255.192.0 added to IP permit list.
Console> (enable)
This example shows how to add an IP address to the Telnet IP permit list:
Console> (enable) set ip permit 172.16.0.0 255.255.0.0 telnet
172.16.0.0 with mask 255.255.0.0 added to telnet permit list.
Console> (enable)
This example shows how to add an IP address to the SNMP IP permit list:
Console> (enable) set ip permit 172.20.52.32 255.255.255.224 snmp
172.20.52.32 with mask 255.255.255.224 added to snmp permit list.
Console> (enable)
This example shows how to add an IP address to all IP permit lists:
Console> (enable) set ip permit 172.20.52.3 all
172.20.52.3 added to IP permit list.
Console> (enable)
This example shows how to enable the IP permit list:
Console> (enable) set ip permit enable
Telnet, Snmp and Ssh permit list enabled
Console> (enable)
This example shows how to disable the IP permit list:
Console> (enable) set ip permit disable
Telnet, Snmp and Ssh permit list disabled.
Console> (enable)
This example shows how to enable a specific IP permit list type:
Console> (enable) set ip permit enable ssh
SSH permit list enabled.
Console> (enable)
Related Commands
clear ip permit
show ip permit
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-314
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip redirect
set ip redirect
To enable or disable ICMP redirect messages on the Catalyst 6500 series switches, use the set ip
redirect command.
set ip redirect {enable | disable}
Syntax Description
enable
Permits ICMP redirect messages to be returned to the source host.
disable
Prevents ICMP redirect messages from being returned to the source host.
Defaults
The default configuration is ICMP redirect is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to deactivate ICMP redirect messages:
Console> (enable) set ip redirect disable
ICMP redirect messages disabled.
Console> (enable)
Related Commands
show ip route
show netstat
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-315
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip route
set ip route
To add IP addresses or aliases to the IP routing table, use the set ip route command.
set ip route {destination}[/netmask] {gateway} [metric] [primary]
Syntax Description
destination
IP address, IP alias of the network, or specific host to be added. Use
default as the destination to set the new entry as the default route.
/netmask
(Optional) Number of bits in netmask or dot format (for example,
172.20.22.7/24 or 172.20.22.7/255.255.255.0).
gateway
IP address or IP alias of the router.
metric
(Optional) Value used to indicate the number of hops between the
switch and the gateway.
primary
(Optional) Used with the Multiple IP Gateways feature to specify
the default IP gateway with the highest priority.
Defaults
The default configuration routes the local network through the sc0 interface with metric 0 as soon as sc0
is configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure up to three default gateways. The primary is the highest priority. If you do not
designate a primary gateway, priority is based on the order of input. If you enter two primary definitions,
the second definition becomes the primary and the first definition becomes the secondary default IP
gateway.
You can only specify the primary keyword for a default route.
When you enter the destination value or gateway value, enter it in dot notation, for example, a.b.c.d.
When you specify the netmask value, this indicates the number of bits allocated to subnetting in the
hostid section of the given Class A, B, or C address. For example, if you enter an IP address for the sc0
interface as 172.22.20.7, the hostid bits for this Class B address is 16. Any number of bits in the hostid
bits can be allocated to the netmask field. If you do not enter the netmask value, the number of bits is
assumed to be the natural netmask.
When you enter the netmask, enter it as the number of bits or dot format, for example, destination/24
or destination/255.255.255.0. If you enter the netmask in dot format, you must have contiguous 1s.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-316
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip route
Examples
These examples show how to add three default routes to the IP routing table, checking after each addition
using the show ip route command:
Console> (enable) set ip route default 192.122.173.42 1 primary
Route added.
Console> (enable)
Console> (enable) show ip route
Fragmentation
Redirect
Unreachable
-----------------------------enabled
enabled
enabled
Destination
Gateway
Flags
Use
Interface
--------------- --------------- ------ ---------- --------default
192.122.173.42
UG
59444 sc0
192.22.74.0
192.22.74.223
U
5 sc0
Console> (enable)
Console> (enable) set ip route default 192.122.173.43 1
Route added.
Console> (enable)
Console> (enable) show ip route
Fragmentation
Redirect
Unreachable
-----------------------------enabled
enabled
enabled
Destination
Gateway
Flags
--------------- --------------- -----default
192.122.173.43
UG
default
192.122.173.42
UG
192.22.74.0
192.22.74.223
U
Console> (enable)
Use
Interface
---------- --------59444 sc0
59444 sc0
5 sc0
Console> (enable) set ip route default 192.122.173.44 1
Route added.
Console> (enable)
Console> (enable) show ip route
Fragmentation
Redirect
Unreachable
-----------------------------enabled
enabled
enabled
Destination
Gateway
Flags
--------------- --------------- -----default
192.122.173.44
UG
default
192.122.173.43
UG
default
192.122.173.42
UG
192.22.74.0
192.22.74.223
U
Console> (enable)
Related Commands
Use
Interface
---------- --------59444 sc0
59444 sc0
59444 sc0
5 sc0
clear ip route
show ip route
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-317
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ip unreachable
set ip unreachable
To enable or disable ICMP unreachable messages on the Catalyst 6500 series switch, use the set ip
unreachable command.
set ip unreachable {enable | disable}
Syntax Description
enable
Allows IP unreachable messages to be returned to the source host.
disable
Prevents IP unreachable messages from being returned to the source
host.
Defaults
The default is ICMP unreachable messages is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable ICMP unreachable messages, the switch returns an ICMP unreachable message to the
source host whenever it receives an IP datagram that it cannot deliver. When you disable ICMP
unreachable messages, the switch does not notify the source host when it receives an IP datagram that it
cannot deliver.
For example, a switch has the ICMP unreachable message function enabled and IP fragmentation
disabled. If a FDDI frame is received and needs to transmit to an Ethernet port, the switch cannot
fragment the packet. The switch drops the packet and returns an IP unreachable message to the Internet
source host.
Examples
This example shows how to disable ICMP unreachable messages:
Console> (enable) set ip unreachable disable
ICMP Unreachable message disabled.
Console> (enable)
Related Commands
show ip route
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-318
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos clients mandatory
set kerberos clients mandatory
To make Kerberos authentication mandatory for authenticating to services on the network, use the set
kerberos clients mandatory command.
set kerberos clients mandatory
Syntax Description
This command has no arguments or keywords.
Defaults
The default is Kerberos clients are not set to mandatory.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
As an added layer of security, you can optionally configure the switch so that after users authenticate to
it, they can authenticate to other services on the network only with Kerberos clients. If you do not make
Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to
authenticate users using the default method of authentication for that network service. For example,
Telnet prompts for a password.
Examples
This example shows how to make Kerberos authentication mandatory:
Console> (enable) set kerberos clients mandatory
Kerberos clients set to mandatory
Console> (enable)
Related Commands
clear kerberos clients mandatory
set kerberos credentials forward
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-319
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos credentials forward
set kerberos credentials forward
To configure clients to forward users’ credentials as they connect to other hosts in the Kerberos realm,
use the set kerberos credentials forward command.
set kerberos credentials forward
Syntax Description
This command has no arguments or keywords.
Defaults
The default is forwarding is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A user authenticated to a Kerberized switch has a ticket granting ticket (TGT) and can use it to
authenticate to a host on the network. However, if forwarding is not enabled and a user tries to list
credentials after authenticating to a host, the output will show no Kerberos credentials present.
You can optionally configure the switch to forward user TGTs as they authenticate from the switch to
Kerberized remote hosts on the network by using Kerberized Telnet.
Examples
This example shows how to enable Kerberos credentials forwarding:
Console> (enable) set kerberos credentials forward
Kerberos credentials forwarding enabled
Console> (enable)
Related Commands
set kerberos clients mandatory
set kerberos local-realm
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-320
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos local-realm
set kerberos local-realm
To configure a switch to authenticate users defined in the Kerberos database, use the set kerberos
local-realm command.
set kerberos local-realm kerberos_realm
Syntax Description
kerberos_realm
Defaults
The default value is a NULL string.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To authenticate a user defined in the Kerberos database, you must configure the switch to know the host
name or IP address of the host running the KDC and the name of the Kerberos realm.
IP address or name (in uppercase characters) of the Kerberos realm.
You must enter the Kerberos realm name in all uppercase characters.
Examples
This example shows how to set a default Kerberos local realm for the switch:
Console> (enable) set kerberos local-realm CISCO.COM
Kerberos local realm for this switch set to CISCO.COM.
Console> (enable)
Related Commands
clear kerberos realm
set kerberos realm
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-321
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos realm
set kerberos realm
To map the name of a Kerberos realm to a DNS domain name or a host name, use the set kerberos realm
command.
set kerberos realm {dns_domain | host} kerberos_realm
Syntax Description
dns_domain
DNS domain name to map to Kerberos realm.
host
IP address or name to map to Kerberos host realm.
kerberos_realm
IP address or name of Kerberos realm.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can map the name of the Kerberos realm to a DNS domain name or a host name by entering the set
kerberos realm command. The information entered with this command is stored in a table with one
entry for each Kerberos realm. The maximum number of entries in the table is 100.
You must enter Kerberos realms in uppercase characters.
Examples
This example shows how to map the Kerberos realm to a domain name:
Console> (enable) set kerberos realm CISCO CISCO.COM
Kerberos DnsDomain-Realm entry set to CISCO - CISCO.COM
Console> (enable)
Related Commands
clear kerberos realm
set kerberos local-realm
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-322
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos server
set kerberos server
To specify which Key Distribution Center (KDC) to use on the switch, use the set kerberos server
command.
set kerberos server kerberos_realm {hostname | ip_address} [port]
Syntax Description
kerberos_realm
Name of the Kerberos realm.
hostname
Name of host running the KDC.
ip_address
IP address of host running the KDC.
port
(Optional) Number of the port.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can specify to the switch which KDC to use in a Kerberos realm. Optionally, you can also specify
the port number which the KDC is monitoring. The Kerberos server information you enter is maintained
in a table with one entry for each Kerberos realm. The maximum number of entries in the table is 100.
The KDC is a Kerberos server and database program running on a network host that allocates the
Kerberos credentials to different users or network services.
Examples
This example shows how to specify the Kerberos server:
Console> (enable) set kerberos server CISCO.COM 187.0.2.1 750
Kerberos Realm-Server-Port entry set to:CISCO.COM - 187.0.2.1 - 750
Console> (enable)
Related Commands
clear kerberos server
set kerberos server
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-323
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos srvtab entry
set kerberos srvtab entry
To enter the SRVTAB file directly into the switch from the command line, use the set kerberos srvtab
entry command.
set kerberos srvtab entry kerberos_principal principal_type timestamp key_version_number
key_type key_length encrypted_keytab
Syntax Description
kerberos_principal
Service on the switch.
principal_type
Version of the Kerberos SRVTAB.
timestamp
Number representing the date and time the SRVTAB entry was created.
key_version_number
Version of the encrypted key format.
key_type
Type of encryption used.
key_length
Length, in bytes, of the encryption key.
encrypted_keytab
Secret key the switch shares with the KDC.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To make it possible for remote users to authenticate to the switch using Kerberos credentials, the switch
must share a secret key with the KDC. To do this, you must give the switch a copy of the file that is stored
in the KDC, which contains the secret key. These files are called SRVTAB files.
When you enter the SRVTAB directly into the switch, create an entry for each Kerberos principal
(service) on the switch. The entries are maintained in the SRVTAB table. The maximum table size is
20 entries.
The KDC is a Kerberos server and database program running on a network host that allocates the
Kerberos credentials to different users or network services.
The key is encrypted with the private 3DES key when you copy the configuration to a file or enter the
show config command.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-324
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos srvtab entry
Examples
This example shows how to enter a SRVTAB file directly into the switch:
Console> (enable) set kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 932423923 1
1 8 03;;5>00>50;0=0=0
Kerberos SRVTAB entry set to
Principal:host/niners.cisco.com@CISCO.COM
Principal Type:0
Timestamp:932423923
Key version number:1
Key type:1
Key length:8
Encrypted key tab:03;;5>00>50;0=0=0
Related Commands
clear kerberos clients mandatory
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-325
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set kerberos srvtab remote
set kerberos srvtab remote
To provide the switch with a copy of the SRVTAB file from the KDC that contains the secret key, use
the set kerberos srvtab remote command.
set kerberos srvtab remote {hostname | ip_address} filename
Syntax Description
hostname
Name of host running the KDC.
ip_address
IP address of host running the KDC.
filename
Name of the SRVTAB file.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To make it possible for remote users to authenticate to the switch using Kerberos credentials, the switch
must share a secret key with the KDC. To do this, you must give the switch a copy of the file that is stored
in the KDC, which contains the secret key. These files are called SRVTAB files.
The KDC is a Kerberos server and database program running on a network host that allocates the
Kerberos credentials to different users or network services.
The most secure method to copy SRVTAB files to the hosts in your Kerberos realm is to copy them onto
physical media and go to each host in turn and manually copy the files onto the system. To copy SRVTAB
files to the switch, which does not have a physical media drive, you must transfer them through the
network using TFTP.
Examples
This example shows how to copy SRVTAB files to the switch remotely from the KDC:
Console> (enable) set kerberos srvtab remote 187.20.32.10 /users/jdoe/krb5/ninerskeytab
Console> (enable)
Related Commands
clear kerberos creds
set kerberos srvtab entry
show kerberos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-326
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set key config-key
set key config-key
To define a private 3DES key, use the set key config-key command.
set key config-key string
Syntax Description
string
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can define a private 3DES key for the switch. You can use the private 3DES key to encrypt the secret
key that the switch shares with the KDC. If you set the 3DES key, the secret key is not displayed in clear
text when you execute the show kerberos command. The key length should be eight characters or less.
Examples
This example shows how to define a 3DES key:
3DES key name.
Console> (enable) set key config-key abcd
Kerberos config key set to abcd
Console> (enable)
Related Commands
clear key config-key
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-327
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set l2protocol-tunnel cos
set l2protocol-tunnel cos
To apply a CoS value to all ingress tunneling ports, use the set l2protocol-tunnel cos command.
set l2protocol-tunnel cos cos-value
Syntax Description
cos-value
Defaults
The default value for CoS is 5.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Because the CoS value applies to all ingress tunneling ports, all encapsulated PDUs sent out by the
switch have the same CoS value.
Examples
This example shows how to set the CoS value to 6:
CoS value; valid values are 0 to 7.
Console> (enable) set l2protocol-tunnel cos 6
New CoS value is 6.
Console> (enable)
Related Commands
clear l2protocol-tunnel cos
clear l2protocol-tunnel statistics
set port l2protocol-tunnel
show l2protocol-tunnel statistics
show port l2protocol-tunnel
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-328
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set l2protocol-tunnel trunk
set l2protocol-tunnel trunk
To set Layer 2 protocol tunneling on trunks, use the set l2protocol-tunnel trunk command.
set l2protocol-tunnel trunk {enable | disable}
Syntax Description
enable
Enables Layer 2 protocol tunneling on trunks.
disable
Disables Layer 2 protocol tunneling on trunks.
Defaults
Layer 2 protocol tunneling on trunks is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Do not enable or disable Layer 2 protocol tunneling on trunks when active Layer 2 protocol tunnels are
already configured. If you plan to configure Layer 2 protocol tunneling on trunks, do so before
performing any other Layer 2 protocol tunneling tasks.
Examples
This example shows how to enable Layer 2 protocol tunneling on trunks:
Console> (enable) set l2protocol-tunnel trunk enable
Layer 2 Protocol Tunnel on trunks is allowed.
Console> (enable)
This example shows how to disable Layer 2 protocol tunneling on trunks:
Console> (enable) set l2protocol-tunnel trunk disable
Warning!! Clear any layer 2 protocol tunnel configuration on trunks
before using this command.
Layer 2 Protocol Tunnel on trunks is not allowed.
Console> (enable)
Related Commands
show l2protocol-tunnel statistics
show port l2protocol-tunnel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-329
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set lacp-channel system-priority
set lacp-channel system-priority
To set the priority of the system, use the set lacp-channel system-priority command.
set lacp-channel system-priority value
Syntax Description
value
Defaults
The default system priority value is 32768.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
LACP is supported on all Ethernet interfaces.
Number of the priority; valid values are from 1 to 65535.
The set lacp-channel system-priority command is a global command; however, the priority value is
used only for the modules that are running LACP. The priority value is ignored on the modules that are
running PAgP.
Higher value numbers correspond to lower priority levels.
For differences between PAgP and LACP, refer to the “Guidelines for Port Configuration” section of the
“Configuring EtherChannel” chapter of the Catalyst 6500 Series Switch Software Configuration Guide.
Related Commands
clear lacp-channel statistics
set channelprotocol
set port lacp-channel
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-330
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set lcperroraction
set lcperroraction
To configure how your system handles Link Control Protocol (LCP) errors when a module reports an
ASIC problem to the NMP, use the set lcperroraction command.
set lcperroraction action
Syntax Description
action
Defaults
The default is that the action level is set to ignore.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Valid values for action levels are as follows:
Note
Examples
Action for handling LCP errors. See the “Usage Guidelines” section for more
information about valid values for action levels.
•
operator—The system displays a recommended action for you to take. The system also logs the
LCP error.
•
system—The system automatically takes an action to handle the LCP error. The system also logs
the LCP error.
•
ignore—No action is taken. The system only logs the LCP error.
Be careful when using the system value because the switch automatically takes action, including
possibly resetting or power cycling modules.
This example shows how to set the action that handles an LCP error:
Console> (enable) set lcperroraction ignore
Console> (enable)
Related Commands
show lcperroraction
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-331
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set lda
set lda
To configure the ASLB information on the Catalyst 6500 series switch, use the set lda command.
set lda enable | disable
set lda vip {server_virtual_ip} {destination_tcp_port} [{server_virtual_ip}
{destination_tcp_port}] ...
set lda mac ld {ld_mac_address}
set lda mac router {mac_address}...
set lda router {router_vlan} {ld_mod/port} [backup_ld_mod/port]
set lda server {server_vlan} {ld_mod/port} [backup_ld_mod/port]
set lda udpage {udpagetime}
Syntax Description
enable | disable
Enables or disables the ASLB feature.
vip server_virtual_ip
destination_tcp_port
Specifies the virtual IP address of the server and the number
of the destination TCP port that will be accelerated by the
switch (up to 1024).
mac ld ld_mac_address
Specifies the LD MAC address.
mac router
mac_address...
Specifies the router MAC address.
router router_vlan
Specifies the router VLAN.
ld_mod/port
Module and port number of the port connected to the LD on
the VLAN.
backup_ld_mod/port
(Optional) Module and port number of the port connected to
the backup LD.
server server_vlan
Specifies the server VLAN.
udpage udpagetime
Specifies the UDP aging time for LocalDirector
acceleration.
Defaults
The default is the ASLB is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-332
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set lda
Usage Guidelines
This command is supported only on switches configured with the Supervisor Engine 1 with Layer 3
Switching Engine WS-F6K-PFC (Policy Feature Card).
You can enter a zero (0) as a wildcard (don’t care) digit for the destination_tcp_port value.
You can enter up to 1024 server_virtual_ip destination_tcp_port entries separated by a space.
To cancel a previously entered VIP, use the clear lda vip command.
To cancel a previously entered MAC LD or router, use the clear lda mac command.
You need to enter the set lda commands to provide all the necessary information before using the
commit lda command to program the setup into hardware.
The information you enter through the set lda commands are immediately saved into NVRAM, but you
must enter the commit lda command for the setting to take effect.
When you disable the ASLB feature, you can enter the set lda commands, but the commit lda command
will fail.
When you enter the set lda mac router command, you can enter up to 32 MAC addresses.
You can enter the value zero (0) to disable the udpage option. The udpagingtime value is specified in
milliseconds; values are from 0 milliseconds to 2024000 milliseconds.
Examples
This example shows how to enable the ASLB feature:
Console> (enable) set lda enable
Successfully enabled Local Director Acceleration.
Console> (enable)
This example shows how to disable the ASLB feature:
Console> (enable) set lda disable
Disabling Local Director Acceleration.....
Successfully disabled Local Director Acceleration.
Console> (enable)
This example shows how to specify the virtual IP address:
Console> (enable) set lda vip 10.0.0.8 8
Successfully set server virtual ip and port information.
Use commit lda command to save settings to hardware.
Console> (enable)
This example shows how to specify the MAC address for the LocalDirector:
Console> (enable) set lda mac ld 1-2-3-4-5-6
Successfully set mac address.
Use commit lda command to save settings to hardware.
Console> (enable)
This example shows how to specify multiple router MAC addresses:
Console> (enable) set lda mac router 1-2-3-4-5-6 3-4-56-67-4-5
Successfully set mac address.
Use commit lda command to save settings to hardware.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-333
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set lda
This example shows how to specify the router VLAN:
Console> (enable) set lda router 110 4/26
Successfully set router vlan and ld port.
Use commit lda command to save settings to hardware.
Console> (enable)
This example shows how to specify the udpage aging time:
Console> (enable) set lda udpage 20
Succesfully set LDA UDP aging time to 20ms.
Console> (enable)
This example shows how to specify the server VLAN:
Console> (enable) set lda server 105 4/40
Successfully set server vlan and LD port.
Use commit lda command to save settings to hardware.
Console> (enable)
Related Commands
clear lda
commit lda
show lda
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-334
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set length
set length
To configure the number of lines in the terminal display screen, use the set length command.
set length number [default]
Syntax Description
number
Number of lines to display on the screen; valid values are from 0 to 512.
default
(Optional) Sets the number of lines in the terminal display screen for the
current administration session and all other sessions.
Defaults
The default value is 24 lines upon starting a session.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Output from a single command that overflows a single display screen is followed by the --More-prompt. At the --More-- prompt, you can press Ctrl-C, q, or Q to interrupt the output and return to the
prompt, press the Spacebar to display an additional screen of output, or press Return to display one
more line of output.
Setting the screen length to 0 turns off the scrolling feature and causes the entire output to display at
once. Unless you use the default keyword, a change to the terminal length value applies only to the
current session.
When you change the value in a session, the value applies only to that session. When you use the clear
config command, the number of lines in the terminal display screen is reset to the default of 100.
The default keyword is available in privileged mode only.
Examples
This example shows how to set the screen length to 60 lines:
Console> (enable) set length 60
Screen length for this session set to 60.
Console> (enable)
This example shows how to set the default screen length to 40 lines:
Console> (enable) set length 40 default
Screen length set to 40.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-335
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set localuser
set localuser
To configure the switch to use local user authentication to authenticate access on the switch, use the set
localuser command.
set localuser authentication {enable | disable}
set localuser user username [password pwd] [privilege privilege_level]
set localuser password [user username]
Syntax Description
authentication
Specifies local user authentication.
enable
Enables local user authentication.
disable
Disables local user authentication.
user username
Specifies a local user account.
password pwd
(Optional) Specifies a local user password.
privilege privilege_level
(Optional) Specifies a privilege level; valid values are 0 and 15.
password
Changes local user password.
Defaults
Local user authentication is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure a maximum of twenty-five local user accounts on each switch.
Before you can enable local user authentication you must define at least one local user account.
A username must be fewer than sixty-five characters in length and can consist of only alphabetic and
numeric characters. At least one of the characters in the username must be alphabetic.
The privilege level assigned to a username and password combination designates whether a user will be
logged in to normal or privileged mode after successful authentication. A user with a privilege level of
0 is automatically logged in to normal mode, and a user with a privilege level of 15 is logged in to
privileged mode. A user with a privilege level of 0 can still access privileged mode by entering the enable
command and password combination.
Note
If you are running a Cisco View image or are logging in using HTTP log in the initial authentication
is done using the username and password combination. Privilege mode authentication can be done
by either providing the privilege password or using the username and password combination,
provided the local user has a privilege level of 15.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-336
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set localuser
Examples
This example shows how to use the create a local user account, including password and privilege level:
Console> (enable) set localuser user picard password captain privilege 15
Added local user picard.
Console> (enable)
This example shows how to enable local user authentication:
Console> (enable) set localuser authentication enable
LocalUser authentication enabled
Console> (enable)
This example shows how to disable local user authentication:
Console> (enable) set localuser authentication disable
LocalUser authentication disabled
Console> (enable)
This example shows you how to reset your own password:
Console> (enable) set localuser password
Enter old password:*****
Enter new password:*******
Retype new password:*******
Password changed.
Console> (enable)
This example shows you, as an administrator, how to reset the password for a user:
Console> (enable) set localuser password picard
Enter new password:*******
Retype new password:*******
Password changed.
Console> (enable)
Related Commands
clear localuser
show localuser
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-337
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging buffer
set logging buffer
To limit the number of system logging messages buffered, use the set logging buffer command.
set logging buffer buffer_size
Syntax Description
buffer_size
Defaults
The default value is 500.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to limit the syslog message buffer to 400 messages:
Number of system logging messages to store in the buffer; valid
values are 1 to 500.
Console> (enable) set logging buffer 400
System logging buffer size set to <400>.
Console> (enable)
Related Commands
clear logging buffer
set logging timestamp
show logging buffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-338
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome
set logging callhome
To enable or disable the CallHome feature, use the set logging callhome command.
set logging callhome {enable | disable}
Syntax Description
enable
Enables CallHome functionality.
disable
Disables CallHome functionality.
Defaults
CallHome functionality is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you disable CallHome, only CallHome functionality is affected. To disable a specific parameter, you
must clear each parameter individually.
Examples
This example shows how to enable the CallHome functionality:
Console>
Callhome
Callhome
Console>
(enable) set logging callhome enable
functionality is enabled.
messages will be sent to the configured destination addresses.
(enable)
This example shows how to disable the CallHome functionality:
Console>
Callhome
Callhome
Console>
(enable) set logging callhome disable
functionality is disabled.
messages will not be sent to the configured destination addresses.
(enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-339
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome
Related Commands
clear logging callhome
clear logging callhome from
clear logging callhome reply-to
clear logging callhome severity
clear logging callhome smtp-server
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome destination
show logging callhome from
show logging callhome reply-to
show logging callhome severity
show logging callhome smtp-server
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-340
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome destination
set logging callhome destination
To set the CallHome destination address to receive the CallHome messages, fragment size, SNMP profile
and SNMP index, use the set logging callhome destination command.
set logging callhome destination E_addr [fragment size] [snmp-profile name] [snmp-index
snmp-index]
Syntax Description
Defaults
E_addr
The e-mail or pager address to receive CallHome messages.
fragment size
(Optional) Sends CallHome messages as a series of fragmented
messages; valid values are from 0 to 160 bytes.
snmp-profile name
(Optional) Specifies the SNMP profile name.
snmp-index snmp-index
(Optional) Specifies the SNMP profile index; valid values are from
1 to 65535.
The default settings are as follows:
•
fragment size—0 (no fragmentation).
•
snmp-profile name—_CLI_NAME0, _CLI_NAME1, _CLI_NAME2, _CLI_NAME3 for the first
through the fourth snmp-profile name in the destination address table.
•
snmp-index snmp-index—1, 2, 3, 4 for the first through the fourth snmp-index in the destination
address table.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must enter this command for each destination address to receive syslog messages.
You can configure a maximum of four destination addresses.
The e-mail or pager address can be a maximum of 63 characters.
A fragment size of 0 specifies no fragmentation.
The SNMP profile and SNMP index are required for SNMP purposes only and do not need to be
specified from the CLI.
Examples
This example shows how to set the following addresses to receive CallHome messages:
•
page adminjoe@epage.cisco.com using a fragment size of 128 bytes
•
e-mail adminboss@cisco.com, and adminjane@cisco.com
Console> (enable) set logging callhome destination adminjoe@epage.cisco fragment 128
Included adminjoe@epage.cisco in the table of callhome destination addresses.
Messages will be sent to this address in fragments of 128 bytes.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-341
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome destination
Console>
Included
Messages
Console>
Included
Messages
Console>
Related Commands
(enable) set logging callhome destination adminjane@cisco.com
adminjane@cisco.com in the table of callhome destination addresses.
will be sent to this address without fragmentation.
(enable) set logging callhome destination adminboss@cisco.com
adminboss@cisco.com in the table of callhome destination addresses.
will be sent to this address without fragmentation.
(enable)
clear logging callhome
set logging callhome
set logging callhome from
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome destination
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-342
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome from
set logging callhome from
To set the From e-mail address used by the CallHome feature, use the set logging callhome from
command.
set logging callhome from E_addr
Syntax Description
E_addr
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use the set logging callhome from command if you want notifications of failed delivery of syslog
messages. If the SMTP server fails to deliver a syslog message for whatever reason, the address that you
set here receives these notifications.
Examples
This example shows how to set the From address to adminjoe@cisco.com:
The e-mail or pager address from which the SMTP server sends failed syslog
message delivery messages.
Console> (enable) set logging callhome from adminjoe@cisco.com
From address of callhome messages is set to adminjoe@cisco.com
Console> (enable)
Related Commands
clear logging callhome from
set logging callhome
set logging callhome destination
set logging callhome reply-to
set logging callhome severity
set logging callhome smtp-server
show logging callhome
show logging callhome from
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-343
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome reply-to
set logging callhome reply-to
To set the Reply-to e-mail address, use the set logging callhome reply-to command.
set logging callhome reply-to E_addr
Syntax Description
E_addr
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use the set logging callhome reply-to command if the recipient of the syslog message intends to reply
to the received messages and if those replies must be sent to an address that is different from the address
set by entering the set logging callhome from command. If you do not set the reply-to address, the
switch uses the from address.
Examples
This example shows how to set the Reply-to address to adminjane@cisco.com:
E-mail address sent with syslog messages that indicates the address
to reply to, if different than the From address.
Console> (enable) set logging callhome reply-to adminjane@cisco.com
Reply-To address of callhome messages is set to adminjane@cisco.com
Console> (enable)
Related Commands
clear logging callhome reply-to
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome smtp-server
show logging callhome
show logging callhome reply-to
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-344
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome severity
set logging callhome severity
To specify the CallHome severity level of system messages to capture, use the set logging callhome
severity command.
set logging callhome severity level
Syntax Description
level
Severity level of system messages to capture; severity level
definitions are listed in Table 2-14.
Table 2-12 Severity Level Definitions
Severity Level
Description
0—emergencies
System unusable
1—alerts
Immediate action required
2—critical
Critical condition
3—errors
Error conditions
4—warnings
Warning conditions
5—notifications
Normal bug significant condition
6—informational Informational messages
7—debugging
Debugging messages
Defaults
The default severity level is set to 2.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The CallHome feature is closely tied to syslog messages and their severity. When you set the CallHome
severity level, carefully consider what level of severity you require for both the syslog messages and the
CallHome messages.
For example, if you configure a very fine syslog severity level such as alerts (level 1), and a coarse
CallHome severity level such as notifications (level 5), the destination addresses will only receive alerts
and emergencies (levels 0 and 1) and not the remaining CallHome severity level notifications (levels 2,
3, and 4) you specified. To avoid this, set the CallHome severity level at the same severity level, or
higher, that you set the syslog message severity.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-345
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome severity
Examples
This example shows how to set the severity to level 3:
Console> (enable) set logging callhome severity 3
Callhome severity level set to 3
Console> (enable)
Related Commands
clear logging callhome severity
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome smtp-server
show logging callhome
show logging callhome severity
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-346
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging callhome smtp-server
set logging callhome smtp-server
To designate an IP address as an SMTP server used by the CallHome feature, use the set logging
callhome smtp-server command.
set logging callhome smtp-server IP_addr
Syntax Description
IP_addr
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must enter this command for each SMTP server.
IP address of the SMTP server.
You can configure a maximum of three SMTP servers.
Examples
This example shows how to SMTP server with the IP address 172.16.8.19:
Console> (enable) set logging callhome smtp-server 172.20.8.16
Included 172.20.8.16 in the table of callhome SMTP servers.
Console> (enable)
Related Commands
clear logging callhome smtp-server
set logging callhome
set logging callhome destination
set logging callhome from
set logging callhome reply-to
set logging callhome severity
show logging callhome
show logging callhome smtp-server
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-347
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging console
set logging console
To enable and disable the sending of system logging messages to the console, use the set logging console
command.
set logging console {enable | disable}
Syntax Description
enable
Enables system message logging to the console.
disable
Disables system message logging to the console.
Defaults
The default is system message logging to the console is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable system message logging to the console:
Console> (enable) set logging console enable
System logging messages will be sent to the console.
Console> (enable)
This example shows how to disable system message logging to the console:
Console> (enable) set logging console disable
System logging messages will not be sent to the console.
Console> (enable)
Related Commands
set logging level
set logging session
show logging
show logging buffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-348
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging history
set logging history
To set the number and severity level of syslog messages sent to the syslog history table, use the set
logging history command.
set logging history history_table_size
set logging history severity history_severity_level
Syntax Description
history_table_size
Size of the syslog history table; valid values are from 0 to 500.
severity
Sets the syslog history severity level
history_severity_level
Severity level; valid values are from 0 to 7.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The Catalyst 6500 series switch holds syslog messages until the number of messages equals the defined
size of the history log, after which the N messages are sent.
Examples
This example shows how to set the size of the syslog history table to 400:
Console> (enable) set logging history 400
System logging history table size set to <400>.
Console> (enable)
This example shows how to limit syslog messages that are sent to the history log based on severity level:
Console> (enable) set logging history severity 5
System logging history set to severity <5>
Console> (enable)
Related Commands
clear logging buffer
show logging
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-349
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging level
set logging level
To set the facility and severity level used when logging system messages, use the set logging level
command.
set logging level facility severity [default]
Syntax Description
facility
Value to specify the type of system messages to capture; facility types are
listed in Table 2-13.
severity
Value to specify the severity level of system messages to capture; severity
level definitions are listed in Table 2-14.
default
(Optional) Causes the specified logging level to apply to all sessions.
Table 2-13 Facility Types
Facility Name
Definition
all
All facilities
acl
access control list
cdp
Cisco Discovery Protocol
cops
Common Open Policy Service Protocol
dtp
Dynamic Trunking Protocol
dvlan
Dynamic VLAN
earl
Enhanced Address Recognition Logic
filesys
file system facility
gvrp
GARP VLAN Registration Protocol
ip
Internet Protocol
kernel
Kernel
ld
ASLB facility
mcast
Multicast
mgmt
Management
mls
Multilayer Switching
pagp
Port Aggregation Protocol
protfilt
Protocol Filter
pruning
VTP pruning
privatevlan
Private VLAN facility
qos
Quality of Service
radius
Remote Access Dial-In User Service
rsvp
ReSerVation Protocol
security
Security
snmp
Simple Network Management Protocol
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-350
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging level
Table 2-13 Facility Types (continued)
Facility Name
Definition
spantree
Spanning Tree Protocol
sys
System
tac
Terminal Access Controller
tcp
Transmission Control Protocol
telnet
Terminal Emulation Protocol
tftp
Trivial File Transfer Protocol
udld
User Datagram Protocol
vmps
VLAN Membership Policy Server
vtp
Virtual Terminal Protocol
Table 2-14 Severity Level Definitions
Severity Level
Description
0—emergencies
System unusable
1—alerts
Immediate action required
2—critical
Critical condition
3—errors
Error conditions
4—warnings
Warning conditions
5—notifications
Normal bug significant condition
6—informational Informational messages
7—debugging
Debugging messages
Defaults
The default is facility is set to all, and level is set to 0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can also set the logging level by using the set logging server command.
If you do not use the default keyword, the specified logging level applies only to the current session.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-351
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging level
Examples
This example shows how to set the default facility and severity level for system message logging:
Console> (enable) set logging level snmp 2 default
System logging facility <snmp> set to severity 2(critical).
Console> (enable)
Related Commands
clear logging level
show logging
show logging buffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-352
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging server
set logging server
To enable and disable system message logging to configured syslog servers and to add a syslog server
to the system logging server table, use the set logging server command.
set logging server {enable | disable}
set logging server ip_addr
set logging server facility severity
set logging server severity severity
set logging server facility
Syntax Description
enable
Enables system message logging to configured syslog servers.
disable
Disables system message logging to configured syslog servers.
ip_addr
IP address of the syslog server to be added to the configuration.
facility
Type of system messages to capture; server facility types are listed in
Table 2-15.
severity
Severity level; severity level definitions are listed in Table 2-14.
severity
severity
Sets the syslog maximum severity control globally for all message types;
severity level definitions are listed in Table 2-14.
Table 2-15 Server Facility Types
Defaults
Severity Level
Description
local 0
Server facility local 0
local 1
Server facility local 1
local 2
Server facility local 2
local 3
Server facility local 3
local 4
Server facility local 4
local 5
Server facility local 5
local 6
Server facility local 6
local 7
Server facility local 7
syslog
syslog facility
The default is no syslog servers are configured to receive system messages.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-353
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging server
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can also set the logging level by using the set logging level command. If you do not enter the facility
or server keywords, the parameter is applied to all levels.
Severity logging to a configured syslog server depends on the configuration set by the set logging level
command. The server severity level must be greater than or equal to the default severity level of the
message facility that you expect to receive in syslog messages on the syslog server.
Examples
This example shows how to enable system message logging to the server:
Console> (enable) set logging server enable
System logging messages will be sent to the configured syslog servers.
Console> (enable)
This example shows how to disable system message logging to the server:
Console> (enable) set logging server disable
System logging messages will not be sent to the configured syslog servers.
Console> (enable)
This example shows how to add a server to the system logging server table using its IP address:
Console> (enable) set logging server 171.69.192.205
171.69.192.205 added to the System logging server table.
Console> (enable)
This example shows how to globally set the syslog maximum severity control for all message types:
Console> (enable) set logging server severity 4
System logging server severity set to 4(warnings).
Console> (enable)
Related Commands
clear logging server
show logging
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-354
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging session
set logging session
To enable or disable the sending of system logging messages to the current login session, use the set
logging session command.
set logging session {enable | disable}
Syntax Description
enable
Enables the sending of system logging messages to the current login
session.
disable
Disables the sending of system logging messages to the current
login session.
Defaults
The default is system message logging to the current login session is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to prevent system logging messages from being sent to the current login
session:
Console> (enable) set logging session disable
System logging messages will not be sent to the current login session.
Console> (enable)
This example shows how to cause system logging messages to be sent to the current login session:
Console> (enable) set logging session enable
System logging messages will be sent to the current login session.
Console> (enable)
Related Commands
set logging console
set logging level
show logging
show logging buffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-355
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging telnet
set logging telnet
To enable or disable logging on Telnet sessions, use the set logging telnet command.
set logging telnet {enable | disable}
Syntax Description
enable
Enables logging on Telnet sessions.
disable
Disables logging on Telnet sessions.
Defaults
The default is system message logging to the Telnet session is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to allow system logging messages to be sent to new Telnet sessions:
Console> (enable) set logging telnet enable
System logging messages will be sent to the new telnet sessions.
Console> (enable)
This example shows how to prevent system logging messages from being sent to new Telnet sessions:
Console> (enable) set logging telnet disable
System logging messages will not be sent to the new telnet sessions.
Console> (enable)
Related Commands
set logging console
set logging level
show logging
show logging buffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-356
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logging timestamp
set logging timestamp
To enable or disable the time-stamp display on system logging messages, use the set logging timestamp
command.
set logging timestamp {enable | disable}
Syntax Description
enable
Enables the time-stamp display.
disable
Disables the time-stamp display.
Defaults
By default, system message logging time-stamp is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable the time-stamp display:
Console> (enable) set logging timestamp enable
System logging messages timestamp will be enabled.
Console> (enable)
This example shows how to disable the time-stamp display:
Console> (enable) set logging timestamp disable
System logging messages timestamp will be disabled.
Console> (enable)
Related Commands
show logging
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-357
78-15474-01
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set logout
set logout
To set the number of minutes until the system disconnects an idle session automatically, use the set
logout command.
set logout timeout
Syntax Description
timeout
Defaults
The default is 20 minutes.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Setting the value to 0 disables the automatic disconnection of idle sessions.
Number of minutes until the system disconnects an idle session
automatically; valid values are from 0 to 10,000 minutes.
The show tech-support command may time out if the configuration file output takes longer to display
than the configured session timeout time. If this happens, enter a set logout timeout value of 0 to disable
automatic disconnection of idle sessions or enter a longer timeout value.
Examples
This example shows how to set the number of minutes until the system disconnects an idle session
automatically:
Console> (enable) set logout 20
Sessions will be automatically logged out after 20 minutes of idle time.
Console> (enable)
This example shows how to disable the automatic disconnection of idle sessions:
Console> (enable) set logout 0
Sessions will not be automatically logged out.
Console> (enable)
Related Commands
show tech-support
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-358
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls agingtime
set mls agingtime
To specify the MLS aging time of shortcuts to an MLS entry in the Catalyst 6500 series switches, use
the set mls agingtime command.
set mls agingtime [ip | ipx] {agingtime}
set mls agingtime fast {fastagingtime} {pkt_threshold}
set mls agingtime long-duration {longagingtime}
Syntax Description
ip
(Optional) Specifies IP MLS.
ipx
(Optional) Specifies IPX MLS.
agingtime
MLS aging time of shortcuts to an MLS entry; valid values are from 0 to
1920 seconds.
fast
Specifies the MLS aging time of shortcuts to an MLS entry that has no more
than pkt_threshold packets switched within fastagingtime seconds after it is
created.
fastagingtime
MLS aging time of shortcuts to an MLS entry; valid values are multiples of
8 to any value in the range from 0 to 128 seconds.
pkt_threshold
Packet threshold value; valid values are 0, 1, 3, 7, 15, 31, 63, and
127 packets.
long-duration
Sets the aging time for active flows.
longagingtime
MLS aging time of shortcuts to an MLS entry; valid values are 64 to 1920
seconds in increments of 8.
Defaults
The default agingtime is 16 seconds. The default fastagingtime is 0, no fast aging. The default
pkt_threshold is 0. The default longagingtime is 320.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the ip keyword, you are specifying a shortcut for IP MLS. If you use the ipx keyword, you
are specifying a shortcut for IPX MLS.
If you enter 0 for the fastagingtime value, fast aging is disabled.
If you do not specify fastagingtime or pkt_threshold, the default value is used.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-359
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls agingtime
If you enter any of the set mls commands on a Catalyst 6500 series switch without MLS, this warning
message displays:
MLS not supported on feature card.
The agingtime value can be configured as multiples of 8 in the range of 8 to 2024 seconds. The values
are picked up in numerical order to achieve efficient aging. Any value for agingtime that is not a multiple
of 8 seconds is adjusted to the closest one. For example, 65 is adjusted to 64, while 127 is adjusted to
128.
The fastagingtime value can be configured as multiples of 8 to any value in the range of 0 to 128 seconds.
The default pkt_threshold value is 0. It can be configured as 0, 1, 3, 7, 15, 31, 63, or 127 (the values
picked for efficient aging). If you do not configure fastagingtime exactly the same for these values, it
adjusts to the closest value. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0
packet, respectively. (It means no packet switched within 32 seconds after the entry was created.)
The agingtime value applies to an MLS entry that has no more than pkt_threshold packets switched
within fastagingtime seconds after it is created. A typical example is the MLS entry destined to/sourced
from a DNS or TFTP server. This entry may never be used again once it is created. For example, only
one request goes to a server and one reply returns from the server, and then the connection is closed.
The agingtime fast option is used to purge entries associated with very short flows, such as DNS and
TFTP.
Keep the number of MLS entries in the MLS cache below 32,000. If the number of MLS entries exceed
32,000, some flows (less than 1 percent) are sent to the router.
To keep the number of MLS cache entries below 32,000, decrease the aging time up to 8 seconds. If your
switch has a lot of short flows used by only a few packets, then you can use fast aging.
If cache entries continue to exceed 32,000, decrease the normal aging time in 64-second increments from
the 256-second default.
You can force an active flow to age out by entering the set mls agingtime long-duration command. You
can specify the aging time of the active flow in the range of 64 to 1920 seconds in increments of 64.
Examples
These examples show how to set the aging time:
Console> (enable) set mls agingtime 512
IP Multilayer switching aging time set to 512 seconds.
Console> (enable)
Console> (enable) set mls agingtime ipx 512
IPX Multilayer switching aging time set to 512
Console> (enable)
This example shows how to set the fast aging time:
Console> (enable) set mls agingtime fast 32 0
Multilayer switching fast aging time set to 32 seconds for entries with no more than 0
packet switched.
Console> (enable)
This example shows how to set the aging time for active flows:
Console> (enable) set mls agingtime long-duration 128
Multilayer switching agingtime set to 128 seconds for long duration flows
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-360
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls agingtime
Related Commands
clear mls statistics entry
show mls
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-361
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls bridged-flow-statistics
set mls bridged-flow-statistics
To enable or disable statistics for bridged flows for specified VLANs, use the set mls
bridged-flow-statistics command.
set mls bridged-flow-statistics {enable | disable} {vlanlist}
Syntax Description
enable
Enables statistics for bridged flows.
disable
Disables statistics for bridged flows
vlanlist
Number of the VLAN or VLANs; valid values are 1 to 1000, 1025 to 4094.
See the “Usage Guidelines” section for more information.
Defaults
By default, bridged-flow statistics is disabled on all VLANs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enter one or multiple VLANs. The following examples are valid VLAN lists: 1; 1,2,3; 1-3,7.
Bridged flows are exported through NDE when bridged flow statistics is enabled.
Examples
This example shows how to enable bridged-flow statistics on the specified VLANs:
Console> (enable) set mls bridged-flow-statistics enable 1-21
Netflow statistics is enabled for bridged packets on vlan(s) 1-21.
Console> (enable)
Related Commands
show mls nde
show mls entry
show mls statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-362
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls cef load-balance
set mls cef load-balance
To include or exclude Layer 4 ports in a load-balancing hash, use the set mls cef load-balance
command.
set mls cef load-balance {full | source-destination-ip}
Syntax Description
full
Bases the hash on Layer 4 ports and source and destination IP addresses.
source-destination-ip
Bases the hash on source and destination IP addresses.
Defaults
By default, the load-balancing hash is based on source and destination IP addresses.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When multiple paths are available to reach a destination, the new hash is used to choose the path to be
used for forwarding.
Examples
This example shows how to base the hash on Layer 4 ports and source and destination IP addresses:
Console> (enable) set mls cef load-balance full
Console> (enable)
This example shows how to base the hash on source and destination IP addresses:
Console> (enable) set mls cef load-balance source-destination-ip
Console> (enable)
Related Commands
show mls
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-363
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls cef per-prefix-statistics
set mls cef per-prefix-statistics
To set MLS CEF per-prefix statistics mode, use the set mls cef per-prefix statistics command.
set mls cef per-prefix statistics {enable | disable}
Syntax Description
enable
Enables per-prefix statistics for all FIB entries
disable
Disables per-prefix statistics for all FIB entries.
Defaults
MLS CEF per-prefix statistics mode is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When the set mls cef per-prefix-statistics command is enabled, the switch makes a best effort to allocate
adjacencies with statistics for each prefix. Statistics for a prefix are computed by adding up the packet/byte
counts of all the adjacencies that are associated with the prefix. Because only half of the adjacency table
entries have statistics, all prefixes might not be associated with adjacencies that have statistics.
Examples
This example shows how to enable per-prefix statistics for all FIB entries:
Console> (enable) set mls cef per-prefix-stats enable
Per prefix stats is enabled
Console> (enable)
This example shows how to disable per-prefix statistics for all FIB entries:
Console> (enable) set mls cef per-prefix-stats disable
Per prefix stats is disabled
Console> (enable)
Related Commands
show mls
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-364
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls exclude protocol
set mls exclude protocol
To exclude an MLS protocol port on a switch configured with the Supervisor Engine 1 with Layer 3
Switching Engine WS-F6K-PFC, use the set mls exclude protocol command. To exclude protocols from
statistics gathering on switches configured with the Supervisor Engine 2 with Layer 3
Switching Engine II (PFC2), use the set mls exclude protocol command.
set mls exclude protocol {tcp | udp | both} {port_number | port_name}
Syntax Description
tcp | udp | both
Specifies a TCP, UDP port, or that the port be applied to both TCP and UDP
traffic.
port_number
Number of the protocol port; valid values are from 1 to 65535.
port_name
Name of the port; valid values are dns, ftp, smtp, telnet, x, www.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter any of the set mls commands on a Catalyst 6500 series switch without MLS, this warning
message is displayed:
MLS not supported on feature card.
You can add a maximum of four protocol ports to the exclude table.
MLS exclusion is supported in full flow mode only.
If you enter x for the port name, this specifies the Layer 4 port used by the X-windows application.
Examples
This example shows how to exclude TCP packets on protocol port 6017:
Console> (enable) set mls exclude protocol tcp 6017
TCP packets with protocol port 6017 will be switched by RP.
Console> (enable)
This example shows how to exclude UDP packets on protocol port 6017:
Console> (enable) set mls exclude protocol udp 6017
TCP and UDP packets with protocol port 6017 will be switched by RP.
Console> (enable)
Related Commands
show mls
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-365
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls flow
set mls flow
To specify the minimum flow mask used for MLS, use the set mls flow command. This command is
needed to collect statistics for the supervisor engine.
set mls flow {destination | destination-source | full}
Caution
Use this command carefully. This command purges all existing shortcuts and affects the number of
active shortcuts. This command can increase the cache usage and increase the load on the router.
Caution
Be extremely careful if you enter this command on a switch that already has a large number of shortcuts
(greater than 16,000).
Caution
Do not place this command in scripts that are frequently executed—changing the MLS flow mask purges
all MLS cache entries.
Syntax Description
destination
Sets the minimum flow mask to destination flow.
destination-source Sets the minimum flow mask to source flow.
full
Sets the minimum flow mask to an extended access list.
Defaults
If there are no access lists on any MLS-RP, the flow mask is set to destination flow.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command specifies the minimum MLS flow mask. Depending on the MLS-RP configuration, the
actual flow mask used might be more specific than the specified minimum flow mask. For example, if
you configure the minimum flow mask to destination-source, but an MLS-RP interface is configured
with IP extended access lists, the actual flow mask used will be full.
If you configure a more specific flow mask (for example, destination-source or full), the number of
active flow entries increases. To limit the number of active flow entries, you might need to decrease the
MLS aging time.
This command is intended to be used for gathering very detailed statistics at the protocol port level—for
example, when NetFlow data is exported to an RMON2 probe.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-366
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls flow
Examples
These examples show how to specify that only expired flows to subnet 171.69.194.0 are exported:
Console> (enable) set mls flow destination
Configured flow mask is set to destination flow.
Console> (enable)
Console> (enable) set mls flow destination-source
Configured flow mask is set to destination-source flow.
Console> (enable)
Console> (enable) set mls flow full
Configured flow mask is set to full flow.
Console> (enable)
Related Commands
show mls
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-367
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls nde
set mls nde
To configure the NetFlow Data Export (NDE) feature in the Catalyst 6500 series switches to allow
command-exporting statistics to be sent to the preconfigured collector, use the set mls nde command.
set mls nde {enable | disable}
set mls nde {collector_ip | collector_name} {udp_port_num}
set mls nde version {1 | 5 | 7 | 8}
set mls nde flow [exclude | include] [destination ip_addr_spec] [source ip_addr_spec]
[protocol protocol] [src-port src_port] [dst-port dst_port]
set mls nde {destination-ifindex | source-ifindex} {enable | disable}
Syntax Description
enable
Enables NDE.
disable
Disables NDE.
collector_ip
IP address of the collector if DNS is enabled.
collector_name
Name of the collector if DNS is enabled.
udp_port_num
Number of the UDP port to receive the exported statistics.
version
Specifies the version of the NDE; valid versions are 1, 5, 7, and 8.
1|5|7|8
Version of the NDE feature.
flow
Adds filtering to NDE.
exclude
(Optional) Allows exporting of all flows except the flows matching the given
filter.
include
(Optional) Allows exporting of all flows matching the given filter.
destination
(Optional) Specifies the destination IP address.
ip_addr_spec
(Optional) Full IP address or a subnet address in these formats: ip_addr,
ip_addr/netmask, or ip_addr/maskbit.
source
(Optional) Specifies the source IP address.
protocol
(Optional) Specifies the protocol type.
protocol
(Optional) Protocol type; valid values can be a number from 0 to 255 or ip,
ipinip, icmp, igmp, tcp, or udp. 0 indicates “do not care.”
src-port src_port
(Optional) Specifies the number of the TCP/UDP source port (decimal). Used
with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates
“do not care.”
dst-port dst_port
(Optional) Specifies the number of the TCP/UDP destination port (decimal).
Used with src-port to specify the port pair if the protocol is tcp or udp. 0
indicates “do not care.”
destination-ifindex
Specifies destination ifIndex support.
source-ifindex
Specifies source ifIndex support.
enable
Enables ifIndex support.
disable
Disables ifIndex support.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-368
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls nde
Defaults
The defaults are Netflow Data Export version 7, and all expired flows are exported until the filter is
specified explicitly. Destination ifIndex support and source ifIndex support are enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter any set mls nde commands on a Catalyst 6500 series switch without MLS, this warning
message is displayed:
mls not supported on feature card.
When you try to enable NDE and there are previously configured filtered flows on the switch, this
warning message is displayed:
Console> (enable) set mls nde enable
Netflow export configured for port 80 on host 172.20.25.101
Netflow export enabled.
Warning!! There is a potential statistics mismatch due to existing excluded
protocols.
When you try to add a filter to exclude some protocol packets and NDE is currently enabled, this warning
message is displayed:
Console> (enable) set mls exclude protocol tcp 80
Netflow tables will not create entries for TCP packets with protocol port
80.
Warning!! There's a potential statistics mismatch due to enabled NDE.
Before you use the set mls nde command for the first time, you must configure the host to collect MLS
statistics. The host name and UDP port number are saved in NVRAM, so you do not need to specify
them. If you specify a host name and UDP port, values in NVRAM overwrite the old values. Collector
values in NVRAM do not clear when NDE is disabled because this command configures the collector
but does not enable NDE automatically.
The set mls nde enable command enables NDE, exporting statistics to the preconfigured collector.
If the protocol is not tcp or udp, set the dst-port dst_port and src-port src_port values to 0; otherwise,
no flows are displayed.
If you try to enable NDE without first specifying a collector, you see this display:
Console> (enable) set mls nde enable
Please set host name and UDP port number with ‘set mls nde <collector_name | collector_ip>
<udp_port_number>’.
Console> (enable)
The set mls nde flow command adds filtering to the NDE. Expired flows matching the specified criteria
are exported. These values are stored in NVRAM and do not clear when NDE is disabled. If any option
is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear
when NDE is disabled.
Only one filter can be active at a time. If you do not enter the exclude or include keyword, the filter is
assumed to be an inclusion filter.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-369
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls nde
Use the following syntax to specify an IP subnet address:
•
ip_subnet_addr—This is the short subnet address format. The trailing decimal number 00 in an IP
address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00
indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00
indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can
identify only a subnet address of 8, 16, or 24 bits.
•
ip_addr/subnet_mask—This is the long subnet address format. For example,
172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet
address of any bit number. To provide more flexibility, the ip_addr is a full host address, such as
172.22.253.1/255.255.252.00.
•
ip_addr/maskbits—This is the simplified long subnet address format. The mask bits specify the
number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet
address. The ip_addr is a full host address, such as 193.22.253.1/22, which has the same subnet
address as the ip_subnet_addr.
When you use the set mls nde {collector_ip | collector_name} {udp_port_num} command, the host
name and UDP port number are saved in NVRAM and need not be specified again. If you specify a host
name and UDP port, the new values overwrite the values in NVRAM. Collector values in NVRAM do
not clear when you disable NDE.
Examples
This example shows how to specify that only expired flows to a specific subnet are exported:
Console> (enable) set mls nde flow include destination 171.69.194.140/24
NDE destination filter set to 171.69.194.0/24
Console> (enable)
This example shows how to specify that only expired flows to a specific host are exported:
Console> (enable) set mls nde flow include destination 171.69.194.140
NDE destination filter set to 171.69.194.140/32.
Console> (enable)
This example shows how to specify that only expired flows from a specific subnet to a specific host are
exported:
Console> (enable) set mls nde flow include destination 171.69.194.140/24 source 171.69.173.5/24
NDE destination filter set to 171.69.194.0/24, source filter set to 171.69.173.0/24
Console> (enable)
This example shows how to specify that only flows from a specific port are exported:
Console> (enable) set mls nde flow include dst_port 23
NDE source port filter set to 23.
Console> (enable)
This example shows how to specify that only expired flows from a specific host that are of a specified
protocol are exported:
Console> (enable) set mls nde flow include source 171.69.194.140 protocol 51
NDE destination filter set to 171.69.194.140/32, protocol set to 51.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-370
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls nde
This example shows how to specify that all expired flows except those from a specific host to a specific
destination port are exported:
Console> (enable) set mls nde flow exclude source 171.69.194.140 dst_port 23
NDE destination filter set to 171.69.194.140/32, source port filter set to 23.
Flows matching the filter will be excluded.
Console> (enable)
This example shows how to disable destination ifIndex support:
Console> (enable) set mls nde destination-ifindex disable
destination-index export has been disabled.
Console> (enable)
This example shows how to disable source ifIndex support:
Console> (enable) set mls nde source-ifindex disable
source-index export has been disabled.
Console> (enable)
Related Commands
clear mls nde flow
show mls
show mls nde
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-371
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls rate
set mls rate
To set the rate at which index-directed packets are sent to the MSFC, use the set mls rate command.
set mls rate kpps
Syntax Description
kpps
Defaults
The kpps argument is 0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You disable MLS rate limiting when you set the kpps argument to 0. When you disable MLS rate
limiting, the switch bridges packets to the MSFC; packets are not index-directed.
Examples
This example shows how to set MLS rate limiting to 100 kpps:
MLS rate in thousands of packets per second; valid values are from 0 to 700. See the
“Usage Guidelines” section for more information.
Console> (enable) set mls rate 100
MLS rate limiting set to 100 Kpps
Console> (enable)
This example shows how to disable MLS rate limiting:
Console> (enable) set mls rate 0
MLS rate limiting disabled
Console> (enable)
Related Commands
show mls
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-372
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls statistics protocol
set mls statistics protocol
To add protocols to the protocols statistics list, use the set mls statistics protocol command.
set mls statistics protocol protocol src_port
Syntax Description
protocol
Name or number of the protocol; valid values are from 1 to 255, ip, ipinip,
icmp, igmp, tcp, and udp.
src_port
Number or type of the source port; valid values are from 1 to 65535, dns, ftp,
smtp, telnet, x, and www.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter any set mls commands on a Catalyst 6500 series switch without MLS, this warning message
is displayed:
MLS not supported on feature card.
You can configure a maximum of 64 ports using the set mls statistics protocol command.
If you enter x for the source port, this specifies the Layer 4 port used by the X-windows application.
Examples
This example shows how to set protocols for statistic collection:
Console> (enable) set mls statistics protocol 17 1934
Protocol 17 port 1934 is added to protocol statistics list.
Console> (enable)
Related Commands
clear mls statistics entry
show mls statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-373
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls verify
set mls verify
To enable or disable checksum or packet checking based on packet length, use the set mls verify
command.
set mls verify checksum {enable | disable}
set mls verify length {ip | ipx | both} {minimum | inconsistant} {enable | disable}
Syntax Description
Defaults
checksum
Specifies IP checksum.
enable
Enables IP checksum.
disable
Disables IP checksum.
length
Specifies checking IP or IPX packets based on packet length.
ip | ipx | both
Specifies the type of packet.
minimum
Specifies checking minimum packet length.
inconsistant
Specifies checking inconsistent packet length. See the “Usage Guidelines”
section for more information.
enable
Enables checking IP or IPX packets based on packet length.
disable
Disables checking IP or IPX packets based on packet length.
IP checksum is enabled.
Checking IP and IPX packets based on minimum and inconsistent packet length is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set mls verify command is available on Supervisor Engine 2 (WS-X6K-SUP2-2GE).
If you enable IP checksum or packet checking based on packet length, the Layer 3 ASIC drops Layer 3
error packets that it encounters. If you disable this feature, the packets are not dropped.
Note
We recommend that you do not disable IP checksum or packet checking based on packet length
unless you have a specific need to pass non-standard packets.
Checking for inconsistent packet length means that the switch checks for an inconsistency between the
physical length of the packet and the length coded in the packet.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-374
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set mls verify
Examples
This example shows how to enable IP checksum:
Console> (enable) set mls verify checksum enable
Ip checksum verification enabled
Console> (enable)
This example shows how to enable checking inconsistent IP and IPX packet length:
Console> (enable) set mls verify length both inconsistant enable
Ipx inconsistant length verification enabled
Ip inconsistant length verification enabled
Console> (enable)
This example shows how to disable checking minimum IPX packet length:
Console> (enable) set mls verify length ipx minimum disable
Ipx minimum length verification disabled
Console> (enable)
Related Commands
show mls verify
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-375
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set module
set module
To enable or disable a module, use the set module command.
set module enable | disable mod
Syntax Description
enable
Enables a module.
disable
Disables a module.
mod
Number of the module.
Defaults
The default is all modules are enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Avoid disabling a module when you are connected through a Telnet session; if you disable your session,
you will disconnect your Telnet session.
If there are no other network connections to a Catalyst 6500 series switch (for example, on another
module), you have to reenable the module from the console.
You can specify a series of modules by entering a comma between each module number (for
example, 2,3,5). You can specify a range of modules by entering a dash between module numbers (for
example, 2-5).
The set module disable command does not cut off the power to a module, it only disables the module.
To turn off power to a module, refer to the set module power command.
If an individual port on a module was previously disabled, enabling the module does not enable the
disabled port.
Examples
This example shows how to enable module 2:
Console> (enable) set module enable 2
Module 2 enabled.
Console> (enable)
This example shows how to disable module 3 when connected through the console port:
Console> (enable) set module disable 3
Module 3 disabled.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-376
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set module
This example shows how to disable module 2 when connected via a Telnet session:
Console> (enable) set module disable 2
This command may disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Module 2 disabled.
Console> (enable)
Related Commands
show module
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-377
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set module name
set module name
To set the name for a module, use the set module name command.
set module name mod [mod_name]
Syntax Description
mod
Number of the module.
mod_name
(Optional) Name created for the module.
Defaults
The default is no module names are configured for any modules.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If no module name is specified, any previously specified name is cleared.
Use the set module name command to set the module for the MSM. Additional set module commands
are not supported by the MSM.
Examples
This example shows how to set the name for module 1 to Supervisor:
Console> (enable) set module name 1 Supervisor
Module name set.
Console> (enable)
Related Commands
show module
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-378
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set module power
set module power
To turn the power on or off to a module, use the set module power command.
set module power up | down mod
Syntax Description
up
Turns on the power to a module.
down
Turns off the power to a module.
mod
Number of the module.
Defaults
The default is power is on to a module.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set module power up command allows you to check if adequate power is available in the system to
turn the power on. If not enough power is available, the module status changes from power-down to
power-deny, and this message is displayed:
Module 4 could not be powered up due to insufficient power.
Examples
This example shows how to power up module 4:
Console> (enable) set module power up 4
Module 4 powered up.
Console> (enable)
This example shows how to power down module 4:
Console> (enable) set module power down 4
Module 4 powered down.
Console> (enable)
Related Commands
show environment
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-379
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set module shutdown
set module shutdown
To shut down the NAM and Intrusion Detection System Module (IDSM), use the set module shutdown
command.
set module shutdown all | mod
Syntax Description
all
Shuts down NAM and IDSMs.
mod
Number of the module.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the set module shutdown command, the configuration is not saved in NVRAM. The next time
when the module boots up, it will come online. You can either reinsert or reset the module to bring it
online.
If there are no other network connections to a Catalyst 6500 series switch (for example, on another
module), you have to reenable the module from the console.
You can specify a series of modules by entering a comma between each module number (for
example, 2,3,5).
Examples
This example shows how to shutdown the NAM or IDSM:
Console> (enable) set module shutdown 2
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-380
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set msfcautostate
set msfcautostate
To enable or disable the line protocol state determination of the Multilayer Switch Feature Cards
(MSFCs) due to port state changes, use the set msfcautostate command.
set msfcautostate {enable | disable}
Syntax Description
enable
Activates the line protocol state determination.
disable
Deactivates the line protocol state determination.
Defaults
The default is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This feature is used to accurately reflect the Layer 3 interface status based on the underlying Layer 2
interface status so that routing and other protocols converge faster. Faster protocol convergence prevents
traffic from being discarded without notice.
When you enable the MSFC auto state feature, VLAN interfaces on the MSFC are active only when there
is at least one other active interface in the spanning tree forwarding state on the Catalyst 6500 series
switch. This interface could be a physical end-user port, a trunk connection for which the VLAN is
active, or even another MSFC with an equivalent VLAN interface.
If you enable and then disable or disable and then enable the set msfcautostate command, you might
have to use the shutdown and no shutdown commands to disable and then restart the VLAN and WAN
interfaces on the MSFC.
If your FXS module ports are in an auxiliary VLAN and there are no switching module ports active in
the VLAN, the FXS module will not initialize because the MSFC auto state feature shuts down all MSFC
interfaces and subinterfaces. We recommend that you add a physical Ethernet port to the VLAN.
Caution
Examples
You should not disable the MSFC auto state feature because the Layer 3 interface status might not
accurately reflect the Layer 2 interface status. If you disable this feature, traffic might be discarded
without notice even though other valid traffic paths might exist.
This example shows how to disable the line protocol state determination of the MSFC:
Console> (enable) set msfcautostate disable
Console> (enable)
Related Commands
show msfcautostate
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-381
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set msmautostate
set msmautostate
To enable or disable the line protocol state determination of the MSMs due to port state changes, use the
set msmautostate command.
set msmautostate {enable | disable}
Syntax Description
enable
Activates the line protocol state determination.
disable
Deactivates the line protocol state determination.
Defaults
The default configuration has line protocol state determination disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This feature is useful for discontinuing the advertisement of routing paths when access to them is severed
(either through fault or administrative disabling).
When you enable msmautostate, VLAN interfaces on the MSM are active only when there is at least
one other active interface within the Catalyst 6500 series switch. This could be a physical end-user port,
a trunk connection for which the VLAN is active, or even another MSM with an equivalent VLAN
interface.
If you disable msmautostate, you might have to use the shutdown and no shutdown commands to
disable and then restart the VLAN interface to bring the MSM back up.
Examples
This example shows how to enable the line protocol state determination of the MSM:
Console> (enable) set msmautostate enable
MSM port auto state enabled.
Console> (enable)
This example shows how to disable the line protocol state determination of the MSM:
Console> (enable) set msmautostate disable
MSM port auto state disabled.
Console> (enable)
Related Commands
show msmautostate
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-382
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set multicast router
set multicast router
To configure a port manually as a multicast router port, use the set multicast router command.
set multicast router mod/port
Syntax Description
mod/port
Defaults
The default is no ports are configured as multicast router ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable IGMP snooping, the ports to which a multicast-capable router is attached are identified
automatically. The set multicast router command allows you to configure multicast router ports
statically.
Examples
This example shows how to configure a multicast router port:
Number of the module and port on the module.
Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)
Related Commands
clear multicast router
set igmp
show multicast group count
show multicast router
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-383
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ntp broadcastclient
set ntp broadcastclient
To enable or disable NTP in broadcast-client mode, use the set ntp broadcastclient command.
set ntp broadcastclient {enable | disable}
Syntax Description
enable
Enables NTP in broadcast-client mode.
disable
Disables NTP in broadcast-client mode.
Defaults
The default is broadcast-client mode is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day
information regularly to a Catalyst 6500 series switch.
Examples
This example shows how to enable an NTP broadcast client:
Console> (enable) set ntp broadcastclient enable
NTP Broadcast Client mode enabled.
Console> (enable)
This example shows how to disable an NTP broadcast client:
Console> (enable) set ntp broadcastclient disable
NTP Broadcast Client mode disabled.
Console> (enable)
Related Commands
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-384
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ntp broadcastdelay
set ntp broadcastdelay
To configure a time-adjustment factor so the Catalyst 6500 series switch can receive broadcast packets,
use the set ntp broadcastdelay command.
set ntp broadcastdelay microseconds
Syntax Description
microseconds
Defaults
The default is the NTP broadcast delay is set to 3000 milliseconds.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the NTP broadcast delay to 4000 milliseconds:
Estimated round-trip time, in microseconds, for NTP broadcasts;
valid values are from 1 to 999999.
Console> (enable) set ntp broadcastdelay 4000
NTP broadcast delay set to 4000 microseconds.
Console> (enable)
Related Commands
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-385
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ntp client
set ntp client
To enable or disable a Catalyst 6500 series switch as an NTP client, use the set ntp client command.
set ntp client {enable | disable}
Syntax Description
enable
Enables a Catalyst 6500 series switch as an NTP client.
disable
Disables a Catalyst 6500 series switch as an NTP client.
Defaults
The default is NTP client mode is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure NTP in either broadcast-client mode or client mode. The broadcast-client mode
assumes that a broadcast server, such as a router, sends time-of-day information regularly to a
Catalyst 6500 series switch. The client mode assumes that the client (a Catalyst 6500 series switch)
regularly sends time-of-day requests to the NTP server.
Examples
This example shows how to enable NTP client mode:
Console> (enable) set ntp client enable
NTP client mode enabled.
Console> (enable)
Related Commands
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-386
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ntp server
set ntp server
To specify the NTP server address and configure an NTP server authentication key, use the set ntp
server command.
set ntp server ip_addr [key public_keynum]
Syntax Description
ip_addr
IP address of the NTP server.
key
public_keynum
(Optional) Specifies the key number; valid values are 1 to 4292945295.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The client mode assumes that the client (a Catalyst 6500 series switch) sends time-of-day requests
regularly to the NTP server. A maximum of ten servers per client is allowed.
Examples
This example shows how to configure an NTP server:
Console> (enable) set ntp server 172.20.22.191
NTP server 172.20.22.191 added.
Console> (enable)
Related Commands
clear ntp server
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-387
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ntp summertime
set ntp summertime
To set the clock ahead one hour during daylight saving time, use the set ntp summertime command.
set ntp summertime {enable | disable} [zone]
set ntp summertime recurring [{week} {day} {month} {hh:mm} {week | day | month | hh:mm}
[offset]]
set ntp summertime date {month} {date} {year} {hh:mm}{month | date | year | hh:mm} [offset]
Syntax Description
enable
Causes the system to set the clock ahead one hour during daylight
saving time.
disable
Prevents the system from setting the clock ahead one hour during
daylight saving time.
zone
(Optional) Time zone used by the set summertime command.
recurring
Specifies the summertime dates that recur every year.
week
(Optional) Week of the month (first, second, third, fourth, last,
1...5).
day
(Optional) Day of the week (Sunday, Monday, Tuesday, and so
forth).
month
Month of the year (January, February, March, and so forth).
hh:mm
Hours and minutes.
offset
(Optional) Amount of offset in minutes (1 to 1440 minutes).
date
Day of the month (1 to 31).
year
Number of the year (1993 to 2035).
Defaults
By default, the set ntp summertime command is disabled. Once enabled, the default for offset is
60 minutes, following U.S. standards.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After you enter the clear config command, the dates and times are set to default.
Unless you configure it otherwise, this command advances the clock one hour at 2:00 a.m. on the first
Sunday in April and moves back the clock one hour at 2:00 a.m. on the last Sunday in October.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-388
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ntp summertime
Examples
This example shows how to cause the system to set the clock ahead one hour during daylight saving time:
Console> (enable) set ntp summertime enable PDT
Summertime is enabled and set to “PDT”.
Console> (enable)
This example shows how to prevent the system from setting the clock ahead one hour during daylight
saving time:
Console> (enable) set ntp summertime disable
Summertime disabled.
Console> (enable)
This example shows how to set daylight saving time to the zonename AUS and repeat every year, starting
from the third Monday of February at noon and ending at the second Saturday of August at
3:00 p.m. with an offset of 30 minutes:
Console> (enable) set ntp summertime AUS recurring 3 Mon Feb 12:00 2 Saturday Aug 15:00 30
Summer time is disabled and set to ’AUS’ with offset 30 minutes.
start: 12:00:00 Sun Feb 13 2000
end:
14:00:00 Sat Aug 26 2000
Recurring, starting at 12:00:00 on Sunday of the third week of February and ending
on Saturday of the fourth week of August.
Console> (enable)
This example shows how to set the daylight saving time to start on January 29, 1999 at 2:00 a.m. and
end on August 19, 2004 at 3:00 p.m. with an offset of 30 minutes:
Console> (enable) set ntp summertime date jan 29 1999 02:00 aug 19 2004 15:00 30
Summertime is disabled and set to ''
Start : Fri Jan 29 1999, 02:00:00
End
: Thu Aug 19 2004, 15:00:00
Offset: 30 minutes
Recurring: no
Console> (enable)
This example shows how to set recurring to reset default to US summertime:
Console> (enable) set ntp summertime recurring 3 mon feb 4 thurs oct 8:00 500
Command authorization none.
Summertime is enabled and set to ‘’
Start : Mon Feb 21 2000, 03:00:00
End
: Fri Oct 20 2000, 08:00:00
Offset: 500 minutes (8 hours 20 minutes)
Recurring: yes, starting at 03:00am of third Monday of February and ending on 08:00am of
fourth Thursday of October.
Console> (enable)
Related Commands
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-389
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set ntp timezone
set ntp timezone
To configure the time offset from Greenwich Mean Time, use the set ntp timezone command.
set timezone [zone_name] [hours [minutes]]
Syntax Description
zone_name
(Optional) Name of the time zone.
hours
(Optional) Time offset (hours) from Greenwich Mean Time; valid values
are from –12 to 12 hours.
minutes
(Optional) Time offset (minutes) from Greenwich Mean Time; valid
values are 0 to 59 minutes.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set ntp timezone command is effective only when NTP is running. If you set the time explicitly and
NTP is disengaged, the set ntp timezone command has no effect. If you have enabled NTP and have not
entered the set timezone command, the Catalyst 6500 series switch displays UTC by default.
Examples
This example shows how to set the time zone to Pacific Standard Time with an offset of minus 8 hours
from UTC:
Console> (enable) set ntp timezone PST -8
Timezone set to “PST”, offset from UTC is -8 hours.
Console> (enable)
Related Commands
clear ntp timezone
show ntp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-390
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set password
set password
To change the login password on the CLI, use the set password command.
set password
Syntax Description
This command has no arguments or keywords.
Defaults
The default is no password is configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Passwords are case sensitive and may be from 0 to 19 characters in length, including spaces.
The command prompts you for the old password. If the password you enter is valid, you are prompted
to enter a new password and to verify the new password. A zero-length password is allowed by pressing
Return.
Examples
This example shows how to set an initial password:
Console> (enable) set password
Enter old password: <old_password>
Enter new password: <new_password>
Retype new password: <new_password>
Password changed.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-391
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pbf
set pbf
To enable policy-based forwarding (PBF) and to set a MAC address for the PFC2, use the set pbf
command.
set pbf [mac mac_address]
Syntax Description
mac mac_address
Defaults
You can use the default MAC address, or you can specify a MAC address. See the “Usage Guidelines”
section for more information.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must set a MAC address for the PFC2. We recommend that you use the default MAC address
provided by the MAC PROM. When you specify your own MAC address using the set pbf mac
command, if the MAC address is a duplicate of a MAC address already in use, packets might be dropped.
(Optional) Specifies MAC address for the PFC2.
PBF is not supported with an operating (booted) MSFC2 in the Catalyst 6500 series switch that is being
used for PBF. If an MSFC2 is present but not booted, you can configure PBF.
PBF may require some configuration on attached hosts. When a router is not present in the network, ARP
table entries have to be statically added on each host participating in PBF. Refer to the “Configuring
Policy-Based Forwarding” section of Chapter 16, “Configuring Access Control,” in the Catalyst 6500
Series Software Configuration Guide for detailed information on configuring hosts.
Note
Examples
PBF does not work with 802.1Q tunnel traffic. PBF is supported on Layer 3 IP unicast traffic, but it is
not applicable to Layer 2 traffic. At the intermediate (PBF) switch, all 802.1Q tunnel traffic appears as
Layer 2 traffic.
This example shows how to set the default MAC address for the PFC2:
Console> (enable) set pbf
Console> (enable) Operation successful.
Console> (enable)
This example shows how to set a specific MAC address for the PFC2:
Console> (enable) set pbf mac 00-01-64-61-39-c2
Console> (enable) Operation successful.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-392
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pbf
Related Commands
clear pbf
show pbf
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-393
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pbf-map
set pbf-map
To create security ACLs and to set adjacency information, use the set pbf-map command.
set pbf-map {ip_addr_1} {mac_addr_1} {vlan_1} {ip_addr_2} {mac_addr_2} {vlan_2}
Syntax Description
ip_addr_1
IP address of host 1.
mac_addr_1
MAC address of host 1.
vlan_1
Number of the first VLAN.
ip_addr_2
IP address of host 2.
mac_addr_2
MAC address of host 2.
vlan_2
Number of the second VLAN.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set pbf-map command does not change existing commands or NVRAM.
The set pbf-map command creates security ACLs and adjacency information based on your input and
then automatically commits the ACLs. This command simplifies the configuration of policy-based
forwarding.
An example of the simplified syntax is set pbf-map 1.1.1.1 0-0-0-0-0-1 11 2.2.2.2 0-0-0-0-0-2 12.
The above example is equivalent to all of the following PBF commands, which were released prior to 7.4:
set security acl adjacency PBF_MAP_ADJ_0 11 0-0-0-0-0-1
set security acl adjacency PBF_MAP_ADJ_1 12 0-0-0-0-0-2
commit security acl adjacency
set security acl ip PBF_MAP_ACL_11 redirect PBF_MAP_ADJ_1 ip host 1.1.1.1 host 2.2.2.2
set security acl ip PBF_MAP_ACL_12 redirect PBF_MAP_ADJ_0 ip host 2.2.2.2 host 1.1.1.1
If the permit ip any any ACE is missing, the following two entries are added:
set security acl ip PBF_MAP_ACL_11 permit ip any any
set security acl ip PBF_MAP_ACL_12 permit ip any any
commit security acl ip PBF_MAP_ACL_11
commit security acl ip PBF_MAP_ACL_12
set security acl map PBF_MAP_ACL_11 11
set security acl map PBF_MAP_ACL_12 12
Each entry in the ACL that is added by the set pbf-map command is inserted before the default permit
ip any any ACE.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-394
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pbf-map
If you want to add entries other then redirect ACEs to the adjacency table, use the set security acl ip
PBF_MAP_ACL_(VLAN_ID) command.
Examples
This example shows how to specify a PBF_MAP_ACL:
Console> (enable) set pbf-map 1.1.1.1 0-0-0-0-0-1 11 2.2.2.2 0-0-0-0-0-2 22
Commit operation successful.
Commit operation successful.
ACL 'PBF_MAP_ACL_11' successfully committed.
Console> (enable)
ACL PBF_MAP_ACL_11 successfully mapped to VLAN 11.
Console> (enable)
ACL 'PBF_MAP_ACL_22' successfully committed.
Console> (enable)
ACL PBF_MAP_ACL_22 successfully mapped to VLAN 22.
Console> (enable) Operation successful.
Console> (enable)
Related Commands
clear pbf-map
show pbf-map
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-395
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pbf vlan
set pbf vlan
To create policy-based forward (PBF) Layer 2 CAM entries on a VLAN, use the set pbf vlan command.
set pbf vlan vlan
Syntax Description
vlan
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
VLAN number.
Usage Guidelines
Note
Specifying the PBF MAC address on a VLAN is only required on the Supervisor Engine 720 with PFC3.
This command creates PBF Layer 2 CAM entries on the VLANs that you specify. Packets matching
these entries are classified as Layer 3 packets. The Layer 2 entries are created only if the PBF MAC
address is set using the set pbf mac command before entering the set pbf vlan command.
Using the clear pbf command does not clear the VLANs enabled for PBF. The clear pbf command does clear
the Layer 2 table entries associated with the VLANs (because the MAC address is no longer valid). You must
explicitly clear the PBF-enabled VLANs to remove them from NVRAM by entering the clear pbf vlan
vlan_list command.
You can specify a range of VLANs in the CLI.
In the example below, the message “Operation Successful” indicates that the PBF MAC address was
saved in NVRAM.
Examples
This example shows how to specify the PBF MAC address on VLANs 11 and 12:
Console> (enable) set pbf vlan 11-12
Console> (enable) PBF enabled on vlan(s) 11-12.
Operation successful.
Console> (enable)
Related Commands
clear pbf vlan
set pbf
show pbf
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-396
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port arp-inspection
set port arp-inspection
To set Address Recognition Protocol (ARP) inspection thresholds on a per-port basis, use the set port
arp-inspection command.
set port arp-inspection mod/port drop-threshold rate shutdown-threshold rate
Syntax Description
mod/port
Number of the module and port on the module.
drop-threshold
Indicates the drop threshold.
rate
Number of packets per second; valid values are from 0 to 1000 pps.
shutdown-threshold
Indicates the shutdown threshold.
Defaults
Both threshold rates are 0 packets per second.
Command Types
Switch command
Command Modes
Privileged.
Usage Guidelines
If the number of packets exceeds the drop-threshold rate, the excess packets are dropped. The excess
packets are still counted toward the shutdown-threshold rate. If the number of packets exceeds the
shutdown-threshold rate, the port is shut down.
When the threshold rates are both at 0 packets per second, per-port rate limiting is not on.
Examples
This example shows how to set the drop-threshold to 500 and the shutdown-threshold to 1000 for port
2/1:
Console> (enable) set port arp-inspection 2/1 drop-threshold 500 shutdown-threshold 1000
Drop Threshold=500, Shutdown Threshold=1000 set on port 2/1.
Console> (enable)
Examples
set security acl arp-inspection
show port arp-inspection
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-397
78-15474-01
2
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port auxiliaryvlan
set port auxiliaryvlan
To configure the auxiliary VLAN ports, use the set port auxiliaryvlan command.
set port auxiliaryvlan mod[/port] {vlan | untagged | dot1p | none}
Syntax Description
mod[/port]
Number of the module and (optional) port or multiple ports.
vlan
Number of the VLAN; valid values are from 1 to 4096.
untagged
Specifies the connected device send and receive untagged packets without
802.1p priority.
dot1p
Specifies the connected device send and receive packets with 802.1p priority.
none
Specifies that the switch does not send any auxiliary VLAN information in the
CDP packets from that port.
Defaults
The default setting is none.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a port, all ports are selected.
This command is not supported by the NAM.
The vlan option specifies that the connected device send packets tagged with a specific VLAN.
If you enter the none option, voice information will not be sent or received.
Dynamic VLAN support for voice VLAN identifier (VVID) includes these restrictions to the following
multiple VLAN access port (MVAP) configuration on the switch port:
•
You can configure any VVID on a dynamic port including dot1p and untagged, except when the
VVID is equal to dot1p or untagged. If this is the case, you must configure VMPS with the MAC
address of the IP phone. When you configure the VVID as dot1p or untagged on a dynamic port,
this warning message is displayed:
VMPS should be configured with the IP phone mac’s.
•
For dynamic ports, the auxiliary VLAN ID cannot be the same as the native VLAN ID assigned by
VMPS for the dynamic port.
•
You cannot configure trunk ports as dynamic ports, but an MVAP can be configured as a dynamic
port.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-398
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port auxiliaryvlan
Examples
This example shows how to set the auxiliary VLAN port to untagged:
Console> (enable) set port auxiliaryvlan 5/7 untagged
Port 5/7 allows the connected device send and receive untagged packets and
without 802.1p priority.
Console> (enable)
This example shows how to set the auxiliary VLAN port to dot1p:
Console> (enable) set port auxiliaryvlan 5/9 dot1p
Port 5/9 allows the connected device send and receive packets with 802.1p priority.
Console> (enable)
This example shows how to set the auxiliary VLAN port to none:
Console> (enable) set port auxiliaryvlan 5/12 none
Port 5/12 will not allow sending CDP packets with AuxiliaryVLAN information.
Console> (enable)
This example shows how to set the auxiliary VLAN port to a specific module, port, and VLAN:
Console> (enable) set port auxiliaryvlan 2/1-3 222
Auxiliaryvlan 222 configuration successful.
AuxiliaryVlan AuxVlanStatus Mod/Ports
------------- ------------- ------------------------222
active
1/2,2/1-3
Console> (enable)
Related Commands
show port auxiliaryvlan
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-399
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port broadcast
set port broadcast
To set broadcast, multicast, or unicast suppression for one or more ports, use the set port broadcast
command. The threshold limits the backplane traffic received from the module.
set port broadcast mod/port threshold% [violation {drop-packets | errdisable}]
[multicast {enable | disable}] [unicast {enable | disable}]
Syntax Description
mod/port
Number of the module and the port on the module.
threshold%
Percentage of total available bandwidth that can be used by traffic; valid
values are decimal numbers from 0.00% to 100% or whole numbers from
0% to 100%.
violation
(Optional) Specifies an action when suppression occurs.
drop-packets
(Optional) Drops packets when suppression occurs.
errdisable
(Optional) Errdisables the port when suppression occurs.
multicast
(Optional) Specifies multicast suppression.
enable | disable (Optional) Enables or disables the suppression type.
unicast
Defaults
(Optional) Specifies unicast suppression.
The default is 100% (no broadcast limit).
The default action is drop-packets if a broadcast violation occurs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
You can enter the threshold value in two ways:
•
A decimal number followed by a percent sign (for example 0.33%)
•
A whole number followed by a percent sign (for example 33%)
The percent sign (%) is required when entering the threshold value.
The multicast and unicast keywords are supported on Gigabit Ethernet modules only.
If you enter the command without using the multicast or unicast keyword, only broadcast traffic is
suppressed. If you enter the multicast or unicast keyword, both broadcast and the selected traffic type
are suppressed.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-400
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port broadcast
Examples
This example shows how to limit broadcast traffic to 20 percent:
Console> (enable) set port broadcast 4/3 20%
Port 4/3 broadcast traffic limited to 20.00%.
Console> (enable)
This example shows how to limit broadcast traffic to 90 percent and to errdisable when suppression
occurs:
Console> (enable) set port broadcast 4/6 90% violation errdisable
Port 4/6 broadcast traffic limited to 90.00%.
On broadcast suppression port 4/6 is configured to move to errdisabled state.
Console> (enable)
This example shows how to allow a specific amount of multicast traffic to a range of ports:
Console> (enable) set port broadcast 4/1-24 80% multicast enable
Port 4/1-24 multicast traffic limited to 80%.
Console> (enable)
This example shows how to limit broadcast and multicast traffic to 91 percent, to disable unicast traffic,
and to errdisable when suppression occurs:
Console> (enable) set port broadcast 4/2 91% violation errdisable multicast enable unicast
disable
Port 4/2 broadcast and multicast traffic limited to 91.00%.
On broadcast suppression port 4/2 is configured to move to errdisabled state.
Console> (enable)
This example shows how to limit broadcast, multicast, and unicast traffic to 91 percent:
Console> (enable) set port broadcast 4/2 91% multicast enable unicast enable
Port 4/2 broadcast, multicast and unicast traffic limited to 91.00%.
Console> (enable)
Related Commands
clear port broadcast
show port broadcast
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-401
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port channel
set port channel
To configure EtherChannel on Ethernet module ports, use the set port channel command.
set port channel mod/port [admin_group]
set port channel mod/port mode {on | off | desirable | auto} [silent | non-silent]
set port channel all mode off
set port channel all distribution {ip | mac} [source | destination | both]
set port channel all distribution {session} [source | destination | both]
set port channel all distribution {ip-vlan-session} [source | destination | both]
Syntax Description
mod/port
Number of the module and the port on the module.
admin_group
(Optional) Number of the administrative group; valid values are from 1
to 1024.
mode
Specifies the EtherChannel mode.
on
Enables and forces specified ports to channel without PAgP.
off
Prevents ports from channeling.
desirable
Sets a PAgP mode that places a port into an active negotiating state, in
which the port initiates negotiations with other ports by sending PAgP
packets.
auto
Sets a PAgP mode that places a port into a passive negotiating state, in
which the port responds to PAgP packets it receives, but does not initiate
PAgP packet negotiation.
silent
(Optional) Uses with auto or desirable when no traffic is expected from
the other device to prevent the link from being reported to STP as down.
non-silent
(Optional) Uses with auto or desirable when traffic is expected from the
other device.
all mode off
Turns off channeling on all ports globally.
all distribution
Applies frame distribution to all ports in the Catalyst 6500 series switch.
ip
Specifies the frame distribution method using IP address values.
mac
Specifies the frame distribution method using MAC address values.
source
(Optional) Specifies the frame distribution method using source address
values.
destination
(Optional) Specifies the frame distribution method using destination
address values.
both
(Optional) Specifies the frame distribution method using source and
destination address values.
session
Allows frame distribution of Layer 4 traffic.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-402
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port channel
both
(Optional) Specifies the frame distribution method using source and
destination Layer 4 port number.
ip-vlan-session
Specifies the frame distribution method based on the source or
destination IP address, the forwarding index derived from the VLAN, and
the source or destination Layer 4 port.
Defaults
The default is EtherChannel is set to auto and silent on all module ports. The defaults for frame
distribution are ip and both.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
This command is not supported by non-EtherChannel-capable modules.
The set port channel all distribution session command is supported on systems configured with the
Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2) and the Supervisor Engine 720.
Make sure that all ports in the channel are configured with the same port speed, duplex mode, and so
forth. For more information on EtherChannel, refer to the Catalyst 6500 Series Software Configuration
Guide.
With the on mode, a usable EtherChannel exists only when a port group in on mode is connected to
another port group in on mode.
If you are running QoS, make sure that bundled ports are all of the same trust types and have similar
queueing and drop capabilities.
Disable the port security feature on the channeled ports (see the set port security command). If you
enable port security for a channeled port, the port shuts down when it receives packets with source
addresses that do not match the secure address of the port.
You can configure up to eight ports on the same switch in each administrative group.
When you assign ports to an existing administrative group, the original ports associated with the
administrative group will move to a new automatically picked administrative group. You cannot add
ports to the same administrative group.
If you do not enter an admin_group value, a new administrative group is created with the admin_group
value selected automatically. The next available administrative group is automatically selected.
If you do not enter the channel mode, the channel mode of the ports addressed are not modified.
The silent | non-silent parameters only apply if desirable or auto modes are entered.
If you do not specify silent or non-silent, the current setting is not affected.
The ip-vlan-session keyword is supported only on the Supervisor Engine 720.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-403
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port channel
Note
With software releases 6.2(1) and earlier, the 6- and 9-slot Catalyst 6500 series switches support a
maximum of 128 EtherChannels.
With software releases 6.2(2) and later, due to the port ID handling by the spanning tree feature, the
maximum supported number of EtherChannels is 126 for a 6- or 9-slot chassis and 63 for a 13-slot
chassis. Note that the 13-slot chassis was first supported in software release 6.2(2).
Examples
This example shows how to set the channel mode to desirable:
Console> (enable) set port channel 2/2-8 mode desirable
Ports 2/2-8 channel mode set to desirable.
Console> (enable)
This example shows how to set the channel mode to auto:
Console> (enable) set port channel 2/7-8,3/1 mode auto
Ports 2/7-8,3/1 channel mode set to auto.
Console> (enable)
This example shows how to group ports 4/1 through 4 in an administrative group:
Console> (enable) set port channel 4/1-4 96
Port(s) 4/1-4 are assigned to admin group 96.
Console> (enable)
This example shows the display when the port list is exceeded:
Console> (enable) set port channel 2/1-9 1
No more than 8 ports can be assigned to an admin group.
Console> (enable)
This example shows how to disable EtherChannel on module 4, ports 4 through 6:
Console> (enable) set port channel 4/4-6 mode off
Port(s) 4/4-6 channel mode set to off.
Console> (enable)
This example shows the display output when you assign ports to an existing administrative group. This
example moves ports in admin group 96 to another admin group and assigns ports 4/4 through 6 to admin
group 96:
Console> (enable) set port channel 4/4-6 96
Port(s) 4/1-3 are moved to admin group 97.
Port(s) 4/4-6 are assigned to admin group 96.
Console> (enable)
This example shows how to set the channel mode to off for ports 4/4 through 6 and assign ports 4/4
through 6 to an automatically selected administrative group:
Console> (enable) set port channel 4/4-6 off
Port(s) 4/4-6 channel mode set to off.
Port(s) 4/4-6 are assigned to admin group 23.
Console> (enable)
This example shows how to configure the EtherChannel load-balancing feature:
Console> (enable) set port channel all distribution ip destination
Channel distribution is set to ip destination.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-404
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port channel
Related Commands
show channel
show channel group
show port channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-405
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port cops
set port cops
To create port roles, use the set port cops command.
set port cops mod/port roles role1 [role2]...
Syntax Description
mod/port
Number of the module and the port on the module.
roles role#
Specifies the roles.
Defaults
The default is all ports have a default role of null string, for example, the string of length 0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
A port may have multiple roles. You can configure a maximum of 64 total roles per switch. You can
specify multiple roles in a single command.
Examples
This example shows how to create roles on a port:
Console> (enable) set port cops 3/1 roles backbone_port main_port
New role ‘backbone_port’ created.
New role ‘main_port’ created.
Roles added for port 3/1-4.
Console> (enable)
This example shows the display if you attempt to create a roll and exceed the maximum allowable
number of roles:
Console> (enable) set port cops 3/1 roles access_port
Unable to add new role. Maximum number of roles is 64.
Console> (enable)
Related Commands
clear port cops
show port cops
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-406
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port debounce
set port debounce
To enable or disable the debounce timer or configure the timer setting on a per-port basis, use the set
port debounce command.
set port debounce mod/port {enable | disable}
set port debounce mod/port delay time
Syntax Description
Defaults
mod/port
Number of the module and the port on the module.
enable | disable
Enables or disables the debounce timer.
delay
Sets the debounce timer for gigabit fiber ports.
time
Amount of time the firmware waits before notifying the
supervisor engine of a link change; valid values are 200
milliseconds or from 300 to 5000 milliseconds. This is supported
on gigabit fiber ports only. See the “Usage Guidelines” section
for more information.
By default, the debounce timer is disabled on all ports.
When the debounce timer is disabled, the default debounce timer values are as follows:
•
10/100 ports—300 milliseconds
•
100BASE-FX ports—300 milliseconds
•
10/100/1000BASE-T and gigabit TX ports—300 milliseconds
•
10-gigabit ports—10 milliseconds
When the debounce timer is enabled, the default debounce timer values are as follows:
•
10/100 ports—3100 milliseconds
•
100BASE-FX ports—3100 milliseconds
•
10/100/1000BASE-T and gigabit TX ports—3100 milliseconds
•
10-gigabit ports—100 milliseconds
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The debounce timer is the time the firmware waits before notifying the supervisor engine of a link
change at the physical layer.
Setting the debounce timer value to 200 milliseconds or from 300 to 5000 milliseconds is possible only
for gigabit fiber ports. You do not need to enable the debounce timer on a gigabit fiber port before
adjusting the timer. Any timer value that is greater than the default value in disabled state is considered
a value that enables the timer.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-407
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port debounce
For 10/100 ports and 100BASE-FX ports in the disabled state, the firmware may take up to 600
milliseconds to notify the supervisor engine of a link change because the firmware polling time is every
300 milliseconds.
For 10/100 ports and 100BASE-FX ports in the enabled state, the firmware may take up to 3400
milliseconds to notify the supervisor engine of a link change because the firmware polling time is every
300 milliseconds.
Examples
This example shows how to enable the debounce timer for a specific port on a specific module:
Console> (enable) set port debounce 1/1 enable
Debounce is enabled on port 1/1.
Warning:Enabling port debounce causes Link Up/Down detections to be delayed.
It results in loss of data traffic during debouncing period, which might
affect the convergence/reconvergence of various Layer 2 and Layer 3
protocols.
Use with caution.
Console> (enable)
Related Commands
show port debounce
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-408
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port disable
set port disable
To disable a port or a range of ports, use the set port disable command.
set port disable mod/port
Syntax Description
mod/port
Defaults
The default system configuration has all ports enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Number of the module and the port on the module.
It takes approximately 30 seconds for this command to take effect.
Examples
This example shows how to disable a port using the set port disable command:
Console> (enable) set port disable 5/10
Port 5/10 disabled.
Console> (enable)
Related Commands
set port enable
show port
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-409
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1q-all-tagged
set port dot1q-all-tagged
To enable the 802.1Q tagging feature on specific ports, use the set port dot1q-all-tagged command.
set port dot1q-all-tagged {mod/port} {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables the dot1q-all-tagged feature.
disable
Disables the dot1q-all-tagged feature.
Defaults
The 802.1Q tagging feature is enabled on a per-port basis. See the “Usage Guidelines” section for more
information.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Although 802.1Q tagging is enabled by default on a per-port basis, tagging only takes effect when you
enable the feature globally by entering the set dot1q-all-tagged enable command. When the global
command is enabled, if you do not want tagging on a specific port, you must disable the feature on that port.
Examples
This example shows how to enable the dot1q tagging feature on specific ports:
Console> (enable) set port dot1q-all-tagged 1/1-2 enable
Packets on native vlan will be tagged on port(s) 1/1-2.
Console> (enable)
This example shows how to enable the dot1q tagging feature on all ports:
Console> (enable) set port dot1q-all-tagged all enable
Packets on native vlan will be tagged on all applicable ports.
Console> (enable)
This example shows how to disable the dot1q tagging feature on specific ports:
Console> (enable) set port dot1q-all-tagged 1/1-2 disable
Packets on native vlan will not be tagged for port(s) 1/1-2.
Console> (enable)
This example shows how to disable the dot1q tagging feature on all ports:
Console> (enable) set port dot1q-all-tagged all disable
Packets on native vlan will not be tagged on all applicable ports.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-410
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1q-all-tagged
Related Commands
set dot1q-all-tagged
show dot1q-all-tagged
show port dot1q-all-tagged
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-411
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1qtunnel
set port dot1qtunnel
To configure the dot1q tunnel mode for the port, use the set port dot1qtunnel command.
set port dot1qtunnel mod/port {access | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
access
Turns off the port trunking mode.
disable
Disables dot1q tunneling.
Defaults
The default is dot1qtunnel is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You cannot enable the dot1q tunneling feature on a port until dot1q-tagged-only mode is enabled.
You cannot disable dot1q-tagged-only mode on the switch until dot1q tunneling is disabled on all the
ports on the switch.
You cannot set the dot1q tunnel mode to access if port security is enabled.
You cannot set the dot1q tunnel mode to access on a port with an auxiliary VLAN configured.
An interconnected network can have redundant paths to the same edge switch of ISP, but it cannot have
redundant paths to two different edge switches of ISP.
Note
PBF does not work with 802.1Q tunnel traffic. PBF is supported on Layer 3 IP unicast traffic, but it is
not applicable to Layer 2 traffic. At the intermediate (PBF) switch, all 802.1Q tunnel traffic appears as
Layer 2 traffic.
If you enable dot1q-tagged globally, the dot1q-tagged per-port setting controls whether or not the frames
are tagged. If you disable dot-1q-tagged globally, the default group is never tagged and the per-port
setting has no effect.
Examples
This example shows how to set dot1q tunneling on the port to access:
Console> (enable) set port dot1qtunnel 4/1 access
Dot1q tunnel feature set to access mode on port 4/1.
Port 4/2 trunk mode set to off.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-412
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1qtunnel
This example shows the output if you try to turn on trunking on a port that has dot1q tunneling mode set:
Console> (enable) set trunk 4/1 on
Failed to set port 4/1 to trunk mode on.
The dot1q tunnel mode for the port is currently set to access.
Console> (enable)
Related Commands
show port dot1qtunnel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-413
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1x
set port dot1x
To configure dot1x on a port, use the set port dot1x command.
set port dot1x mod/port multiple-host {enable | disable}
set port dot1x mod/port {port-control port_control_value}
set port dot1x mod/port {initialize | re-authenticate}
set port dot1x mod/port re-authentication {enable | disable}
set port dot1x mod/port multiple-authentication {enable | disable}
set port dot1x mod/port guest-vlan {vlan | none}
set port dot1x mod/port shutdown-timeout {enable | disable}
Syntax Description
mod/port
Number of the module and port on the module.
multiple-host
Specifies multiple-user access; see the “Usage Guidelines” section for
more information.
enable
Enables multiple-user access.
disable
Disables multiple-user access.
port-control
port_control_value
Specifies the port control type; valid values are force-authorized,
force-unauthorized, and auto.
initialize
Initializes dot1x on the port.
re-authenticate
Manually initiates a reauthentication of the entity connected to the port.
re-authentication
Automatically initiates reauthentication of the entity connected to the
port within the reauthentication time period; see the “Usage Guidelines”
section for more information.
enable
Enables automatic reauthentication.
disable
Disables automatic reauthentication.
multiple-authentication
Specifies multiple authentications so that more than one host can gain
access to the port; see the “Usage Guidelines” section for more
information.
enable
Enables multiple authentication.
disable
Disables multiple authentication.
guest-vlan
Specifies an active VLAN as an 802.1x guest VLAN.
vlan
Number of the VLAN; valid values are from 1 to 1005 and 1025 to 4094.
none
Clears the guest VLAN on the port.
shutdown-timeout
Specifies the shutdown-timeout period for a port after a security
violation. See the “Usage Guidelines” section for more information.
enable
Activates the automatic reenabling of a port after the shutdown timeout
period.
disable
Deactivates the automatic reenabling of a port after the shutdown
timeout period.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-414
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1x
Defaults
The default settings are as follows:
•
The default port_control_value is force-authorized.
•
The multiple host feature is disabled.
•
The reauthentication feature is disabled.
•
The multiple authentication feature is disabled.
•
The shutdown-timeout feature is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The dot1x port will not be allowed to become a trunk port, MVAP, channel port, dynamic port, or a secure
port.
When setting the port control type, the following applies:
•
force-authorized forces the controlled port to transition to the authorized state unconditionally and
is equivalent to disabling 802.1x restriction in the port.
•
force-unauthorized forces the controlled port to transit to the unauthorized state unconditionally and
prevents the authorized services of the authenticator to the supplicant.
•
auto enables 802.1x control on the port.
If you disable the multiple host feature, once a dot1x port is authorized through a successful
authentication of a supplicant, only that particular host (MAC address) is allowed on that port. When the
system detects another host (different MAC address) on the authorized port, it shuts down the port and
displays a syslog message. This is the default system behavior.
If you enable the multiple host feature, once a dot1x port is authorized through a successful
authentication of a supplicant, any host (any MAC address) is allowed to send or receive traffic on that
port.
If you enable reauthentication, you can set the reauthentication time period in seconds by entering the
set dot1x re-authperiod seconds command. The default for the reauthentication time period is
3600 seconds.
You can enable either multiple host mode or multiple authentication mode.
To specify the number of seconds that a port is shut down after a security violation, enter the set dot1x
shutdown-timeout command. Then enter the set port dot1x mod/port shutdown-timeout enable
command to activate automatic reenabling of the port after the shutdown-timeout period has elapsed.
Examples
This example shows how to set the port control type automatically:
Console> (enable) set port dot1x 4/1 port-control auto
Port 4/1 dot1x port-control is set to auto.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-415
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1x
This example shows how to initialize dot1x on a port:
Console> (enable) set port dot1x 4/1 initialize
dot1x port 4/1 initializing...
dot1x initialized on port 4/1.
Console> (enable)
This example shows how to manually reauthenticate a port:
Console> (enable) set port dot1x 4/1 re-authenticate
dot1x port 4/1 re-authenticating...
dot1x re-authentication successful...
dot1x port 4/1 authorized.
Console> (enable)
This example shows how to enable multiple-user access on a specific port:
Console> (enable) set port dot1x 4/1 multiple-host enable
Multiple hosts allowed on port 4/1.
Console> (enable)
This example shows how to enable automatic reauthentication on a port:
Console> (enable) set port dot1x 4/1 re-authentication enable
Port 4/1 re-authentication enabled.
Console> (enable)
This example shows how to activate automatic reenabling of a port after the shutdown-timeout period
has elapsed:
Console> (enable) set port dot1x 2/1 shutdown-timeout enable
Dot1x shutdown_timeout enabled
Console> (enable)
Related Commands
set dot1x
show dot1x
show port dot1x
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-416
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port duplex
set port duplex
To configure the duplex type of an Ethernet port or a range of ports, use the set port duplex command.
set port duplex mod/port {full | half}
Syntax Description
mod/port
Number of the module and the port on the module.
full
Specifies full-duplex transmission.
half
Specifies half-duplex transmission.
Defaults
The default configuration for 10-Mbps and 100-Mbps modules has all Ethernet ports set to half duplex.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex.
The set port duplex command is not supported on Gigabit Ethernet ports. Gigabit Ethernet ports support
full-duplex mode only.
If the transmission speed on a 16-port RJ-45 Gigabit Ethernet port is set to 1000, duplex mode is set to
full. If the transmission speed is changed to 10 or 100, the duplex mode stays at full. You must configure
the correct duplex mode when transmission speed is changed to 10 or 100 from 1000.
Examples
This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full
Port 2/1 set to full-duplex.
Console> (enable)
Related Commands
show port
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-417
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port enable
set port enable
To enable a port or a range of ports, use the set port enable command.
set port enable mod/port
Syntax Description
mod/port
Defaults
The default is all ports are enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Number of the module and the port on the module.
It takes approximately 30 seconds for this command to take effect.
Examples
This example shows how to enable port 3 on module 2:
Console> (enable) set port enable 2/3
Port 2/3 enabled.
Console> (enable)
Related Commands
set port disable
show port
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-418
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port errdisable-timeout
set port errdisable-timeout
To prevent an errdisabled port from being enabled, use the set port errdisable-timeout command.
set port errdisable-timeout mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables errdisable timeout.
disable
Disables errdisable timeout.
Defaults
By default, the errdisable timeout for each port is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When the global timer times out, the port will be reenabled. Use the set port errdisable-timeout
command if you want the port to remain in the errdisabled state.
Examples
This example shows how to prevent port 3/3 from being enabled when it goes into errdisabled state:
Console> (enable) set port errdisable-timeout 3/3 disable
Successfully disabled errdisable-timeout for port 3/3.
Console> (enable)
Related Commands
set errdisable-timeout
show errdisable-timeout
show port errdisable-timeout
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-419
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port flowcontrol
set port flowcontrol
To configure a port to send or receive pause frames, use the set port flowcontrol command. Pause
frames are special packets that signal a source to stop sending frames for a specific period of time
because the buffers are full.
set port flowcontrol mod/port {receive | send} {off | on | desired}
Syntax Description
Defaults
mod/port
Number of the module and the port on the module.
receive
Specifies a port processes pause frames.
send
Specifies a port sends pause frames.
off
Prevents a local port from receiving and processing pause frames from
remote ports or from sending pause frames to remote ports.
on
Enables a local port to receive and process pause frames from remote ports
or send pause frames to remote ports.
desired
Obtains predictable results regardless of whether a remote port is set to on,
off, or desired.
Flow-control defaults vary depending upon port speed:
•
Gigabit Ethernet ports default to off for receive (Rx) and desired for transmit (Tx)
•
Fast Ethernet ports default to off for receive and on for transmit
On the 24-port 100BASE-FX and 48-port 10/100 BASE-TX RJ-45 modules, the default is off for receive
and off for send.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
When you configure the 24-port 100BASE-FX and 48-port 10/100 BASE-TX RJ-45 modules, you can
set the receive flow control to on or off and the send flow control to off.
All Catalyst Gigabit Ethernet ports can receive and process pause frames from remote devices.
To obtain predictable results, use these guidelines:
•
Use send on only when remote ports are set to receive on or receive desired.
•
Use send off only when remote ports are set to receive off or receive desired.
•
Use receive on only when remote ports are set to send on or send desired.
•
Use send off only when remote ports are set to receive off or receive desired.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-420
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port flowcontrol
Table 2-16 describes guidelines for different configurations of the send and receive keywords.
Table 2-16 send and receive Keyword Configurations
Examples
Configuration
Description
send on
Enables a local port to send pause frames to remote ports.
send off
Prevents a local port from sending pause frames to remote ports.
send desired
Obtains predictable results whether a remote port is set to receive on,
receive off, or receive desired.
receive on
Enables a local port to process pause frames that a remote port sends.
receive off
Prevents a local port from sending pause frames to remote ports.
receive desired
Obtains predictable results whether a remote port is set to send on,
send off, or send desired.
This example shows how to configure port 1 of module 5 to receive and process pause frames:
Console> (enable) set port flowcontrol receive 5/1 on
Port 5/1 flow control receive administration status set to on
(port will require far end to send flowcontrol)
Console> (enable)
This example shows how to configure port 1 of module 5 to receive and process pause frames if the
remote port is configured to send pause frames:
Console> (enable) set port flowcontrol receive 5/1 desired
Port 5/1 flow control receive administration status set to desired
(port will allow far end to send flowcontrol if far end supports it)
Console> (enable)
This example shows how to configure port 1 of module 5 to receive but NOT process pause frames on
port 1 of module 5:
Console> (enable) set port flowcontrol receive 5/1 off
Port 5/1 flow control receive administration status set to off
(port will not allow far end to send flowcontrol)
Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames:
Console> (enable) set port flowcontrol send 5/1 on
Port 5/1 flow control send administration status set to on
(port will send flowcontrol to far end)
Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames and yield predictable
results even if the remote port is set to receive off:
Console> (enable) set port flowcontrol send 5/1 desired
Port 5/1 flow control send administration status set to desired
(port will send flowcontrol to far end if far end supports it)
Console> (enable)
Related Commands
show port flowcontrol
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-421
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port gmrp
set port gmrp
To enable or disable GMRP on the specified ports in all VLANs, use the set port gmrp command.
set port gmrp mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables GVRP on a specified port.
disable
Disables GVRP on a specified port.
Defaults
The default is GMRP is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
You can enter this command even when GMRP is not enabled, but the values come into effect only when
you enable GMRP using the set gmrp enable command.
Examples
This example shows how to enable GMRP on module 3, port 1:
Console> (enable) set port gmrp 3/1 enable
GMRP enabled on port(s) 3/1.
GMRP feature is currently disabled on the switch.
Console> (enable)
This example shows how to disable GMRP on module 3, ports 1 through 5:
Console> (enable) set port gmrp 3/1-5 disable
GMRP disabled on port(s) 3/1-5.
Console> (enable)
Related Commands
show gmrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-422
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port gvrp
set port gvrp
To enable or disable GVRP on the specified ports in all VLANs, use the set port gvrp command.
set port gvrp mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables GVRP on a specified port.
disable
Disables GVRP on a specified port.
Defaults
The default is GVRP is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
When you enable VTP pruning, it runs on all the GVRP-disabled trunks.
To run GVRP on a trunk, you need to enable GVRP both globally on the switch and individually on the
trunk.
You can configure GVRP on a port even when you globally enable GVRP. However, the port will not
become a GVRP participant until you globally enable GVRP.
You can enable GVRP on an 802.1Q trunk only.
If you enter the set port gvrp command without specifying the port number, GVRP is affected globally
in the switch.
Examples
This example shows how to enable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 enable
GVRP enabled on 3/2.
Console> (enable)
This example shows how to disable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 disable
GVRP disabled on 3/2.
Console> (enable)
This example shows what happens if you try to enable GVRP on a port that is not an 802.1Q trunk:
Console> (enable) set port gvrp 4/1 enable
Failed to set port 4/1 to GVRP enable. Port not allow GVRP.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-423
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port gvrp
This example shows what happens if you try to enable GVRP on a specific port when GVRP has not first
been enabled using the set gvrp command:
Console> (enable) set port gvrp 5/1 enable
GVRP enabled on port(s) 5/1.
GVRP feature is currently disabled on the switch.
Console> (enable)
Related Commands
clear gvrp statistics
set gvrp
show gvrp configuration
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-424
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port host
set port host
To optimize the port configuration for a host connection, use the set port host command.
set port host mod/port
Syntax Description
mod/port
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Number of the module and the port on the module.
To optimize the port configuration, the set port host command sets channel mode to off, enables
spanning tree PortFast, sets the trunk mode to off, and disables the dot1q tunnel feature. Only an end
station can accept this configuration.
Because spanning tree PortFast is enabled, you should enter the set port host command only on ports
connected to a single host. Connecting hubs, concentrators, switches, and bridges to a fast-start port can
cause temporary spanning tree loops.
Enable the set port host command to decrease the time it takes to start up packet forwarding.
Examples
This example shows how to optimize the port configuration for end station/host connections on ports 2/1
and 3/1:
Console> (enable) set port host 2/1,3/1
Warning: Span tree port fast start should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can
cause temporary spanning tree loops. Use with caution.
Spantree ports 2/1,3/1 fast start enabled.
Dot1q tunnel feature disabled on port(s) 4/1.
Port(s) 2/1,3/1 trunk mode set to off.
Port(s) 2/1 channel mode set to off.
Console> (enable)
Related Commands
clear port host
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-425
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port inlinepower
set port inlinepower
To set the inline power mode of a port or group of ports, use the set port inlinepower command.
set port inlinepower mod/port {auto | static} [max-wattage]
set port inlinepower mod/port off
Syntax Description
mod/port
Number of the module and the port on the module.
auto
Powers up the port only if the switching module has discovered the phone.
static
Powers up the port to a preallocated value so that the port is guaranteed power. See the
“Usage Guidelines” section for more information.
max-wattage
(Optional) The maximum power allowed on the port in either auto or static mode;
valid values are from 4000 to 15400 milliwatts.
off
Prevents the port from providing power to an external device.
Defaults
The default is auto.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify auto or static mode but do not specify a max-wattage argument, the maximum wattage
that is supported by the hardware is used.
If you specify static mode, power is preallocated to the specified port even if no devices are connected
to that port. Connecting any device to that port ensures priority of service because that port is guaranteed
power.
If you enter the off keyword, the inline power-capable device is not detected.
If you enter this command on a port that does not support the IP phone power feature, an error message
is displayed.
You can enter a single port or a range of ports, but you cannot enter the module number only.
Caution
Examples
Damage can occur to equipment connected to the port if you are not using a phone that can be configured
for the IP phone phantom power feature.
This example shows how to set the inline power to off:
Console> (enable) set port inlinepower 2/5 off
Inline power for port 2/5 set to off.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-426
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port inlinepower
This example shows the output if the inline power feature is not supported:
Console> (enable) set port inlinepower 2/3-9 auto
Feature not supported on module 2.
Console> (enable)
Related Commands
set inlinepower defaultallocation
show environment
show port inlinepower
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-427
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port jumbo
set port jumbo
To enable or disable the jumbo frame feature on a per-port basis, use the set port jumbo command.
set port jumbo mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables jumbo frames on a specified port.
disable
Disables jumbo frames on a specified port.
Defaults
If you enable the jumbo frame feature, the MTU size for packet acceptance is 9216 bytes for nontrunking
ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. The jumbo frame feature is supported on any Ethernet port
and on the sc0 interface. The MSFC2 supports routing of jumbo frames. The Gigabit Switch Router
(GSR) supports jumbo frames.
You can use the jumbo frame feature to transfer large frames or jumbo frames through Catalyst 6500
series switches to optimize server-to-server performance.
The Multilayer Switch Feature Card (MSFC) and the Multilayer Switch Module (MSM) do not support
the routing of jumbo frames; if jumbo frames are sent to these routers, router performance is
significantly degraded.
For information on how to set the jumbo frame MTU size, contact Cisco’s Technical Assistance Center
(TAC) at 800 553-NETS, 800 553-6387, 408 526-4000, or tac@cisco.com.
Examples
This example shows how to enable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 enable
Jumbo frames enabled on port 5/3.
Console> (enable)
This example shows how to disable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 disable
Jumbo frames disabled on port 3/2.
Console> (enable)
Related Commands
set trunk
show port jumbo
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-428
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port l2protocol-tunnel
set port l2protocol-tunnel
To set Layer 2 protocol tunneling parameters, use the set port l2protocol-tunnel command.
set port l2protocol-tunnel mod/port {cdp | stp | vtp} {enable | disable}
set port l2protocol-tunnel mod/port {drop-threshold drop-threshold}
{shutdown-threshold shutdown-threshold}
Syntax Description
Defaults
mod/port
Number of the module and the port or range of ports.
cdp | stp | vtp
Specifies the protocol type. See the “Usage Guidelines” section for more
information.
enable | disable
Enables or disables the protocol.
drop-threshold
drop-threshold
Specifies the drop threshold factor on a port or range of ports. See the
“Usage Guidelines” section for more information.
shutdown-threshold
shutdown-threshold
Specifies the shutdown threshold factor on a port or range of ports. See the
“Usage Guidelines” section for more information.
Protocol tunneling is disabled on all ports.
The default for the drop threshold and the shutdown threshold is 0. The 0 value indicates that no limit is
set.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can specify more than one protocol type at a time. In the CLI, separate protocol types with a space.
The recommended maximum value for the shutdown threshold is 1000. This value reflects the number
of PDUs an edge switch can handle per second (without dropping any) while performing egress and
ingress tunneling. For an edge switch, the shutdown threshold value also determines the number of
Layer 2 protocol tunneling ports that can be connected to customer switches and the number of customer
VLANs per Layer 2 protocol tunneling port. In determining the recommended maximum value of 1000,
egress tunneling from the service provider network was also taken into consideration.
To determine the number of Layer 2 protocol tunneling ports (links) and the number of customer VLANs
per Layer 2 protocol tunneling port (VLANs per link) that an edge switch can handle, use the following
formula: Multiply the number of Layer 2 protocol tunneling ports by the number of VLANs and the
result should be less than or equal to 1000. Some examples of acceptable configurations are as follows:
•
1 Layer 2 protocol tunneling port x 1000 VLANs
•
2 Layer 2 protocol tunneling port x 500 VLANs
•
5 Layer 2 protocol tunneling port x 200 VLANs
•
10 Layer 2 protocol tunneling port x 100 VLANs
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-429
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port l2protocol-tunnel
Note
Examples
•
20 Layer 2 protocol tunneling port x 50 VLANs
•
100 Layer 2 protocol tunneling port x 10 VLANs
The shutdown threshold factor should exceed the drop threshold factor. After reaching the drop threshold
factor, the port or range of ports starts dropping PDUs. After reaching the shutdown threshold factor, the
port or range of ports goes into errdisable state and is restored after timeout.
This example shows how to enable CDP on a range of ports:
Console> (enable) set port l2protocol-tunnel 7/1-2 cdp enable
Layer 2 protocol tunneling enabled for CDP on ports 7/1-2.
Console> (enable)
This example shows how to enable STP and VTP on a range of ports:
Console> (enable) set port l2protocol-tunnel 7/1-2 stp vtp enable
Layer 2 protocol tunneling enabled for STP VTP on ports 7/1-2.
Console> (enable)
This example shows how to disable CDP, STP, and VTP on a range of ports:
Console> (enable) set port l2protocol-tunnel 7/1-2 cdp stp vtp disable
Layer 2 protocol tunneling disabled for CDP STP VTP on ports 7/1-2.
Console> (enable)
This example shows how to set the drop threshold to 1000 and the shutdown threshold to 20000 on a port:
Console> (enable) set port l2protocol-tunnel 7/1 drop-threshold 1000 shutdown-threshold
20000
Drop Threshold=1000, Shutdown Threshold=20000 set on port 7/1.
Console> (enable)
Related Commands
clear l2protocol-tunnel cos
clear l2protocol-tunnel statistics
set l2protocol-tunnel cos
show l2protocol-tunnel statistics
show port l2protocol-tunnel
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-430
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port lacp-channel
set port lacp-channel
To set the priority value for physical ports, to assign an administrative key to a particular set of ports, or
to change the channel mode for a set of ports that were previously assigned to the same administrative
key, use the set port lacp-channel command.
set port lacp-channel mod/ports port-priority value
set port lacp-channel mod/ports [admin-key]
set port lacp-channel mod/ports mode {on | off | active | passive}
Syntax Description
Defaults
mod/ports
Number of the module and the ports on the module.
port-priority
Specifies the priority for physical ports.
value
Number of the port priority; valid values are from 1 to 255. See the
“Usage Guidelines” section for more information about the priority
value.
admin-key
(Optional) Number of the administrative key; valid values are from 1
to 1024. See the “Usage Guidelines” section for more information
about the administrative key.
mode
Specifies the channel mode for a set or ports.
on | off | active | passive
Specifies the status of the channel mode.
LACP is supported on all Ethernet interfaces.
The default port priority value is 128.
The default mode is passive for all ports that are assigned to the administrative key.
For differences between PAgP and LACP, refer to the “Guidelines for Port Configuration” section of the
“Configuring EtherChannel” chapter of the Catalyst 6500 Series Software Configuration Guide.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command can only be used for ports belonging to LACP modules. This command cannot be used
on ports running in PAgP mode.
Higher priority values correspond to lower priority levels.
The following usage guidelines apply when you assign an administrative key to ports:
•
If you do not enter a value for the administrative key, the switch chooses a value automatically.
•
If you choose a value for the administrative key, but this value is already used in your switch, all the
ports associated with this value are moved to a new administrative key that is assigned automatically.
The previously used value is now associated with new ports.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-431
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port lacp-channel
Examples
•
You can assign a maximum of 8 ports to an administrative key.
•
If you assign an administrative key to a channel that was previously assigned a particular mode, the
channel will maintain that mode after you enter the administrative key value.
This example shows how to set the priority of ports 1/1 to 1/4 and 2/6 to 2/8 to 10:
Console> (enable) set port lacp-channel 4/1-4
Ports 4/1-4 being assigned admin key 96.
Console> (enable)
This example shows how to assign ports 4/1 to 4/4 to an administrative key that the switch automatically
chooses:
Console> (enable) set port lacp-channel 4/1-4
Ports 4/1-4 being assigned admin key 96.
Console> (enable)
This example shows how to assign ports 4/4 to 4/6 to administrative key 96 when that key was previously
assigned to ports 4/1 to 4/3:
Console> (enable) set port lacp-channel 4/4-6 96
admin key 96 already assigned to port 4/1-3.
Port(s) 4/1-3 being assigned to admin key 97.
Port(s) 4/4-6 being assigned to admin key 96.
Console> (enable)
Related Commands
clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-432
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port macro
set port macro
To execute a configuration macro on a per-port basis, use the set port macro command.
set port macro mod/ports... ciscoipphone vlan vlan [auxvlan auxvlan]
set port macro mod/ports... ciscosoftphone vlan vlan
Syntax Description
mod/ports...
Number of the module and the ports on the module.
ciscoipphone
Specifies the Cisco IP Phone configuration macro.
vlan
Specifies a VLAN interface.
vlan
Number of the VLAN.
auxvlan
(Optional) Specifies an auxiliary VLAN
auxvlan
(Optional) Number of the auxiliary VLAN.
ciscosoftphone
Specifies the Cisco Softphone configuration macro.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you use automatic voice configuration with the ciscoipphone keyword, some of the QoS
configuration requires phone-specific configuration (trust-ext, ext-cos), which is supported only on the
following phones: Cisco IP Phone 7910, Cisco IP Phone 7940, Cisco IP Phone 7960, and Cisco IP
Phone 7935. However, the ciscoipphone keyword is not exclusive to these models only; any phone can
benefit from all the other QoS settings that are configured on the switch.
To configure the QoS settings and the trusted boundary feature on the Cisco IP Phone, you must enable
Cisco Discovery Protocol (CDP) version 2 or later on the port. You need to enable CDP only for the
ciscoipphone QoS configuration; CDP does not affect the other components of the automatic voice
configuration feature.
The automatic voice configuration commands do not support channeling.
A PFC or PFC2 is not required for the ciscoipphone keyword.
A PFC or PFC2 is required for the ciscosoftphone keyword.
The ciscoipphone keyword is only supported on 10/100 and 10/100/1000 Ethernet ports.
The ciscosoftphone keyword is supported on all Ethernet ports.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-433
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port macro
Examples
This example shows how to execute the Cisco IP Phone configuration macro with an auxiliary VLAN:
Console> (enable) set port macro 3/1 ciscoipphone vlan 2 auxvlan 3
Port 3/1 enabled.
Layer 2 protocol tunneling disabled for CDP STP VTP on port(s) 3/1.
Port 3/1 vlan assignment set to static.
Spantree port fast start option set to default for ports 3/1.
Port(s) 3/1 channel mode set to off.
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port 3/1 fast start enabled.
Dot1q tunnel feature disabled on port(s) 3/1.
Port(s) 3/1 trunk mode set to off.
VLAN Mod/Ports
---- ----------------------2
2/1
3/1
16/1
AuxiliaryVlan Status
Mod/Ports
------------- ------------------------------------------------------------3
inactive 3/1
Vlan 3 is not active.
Inline power for port 3/1 set to auto.
CDP enabled globally
CDP enabled on port 3/1.
CDP version set to v2
........
All ingress and egress QoS scheduling parameters configured on all ports.
CoS to DSCP, DSCP to COS, IP Precedence to DSCP and policed dscp maps
configured. Global QoS configured.
Port 3/1 ingress QoS configured for Cisco IP Phone.
Macro completed on port 3/1.
Console> (enable)
This example shows the warning message that appears when you do not specify an auxiliary VLAN:
Console> (enable) set port macro 3/1 ciscoipphone vlan 2
Warning: All inbound QoS tagging information will be lost as no auxillary
vlan was specified.
Do you want to continue (y/n) [n]?
This example shows how to execute the Cisco Softphone configuration macro:
Console> (enable) set port macro 3/1 ciscosoftphone vlan 32
Port 3/1 enabled.
Layer 2 protocol tunneling disabled for CDP STP VTP on port(s) 3/1.
Port 3/1 vlan assignment set to static.
Spantree port fast start option set to default for ports 3/1.
Port(s) 3/1 channel mode set to off.
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port 3/1 fast start enabled.
Dot1q tunnel feature disabled on port(s)
Port(s) 3/1 trunk mode set to off.
Vlan 32 configuration successful
VLAN 32 modified.
VLAN 2 modified.
3/1.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-434
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port macro
VLAN Mod/Ports
---- ----------------------32
3/1
16/1
Port 3/1 will not send out CDP packets with AuxiliaryVlan information.
Executing autoqos........
All ingress and egress QoS scheduling parameters configured on all ports.
CoS to DSCP, DSCP to COS, IP Precedence to DSCP and policed dscp maps
configured. Global QoS configured.
Port 3/1 ingress QoS configured for Cisco Softphone.
Macro completed on port 3/1.
Console> (enable)
Related Commands
set cdp
set port qos autoqos
set qos autoqos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-435
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port membership
set port membership
To set the VLAN membership assignment to a port, use the set port membership command.
set port membership mod/port {dynamic | static}
Syntax Description
mod/port
Number of the module and the port on the module.
dynamic
Specifies that the port become a member of dynamic VLANs.
static
Specifies that the port become a member of static VLANs.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Dynamic VLAN support for VVID includes these restrictions to the following configuration of MVAP
on the switch port:
•
You can configure any VVID on a dynamic port including dot1p and untagged, except when the
VVID is equal to dot1p or untagged. If this is the case, then you must configure VMPS with the
MAC address of the IP phone. When you configure the VVID as dot1p or untagged on a dynamic
port, this warning message is displayed:
VMPS should be configured with the IP phone mac’s.
Examples
•
You cannot change the VVID of the port equal to PVID assigned by the VMPS for the dynamic port.
•
You cannot configure trunk ports as dynamic ports, but you can configure MVAP as a dynamic port.
This example shows how to set the port membership VLAN assignment to dynamic:
Console>
Port 5/5
Spantree
Console>
(enable) set port membership 5/5 dynamic
vlan assignment set to dynamic.
port fast start option enabled for ports 5/5.
(enable)
This example shows how to set the port membership VLAN assignment to static:
Console> (enable) set port membership 5/5 static
Port 5/5 vlan assignment set to static.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-436
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port membership
Related Commands
set pvlan
set pvlan mapping
set vlan
set vlan mapping
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-437
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port name
set port name
To configure a name for a port, use the set port name command.
set port name mod/port [port_name]
Syntax Description
mod/port
Number of the module and the port on the module.
port_name
(Optional) Name of the module.
Defaults
The default is no port name is configured for any port.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
If you do not specify the name string, the port name is cleared.
Examples
This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy
Port 4/1 name set.
Console> (enable)
Related Commands
show port
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-438
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port negotiation
set port negotiation
To enable or disable the link negotiation protocol on the specified port, use the set port negotiation
command.
set port negotiation mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables the link negotiation protocol.
disable
Disables the link negotiation protocol.
Defaults
The default is link negotiation protocol is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You cannot configure port negotiation on 1000BASE-T (copper) Gigabit Ethernet ports in this release.
If a 1000BASE-T GBIC is inserted in the port that was previously configured as a negotiation-disabled
port, the negotiation-disabled setting is ignored, and the port operates in negotiation-enabled mode.
The set port negotiation command is supported on Gigabit Ethernet ports only, except on
WS-X6316-GE-TX and on WS-X6516-GE-TX.
If the port does not support this command, this message appears:
Feature not supported on Port N/N.
where N/N is the module and port number.
In most cases, when you enable link negotiation, the system autonegotiates flow control, duplex mode,
and remote fault information. The exception applies to 16-port 10/100/1000BASE-T Ethernet modules;
when you enable link negotiation on these Ethernet modules, the system autonegotiates flow control
only.
You must either enable or disable link negotiation on both ends of the link. Both ends of the link must
be set to the same value or the link cannot connect.
Examples
This example shows how to disable link negotiation protocol on port 1, module 4:
Console> (enable) set port negotiation 4/1 disable
Link negotiation protocol disabled on port 4/1.
Console> (enable)
Related Commands
show port negotiation
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-439
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port protocol
set port protocol
To enable or disable protocol membership of ports, use the set port protocol command.
set port protocol mod/port {ip | ipx | group} {on | off | auto}
Syntax Description
mod/port
Number of the module and the port on the module.
ip
Specifies IP.
ipx
Specifies IPX.
group
Specifies VINES, AppleTalk, and DECnet protocols.
on
Indicates the port will receive all the flood traffic for that protocol.
off
Indicates the port will not receive any flood traffic for that protocol.
auto
Specifies that the port is added to the group only after packets of the
specific protocol are received on that port.
Defaults
The default is that the ports are configured to on for the IP protocol groups and auto for IPX and group
protocols.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Protocol filtering is supported only on nontrunking EtherChannel ports. Trunking ports are always
members of all the protocol groups.
If the port configuration is set to auto, the port initially does not receive any flood packets for that
protocol. When the corresponding protocol packets are received on that port, the supervisor engine
detects this and adds the port to the protocol group.
Ports configured as auto are removed from the protocol group if no packets are received for that protocol
within a certain period of time. This aging time is set to 60 minutes. They are also removed from the
protocol group on detection of a link down.
Examples
This example shows how to disable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx off
IPX protocol disabled on port 2/1.
Console> (enable)
This example shows how to enable automatic IP membership of port 1 on module 5:
Console> (enable) set port protocol 5/1 ip auto
IP protocol set to auto mode on module 5/1.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-440
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port protocol
Related Commands
show port protocol
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-441
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos
set port qos
To specify whether an interface is interpreted as a physical port or as a VLAN, use the set port qos
command.
set port qos mod/ports... port-based | vlan-based
Syntax Description
mod/ports...
Number of the module and the ports on the module.
port-based
Interprets the interface as a physical port.
vlan-based
Interprets the interface as part of a VLAN.
Defaults
The default is ports are port-based if QoS is enabled and VLAN-based if QoS is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
When you change a port from port-based QoS to VLAN-based QoS, all ACLs are detached from the port.
Any ACLs attached to the VLAN apply to the port immediately.
When you set a port to VLAN-based QoS using the set port qos command with RSVP or COPS QoS
enabled on that port, the QoS policy source is COPS, or DSBM-election is enabled. The VLAN-based
setting is saved in NVRAM only.
Examples
This example shows how to specify an interface as a physical port:
Console> (enable) set port qos 1/1-2 port-based
Updating configuration ...
QoS interface is set to port-based for ports 1/1-2.
Console> (enable)
This example shows how to specify an interface as a VLAN:
Console> (enable) set port qos 3/1-48 vlan-based
Updating configuration ...
QoS interface is set to VLAN-based for ports 3/1-48.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-442
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos
This example shows the output if you change from port-based QoS to VLAN-based QoS with either
RSVP or COPS enabled on the port:
Console> (enable) set port qos 3/1-48 vlan
Qos interface is set to vlan-based for ports 3/1-48
Port(s) 3/1-48 - QoS policy-source is Cops or DSBM-election is enabled.
Vlan-based setting has been saved in NVRAM only.
Console> (enable)
Related Commands
set port qos cos
set port qos trust
show port qos
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-443
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos autoqos
set port qos autoqos
To apply the automatic QoS feature on a per-port basis, use the set port qos autoqos command.
set port qos mod/port autoqos trust {cos | dscp}
set port qos mod/port autoqos voip {ciscoipphone | ciscosoftphone}
Syntax Description
mod/port
Number of the module and ports on the module.
trust
Specifies AutoQoS for ports trusting all traffic markings.
cos
Trusts CoS-based markings of all inbound traffic.
dscp
Trusts DSCP-based markings of all inbound traffic.
voip
Specifies AutoQoS for voice applications.
ciscoipphone
Specifies AutoQoS for Cisco 79xx IP phones.
ciscosoftphone
Specifies AutoQoS for Cisco IP SoftPhones.
Defaults
The per-port AutoQos feature is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to trust CoS-based markings of inbound traffic on module 4, port 1:
Console> (enable) set port qos 4/1 autoqos trust cos
Port 4/1 ingress QoS configured for trust cos.
Trusting all incoming CoS marking on port 4/1.
It is recommended to execute the "set qos autoqos" global command if not executed
previously.
Console> (enable)
This example shows how to apply AutoQoS settings for Cisco 79xx IP phones on module 4, port 1:
Console> (enable) set port qos 4/1 autoqos voip ciscoipphone
Port 4/1 ingress QoS configured for ciscoipphone.
It is recommended to execute the "set qos autoqos" global command if not executed
previously.
Console> (enable)
This example shows how to apply AutoQoS settings for Cisco IP SoftPhones on module 4, port 1:
Console> (enable) set port qos 4/1 autoqos voip ciscosoftphone
Port 4/1 ingress QoS configured for ciscosoftphone. Policing configured on 4/1.
It is recommended to execute the "set qos autoqos" global command if not executed
previously.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-444
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos autoqos
Related Commands
set qos autoqos
show port qos
show qos acl info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-445
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos cos
set port qos cos
To set the default value for all packets that have arrived through an untrusted port, use the set port qos
cos command.
set port qos mod/ports cos cos_value
set port qos mod/ports cos-ext cos_value
Syntax Description
mod/ports
Number of the module and ports.
cos cos_value
Specifies the CoS value for a port; valid values are from 0 to 7.
cos-ext
cos_value
Specifies the CoS extension for a phone port; valid values are from
0 to 8.
Defaults
The default is CoS 3.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
If the default is enforced when you disable QoS, CoS is enforced when you enable QoS.
Examples
This example shows how to set the CoS default value on a port:
Console> (enable) set port qos 2/1 cos 3
Port 2/1 qos cos set to 3.
Console> (enable)
This example shows how to set the CoS-ext default value on a port:
Console> (enable) set port qos 2/1 cos-ext 3
Port 2/1 qos cos-ext set to 3.
Console> (enable)
Related Commands
clear port qos cos
set port qos
set port qos trust
show port qos
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-446
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos policy-source
set port qos policy-source
To set the QoS policy source for all ports in the specified module, use the set port qos policy-source
command.
set port qos policy-source mod/ports... local | cops
Syntax Description
mod/ports...
Number of the module and the ports on the module.
local
Sets the policy source to local NVRAM configuration.
cops
Sets the policy source to COPS configuration.
Defaults
The default is all ports are set to local.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set the policy source to local, the QoS policy is taken from local configuration stored in
NVRAM. If you set the policy source to local after it was set to COPS, the QoS policy reverts back to
the local configuration stored in NVRAM.
Examples
This example shows how to set the policy source to local NVRAM:
Console> (enable) set port qos 5/5 policy-source local
QoS policy source set to local on port(s) 5/1-48.
Console> (enable)
This example shows the output if you attempt to set the policy source to COPS and no COPS servers are
available:
Console> (enable) set port qos 5/5 policy-source cops
QoS policy source for the switch set to COPS.
Warning: No COPS servers configured. Use the ‘set cops server’ command
to configure COPS servers.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-447
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos policy-source
This example shows the output if you set the policy source to COPS and the switch is set to local
configuration (using the set qos policy-source command):
Console> (enable) set port qos 5/5 policy-source cops
QoS policy source set to COPS on port(s) 5/1-48.
Warning: QoS policy source for the switch set to use local configuration.
Console> (enable)
Related Commands
clear qos config
show port qos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-448
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos trust
set port qos trust
To set the trusted state of a port, use the set port qos trust command; for example, whether or not the
packets arriving at a port are trusted to carry the correct classification.
set port qos mod/ports... trust {untrusted | trust-cos | trust-ipprec | trust-dscp}
Syntax Description
mod/ports...
Number of the module and the ports on the module.
untrusted
Specifies that packets need to be reclassified from the matching access control
entry (ACE).
trust-cos
Specifies that although the CoS bits in the incoming packets are trusted, the
ToS is invalid and a valid value needs to be derived from the CoS bits.
trust-ipprec
Specifies that although the ToS and CoS bits in the incoming packets are
trusted, the ToS is invalid and the ToS is set as IP precedence.
trust-dscp
Specifies that the ToS and CoS bits in the incoming packets can be accepted as
is with no change.
Defaults
The default is untrusted; when you disable QoS, the default is trust-cos on Layer 2 switches and
trust-dscp on Layer 3 switches.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you disable QoS, the default is trust-cos on Layer 2 switches and trust-dscp on Layer 3 switches.
This command is not supported by the NAM.
On 10/100 ports, you can use only the set port qos trust command to activate the receive-drop
thresholds. To configure a trusted state, you have to convert the port to port-based QoS, define an ACL
that defines all (or the desired subset) of ACEs to be trusted, and attach the ACL to that port.
Examples
This example shows how to set the port to a trusted state:
Console> (enable) set port qos 3/7 trust trust-cos
Port 3/7 qos set to trust-cos.
Console> (enable)
This example shows the output if you try to set the trust state on a 10/100 port:
Console> (enable) set port qos 3/28 trust trust-cos
Trust type trust-cos not supported on this port.
Receive thresholds are enabled on port 3/28.
Port 3/28 qos set to untrusted.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-449
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos trust
Related Commands
set port qos
set port qos cos
show port qos
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-450
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos trust-device
set port qos trust-device
To configure the trust mode on a port on a specific device or module, use the set port qos trust-device
command.
set port qos mod/ports... trust-device {none | ciscoipphone}
Syntax Description
mod/port...
Number of the module and the ports on the module.
none
Sets the device trust mode to disable.
ciscoipphone
Trusts only Cisco IP phones.
Defaults
By default, the device trust mode for each port is set to none.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to trust only Cisco IP phones on port 4/1:
Console> (enable) set port qos 4/1 trust-device ciscoipphone
Port 4/1 set to only trust device of type ciscoIPPhone.
Console> (enable)
This example shows how to disable the device trust on port 4/1:
Console> (enable) set port qos 4/1 trust-device none
Port 4/1 trust device feature disabled.
Console> (enable)
Related Commands
show port qos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-451
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port qos trust-ext
set port qos trust-ext
To configure the access port on a Cisco IP phone connected to the switch port, use the set port qos
trust-ext command.
set port qos mod/ports... trust-ext {trusted | untrusted}
Syntax Description
mod/ports...
Number of the module and the ports on the module.
trusted
Specifies that all traffic received through the access port passes through the
phone switch unchanged.
untrusted
Specifies that all traffic in 802.1Q or 802.1p frames received through the
access port is marked with a configured Layer 2 CoS value.
Defaults
The default when the phone is connected to a Cisco LAN switch is untrusted mode; trusted mode is the
default when the phone is not connected to a Cisco LAN switch.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Traffic in frame types other than 802.1Q or 802.1p passes through the phone switch unchanged,
regardless of the access port trust state.
Examples
This example shows how to set the trust extension on ports on the connected phone to a trusted state:
Console> (enable) set port qos 3/7 trust-ext trusted
Port in the phone device connected to port 3/7 is configured to be trusted.
Console> (enable)
Related Commands
set port qos
set port qos cos
show qos info
show port qos
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-452
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port rsvp dsbm-election
set port rsvp dsbm-election
To specify whether or not the switch participates in the Designated Subnet Bandwidth Manager (DSBM)
election on that particular segment, use the set port rsvp dsbm-election command.
set port rsvp mod/port dsbm-election enable | disable [dsbm_priority]
Syntax Description
mod/port
Number of the module and the port.
enable
Enables participation in the DSBM election.
disable
Disables participation in the DSBM election.
dsbm_priority
(Optional) DSBM priority; valid values are from 128 to 255.
Defaults
The default is DSBM is disabled; the default dsbm_priority is 128.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Examples
This example shows how to enable participation in the DSBM election:
Console> (enable) set port rsvp 2/1,3/2 dsbm-election enable 232
DSBM election enabled for ports 2/1,3/2.
DSBM priority set to 232 for ports 2/1,3/2.
This DSBM priority will be used during the next election process.
Console> (enable)
This example shows how to disable participation in the DSBM election:
Console> (enable) set port rsvp 2/1 dsbm-election disable
DSBM election disabled for ports(s) 2/1.
Console> (enable)
This example shows the output when you enable participation in the DSBM election on a port that is not
forwarding:
Console> (enable) set port rsvp 2/1,3/2 dsbm-election enable 232
DSBM enabled and priority set to 232 for ports 2/1,3/2.
Warning: Port 2/1 not forwarding. DSBM negotiation will start after port starts forwarding
on the native vlan.
Console> (enable)
Related Commands
show port rsvp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-453
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port security
set port security
To configure port security on a port or range of ports, use the set port security command.
set port security mod[/port...] [enable | disable] [mac_addr] [age {age_time}]
[maximum {num_ of_mac}] [shutdown {shutdown_time}] [unicast-flood {enable | disable}]
[violation {shutdown | restrict}]
Syntax Description
Defaults
mod[/port...]
Number of the module and optionally, the port on the module.
enable
(Optional) Enables port security or unicast flooding.
disable
(Optional) Disables port security or unicast flooding.
mac_addr
(Optional) Secure MAC address of the enabled port.
age age_time
(Optional) Specifies the duration for which addresses on the port
will be secured; valid values are 0 (to disable) and from 1 to 1440
(minutes).
maximum
num_of_mac
(Optional) Specifies the maximum number of MAC addresses to
secure on the port; valid values are from 1 to 4097.
shutdown
shutdown_time
(Optional) Specifies the duration for which a port will remain
disabled in case of a security violation; valid values are 0 (to
disable) and from 1 to 1440 (minutes).
unicast-flood
(Optional) Specifies unicast flooding.
violation
(Optional) Specifies the action to be taken in the event of a security
violation.
shutdown
(Optional) Shuts down the port in the event of a security violation.
restrict
(Optional) Restricts packets from unsecure hosts.
The default port security configuration is as follows:
•
Port security is disabled.
•
Number of secure addresses per port is one.
•
Violation action is shutdown.
•
Age is permanent. (Addresses are not aged out.)
•
Shutdown time is indefinite.
•
Unicast flooding is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-454
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port security
Usage Guidelines
This command is not supported by the NAM.
If you enter the set port security enable command but do not specify a MAC address, the first MAC
address seen on the port becomes the secure MAC address.
You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this
list of secure addresses. The maximum number is 1024.
The set port security violation command allows you to specify whether you want the port to shut down
or to restrict access to insecure MAC addresses only. The shutdown time allows you to specify the
duration of shutdown in the event of a security violation.
We recommend that you configure the age timer and the shutdown timer if you want to move a host from
one port to another when port security is enabled on those ports. If the age_time value is less than or
equal to the shutdown_time value, the moved host will function again in an amount of time equal to the
shutdown_time value. The age timer begins upon learning the first MAC address, and the disable timer
begins when there is a security violation.
If you disable unicast flooding on a port, the port will drop unicast flood packets when it reaches the
maximum number of MAC addresses allowed.
You can secure only unicast MAC addresses through the CLI. Unicast MAC addresses can also be
learned dynamically. Multicast MAC addresses cannot be secured.
Examples
This example shows how to set port security with a learned MAC address:
Console> (enable) set port security 3/1 enable
Port 3/1 port security enabled with the learned mac address.
Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable) set port security 3/1 enable 00-02-03-04-05-06
Port 3/1 port security enabled with 00-02-03-04-05-06 as the secure mac address.
Console> (enable)
This example sets the shutdown time to 600 minutes on port 7/7:
Console> (enable) set port security 7/7 shutdown 600
Secure address shutdown time set to 600 minutes for port 7/7.
Console> (enable)
This example sets the port to drop all packets that are coming in on the port from insecure hosts:
Console> (enable) set port security 7/7 violation restrict
Port security violation on port 7/7 will cause insecure packets to be dropped.
Console> (enable)
This example shows how to enable unicast flooding on port 4/1:
Console> (enable) set port security 4/1 unicast-flood enable
Port 4/1 security flood mode set to enable.
Console> (enable)
This example shows how to disable unicast flooding on port 4/1:
Console>
WARNING:
Port 4/1
Console>
(enable) set port security 4/1 unicast-flood disable
Trunking & Channelling will be disabled on the port.
security flood mode set to disable.
(enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-455
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port security
Related Commands
clear port security
show port security
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-456
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port speed
set port speed
To configure the speed of a port interface, use the set port speed command.
set port speed mod/port {10 | 100 | 1000 | auto}
Syntax Description
mod/port
Number of the module and the port on the module.
10 | 100 | 1000
Sets a port speed for 10BASE-T, 100BASE-T, or 1000BASE-T ports.
auto
Specifies autonegotiation for transmission speed and duplex mode on 10/100 Fast
Ethernet ports.
Defaults
The default is auto.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
In most cases, autonegotiation manages transmission speed, duplex mode, the master link, and the slave
link. The exception applies to 16-port 10/100/1000BASE-T Ethernet modules, where autonegotiation
manages transmission speed only.
You can configure Fast Ethernet interfaces on the 10/100-Mbps Fast Ethernet switching module to either
10, 100, or 1000 Mbps, or to autosensing mode, allowing the interfaces to sense and distinguish between
10- and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a
remote port connection. If you set the interfaces to autosensing, they configure themselves automatically
to operate at the proper speed and transmission type.
Examples
This example shows how to configure port 1, module 2 to auto:
Console> (enable) set port speed 2/1 auto
Port 2/1 speed set to auto-sensing mode.
Console> (enable)
This example shows how to configure the port speed on port 2, module 2 to 10 Mbps:
Console> (enable) set port speed 2/2 10
Port 2/2 speed set to 10 Mbps.
Console> (enable)
Related Commands
show port
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-457
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port sync-restart-delay
set port sync-restart-delay
To specify the synchronization restart delay of a port, use the set port sync-restart-delay command.
set port sync-restart-delay mod/port delay
Syntax Description
mod/port
Number of the module and the port on the module.
delay
Delay time in milliseconds; the delay range is 200 to 60000 milliseconds
(60 seconds).
Defaults
The default delay time is 210 milliseconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The more dense wavelength division multiplexing (DWDM) equipment you have in the network, usually
the longer the synchronization delay should be.
The set port sync-restart-delay and show port sync-restart-delay commands are available in both
binary mode and text configuration mode.
Use the clear config command to reset the synchronization delay to 210 milliseconds.
Related Commands
clear config
show port sync-restart-delay
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-458
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port trap
set port trap
To enable or disable the operation of the standard Simple Network Management Protocol (SNMP) link
trap (up or down) for a port or range of ports, use the set port trap command.
set port trap mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Activates the SNMP link trap.
disable
Deactivates the SNMP link trap.
Defaults
The default is all port traps are disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
To set SNMP traps, enter the set snmp trap command.
Examples
This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable
Port 1/2 up/down trap enabled.
Console> (enable)
Related Commands
show port trap
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-459
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port unicast-flood
set port unicast-flood
To configure the switch to drop Unicast Flood traffic on an Ethernet port, use the set port unicast-flood
command.
set port unicast-flood mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables unicast flood and to disable unicast flood blocking.
disable
Disables unicast flood and to enable unicast flood blocking.
Defaults
Unicast flood blocking is disabled on all ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Only Ethernet ports can block unicast flood traffic.
You must have a static CAM entry associated with the Ethernet port before you disable unicast flood on
the port, or you will lose network connectivity when you disable unicast flood. You can verify a static
CAM entry exists by entering the show cam static command.
You cannot configure a port channel on a unicast flood disabled port, and you cannot disable unicast
flood on a port channel.
You cannot disable unicast flood on a SPAN destination port, and you cannot configure a SPAN
destination on a unicast flood disabled port.
You cannot disable unicast flood on a trunk port. If you do, an error message will be displayed.
If you disable unicast flood on an Ethernet port that has port security enabled on it, the switch stops
sending Unicast Flood packets to the port once the switch has learned the allowed maximum number of
MAC addresses. When the learned MAC address count drops below the maximum number allowed,
unicast flooding is automatically re-enabled.
Unicast flood blocking and GARP VLAN Registration Protocol (GVRP) are mutually exclusive. You
cannot disable unicast flood and exchange VLAN configuration information with GVRP switches at the
same time.
Examples
This example shows how to enable unicast flood traffic on module 4, port 1 of a switch:
Console> (enable) set port unicast-flood 4/1 disable
WARNING: Trunking & Channelling will be disabled on the port.
Unicast Flooding is successfully disabled on the port 4/1.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-460
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port unicast-flood
This example shows how to disable unicast flood traffic on module 4, port 1 of a switch:
Console> (enable) set port unicast-flood 4/1 enable
Unicast Flooding is successfully enabled on the port 4/1.
Console> (enable)
Related Commands
show port unicast-flood
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-461
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port voice interface dhcp
set port voice interface dhcp
To set the port voice interface for the DHCP, TFTP, and DNS servers, use the set port voice interface
dhcp command.
set port voice interface mod/port dhcp enable [vlan vlan]
set port voice interface mod/port dhcp disable {ipaddrspec} {tftp ipaddr} [vlan vlan]
[gateway ipaddr] [dns [ipaddr] [domain_name]]
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Activates the SNMP link trap.
vlan vlan
(Optional) Specifies a VLAN interface; valid values are from 1 to
1005 and from 1025 to 4094.
disable
Deactivates the SNMP link trap.
ipaddrspec
IP address and mask; see the “Usage Guidelines” section for format
instructions.
tftp ipaddr
Specifies the number of the TFTP server IP address or IP alias in dot
notation a.b.c.d.
gateway ipaddr
(Optional) Specifies the number of the gateway server IP address or
IP alias in dot notation a.b.c.d.
dns
(Optional) Specifies the DNS server.
ipaddr
(Optional) Number of the DNS IP address or IP alias in dot notation
a.b.c.d.
domain_name
(Optional) Name of the domain.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The ipaddrspec format is {ipaddr} {mask} or {ipaddr}/{mask} {mask}. The mask is a dotted format
(255.255.255.0) or number of bits (0 to 31).
You can specify a single port only when setting the IP address.
If you enable DHCP on a port, the port obtains all other configuration information from the TFTP server.
When you disable DHCP on a port, the following mandatory parameters must be specified:
•
If you do not specify DNS parameters, the software uses the system DNS configuration on the
supervisor engine to configure the port.
•
You cannot specify more than one port at a time because a unique IP address must be set for each
port.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-462
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port voice interface dhcp
Examples
This example shows how to enable the port voice interface for the DHCP server:
Console> (enable) set port voice interface 7/4-8 dhcp enable
Port 7/4 DHCP enabled.
Console> (enable)
This example shows how to disable the set port voice interface DHCP server:
Console> (enable) set port voice interface 7/3 dhcp disable 171.68.111.41/24 tftp
173.32.43.11 dns 172.20.34.204 cisco.com
Port 7/3 dhcp disabled.
System DNS configurations applied.
Console> (enable)
This example shows how to enable the port voice interface for the DHCP server with a specified VLAN:
Console> (enable) set port voice interface 7/4-6 dhcp enable vlan 3
Vlan 3 configuration successful
Ports 7/4-6 DHCP enabled.
Console> (enable)
This example shows how to enable the port voice interface for the TFTP, DHCP, and DNS servers:
Console> (enable) set port voice interface dhcp enable 4/2 171.68.111.41 tftp 173.32.43.11
dhcp 198.98.4.1 dns 189.69.24.192
Port 4/2 interface set.
IP address: 171.68.111.41 netmask 255.255.0.0
TFTP server: 173.32.43.11
DHCP server: 198.98.4.1
DNS server: 189.69.24.192
Console> (enable)
This example shows how to enable a single port voice interface:
Console> (enable) set port voice interface 4/2-9 dhcp 123.23.32.1/24
Single port must be used when setting the IP address.
Console> (enable)
Related Commands
show port voice interface
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-463
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set port vtp
set port vtp
To enable or disable VLAN Trunk Protocol (VTP) on a per-port basis, use the set port vtp command.
set port vtp mod/port {enable | disable}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Activates VTP.
disable
Deactivates VTP.
Defaults
VTP is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set port vtp command allows you to enable or disable any kind of VTP interaction on a per-port
basis, which may be useful on trunks leading to non-trusted hosts. When a port is disabled, no VTP
packet is sent on the port, and any VTP packet received on the port is dropped.
Examples
This example shows how to disable VTP on ports 1 and 2 on module 1:
Console> (enable) set port vtp 1/1-2 disable
Port(s) 1/1-2 will no longer participate in VTP.
Console> (enable)
Related Commands
set vtp
show port vtp
show vtp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-464
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set power redundancy
set power redundancy
To turn redundancy between the power supplies on or off, use the set power redundancy command.
set power redundancy {enable | disable}
Syntax Description
enable
Activates redundancy between the power supplies.
disable
Deactivates redundancy between the power supplies.
Defaults
The default is power redundancy is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
In a system with dual power supplies, this command turns redundancy on or off between the power
supplies. In a redundant configuration, the power available to the system is the maximum power
capability of the weakest power supply.
In a nonredundant configuration, the power available to the system is the sum of the power capability of
both power supplies.
Examples
This example shows how to activate redundancy between power supplies:
Console> (enable) set power redundancy enable
Power supply redundancy enabled.
Console> (enable)
This example shows how to deactivate redundancy between power supplies:
Console> (enable) set power redundancy disable
Power supply redundancy disabled.
Console> (enable)
Related Commands
show environment
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-465
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set prompt
set prompt
To change the prompt for the CLI, use the set prompt command.
set prompt prompt_string
Syntax Description
prompt_string
Defaults
The default is the prompt is set to Console>.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the set system name command to assign a name to the switch, the switch name is used as the
prompt string. However, if you specify a different prompt string using the set prompt command, that
string is used for the prompt.
Examples
This example shows how to set the prompt to system100>:
String to use as the command prompt.
Console> (enable) set prompt system100>
system100> (enable)
Related Commands
set system name
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-466
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set protocolfilter
set protocolfilter
To activate or deactivate protocol filtering on Ethernet VLANs and on nontrunking Ethernet, Fast
Ethernet, and Gigabit Ethernet ports, use the set protocolfilter command.
set protocolfilter {enable | disable}
Syntax Description
enable
Activates protocol filtering.
disable
Deactivates protocol filtering.
Defaults
The default is protocol filtering is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Protocol filtering is supported only on Ethernet VLANs and on nontrunking EtherChannel ports.
This feature is not supported on the Supervisor Engine 720 with PFC3.
Examples
This example shows how to activate protocol filtering:
Console> (enable) set protocolfilter enable
Protocol filtering enabled on this switch.
Console> (enable)
This example shows how to deactivate protocol filtering:
Console> (enable) set protocolfilter disable
Protocol filtering disabled on this switch.
Console> (enable)
Related Commands
show protocolfilter
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-467
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pvlan
set pvlan
To bind the isolated or community VLAN to the primary VLAN and assign the isolated or community
ports to the private VLAN, use the set pvlan command.
set pvlan primary_vlan {isolated_vlan | community_vlan | twoway_community_vlan}
[mod/port | sc0]
Caution
Syntax Description
We recommend that you read and understand the “Configuring VLANs” chapter in the Catalyst 6500
Series Software Configuration Guide before using this command.
primary_vlan
Number of the primary VLAN.
isolated_vlan
Number of the isolated VLAN.
community_vlan
Number of the community VLAN.
twoway_community_vlan
Number of the two-way community VLAN.
mod/port
(Optional) Module and port numbers of the isolated or
community ports.
sc0
(Optional) Specifies the inband port sc0.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must set the primary VLAN, isolated VLAN, and community VLANs using the set vlan pvlan-type
pvlan_type command before making the association with the set pvlan command.
Each isolated or community VLAN can have only one primary VLAN associated with it. A primary
VLAN may have one isolated or multiple community VLANs associated to it.
Although you can configure sc0 as a private port, you cannot configure sc0 as a promiscuous port.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-468
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pvlan
Examples
This example shows how to map VLANs 901, 902, and 903 (isolated or community VLANs) to VLAN 7
(the primary VLAN):
Console> (enable) set pvlan 7 901 4/3
Port 4/3 is successfully assigned to vlan 7, 901 and
Console> (enable) set pvlan 7 902 4/4-5
Ports 4/4-5 are successfully assigned to vlan 7, 902
Console> (enable) set pvlan 7 903 4/6-7
Ports 4/6-7 are successfully assigned to vlan 7, 903
Console> (enable) set pvlan 300 301 sc0
Successfully set the following ports to Private Vlan
sc0
Console> (enable)
is made an isolated port.
and are made community ports.
and are made community ports.
300, 301:
This example shows the message that appears when VLAN port-provisioning verification is enabled:
Console> (enable) set pvlan 20 30 2/2
Port Provisioning Verification is enabled on the switch.
To move port(s) into the VLAN
Use 'set pvlan <primary_vlan> <secondary_vlan> <port> <pri_vlan_name> <sec_vlan_name>'
command.
Console> (enable)
Related Commands
clear config pvlan
clear pvlan mapping
clear vlan
set pvlan mapping
set vlan
set vlan verify-port-provisioning
show pvlan
show pvlan capability
show pvlan mapping
show vlan
show vlan verify-port-provisioning
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-469
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pvlan mapping
set pvlan mapping
To map isolated or community VLANs to the primary VLAN on the promiscuous port, use the set pvlan
mapping command.
set pvlan mapping primary_vlan {isolated_vlan | community_vlan | twoway_community_vlan}
mod/port
Syntax Description
primary_vlan
Number of the primary VLAN.
isolated_vlan
Number of the isolated VLAN.
community_vlan
Number of the community VLAN.
twoway_community_vlan
Number of the two-way community VLAN.
mod/port
Module and port number of the promiscuous port.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must set the primary VLAN, isolated VLANs, and community VLANs using the set vlan
pvlan-type command combined with the set pvlan command before you can apply the VLANs on any
of the promiscuous ports with the set pvlan mapping command.
You should connect the promiscuous port to an external device for the ports in the private VLAN to
communicate with any other device outside the private VLAN.
You should apply this command for each primary or isolated (community) association in the private
VLAN.
Examples
This example shows how to remap community VLAN 903 to the primary VLAN 901 on ports 3 through
5 on module 8:
Console> (enable) set pvlan mapping 901 903 8/3-5
Successfully set mapping between 901 and 903 on 8/3-5.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-470
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set pvlan mapping
Related Commands
clear pvlan mapping
clear vlan
set pvlan
set vlan
show pvlan
show pvlan mapping
show vlan
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-471
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos
set qos
To turn on or turn off QoS functionality on the switch, use the set qos command.
set qos enable | disable
Syntax Description
enable
Activates QoS functionality.
disable
Deactivates QoS functionality.
Defaults
The default is QoS functionality is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Refer to the Catalyst 6500 Series Switch Software Configuration Guide for information on how to
change the QoS default configurations.
When you enable and disable QoS in quick succession, a bus timeout might occur.
If you enable or disable QoS on channel ports with different port types, channels might break or form.
Examples
This example shows how to enable QoS:
Console> (enable) set qos enable
QoS is enabled.
Console> (enable)Console> (enable)
This example shows how to disable QoS:
Console> (enable) set qos disable
QoS is disabled.
Console> (enable)
Related Commands
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-472
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl default-action
set qos acl default-action
To set the ACL default actions, use the set qos acl default-action command.
set qos acl default-action ip {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[{microflow microflow_name}] [{aggregate aggregate_name}] [input]
set qos acl default-action ipx {{dscp dscp} | trust-cos} [{microflow microflow_name}]
[{aggregate aggregate_name}]
set qos acl default-action {ipx | mac} {{dscp dscp} | trust-cos}
[{aggregate aggregate_name}] [input]
Syntax Description
ip
Specifies the IP ACL default actions.
dscp dscp
Sets the DSCP to be associated with packets matching this stream.
trust-cos
Specifies DSCP is derived from the packet CoS.
trust-ipprec
Specifies DSCP is derived from the packet IP precedence.
trust-dscp
Specifies DSCP is contained in the packet already.
microflow
microflow_name
(Optional) Specifies the name of the microflow policing rule to be
applied to packets matching the ACE.
aggregate
aggregate_name
(Optional) Specifies the name of the aggregate policing rule to be
applied to packets matching the ACE.
input
(Optional) Specifies the receive side.
ipx
Specifies the IPX ACL default actions.
mac
Specifies the MAC ACL default actions.
Defaults
The default is no ACL is set up. When you enable QoS, the default-action is to classify everything to
best effort and to do no policing. When you disable QoS, the default-action is trust-dscp on all packets
and no policing.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and the switch and do not
require that you enter the commit command.
Only PFC3 supports the input keyword.
Examples
This example shows how to set up the IP ACL default actions:
Console> (enable) set qos acl default-action ip dscp 5 microflow micro aggregate agg
QoS default-action for IP ACL is set successfully.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-473
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl default-action
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-474
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl default-action
This example shows how to set up the IPX ACL default actions:
Console> (enable) set qos acl default-action ipx dscp 5 microflow micro aggregate agg
QoS default-action for IPX ACL is set successfully.
Console> (enable)
This example shows how to set up the MAC ACL default actions:
Console> (enable) set qos acl default-action mac dscp 5 microflow micro aggregate agg
QoS default-action for MAC ACL is set successfully.
Console> (enable)
Related Commands
clear qos acl
show qos acl info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-475
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ip
set qos acl ip
To create or add IP access lists, use the set qos acl ip command.
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {src_ip_spec}
[precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {protocol} {src_ip_spec}
{dest_ip_spec} [precedence precedence | dscp-field dscp] [before editbuffer_index |
modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] icmp {src_ip_spec}
{dest_ip_spec} [icmp_type [icmp_code] | icmp_message] [precedence precedence |
dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] tcp {src_ip_spec} [{operator}
{port} [port]] {dest_ip_spec} [{operator} {port} [port]] [established]
[precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] udp {src_ip_spec} [{operator}
{port} [port]] {dest_ip_spec} [{operator} {port} [port]] [precedence precedence |
dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
set qos acl ip {acl_name} {{dscp dscp} | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] igmp {src_ip_spec}
{dest_ip_spec} [igmp_type] [precedence precedence | dscp-field dscp] [before
editbuffer_index | modify editbuffer_index]
Syntax Description
acl_name
Unique name that identifies the list to which the entry belongs.
dscp dscp
Sets CoS and DSCP from configured DSCP values.
trust-cos
Specifies DSCP is derived from the packet CoS.
trust-ipprec
Specifies DSCP is derived from the packet IP precedence.
trust-dscp
Specifies DSCP is contained in the packet already.
microflow
microflow_name
(Optional) Specifies the name of the microflow policing rule to be applied
to packets matching the ACE.
aggregate
aggregate_name
(Optional) Specifies the name of the aggregate policing rule to be applied
to packets matching the ACE.
src_ip_spec
Source IP address and the source mask. See the “Usage Guidelines” section
for the format.
before
editbuffer_index
(Optional) Inserts the new ACE in front of another ACE.
modify
editbuffer_index
(Optional) Replaces an ACE with the new ACE.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-476
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ip
protocol
Keyword or number of an IP protocol; valid numbers are from 0 to 255
representing an IP protocol number. See the “Usage Guidelines” section for
the list of valid keywords and corresponding numbers.
dest_ip_spec
Destination IP address and the destination mask. See the “Usage
Guidelines” section for the format.
precedence
precedence
(Optional) Specifies the precedence level to compare with an incoming
packet; valid values are from 0 to 7 or by name. See the “Usage Guidelines”
section for a list of valid names.
dscp-field dscp
(Optional) Specifies the DSCP field level to compare with an incoming
packet. Valid values are from 0 to 7 or by name; valid names are critical,
flash, flash-override, immediate, internet, network, priority, and
routine.
icmp
Specifies ICMP.
icmp-type
(Optional) ICMP message type; valid values are from 0 to 255.
icmp-code
(Optional) ICMP message code; valid values are from 0 to 255.
icmp-message
(Optional) ICMP message type name or ICMP message type and code
name. See the “Usage Guidelines” section for a list of valid names.
tcp
Specifies TCP.
operator
(Optional) Operands; valid values include lt (less than), gt (greater than),
eq (equal), neq (not equal), and range (inclusive range).
port
(Optional) TCP or UDP port number or name; valid port numbers are from
0 to 65535. See the “Usage Guidelines” section for a list of valid names.
established
(Optional) For TCP protocol only; specifies an established connection.
udp
Specifies UDP.
igmp
Specifies IGMP.
igmp_type
(Optional) IGMP message type; valid values are from 0 to 15.
Defaults
The default is there are no ACLs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering any of these commands are saved to NVRAM and the switch only
after you enter the commit command. Enter ACEs in batches and then enter the commit command to
save them in NVRAM and the switch.
Use the show qos acl info command to view the edit buffer.
The dscp dscp, trust-cos, trust-ipprec, and trust-dscp keywords and variables are used to select a
marking rule. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional
marking rule information.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-477
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ip
The optional microflow microflow_name and aggregate aggregate_name keywords and variables are
used to configure policing in the ACE. Refer to the Catalyst 6500 Series Switch Software Configuration
Guide for additional policing rule information.
The src_ip_spec, optional precedence precedence, or dscp-field dscp keywords and variables are used
to configure filtering.
When you enter the ACL name, follow these naming conventions:
•
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
•
Case sensitive
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
When you specify the source IP address and the source mask, use the form
source_ip_address source_mask and follow these guidelines:
•
The source_mask is required; 0 indicates a “care” bit, and 1 indicates a “don’t-care” bit.
•
Use a 32-bit quantity in four-part dotted-decimal format.
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0
255.255.255.255.
•
Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
When you enter a destination IP address and the destination mask, use the form destination_ip_address
destination_mask. The destination mask is required.
•
Use a 32-bit quantity in a four-part dotted-decimal format
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0
255.255.255.255
•
Use host/source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0
Valid names for precedence are critical, flash, flash-override, immediate, internet, network, priority, and
routine.
Valid names for tos are max-reliability, max-throughput, min-delay, min-monetary-cost, and normal.
Valid protocol keywords include icmp (1), ip, ipinip (4), tcp (6), udp (17), igrp (9), eigrp (88),
gre (47), nos (94), ospf (89), ahp (51), esp (50), pcp (108), and pim (103). The IP protocol number is
displayed in parentheses. Use the keyword ip to match any Internet Protocol.
ICMP packets that are matched by ICMP message type can also be matched by the ICMP message code.
Valid names for icmp_type and icmp_code are administratively-prohibited, alternate-address,
conversion-error, dod-host-prohibited, dod-net-prohibited, echo, echo-reply,
general-parameter-problem, host-isolated, host-precedence-unreachable, host-redirect,
host-tos-redirect, host-tos-unreachable, host-unknown, host-unreachable, information-reply,
information-request, mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect,
net-tos-unreachable, net-unreachable, network-unknown, no-room-for-option, option-missing,
packet-too-big, parameter-problem, port-unreachable, precedence-unreachable, protocol-unreachable,
reassembly-timeout, redirect, router-advertisement, router-solicitation, source-quench,
source-route-failed, time-exceeded, timestamp-reply, timestamp-request, traceroute, ttl-exceeded, and
unreachable.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-478
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ip
If the operator is positioned after the source and source-wildcard, it must match the source port. If the
operator is positioned after the destination and destination-wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators require one port number only.
TCP port names can be used only when filtering TCP. Valid names for TCP ports are bgp, chargen,
daytime, discard, domain, echo, finger, ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp,
pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www.
UDP port names can be used only when filtering UDP. Valid names for UDP ports are biff, bootpc,
bootps, discard, dns, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp,
snmptrap, sunrpc, syslog, tacacs-ds, talk, tftp, time, who, and xdmcp.
If no layer protocol number is entered, you can use this syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {src_ip_spec}
[before editbuffer_index | modify editbuffer_index]
If a Layer 4 protocol is specified, you can use this syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] {protocol} {src_ip_spec}
{dest_ip_spec} [precedence precedence | dscp-field dscp] [before editbuffer_index |
modify editbuffer_index]
If ICMP is used, you can use this syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] icmp {src_ip_spec}
{dest_ip_spec} [icmp_type [icmp_code] | icmp_message] [precedence precedence |
dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
If TCP is used, you can use this syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[microflow microflow_name] [aggregate aggregate_name] tcp {src_ip_spec} [{operator}
{port} [port]] {dest_ip_spec} [{operator} {port} [port]] [established]
[precedence precedence | dscp-field dscp] [before editbuffer_index |
modify editbuffer_index]
If UDP is used, you can use this syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
[[microflow microflow_name] [aggregate aggregate_name] udp {src_ip_spec} [{operator}
{port} [port]] {dest_ip_spec} [{operator {port} [port]] [precedence precedence |
dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
Examples
This example shows how to define a TCP access list:
Console> (enable) set qos acl ip my_acl trust-dscp microflow my-micro tcp 1.2.3.4
255.0.0.0 eq port 21 172.20.20.1 255.255.255.0
my_acl editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-479
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ip
This example shows how to define an ICMP access list:
Console> (enable) set qos acl ip icmp_acl trust-dscp my-micro icmp 1.2.3.4 255.255.0.0
172.20.20.1 255.255.255.0 precedence 3
my_acl editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Related Commands
clear qos acl
commit
rollback
show qos acl info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-480
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ipx
set qos acl ipx
To define IPX access lists, use the set qos acl ipx command.
set qos acl ipx {acl_name} {dscp dscp | trust-cos} [aggregate aggregate_name] {protocol}
{src_net} [dest_net.[dest_node] [[dest_net_mask.]dest_node_mask]
[before editbuffer_index | modify editbuffer_index]
Syntax Description
acl_name
Unique name that identifies the list to which the entry belongs.
dscp dscp
Sets CoS and DSCP from configured DSCP values.
trust-cos
Specifies that the DSCP is derived from the packet CoS.
aggregate
aggregate_name
(Optional) Specifies the name of the aggregate policing rule to be applied
to packets matching the ACE.
protocol
Keyword or number of an IPX protocol; valid values are from 0 to 255
representing an IPX protocol number. See the “Usage Guidelines”
section for a list of valid keywords and corresponding numbers.
src_net
Number of the network from which the packet is being sent. See the
“Usage Guidelines” section for format guidelines.
dest_net.
(Optional) Mask to be applied to destination-node. See the “Usage
Guidelines” section for format guidelines.
dest_node
(Optional) Node on destination-network of the packet being sent.
dest_net_mask.
(Optional) Mask to be applied to the destination network. See the “Usage
Guidelines” section for format guidelines.
dest_node_mask
(Optional) Mask to be applied to destination-node. See the “Usage
Guidelines” section for format guidelines.
before
editbuffer_index
(Optional) Inserts the new ACE in front of another ACE.
modify
editbuffer_index
(Optional) Replaces an ACE with the new ACE.
Defaults
There are no default ACL mappings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The dscp dscp and trust-cos keywords and variables are used to select a marking rule. Refer to the
Catalyst 6500 Series Switch Software Configuration Guide for additional marking rule information.
The dscp dscp and trust-cos keywords and variables are not supported on systems configured with the
Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2).
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-481
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ipx
The optional aggregate aggregate_name keyword and variable are used to configure policing in the
ACE. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional policing rule
information.
Use the show security acl command to display the list.
The src_ip_spec, optional precedence precedence, or dscp-field dscp keywords and variables, are used
to configure filtering.
When you enter the ACL name, follow these naming conventions:
•
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
•
Case sensitive
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Valid protocol keywords include ncp (17), rip (1), sap (4), and spx (5). The IP network number is listed
in parentheses.
The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network
cable segments. When you specify the src_net or dest_net, use the following guidelines:
•
It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks.
•
You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA.
The dest_node is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers
(xxxx.xxxx.xxxx).
The destination_mask is of the form N.H.H.H or H.H.H where N is the destination network mask and H
is the node mask. It can be specified only when the destination node is also specified for the destination
address.
The dest_net_mask is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.
The mask must be immediately followed by a period, which must in turn be immediately followed by
destination-node-mask. You can enter this value only when dest_node is specified.
The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers
(xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when
dest_node is specified.
The dest_net_mask is an eight-digit hexadecimal number that uniquely identifies the network cable
segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks. You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA. Following are dest_net_mask examples:
Note
•
123A
•
123A.1.2.3
•
123A.1.2.3 ffff.ffff.ffff
•
1.2.3.4 ffff.ffff.ffff.ffff
The PFC3 does not provide QoS support for IPX traffic.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-482
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl ipx
Examples
This example shows how to create an IPX ACE:
Console> (enable) set qos acl ipx my_IPXacl trust-cos aggregate my-agg -1
my_IPXacl editbuffer modified. Use `commit' command to apply changes.
Console> (enable)
Related Commands
clear qos acl
commit
rollback
show qos acl info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-483
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl mac
set qos acl mac
To define MAC access lists, use the set qos acl mac command.
set qos acl mac {acl_name} {dscp dscp | trust-cos} [aggregate aggregate_name]
{src_mac_addr_spec} {dest_mac_addr_spec} [ether-type] [before editbuffer_index | modify
editbuffer_index]
Syntax Description
acl_name
Unique name that identifies the list to which the entry belongs.
dscp dscp
Sets CoS and DSCP from configured DSCP values.
trust-cos
Specifies that the DSCP is derived from the packet CoS.
aggregate
aggregate_name
(Optional) Specifies the name of the aggregate policing rule to be
applied to packets matching the ACE.
src_mac_addr_spec
Number of the source MAC address in the form
source_mac_address source_mac_address_mask.
dest_mac_addr_spec
Number of the destination MAC address.
ether-type
(Optional) Name or number that matches the Ethertype for
Ethernet-encapsulated packets. See the “Usage Guidelines” section for
a list of valid names and numbers.
before
editbuffer_index
(Optional) Inserts the new ACE in front of another ACE.
modify
editbuffer_index
(Optional) Replaces an ACE with the new ACE.
Defaults
There are no default ACL mappings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The dscp dscp and trust-cos keywords and variables are used to select a marking rule. Refer to the
Catalyst 6500 Series Switch Software Configuration Guide for additional marking rule information.
The dscp dscp and trust-cos keywords and variables are not supported on systems configured with the
Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2).
The optional aggregate aggregate_name keyword and variable are used to configure policing in the
ACE. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional policing rule
information.
When you enter the ACL name, follow these naming conventions:
•
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-484
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl mac
•
Case sensitive
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
The src_mac_addr_spec is a 48-bit source MAC address and mask and entered in the form of
source_mac_address source_mac_address_mask (for example, 08-11-22-33-44-55 ff-ff-ff-ff-ff-ff).
Place ones in the bit positions you want to mask. When you specify the src_mac_addr_spec, follow these
guidelines:
•
The source_mask is required; 0 indicates a “care” bit, and 1 indicates a “don’t-care” bit.
•
Use a 32-bit quantity in 4-part dotted-decimal format.
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0
255.255.255.255.
•
Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
The dest_mac_spec is a 48-bit destination MAC address and mask and entered in the form of
dest_mac_address dest_mac_address_mask (for example, 08-00-00-00-02-00/ff-ff-ff-00-00-00). Place
ones in the bit positions you want to mask. The destination mask is mandatory. When you specify the
dest_mac_spec, use the following guidelines:
•
Use a 48-bit quantity in 6-part dotted-hexadecimal format for the source address and mask.
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 ff-ff-ff-ff-ff-ff.
•
Use host source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
Valid names for Ethertypes (and corresponding numbers) are Ethertalk (0x809B), AARP (0x8053),
dec-mop-dump (0x6001), dec-mop-remote-console (0x6002), dec-phase-iv (0x6003), dec-lat (0x6004),
dec-diagnostic-protocol (0x6005), dec-lavc-sca (0x6007), dec-amber (0x6008), dec-mumps (0x6009),
dec-lanbridge (0x8038), dec-dsm (0x8039), dec-netbios (0x8040), dec-msdos (0x8041),
banyan-vines-echo (0x0baf), xerox-ns-idp (0x0600), and xerox-address-translation (0x0601).
The ether-type is a 16-bit hexadecimal number written with a leading 0x.
Use the show security acl command to display the list.
Note
Examples
The PFC3 does not provide QoS support for IPX traffic.
This example shows how to create a MAC access list:
Console> (enable) set qos acl mac my_MACacl trust-cos aggregate my-agg any any
my_MACacl editbuffer modified. Use `commit' command to apply changes.
Console> (enable)
Related Commands
clear qos acl
commit
rollback
show qos acl info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-485
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl map
set qos acl map
To attach an ACL to a specified port or VLAN, use the set qos acl map command.
set qos acl map acl_name {mod/port | vlan} [input]
Syntax Description
acl_name
Name of the list to which the entry belongs.
mod/port
Number of the module and the port on the module.
vlan
Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
input
(Optional) Attaches the ACL to the ingress interface. See the “Usage
Guidelines” section for more information.
Defaults
There are no default ACL mappings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Caution
This command may fail if you try to map an ACL to a VLAN and the NVRAM is full.
Caution
Use the copy command to save the ACL configuration to Flash memory.
If you try to configure an ACL feature that is not supported on the input interface, the set qos acl map
command fails with an error message.
Only PFC3 supports the input keyword.
Examples
This example shows how to attach an ACL to a port:
Console> (enable) set qos acl map my_acl 2/1
ACL my_acl is attached to port 2/1.
Console> (enable)
This example shows how to attach an ACL to a VLAN:
Console> (enable) set qos acl map ftp_acl 4
ACL ftp_acl is attached to vlan 4.
Console> (enable)
This example shows what happens if you try to attach an ACL that has not been committed:
Console> (enable) set qos acl map new_acl 4
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-486
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos acl map
Commit ACL new_acl before mapping.
Console> (enable)
This example shows how to attach an ACL named “test” to the VLAN 1 ingress interface:
Console> (enable) set qos acl map test 1
ACL test is successfully mapped to vlan 1 on input side.
Console> (enable)
Related Commands
clear qos acl
commit
rollback
show qos acl map
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-487
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos autoqos
set qos autoqos
To apply automatic QoS settings to all ports on the switch, use the set qos autoqos command.
set qos autoqos
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When the switch has applied all global QoS settings successfully, the switch displays a prompt that
shows the CLI for port-based AutoQoS commands that are currently supported.
Examples
This example shows how to apply all global QoS settings to all ports on the switch:
Console> (enable) set qos autoqos
........
All ingress and egress QoS scheduling parameters configured on all ports.
CoS to DSCP, DSCP to COS and IP Precedence to DSCP maps configured.
Global QoS configured, port specific autoqos recommended:
set port qos <mod/ports..> autoqos trust [cos|dscp]
set port qos <mod/ports..> autoqos voip [ciscoipphone|ciscosoftphone]
Console> (enable)
Related Commands
set port qos autoqos
show port qos
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-488
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos bridged-microflow-policing
set qos bridged-microflow-policing
To enable or disable microflow policing of bridged packets on a per-VLAN basis, use the set qos
bridged-microflow-policing command.
set qos bridged-microflow-policing {enable | disable} vlanlist
Syntax Description
enable
Activates microflow policing functionality.
disable
Deactivates microflow policing functionality.
vlanlist
List of VLANs; valid values are from 1 to 1001 and from 1025 to 4094.
Defaults
The default is intraVLAN QoS is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Layer 3 switching engine-based systems do not create NetFlow entries for bridged packets. Without a
NetFlow entry, these packets cannot be policed at the microflow level. You must enter the set qos
bridged-microflow-policing enable command if you want the bridged packets to be microflow policed.
This command is supported on systems configured with a Layer 3 switching engine only.
Examples
This example shows how to enable microflow policing:
Console> (enable) set qos bridged-microflow-policing enable 1-1000
QoS microflow policing is enabled for bridged packets on vlans 1-1000.
Console> (enable)
This example shows how to disable microflow policing:
Console> (enable) set qos bridged-microflow-policing disable 10
QoS microflow policing is disabled for bridged packets on VLAN 10.
Console> (enable)
Related Commands
show qos bridged-microflow-policing
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-489
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos cos-dscp-map
set qos cos-dscp-map
To set the CoS-to-DSCP mapping, use the set qos cos-dscp-map command.
set qos cos-dscp-map dscp1 dscp2... dscp8
Syntax Description
dscp#
Defaults
The default CoS-to-DSCP configuration is listed in Table 2-17.
Number of the differentiated services code point (DSCP); valid
values are from 0 to 63.
Table 2-17 CoS-to-DSCP Mapping
CoS
0
1
2
3
4
5
6
7
DSCP
0
8
16
24
32
40
48
56
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The CoS-to-DSCP map is used to map the CoS of packets arriving on trusted ports (or flows) to a DSCP
where the trust type is trust-cos. This map is a table of eight CoS values (0 through 7) and their
corresponding DSCP values. The switch has one map.
This command is supported on systems configured with a Layer 3 switching engine only.
Examples
This example shows how to set the CoS-to-DSCP mapping:
Console> (enable) set qos cos-dscp-map 20 30 1 43 63 12 13 8
QoS cos-dscp-map set successfully.
Console> (enable)
Related Commands
clear qos cos-dscp-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-490
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos drop-threshold
set qos drop-threshold
To program the transmit-queue and receive-queue drop thresholds on all ports in the system, use the set
qos drop-threshold command.
set qos drop-threshold 2q2t tx queue q# thr1 thr2
set qos drop-threshold {1q2t | 1q4t | 1p1q4t} rx queue q# thr1 thr2 thr3 thr4
Syntax Description
Defaults
2q2t tx
Specifies the transmit-queue drop threshold.
1q2t | 1q4t |
1p1q4t rx
Specifies the receive-queue drop threshold.
queue q#
Specifies the queue; valid values are 1 and 2.
thr1, thr2, thr3,
thr4
Threshold percentage; valid values are from 1 to 100.
If you enable QoS, the following defaults apply:
•
Transmit-queue drop thresholds:
– Queue 1—80%, 100%
– Queue 2—80%, 100%
•
Receive-queue drop thresholds:
– Queue 1—50%, 60%, 80%, 100% if the port is trusted
– Queue 2—100%, 100%, 100%, 100% if the port is untrusted
If you disable QoS, the following defaults apply:
•
Transmit-queue drop thresholds:
– Queue 1—100%, 100%
– Queue 2—100%, 100%
•
Receive-queue drop thresholds: queue 1—100%, 100%, 100%, 100%
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The number preceding the t letter in the port type (2q2t, 1q2t, 1q4t, or 1p1q4t) determines the number
of threshold values the hardware supports. For example, with 2q2t and 1q2t, the number of thresholds
specified is two; with 1q4t and 1p1q4t, the number of thresholds specified is four. Due to the granularity
of programming the hardware, the values set in hardware will be close approximations of the values
provided.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-491
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos drop-threshold
The number preceding the q letter in the port type determines the number of the queues that the hardware
supports. For example, with 2q2t, the number of queues specified is two; with 1q2t, 1q4t and 1p1q4t,
the number of queues specified is one. The system defaults for the transmit queues attempt to keep the
maximum latency through a port at a maximum of 10 milliseconds.
The number preceding the p letter in the 1p1q4t port types determines the threshold in the
priority queue.
When you configure the drop threshold for 1p1q4t, the drop threshold for the second queue is
100 percent and is not configurable.
The thresholds are all specified as percentages; 10 indicates a threshold when the buffer is
10 percent full.
The single-port ATM OC-12 module does not support transmit-queue drop thresholds.
Examples
This example shows how to assign the transmit-queue drop threshold:
Console> (enable) set qos drop-threshold 2q2t tx queue 1 40 80
Transmit drop thresholds for queue 1 set at 40% and 80%
Console> (enable)
These examples show how to assign the receive-queue drop threshold:
Console> (enable) set qos drop-threshold 1q4t rx queue 1 40 50 60 100
Receive drop thresholds for queue 1 set at 40% 50% 60% 100%
Console> (enable)
Console> (enable) set qos drop-threshold 1p1q4t rx queue 1 40 50 60 100
Receive drop thresholds for queue 1 set at 40% 50% 60% 100%
Console> (enable)
Related Commands
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-492
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos dscp-cos-map
set qos dscp-cos-map
To set the DSCP-to-CoS mapping, use the set qos dscp-cos-map command.
set qos dscp-cos-map dscp_list:cos_value ...
Syntax Description
Defaults
dscp_list
Number of the DSCP; valid values are from 0 to 63.
cos_value...
Number of the CoS; valid values are from 0 to 7.
The default DSCP-to-CoS configuration is listed in Table 2-18.
Table 2-18 DSCP-to-CoS Mapping
DSCP
0 to 7
8 to 15
16 to 23 24 to 31 32 to 39 40 to 47 48 to 55 56 to 63
CoS
0
1
2
3
4
5
6
7
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map
determines the output queue and threshold to which the packet is assigned. The CoS map is written into
the ISL header or 802.1Q tag of the transmitted packet on trunk ports and contains a table of 64 DSCP
values and their corresponding CoS values. The switch has one map.
This command is supported on systems configured with a Layer 3 switching engine only.
Examples
This example shows how to set the DSCP-to-CoS mapping:
Console> (enable) set qos dscp-cos-map 20-25:7 33-38:3
QoS dscp-cos-map set successfully.
Console> (enable)
Related Commands
clear qos map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-493
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos dscp-mutation-table-map
set qos dscp-mutation-table-map
To configure the DSCP mutation table map, use the set qos dscp-mutation-table-map command.
set qos dscp-mutation-table-map mutation_table_id vlan_list
Syntax Description
mutation_table_id
Number of the mutation table; valid values are from 1 to 15.
vlan_list
VLAN numbers that form a VLAN list; valid values are from 1 to 1001 and
from 1025 to 4094.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The PFC3 supports 16 DSCP mutation maps. QoS uses one mutation map for the default mapping. You
can configure 15 mutation maps.
Examples
This example shows how to set DSCP mutation table map 1 for VLANs 1 through 10:
Console> (enable) set qos dscp-mutation-table-map 1 1-10
VLANs 1-10 mapped to mutation-table-id 1.
Console> (enable)
Related Commands
clear qos dscp-mutation-table-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-494
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos ipprec-dscp-map
set qos ipprec-dscp-map
To set the IP precedence-to-DSCP map, use the set qos ipprec-dscp-map command. This command
applies to all packets and all ports.
set qos ipprec-dscp-map dscp1 ... dscp8
Syntax Description
dscp1#
Defaults
The default IP precedence-to-DSCP configuration is listed in Table 2-19.
Number of the IP precedence value; up to eight values can be specified.
Table 2-19 IP Precedence-to-DSCP Mapping
IPPREC
0
1
2
3
4
5
6
7
DSCP
0
8
16
24
32
40
48
56
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use this command to map the IP precedence of IP packets arriving on trusted ports (or flows) to a DSCP
when the trust type is trust-ipprec. This map is a table of eight precedence values (0 through 7) and their
corresponding DSCP values. The switch has one map. The IP precedence values are as follows:
•
network 7
•
internet 6
•
critical 5
•
flash-override 4
•
flash 3
•
immediate 2
•
priority 1
•
routine 0
This command is supported on systems configured with a Layer 3 switching engine only.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-495
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos ipprec-dscp-map
Examples
This example shows how to assign IP precedence-to-DSCP mapping and return to the default:
Console> (enable) set qos ipprec-dscp-map 20 30 1 43 63 12 13 8
QoS ipprec-dscp-map set successfully.
Console> (enable)
Related Commands
clear qos ipprec-dscp-map
show qos maps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-496
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos mac-cos
set qos mac-cos
To set the CoS value to the MAC address and VLAN pair, use the set qos mac-cos command.
set qos mac-cos dest_mac vlan cos
Syntax Description
dest_mac
MAC address of the destination host.
vlan
Number of the VLAN; valid values are from 1 to 1001 and from 1025 to 4094.
cos
CoS value; valid values are from 0 to 7, higher numbers represent higher
priority.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command has no effect on a switch configured with a PFC since the Layer 3 switching engine’s
result always overrides the Layer 2 result. Instead, use the set qos acl command.
The set qos mac-cos command creates a permanent CAM entry in the CAM table until you reset the
active supervisor engine.
The port associated with the MAC address is learned when the first packet with this source MAC address
is received. These entries do not age out.
The CoS for a packet going to the specified MAC address is overwritten even if it is coming from a
trusted port.
If you enter the show cam command, entries made with the set qos mac-cos command display as
dynamic because QoS considers them to be dynamic, but they do not age out.
Examples
This example shows how to assign the CoS value 3 to VLAN 2:
Console> (enable) set qos mac-cos 0f-ab-12-12-00-13 2 3
CoS 3 is assigned to 0f-ab-12-12-00-13 vlan 2.
Console> (enable)
Related Commands
clear qos mac-cos
show qos mac-cos
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-497
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos map
set qos map
To map a specific CoS value to the transmit- or receive-priority queues and the thresholds per available
priority queue for all ports, use the set qos map command.
set qos map port_type tx | rx q# thr# cos coslist
set qos map port_type tx | rx q# cos coslist
Syntax Description
Defaults
port_type
Port type; valid values are 2q2t, 1p2q2t, 1p3q1t, and 1p2q1t for transmit.
Valid values are 1q2t, 1p1q4t, 1p1q0t, and 1p1q8t, 2q8t for receive. See the
“Usage Guidelines” section for additional information.
tx
Specifies the transmit queue.
rx
Specifies the receive queue.
q#
Value determined by the number of priority queues provided at the transmit or
receive end; valid values are 1 and 2, with the higher value indicating a higher
priority queue.
thr#
Value determined by the number of drop thresholds available at a port; valid
values are 1 and 2, with the higher value indicating lower chances of being
dropped.
cos coslist
Specifies CoS values; valid values are from 0 through 7, with the higher
numbers representing a higher priority.
The default mappings for all ports are shown in Table 2-20 and Table 2-21.
Table 2-20 CoS-to-Queue-to-Threshold Mapping (TX)
Threshold
Cos Values1
1
1
0, 1
2
1
2, 3, 4
3
1
6, 7
4
0
5
0
0, 1, 2, 3, 4, 5, 6, 7
Queue
QoS enabled
QoS disabled
1
1. All CoS values, except CoS 5, are mapped to WRED. CoS 5, which is mapped to
queue 4, does not have an associated WRED threshold.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-498
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos map
Table 2-21 CoS-to-Queue Mapping (RX)
Queue
COS Values
QoS enabled
1
0, 1, 2, 3, 4, 6, 7
2
5
QoS disabled
1
0, 1, 2, 3, 4, 5, 6, 7
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter the set qos map port_type tx | rx q# cos coslist command, the following is a list of possible
port types available:
•
tx port_type = 1p3q1t and 1p2q1t
•
rx port_type = 1p1q0t and 2q8t
You can enter the cos_list variable as a single CoS value, multiple noncontiguous CoS values, a range
of CoS values, or a mix of values. For example, you can enter any of the following: 0, or 0,2,3, or 0-3,7.
The priority queue number is 4 for transmit and queue number 2 for receive.
When specifying the priority queue for the 1p2q2t port type, the priority queue number is 3 and the
threshold number is 1.
The receive- and transmit-drop thresholds have this relationship:
•
Receive-queue 1 (standard) threshold 1 = transmit-queue 1 (standard low priority) threshold 1
•
Receive-queue 1 (standard) threshold 2 = transmit-queue 1 (standard low priority) threshold 2
•
Receive-queue 1 (standard) threshold 3 = transmit-queue 2 (standard high priority) threshold 1
•
Receive-queue 1 (standard) threshold 4 = transmit-queue 2 (standard high priority) threshold 2
Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional usage guidelines.
Examples
This example shows how to assign the CoS values 1, 2, and 5 to the first queue and the first drop
threshold in that queue:
Console> (enable) set qos map 2q2t tx 1 1 cos 1,2,5
Qos tx priority queue and threshold mapped to cos successfully.
Console> (enable)
This example shows how to assign the CoS values to queue 1 and threshold 2 in that queue:
Console> (enable) set qos map 2q2t tx 1 2 cos 3-4,7
Qos tx priority queue and threshold mapped to cos successfully.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-499
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos map
This example shows how to map the CoS value 5 to strict-priority transmit-queue 3/drop-threshold 1:
Console> (enable) set qos map 1p2q2t tx 3 1 cos 5
Qos tx strict queue and threshold mapped to cos successfully.
Console> (enable)
Related Commands
clear qos map
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-500
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos policed-dscp-map
set qos policed-dscp-map
To set the mapping of policed in-profile DSCPs, use the set qos policed-dscp-map command.
set qos policed-dscp-map [normal-rate | excess-rate] in_profile_dscp:policed_dscp...
Syntax Description
normal-rate
(Optional) Specifies normal rate policers.
excess-rate
(Optional) Specifies excess rate policers.
in_profile_dscp
Number of the in-profile DSCP; valid values are from 0 through 63.
:policed_dscp
Number of the policed DSCP; valid values are 0 through 63.
Defaults
The default map is no markdown.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enter in_profile_dscp as a single DSCP, multiple DSCPs, or a range of DSCPs (for example, 1
or 1,2,3 or 1-3,7).
The colon between in_profile_dscp and policed_dscp is required.
This command is supported on systems configured with the Supervisor Engine 2 with Layer 3
Switching Engine II (PFC2) only.
If you do not specify a rate, the system automatically specifies the normal rate.
Examples
This example shows how to set the mapping of policed in-profile DSCPs:
Console> (enable) set qos policed-dscp-map 33:30
QoS normal-rate policed-dscp-map set successfully.
Console> (enable)
This example shows how to set the mapping of policed in-profile DSCPs for the excess rate:
Console> (enable) set qos policed-dscp-map excess-rate 33:30
QoS excess-rate policed-dscp-map set successfully.
Console> (enable)
Related Commands
clear qos policed-dscp-map
show qos maps
show qos policer
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-501
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos policer
set qos policer
To create a policing rule for ACL, use the set qos policer command.
set qos policer {microflow microflow_name} {rate rate} {burst burst} {drop | policed-dscp}
set qos policer {aggregate aggregate_name} {rate rate} {burst burst} {drop | policed-dscp}
set qos policer {aggregate aggregate_name} {rate rate} policed-dscp {erate erate} {drop |
policed-dscp} burst burst [eburst eburst]
Syntax Description
microflow
microflow_name
Specifies the name of the microflow policing rule.
rate rate
Specifies the average rate; valid values are 0 and from 32 kilobits per
second to 32 gigabits per second.
burst burst
Specifies the burst size; valid values are 1 to 32000 kilobits.
drop
Specifies drop traffic.
policed-dscp
Specifies policed DSCP.
aggregate
aggregate_name
Specifies the name of the aggregate policing rule.
erate erate
Specifies the excess rate value; valid values are 0 and from 32
kilobits per second to 8 gigabits per second.
eburst eburst
(Optional) Specifies the excess burst size; valid values are 1 to
32000 kilobits.
Defaults
The default is no policing rules or aggregates are configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Before microflow policing can occur, you must define a microflow policing rule. Policing allows the
switch to limit the bandwidth consumed by a flow of traffic.
The Catalyst 6500 series switch supports up to 63 microflow policing rules. When a microflow policer
is used in any ACL that is attached to any port or VLAN, the NetFlow flow mask is increased to full flow.
Before aggregate policing can occur, you must create an aggregate and a policing rule for that aggregate.
The Catalyst 6500 series switch supports up to 1023 aggregates and 1023 policing rules.
When both normal and excess rates are zero, you can specify any burst size. If the normal rates and
excess rates are zero, the value is ignored and set internally by hardware.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-502
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos policer
The excess rate must be greater than or equal to the normal rate.
The set qos policer aggregate command allows you to configure an aggregate flow and a policing rule for
that aggregate. When you enter the microflow microflow_name rate rate burst burst, the range for the
average rate is 32 kilobits per second to 8 gigabits per second, and the range for the burst size is 1 kilobit
(entered as 1) to 32 megabits (entered as 32000). The burst can be set lower, higher, or equal to the rate.
Modifying an existing aggregate rate limit entry causes that entry to be modified in NVRAM and in the
switch if that entry is currently being used.
Note
We recommend a 32-kilobit minimum value burst size. Due to the nature of the traffic at different
customer sites, along with the hardware configuration, smaller values occasionally result in lower rates
than the specified rate. If you experiment with smaller values but problems occur, increase the burst rate
to this minimum recommended value.
When you modify an existing microflow or aggregate rate limit, that entry in NVRAM is modified, as
well as in the switch if it is currently being used.
When you enter the policing name, follow these naming conventions:
•
Maximum of 31 characters long and may include a through z, A through Z, 0 through 9, the dash
character (-), the underscore character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
•
Case sensitive
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
The burst keyword and the burst value and the optional eburst keyword and the eburst value set the
token bucket sizes. To sustain a specific rate, set the token bucket size to be at least the rate divided by
4000, because tokens are removed from the bucket every 1/4000th of a second (0.25 milliseconds) and
the bucket needs to be at least as large as the burst size to sustain the specified rate.
If you do not enter the eburst keyword and the eburst value, QoS sets both token buckets to the size
configured with the burst keyword and the burst value.
Examples
This example shows how to create a microflow policing rule for ACL:
Console> (enable) set qos policer microflow my-micro rate 1000 burst 10000 policed-dscp
QoS policer for microflow my-micro set successfully.
Console> (enable)
These examples show how to create an aggregate policing rule for ACL:
Console> (enable) set qos policer aggregate my-agg rate 1000 burst 2000 drop
QoS policer for aggregate my-aggset successfully.
Console> (enable)
Console> (enable) set qos policer aggregate test3 rate 64 policed-dscp erate 128 drop burst 96
QoS policer for aggregate test3 created successfully.
Console> (enable)
Related Commands
clear qos policer
show qos policer
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-503
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos policy-source
set qos policy-source
To set the QoS policy source, use the set qos policy-source command.
set qos policy-source local | cops
Syntax Description
local
Sets the policy source to local NVRAM configuration.
cops
Sets the policy source to COPS-PR configuration.
Defaults
The default is all ports are set to local.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set the policy source to local, the QoS policy is taken from local configuration stored in
NVRAM. If you set the policy source to local after it was set to cops, the QoS policy reverts back to the
local configuration stored in NVRAM.
When you set the policy source to cops, all global configurations to the device, such as the
DSCP-to-marked-down DSCP, is taken from policy downloaded to the policy enforcement point (PEP)
by the policy decision point (PDP). Configuration of each physical port, however, is taken from
COPS-PR only if the policy source for that port has been set to cops.
Examples
This example shows how to set the policy source to COPS-PR:
Console> (enable) set qos policy-source cops
QoS policy source for the switch set to COPS.
Console> (enable)
This example shows how to set the policy source to local NVRAM:
Console> (enable) set qos policy-source local
QoS policy source for the switch set to local.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-504
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos policy-source
This example shows the output if you attempt to set the policy source to COPS-PR and no COPS-PR
servers are available:
Console> (enable) set qos policy-source cops
QoS policy source for the switch set to COPS.
Warning: No COPS servers configured. Use the ‘set cops server’ command
to configure COPS servers.
Console> (enable)
Related Commands
clear qos config
show qos policy-source
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-505
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos rsvp
set qos rsvp
To turn on or turn off the RSVP feature on the switch, to set the time in minutes after which the RSVP
databases get flushed (when the policy server dies), and to set the local policy, use the set qos rsvp
command.
set qos rsvp enable | disable
set qos rsvp policy-timeout timeout
set qos rsvp local-policy forward | reject
Syntax Description
enable
Activates the RSVP feature.
disable
Deactivates the RSVP feature.
policy-timeout
timeout
Specifies the time in minutes after which the RSVP databases get
flushed; valid values are from 1 to 65535 minutes.
local-policy
forward | reject
Specifies the policy configuration local to the network device to either
accept existing flows and forward them or not accept new flows.
Defaults
The default is the RSVP feature is disabled, policy-timeout is 30 minutes, and local policy is forward.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The local policy guidelines are as follows:
Examples
•
There is no connection with the policy server.
•
New flows that come up after connection with the policy server have been lost.
•
Old flows that come up after the PDP policy times out.
This example shows how to enable RSVP:
Console> (enable) set qos rsvp enable
RSVP enabled. Only RSVP qualitative service supported.
QoS must be enabled for RSVP.
Console> (enable)
This example shows how to disable RSVP:
Console> (enable) set qos rsvp disable
RSVP disabled on the switch.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-506
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos rsvp
This example shows how to set the policy timeout interval:
Console> (enable) set qos rsvp policy-timeout 45
RSVP database policy timeout set to 45 minutes.
Console> (enable)
This example shows how to set the policy timeout interval:
Console> (enable) set qos rsvp local-policy forward
RSVP local policy set to forward.
Console> (enable)
Related Commands
show qos rsvp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-507
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos rxq-ratio
set qos rxq-ratio
To set the amount of packet buffer memory allocated to high-priority incoming traffic and low-priority
incoming traffic, use the set qos rxq-ratio command.
set qos rxq-ratio port_type queue1_val queue2_val... queueN_val
Syntax Description
port_type
Port type; valid value is 1p1q0t and 1p1q8t.
queue1_val
Percentage of low-priority traffic; valid values are from 1 to 99 and must
total 100 with the queue2_val value.
queue2_val
Percentage of high-priority traffic; valid values are from 1 to 99 and must
total 100 with the queue1_val value.
queueN_val
Percentage of strict-priority traffic; valid values are from 1 to 99 and must
total 100 with the queue1_val and queue1_val values.
Defaults
The default is 80:20 (queue 1 and queue 2) if you enable QoS and 100:0 (queue 1 and queue 2) if you
disable QoS.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Caution
Use caution when using this command. When entering the set qos rxq-ratio command, all ports go
through a link up and link down condition.
The values set in hardware are close approximations of the values provided. For example, if you specify
0 percent, the actual value programmed is not necessarily 0.
The rxq ratio is determined by the traffic mix in the network. High-priority traffic is typically a smaller
fraction of the traffic. Because the high-priority queue gets more service, you should set the high-priority
queue lower than the low-priority queue.
The strict-priority queue requires no configuration.
For the strict-priority queue on 1p1q8t ingress ports, the minimum valid value is 3 percent.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-508
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos rxq-ratio
Examples
This example shows how to set the receive-queue size ratio:
Console> (enable) set qos rxq-ratio 1p1q0t 80 20
QoS rxq-ratio is set successfully.
Console> (enable)
Related Commands
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-509
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos statistics export
set qos statistics export
To globally enable or disable statistics data gathering from hardware, use the set qos statistics export
command.
set qos statistics export {enable | disable}
Syntax Description
enable
Enables statistics data gathering.
disable
Disables statistics data gathering.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Statistics polling does not occur if statistics are disabled, regardless of any other settings.
You must designate an export destination prior to entering this command. If an export destination is not
set, this message is displayed:
Warning: Export destination not set. Use the ‘set qos statistics export destination’
command to configure the export destination.
Examples
This example shows how to enable statistics polling:
Console> (enable) set qos statistics export enable
QoS statistics export enabled.
Export destination: Stargate, port 9996
Console> (enable)
Related Commands
show qos statistics export info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-510
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos statistics export aggregate
set qos statistics export aggregate
To enable or disable statistics data export on an aggregate policer, use the set qos statistics export
aggregate command.
set qos statistics export aggregate name {enable | disable}
Syntax Description
name
(Optional) Name of the policer.
enable
Enables statistics data export for the named aggregate policer.
disable
Disables statistics data export for the named aggregate policer.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To export data, you need to enable statistics on the port. You also must globally enable statistics and data
export. (See the set qos statistics export command.)
This command is supported on systems configured with the Supervisor Engine 2 with Layer 3 Switching
Engine II (PFC2) only.
Examples
This example shows how to enable statistics export:
Console> (enable) set qos statistics export aggregate ipagg_3 enable
Statistics data export enabled for aggregate policer ipagg_3.
Export destination: 172.20.15.1 (Stargate), port 9996
Console> (enable)
Related Commands
set qos statistics export
show mac
show qos statistics export info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-511
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos statistics export destination
set qos statistics export destination
To specify the statistics data export destination address, use the set qos statistics export destination
command.
set qos statistics export destination {host_name | host_ip} [port]
set qos statistics export destination {host_name | host_ip} [syslog [{facility severity}]]
Syntax Description
Defaults
host_name
Host name.
host_ip
Host IP address.
port
(Optional) UDP port number.
syslog
(Optional) Specifies the syslog port.
facility
(Optional) Value to specify the type of facility to export; see the
“Usage Guidelines” section for a list of valid values.
severity
(Optional) Value to specify the severity level to export; see the
“Usage Guidelines” section for a list of valid values.
The default is none unless syslog is specified. If syslog is specified, the defaults are as follows:
•
port is 514
•
facility is local6
•
severity is debug
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Valid facility values are kern, user, mail, daemon, auth, lpr, news, uucp, cron, local0, local1, local2,
local3, local4, local5, local6, and local7.
Valid severity levels are emerg, alert, crit, err, warning, notice, info, and debug.
Examples
This example shows how to specify the statistics data export destination address:
Console> (enable) set qos statistics export destination stargate 9996
Statistics data export destination set to stargate port 9996.
Console> (enable)
Related Commands
set qos statistics export
show qos statistics export info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-512
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos statistics export interval
set qos statistics export interval
To specify how often a port or aggregate policer statistics data is read and exported, use the set qos statistics
export interval command.
set qos statistics export interval interval
Syntax Description
interval
Defaults
The default is 30 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the export interval:
Export time interval; valid values are from 30 seconds to 65535 seconds.
Console> (enable) set qos statistics export interval 35
Statistics export interval set to 35 seconds.
Console> (enable)
Related Commands
show qos statistics export info
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-513
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos statistics export port
set qos statistics export port
To enable or disable statistics data export on a port, use the set qos statistics export port command.
set qos statistics export port mod/port {enable | disable}
Syntax Description
mod/port
(Optional) Number of the module and the port on the module.
enable
Enables statistics data export.
disable
Disables statistics data export.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
For data export to be performed, you should enable statistics on the aggregate policer as well. You must
globally enable statistics and data export (see the set qos statistics export command).
Examples
This example shows how to enable statistics export on a port:
Console> (enable) set qos statistics export port 2/5 enable
Statistics data export enabled on port 2/5.
Console> (enable)
Related Commands
show qos statistics export info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-514
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos txq-ratio
set qos txq-ratio
To set the amount of packet buffer memory allocated to high-priority traffic and low-priority traffic, use
the set qos txq-ratio command.
set qos txq-ratio port_type queue1_val queue2_val... queueN_val
Syntax Description
port_type
Port type; valid values are 2q2t, 1p2q2t, and 1p2q1t.
queue1_val
Percentage of low-priority traffic; valid values are from 1 to 99 and must
total 100 with the queue2_val value.
queue2_val
Percentage of high-priority traffic; valid values are from 1 to 99 and must
total 100 with the queue1_val value.
queueN_val
Percentage of strict-priority traffic; valid values are from 1 to 99 and must
total 100.
Defaults
The default for 2q2t is 80:20 if you enable QoS and 100:0 if you disable QoS. The default for 1p2q2t is
70:15:15 if you enable QoS and 100:0:0 if you disable QoS.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Caution
Use caution when using this command. When entering the set qos txq-ratio command, all ports go
through a link up and down condition.
The values set in hardware will be close approximations of the values provided. For example, even if you
specify 0 percent, the actual value programmed will not necessarily be 0.
The txq ratio is determined by the traffic mix in the network. Because high-priority traffic is typically a
smaller fraction of the traffic and because the high-priority queue gets more service, you should set the
high-priority queue lower than the low-priority queue.
The strict-priority queue requires no configuration.
For the strict-priority queue on 1p2q1t egress ports, the minimum valid value is 5 percent.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-515
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos txq-ratio
Examples
This example shows how to set the transmit-queue size ratio:
Console> (enable) set qos txq-ratio 2q2t 75 25
QoS txq-ratio is set successfully.
Console> (enable)
Related Commands
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-516
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos wred
set qos wred
To configure the WRED threshold parameters for the specified port type, use the set qos wred command.
set qos wred port_type [tx] queue q# {[thr1Lo:]thr1Hi} {[thr2Lo:]thr2Hi}...
Syntax Description
Defaults
port_type
Port type; valid values are 1p2q2t, 1p2q1t, 1p3q1t, and 1p1q8t.
tx
(Optional) Specifies the parameters for output queuing.
queue q#
Keyword and variable to specify the queue to which the arguments apply; valid
values are 1 through 3.
thr1Lo
(Optional) Percentage of the lower threshold size for the first WRED curve; valid
values are from 1 to 100.
thr1Hi
Percentage of the upper threshold size for the first WRED curve; valid values are
from 1 to 100.
thr2Lo
(Optional) Percentage of the lower threshold size for the second WRED curve;
valid values are from 1 to 100.
thr2Hi
Percentage of the upper threshold size for the second WRED curve; valid values
are from 1 to 100.
The default thresholds are as follows:
•
For 1p2q2t = 40:70 (threshold1) and 70:100 (threshold2) (low:high percentage)/queue
•
For 1p3q1t = 70:100 (low:high)
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The queue values range from 1 to 3. Queue 4 is the strict-priority queue and does not have an associated
WRED threshold. The thresholds are all specified as percentages ranging from 1 to 100. A value of 10
indicates a threshold when the buffer is 10 percent full.
The colon between the low and high threshold values is required.
Examples
This example shows how to configure lower and upper threshold values for queue 1:
Console> (enable) set qos wred 1p2q2t queue 1 20:60 40:90
WRED thresholds for queue 1 set to 20:60 and 40:90 on all WRED-capable 1p2q2t ports.
Console> (enable)
This example shows how to configure the upper threshold value for queue 1:
Console> (enable) set qos wred 1p3q1t tx queue 1 20
WRED thresholds for queue 1 set to 0:20 on all WRED-capable 1p3q1t ports.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-517
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos wred
Related Commands
clear qos config
show qos info
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-518
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos wrr
set qos wrr
To specify the weights that determine how many packets will transmit out of one queue before switching
to the other queue, use the set qos wrr command.
set qos wrr port_type queue1_val queue2_val...
Syntax Description
Defaults
port_type
Port type; valid values are 2q2t, 1p2q2t, 1p3q1t, and 1p2q1t.
queue#_val
Number of weights for queues 1, 2, or 3; valid values are from 1 to 255.
The default WRR with QoS enabled for port type 1p3q1t is as follows:
•
Queue 1 = 100
•
Queue 2 = 150
•
Queue 3 = 200
With QoS disabled, the default is 255 for all three queues.
The default WRR for port types 2q2t and 1p2q2t is 4:255.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The WRR weights are used to partition the bandwidth between the queues in the event all queues are not
empty. For example, weights of 1:3 mean that one queue gets 25 percent of the bandwidth and the other
gets 75 percent as long as both queues have data.
Weights of 1:3 do not necessarily lead to the same results as when the weights are 10:30. In the latter
case, more data is serviced from each queue and the latency of packets serviced from the other queue
goes up. For best results, set the weights so that at least one packet (maximum size) can be serviced from
the lower priority queue at a time. For the higher priority queue, set the weights so that multiple packets
are serviced at any one time.
The values set in hardware will be close approximations of the values provided. For example, even if you
specify 0 percent, the actual value programmed will not necessarily be 0. Whatever weights you choose,
make sure that the resulting byte values programmed (see the show qos info command with the runtime
keyword) are at least equal to the MTU size.
The ratio achieved is only an approximation of what you specify since the cutoff is on a packet and
midway through a packet. For example, if you specify that the ratio services 1000 bytes out of the
low-priority queue, and there is a 1500-byte packet in the low-priority queue, the entire 1500-byte packet
is transmitted because the hardware services an entire packet.
For 1p2q2t and 2q2t, only two queues can be set; the third queue is strict priority.
For 1p3q1t, three queues can be set; a fourth queue is strict priority.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-519
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set qos wrr
Examples
This example shows how to specify the weights for queue 1 and queue 2 to 30 and 70:
Console> (enable) set qos wrr 2q2t 30 70
QoS wrr ratio is set successfully.
Console> (enable)
Related Commands
show qos info
show qos statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-520
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set radius attribute
set radius attribute
To set attributes to the RADIUS ACCESS_REQUEST packet, use the set radius attribute command.
set radius attribute {number | name} include-in-access-req {enable | disable}
Syntax Description
number
Attribute number; valid value is 8.
name
Attribute name; valid value is framed-ip-address.
include-in-access-req
Sets attributes to the ACCESS_REQUEST packet.
enable | disable
Enables or disables the attribute.
Defaults
All RADIUS attributes are disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set radius attribute command allows you to specify the transmission of certain optional attributes
such as Framed-IP address, NAS-Port, Called-Station-Id, Calling-Station-Id and so on. You can set
attribute transmission by either the attribute number or the attribute name.
Examples
This example shows how to specify and enable the Framed-IP address attribute by number:
Console> (enable) set radius attribute 8 include-in-access-req enable
Transmission of Framed-ip address in access-request packet is enabled.
Console> (enable)
This example shows how to specify and disable the Framed-IP address attribute by name:
Console> (enable) set radius attribute framed-ip-address include-in-access-req disable
Transmission of Framed-ip address in access-request packet is disabled.
Console> (enable)
Related Commands
show radius
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-521
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set radius deadtime
set radius deadtime
To set the time to skip RADIUS servers that do not reply to an authentication request, use the set radius
deadtime command.
set radius deadtime minutes
Syntax Description
minutes
Defaults
The default is 0 minutes.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If only one RADIUS server is configured or if all the configured servers are marked dead, deadtime will
be ignored since no alternate servers are available. By default, the deadtime is 0 minutes; the RADIUS
servers are not marked dead if they do not respond.
Examples
This example shows how to set the RADIUS deadtime to 10 minutes:
Length of time a RADIUS server does not respond to an authentication request;
valid values are from 0 to 1440 minutes.
Console> (enable) set radius deadtime 10
Radius deadtime set to 10 minutes.
Console> (enable)
Related Commands
show radius
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-522
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set radius key
set radius key
To set the encryption and authentication for all communication between the RADIUS client and the
server, use the set radius key command.
set radius key key
Syntax Description
key
Defaults
The default of the key is set to null.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The key you set must be the same one as configured in the RADIUS server. All leading spaces are
ignored; spaces within and at the end of the key are not ignored. Double quotes are not required even if
there are spaces in the key, unless the quotes themselves are part of the key. The length of the key is
limited to 65 characters; it can include any printable ASCII characters except tabs.
Name of the key to authenticate the transactions between the RADIUS client
and the server.
If you configure a RADIUS key on the switch, make sure you configure an identical key on the RADIUS
server.
Examples
This example shows how to set the RADIUS encryption and authentication key to Make my day:
Console> (enable) set radius key Make my day
Radius key set to Make my day.
Console> (enable)
Related Commands
show radius
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-523
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set radius retransmit
set radius retransmit
To specify the number of times the RADIUS servers are tried before giving up on the server, use the set
radius retransmit command.
set radius retransmit count
Syntax Description
count
Defaults
The default is two times (three attempts).
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the retransmit attempts to 3:
Number of times the RADIUS servers are tried before giving up on the
server; valid values are from 1 to 100.
Console> (enable) set radius retransmit 3
Radius retransmit count set to 3.
Console> (enable)
Related Commands
show radius
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-524
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set radius server
set radius server
To set up the RADIUS server, use the set radius server command.
set radius server ipaddr [auth-port port] [acct-port port] [primary]
Syntax Description
ipaddr
Number of the IP address or IP alias in dot notation a.b.c.d.
auth-port port
(Optional) Specifies a destination User Datagram Protocol (UDP) port for
RADIUS authentication messages.
acct-port port
(Optional) Specifies a destination UDP port for RADIUS accounting
messages.
primary
(Optional) Specifies that this server be contacted first.
Defaults
The default auth-port is 181, and the default acct-port is 1813.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you configure multiple RADIUS servers, the first server configured is the primary. Authentication
requests are sent to this server first. You can specify a particular server as primary by using the primary
keyword. You can add up to three RADIUS servers.
The ipaddr value can be entered as an IP alias or an IP address in dot notation a.b.c.d.
If you set the auth-port port to 0, the RADIUS server will not be used for authentication. If you set the
acct-port port to 0, the RADIUS server will not be used for accounting.
If you configure a RADIUS key on the switch, make sure you configure an identical key on the RADIUS
server.
You must specify a RADIUS server before enabling RADIUS on the switch.
Examples
This example shows how to add a primary server using an IP alias:
Console> (enable) set radius server everquest.com auth-port 0 acct-port 1646 primary
everquest.com added to RADIUS server table as primary server.
Console> (enable)
This example shows how to add a primary server using an IP address:
Console> (enable) set radius server 172.22.11.12 auth-port 0 acct-port 1722 primary
172.22.11.12 added to RADIUS server table as primary server
Console> (enable)
Related Commands
show radius
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-525
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set radius timeout
set radius timeout
To set the time between retransmissions to the RADIUS server, use the set radius timeout command.
set radius timeout seconds
Syntax Description
seconds
Defaults
The default timeout is 5 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the time between retransmissions to 7 seconds:
Number of seconds to wait for a reply; valid values are from 1 to
1000 seconds.
Console> (enable) set radius timeout 7
Radius timeout set to 7 seconds.
Console> (enable)
Related Commands
show radius
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-526
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set rcp username
set rcp username
To specify your username for rcp file transfers, use the set rcp username command.
set rcp username username
Syntax Description
username
Defaults
There are no default settings for this command.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The username can be a maximum of 40 characters, must be different from “root,” and not a null string.
Username up to 14 characters long.
The only case where you cannot configure the rcp username is for the VMPS database where you will
use an rcp VMPS username. Use the set vmps downloadmethod command to specify the rcp VMPS
username.
Examples
This example shows how to set the username for rcp:
Console> (enable) set rcp username jdoe
Console> (enable)
Related Commands
clear rcp
set vmps downloadmethod
show rcp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-527
78-15474-01
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set rgmp
set rgmp
To enable or disable the Router-Ports Group Management Protocol (RGMP) feature on the switch, use
the set rgmp command.
set rgmp {enable | disable}
Syntax Description
enable
Enables RGMP on the switch.
disable
Disables RGMP on the switch.
Defaults
The default is RGMP is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set rgmp command affects the entire switch. You cannot enable or disable RGMP on a per-VLAN
basis.
The RGMP feature is operational only if IGMP snooping is enabled on the switch. (See the set igmp
command.)
Examples
This example shows how to enable RGMP on the switch:
Console> (enable) set rgmp enable
RGMP is enabled.
Console> (enable)
This example shows how to disable RGMP on the switch:
Console> (enable) set rgmp disable
RGMP is disabled.
Console> (enable)
Related Commands
clear rgmp statistics
set igmp
show rgmp group
show rgmp statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-528
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set rspan
set rspan
To create remote Switched Port Analyzer (SPAN) sessions, use the set rspan command.
set rspan disable source [rspan_vlan | all]
set rpsan disable destination [mod/port | all]
set rspan source {src_mod/src_ports... | vlans... | sc0} {rspan_vlan} [rx | tx | both]
[multicast {enable | disable}] [filter vlans...] [create]
set rspan destination mod/port {rspan_vlan} [inpkts {enable | disable}]
[learning {enable | disable}] [create]
Syntax Description
disable source
Disables remote SPAN source information.
rspan_vlan
(Optional) Remote SPAN VLAN.
all
(Optional) Disables all remote SPAN source or destination sessions.
disable destination
Disables remote SPAN destination information.
mod/port
(Optional) Remote SPAN destination port.
src_mod/src_ports...
Monitored ports (remote SPAN source).
vlans...
Monitored VLANs (remote SPAN source).
sc0
Specifies the inband port is a valid source.
rx
(Optional) Specifies that information received at the source (ingress
SPAN) is monitored.
tx
(Optional) Specifies that information transmitted from the source
(egress SPAN) is monitored.
both
(Optional) Specifies that information both transmitted from the source
(ingress SPAN) and received (egress SPAN) at the source are
monitored.
multicast enable
(Optional) Enables monitoring multicast traffic (egress traffic only).
multicast disable
(Optional) Disables monitoring multicast traffic (egress traffic only).
filter vlans
(Optional) Monitors traffic on selected VLANs on source trunk ports.
create
(Optional) Creates a new remote SPAN session instead of overwriting
the previous SPAN session.
inpkts enable
(Optional) Allows the remote SPAN destination port to receive normal
ingress traffic (from the network to the bus) while forwarding the
remote SPAN traffic.
inpkts disable
(Optional) Disables the receiving of normal inbound traffic on the
remote SPAN destination port.
learning enable
(Optional) Enables learning for the remote SPAN destination port.
learning disable
(Optional) Disables learning for the remote SPAN destination port.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-529
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set rspan
Defaults
The defaults are as follows:
•
Remote SPAN is disabled.
•
No VLAN filtering.
•
Monitoring multicast traffic is enabled.
•
Learning is enabled.
•
inpkts is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
The rspan_vlan variable is optional in the set rspan disable source command and required in the set
rspan source and set rspan destination command set.
After you enable SPAN, system defaults are used if no parameters were ever set. If you changed
parameters, these are stored in NVRAM, and the new parameters are used.
Use a network analyzer to monitor ports.
Use the inpkts keyword with the enable option to allow the remote SPAN destination port to receive
normal incoming traffic in addition to the traffic mirrored from the remote SPAN source. Use the disable
option to prevent the remote SPAN destination port from receiving normal incoming traffic.
You can specify an Multilayer Switch Module (MSM) port as the remote SPAN source port. However,
you cannot specify an MSM port as the remote SPAN destination port.
When you enable the inpkts option, a warning message notifies you that the destination port does not
join STP and may cause loops if this option is enabled.
If you do not specify the keyword create and you have only one session, the session will be overwritten.
If a matching rspan_vlan or destination port exists, the particular session will be overwritten (with or
without specifying create). If you specify the keyword create and there is no matching rspan_vlan or
destination port, the session will be created.
Each switch can source only one remote SPAN session (ingress, egress, or both). When you configure a
remote ingress or bidirectional SPAN session in a source switch, the limit for local ingress or
bidirectional SPAN session is reduced to one. There are no limits on the number of remote SPAN
sessions carried across the network within the remote SPAN session limits.
You can configure any VLAN as a remote SPAN VLAN as long as these conditions are met:
•
The same remote SPAN VLAN is used for a remote SPAN session in the switches.
•
All the participating switches have appropriate hardware and software.
•
No unwanted access port is configured in the remote SPAN VLAN.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-530
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set rspan
Examples
This example shows how to disable all enabled source sessions:
Console> (enable) set rspan disable source all
This command will disable all remote span source session(s).
Do you want to continue (y/n) [n]? y
Disabled monitoring of all source(s) on the switch for remote span.
Console> (enable)
This example shows how to disable one source session to a specific VLAN:
Console> (enable) set rspan disable source 903
Disabled monitoring of all source(s) on the switch for rspan_vlan 903.
Console> (enable)
This example shows how to disable all enabled destination sessions:
Console> (enable) set rspan disable destination all
This command will disable all remote span destination session(s).
Do you want to continue (y/n) [n]? y
Disabled monitoring of remote span traffic on ports 9/1,9/2,9/3,9/4,9/5,9/6.
Console> (enable)
This example shows how to disable one destination session to a specific port:
Console> (enable) set rspan disable destination 4/1
Disabled monitoring of remote span traffic on port 4/1.
Console> (enable)
Related Commands
show rspan
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-531
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl adjacency
set security acl adjacency
To set an entry for the adjacency table, use the set security acl adjacency command.
set security acl adjacency adjacency_name dest_vlan dest_mac [source_mac [mtu mtu_size] |
mtu mtu_size]
Syntax Description
adjacency_name
Name of the adjacency table entry.
dest_vlan
Name of the destination VLAN.
dest_mac
Destination MAC address.
source_mac
(Optional) Source MAC address.
mtu mtu_size
(Optional) Specifies packet size in bytes.
Defaults
The default size for the MTU is 9600 bytes.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The order of ACEs in a policy-based forwarding (PBF) VACL is important. The adjacency table entry has to
be defined in the VACL before the redirect ACE because the redirect ACE uses it to redirect traffic. Refer to
the Catalyst 6500 Series Switch Software Configuration Guide for detailed information on configuring
PBF VACLs.
You can set the MTU when jumbo frames are sent using PBF.
Examples
This example shows how to set an entry for the adjacency table:
Console> (enable) set security acl adjacency ADJ1 11 0-0-0-0-0-B 0-0-0-0-0-A
Console> (enable)
This example shows how to set an entry for the adjacency table with a specific MTU size:
Console> (enable) set security acl adjacency a_1 2 0-0a-0a-0a-0a-0a 9000
Console> (enable)
Related Commands
clear security acl
commit
show security acl
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-532
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl arp-inspection
set security acl arp-inspection
To configure Address Resolution Protocol (ARP) inspection features, use the set security acl
arp-inspection command.
set security acl arp-inspection {match-mac | address-validation}
{enable | [drop [log]] | disable}
Syntax Description
match-mac
Specifies the MAC address matching feature.
address-validation
Specifies the address validation feature.
enable
Enables the specified ARP inspection feature.
drop
(Optional) Indicates to drop packets.
log
(Optional) Enables logging.
disable
Disables the specified ARP inspection feature.
Defaults
The MAC address matching feature and the address validation feature are disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enter the set security acl arp-inspection match-mac enable command, the system drops
packets in which the source Ethernet address in the Ethernet header is not the same as the source MAC
address in the ARP header.
When you enter the set security acl arp-inspection address-validation enable command, the system
drops packets that have illegal IP or MAC addresses.
The following IP addresses are illegal:
•
0.0.0.0
•
255.255.255.255
•
Class D multicast IP addresses
The following MAC addresses are illegal:
Note
•
00-00-00-00-00-00
•
Multicast MAC addresses
•
ff-ff-ff-ff-ff-ff
If you do not enter the drop keyword, the system only generates a syslog message.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-533
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl arp-inspection
Use the set security acl arp-inspection command in conjunction with the set security acl ip
arp-inspection command. For more information about configuring ARP inspection features, refer to the
“Configuring Access Control” chapter of the Catalyst 6500 Series Switch Software Configuration
Guide.
Examples
This example shows how to enable the MAC address matching feature:
Console> (enable) set security acl arp-inspection match-mac enable
ARP Inspection match-mac feature enabled.
Console> (enable)
This example shows how to enable the address validation feature:
Console> (enable) set security acl arp-inspection address-validation enable
ARP Inspection address-validation feature enabled.
Console> (enable)
Related Commands
set port arp-inspection
set security acl ip
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-534
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl capture-ports
set security acl capture-ports
To set the ports (specified with the capture option in the set security acl ip, set security acl ipx, and
set security acl mac commands) to show traffic captured on these ports, use the set security acl
capture-ports command.
set security acl capture-ports {mod/ports...}
Syntax Description
mod/ports...
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved in NVRAM. This command does not
require that you enter the commit command.
Module and port number.
The module and port specified in this command are added to the current ports configuration list.
This command works with Ethernet ports only; you cannot set ATM ports.
The ACL capture will not work unless the capture port is in the spanning tree forwarding state for the
VLAN.
Examples
This example shows how to set a port to capture traffic:
Console> (enable) set security acl capture-ports 3/1
Successfully set 3/1 to capture ACL traffic.
Console> (enable)
This example shows how to set multiple ports to capture traffic:
Console> (enable) set security acl capture-ports 1/1-10
Successfully set the following ports to capture ACL traffic: 1/1-2.
Console> (enable)
Related Commands
clear security acl capture-ports
show security acl capture-ports
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-535
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl feature ratelimit
set security acl feature ratelimit
To specify a rate limit for the number of packets that are sent to the CPU on a global basis, use the set
security acl feature ratelimit command.
set security acl feature ratelimit rate
Syntax Description
rate
Defaults
The rate is 500 pps.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The rate limiting option might be shared by multiple features. To display the features sharing rate
limiting, enter the show security acl feature ratelimit command.
Number of packets; valid values are from 0 to 1000 packets per second. See the
“Usage Guidelines” section for more information.
To specify the rate limit for the number of ARP inspection packets that are sent to the CPU on a per-port
basis, use the set port arp-inspection command.
For ARP inspection and 802.1x DHCP, the minimum permitted rate is 1 pps. If you want to disable rate
limiting, enter a rate argument of 0.
Examples
This example shows how to set the global rate limit to 600:
Console> (enable) set security acl feature ratelimit 600
ARP Inspection global rate limit set to 600 pps.
Console> (enable)
This example shows how to disable rate limiting:
Console> (enable) set security acl feature rate-limit 0
CAUTION: Dot1x DHCP and ARP Inspection global rate limit is disabled.
2003 Apr 07 07:13:36 %ACL-4-ARPINSPECTRATELIMITDISABLED:Dot1x DHCP and ARP Inspection
global rate is disabled
Console> (enable)
Related Commands
set port arp-inspection
show security acl feature ratelimit
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-536
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
set security acl ip
To create a new entry in a standard IP VACL and append the new entry at the end of the VACL, use the
set security acl ip command.
set security acl ip {acl_name} {permit | deny} {src_ip_spec} [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} [permit | deny] arp
set security acl ip {acl_name} {permit | deny | redirect {adj_name | mod_num/port_num}}
{protocol} {src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [fragment]
[capture] [before editbuffer_index | modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [ip]
{src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [fragment] [capture]
[before editbuffer_index | modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [icmp | 1]
{src_ip_spec} {dest_ip_spec} [icmp_type] [icmp_code] | [icmp_message]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [tcp | 6]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]] [established]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [udp | 17]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny} arp-inspection {host ip_addr}
{mac_addr | any [log]}
set security acl ip {acl_name} {permit | deny} arp-inspection any any [log]
set security acl ip {acl_name} {permit | deny} arp-inspection {host ip_addr} {ip_mask} any
[log]
set security acl ip {acl_name} permit dot1x-dhcp [before edit_buffer | modify edit_buffer]
set security acl ip {acl_name} permit any
Syntax Description
acl_name
Unique name that identifies the lists to which the entry belongs.
permit
Allows traffic from the source IP address.
deny
Blocks traffic from the source IP address.
src_ip_spec
Source IP address and the source mask. See the “Usage Guidelines”
section for the format.
before
editbuffer_index
(Optional) Inserts the new ACE in front of another ACE.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-537
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
modify
editbuffer_index
(Optional) Replaces an ACE with the new ACE.
log
(Optional) Logs denied packets.
arp
Specifies ARP.
redirect
Specifies to which switched ports the packet is redirected.
mod_num/port_num
Number of the module and port.
adj_name
Name of the adjacency table entry.
protocol
Keyword or number of an IP protocol; valid numbers are from 0 to
255 representing an IP protocol number. See the “Usage Guidelines”
section for the list of valid keywords.
dest_ip_spec
Destination IP address and the destination mask. See the “Usage
Guidelines” section for the format.
precedence
precedence
(Optional) Specifies the precedence level; valid values are from 0 to
7 or by name. See the “Usage Guidelines” section for a list of valid
names.
tos tos
(Optional) Specifies the type of service level; valid values are from 0
to 15 or by name. See the “Usage Guidelines” section for a list of
valid names.
fragment
(Optional) Filters IP traffic that carries fragments.
capture
(Optional) Specifies packets are switched normally and captured;
permit must also be enabled.
ip
(Optional) Matches any Internet Protocol packet.
icmp | 1
(Optional) Matches ICMP packets.
icmp-type
(Optional) ICMP message type name or a number; valid values are
from 0 to 255. See the “Usage Guidelines” section for a list of valid
names.
icmp-code
(Optional) ICMP message code name or a number; valid values are
from 0 to 255. See the “Usage Guidelines” section for a list of valid
names.
icmp-message
(Optional) ICMP message type name or ICMP message type and
code name. See the “Usage Guidelines” section for a list of valid
names.
tcp | 6
(Optional) Matches TCP packets.
operator
(Optional) Operands; valid values include lt (less than), gt (greater
than), eq (equal), neq (not equal), and range (inclusive range).
port
(Optional) Number or name of a TCP or UDP port; valid port
numbers are from 0 to 65535. See the “Usage Guidelines” section for
a list of valid names.
established
(Optional) Specifies an established connection; used only for TCP
protocol.
udp | 17
(Optional) Matches UDP packets.
arp-inspection
Specifies ARP inspection.
host ip_addr
Specifies the host and host’s IP address.
mac_addr
Specifies the MAC address.
any
Matches any IP address or MAC address.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-538
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
ip_mask
Specifies the IP mask.
dot1x-dhcp
Specifies dot1x authentication for the DHCP Relay Agent.
Defaults
There are no default ACLs and no default ACL-VLAN mappings. By default, ARP is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and hardware only after you
enter the commit command. Enter ACEs in batches, and then enter the commit command to save them
in NVRAM and in the hardware.
The arp keyword is supported on switches configured with the Supervisor Engine 2 with Layer 3
Switching Engine II (PFC2). The arp keyword is supported on a per-ACL basis only; either ARP is
allowed or ARP is denied.
If you use the fragment keyword in an ACE, this ACE applies to nonfragmented traffic and to the
fragment with offset equal to zero in a fragmented flow.
A fragmented ACE that permits Layer 4 traffic from host A to host B also permits fragmented traffic from
host A to host B regardless of the Layer 4 port.
If you use the capture keyword, the ports that capture the traffic and transmit out are specified by
entering the set security acl capture-ports command.
When you enter the ACL name, follow these naming conventions:
•
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
•
Case sensitive
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
When you specify the source IP address and the source mask, use the form
source_ip_address source_mask and follow these guidelines:
•
The source_mask is required; 0 indicates a care bit, 1 indicates a don’t-care bit.
•
Use a 32-bit quantity in four-part dotted-decimal format.
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0
255.255.255.255.
•
Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
When you enter a destination IP address and the destination mask, use the form destination_ip_address
destination_mask. The destination mask is required.
•
Use a 32-bit quantity in a four-part dotted-decimal format.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-539
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0
255.255.255.255.
•
Use host/source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
The log keyword is an option of deny only. If you want to change an existing VACL configuration to
deny with log, you must first clear the VACL and then set it again.
The log keyword is supported on systems configured with Supervisor Engine 2 with Layer 3 Switching
Engine II (PFC2) only.
Valid names for precedence are critical, flash, flash-override, immediate, internet, network, priority, and
routine.
Valid names for tos are max-reliability, max-throughput, min-delay, min-monetary-cost, and normal.
Valid protocol keywords include icmp (1), ip, ipinip (4), tcp (6), udp (17), igrp (9), eigrp (88),
gre (47), nos (94), ospf (89), ahp (51), esp (50), pcp (108), and pim (103). The IP number is displayed
in parentheses. Use the keyword ip to match any Internet Protocol.
ICMP packets that are matched by ICMP message type can also be matched by the ICMP message code.
Valid names for icmp_type and icmp_code are administratively-prohibited, alternate-address,
conversion-error, dod-host-prohibited, dod-net-prohibited, echo, echo-reply,
general-parameter-problem, host-isolated, host-precedence-unreachable, host-redirect,
host-tos-redirect, host-tos-unreachable, host-unknown, host-unreachable, information-reply,
information-request, mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect,
net-tos-unreachable, net-unreachable, network-unknown, no-room-for-option, option-missing,
packet-too-big, parameter-problem, port-unreachable, precedence-unreachable, protocol-unreachable,
reassembly-timeout, redirect, router-advertisement, router-solicitation, source-quench,
source-route-failed, time-exceeded, timestamp-reply, timestamp-request, traceroute, ttl-exceeded, and
unreachable.
If the operator is positioned after the source and source-wildcard, it must match the source port. If the
operator is positioned after the destination and destination-wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators require one port number.
TCP port names can be used only when filtering TCP. Valid names for TCP ports are bgp, chargen,
daytime, discard, domain, echo, finger, ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp,
pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www.
UDP port names can be used only when filtering UDP. Valid names for UDP ports are biff, bootpc,
bootps, discard, dns, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp,
snmptrap, sunrpc, syslog, tacacs-ds, talk, tftp, time, who, and xdmcp.
The number listed with the protocol type is the layer protocol number (for example, udp | 17).
If no layer protocol number is entered, you can enter the following syntax:
set security acl ip {acl_name} {permit | deny} {src_ip_spec} [before editbuffer_index |
modify editbuffer_index]
If a Layer 4 protocol is specified, you can enter the following syntax:
set security acl ip {acl_name} {permit | deny | redirect mod_num/port_num} {protocol}
{src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [capture]
[before editbuffer_index | modify editbuffer_index]
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-540
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
For IP, you can enter the following syntax:
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [ip]
{src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [capture]
[before editbuffer_index | modify editbuffer_index]
For ICMP, you can enter the following syntax:
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [icmp | 1]
{src_ip_spec} {dest_ip_spec} [icmp_type] [icmp_code] | [icmp_message]
[precedence precedence] [tos tos] [capture] [before editbuffer_index |
modify editbuffer_index]
For TCP, you can use the following syntax:
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [tcp | 6]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]] [established]
[precedence precedence] [tos tos] [capture] [before editbuffer_index |
modify editbuffer_index]
For UDP, you can use the following syntax:
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [udp | 17]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]]
[precedence precedence] [tos tos] [capture] [before editbuffer_index |
modify editbuffer_index]
Examples
These examples show different ways to use the set security acl ip commands to configure IP security
ACL:
Console> (enable) set security acl ip IPACL1 deny 1.2.3.4 0.0.0.0
IPACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Console> (enable) set security acl ip IPACL1 deny host 171.3.8.2 before 2
IPACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Console> (enable) set security acl ip IPACL1 permit any any
IPACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Console> (enable) set security acl ip IPACL1 redirect 3/1 ip 3.7.1.2 0.0.0.255 host
255.255.255.255 precedence 1 tos min-delay
IPACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Console> (enable) set security acl ip IPACL1 permit ip host 60.1.1.1 host 60.1.1.98
capture
IPACL1 editbuffer modified. Use ’commit’ command to apply changes.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-541
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
Related Commands
clear security acl
clear security acl capture-ports
clear security acl map
commit
set security acl map
set security acl capture-ports
show security acl
show security acl capture-ports
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-542
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ipx
set security acl ipx
To create a new entry in a standard IPX VACL and to append the new entry at the end of the VACL, use
the set security acl ipx command.
set security acl ipx {acl_name} {permit | deny | redirect mod_num/port_num} {protocol}
{src_net} [dest_net.[dest_node] [[dest_net_mask.]dest_node_mask]] [capture]
[before editbuffer_index | modify editbuffer_index]
Syntax Description
acl_name
Unique name that identifies the list to which the entry belongs.
permit
Allows traffic from the specified source IPX address.
deny
Blocks traffic from the specified source IPX address.
redirect
Redirects traffic from the specified source IPX address.
mod_num/port_num Number of the module and port.
protocol
Keyword or number of an IPX protocol; valid values are from 0 to 255
representing an IPX protocol number. See the “Usage Guidelines”
section for a list of valid keywords and corresponding numbers.
src_net
Number of the network from which the packet is being sent. See the
“Usage Guidelines” section for format guidelines.
dest_net.
(Optional) Number of the network from which the packet is being sent.
dest_node
(Optional) Node on destination-network to which the packet is being
sent.
dest_net_mask.
(Optional) Mask to be applied to the destination network. See the “Usage
Guidelines” section for format guidelines.
dest_node_mask
(Optional) Mask to be applied to the destination-node. See the “Usage
Guidelines” section for format guidelines.
capture
(Optional) Specifies packets are switched normally and captured.
before
editbuffer_index
(Optional) Inserts the new ACE in front of another ACE.
modify
editbuffer_index
(Optional) Replaces an ACE with the new ACE.
Defaults
There are no default ACLs and no default ACL-VLAN mappings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and hardware only after you
enter the commit command. Enter ACEs in batches, and then enter the commit command to save all of
them in NVRAM and in the hardware.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-543
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ipx
If you use the capture keyword, the ports that capture the traffic and transmit out are specified by
entering the set security acl capture-ports command.
When you enter the ACL name, follow these naming conventions:
•
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
•
Case sensitive
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Valid protocol keywords include ncp (17), netbios (20), rip (1), sap (4), and spx (5).
The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network
cable segments. When you specify the src_net or dest_net, use the following guidelines:
•
It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks.
•
You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA.
The dest_node is a 48-bit value represented by a dotted triplet of 4-digit hexadecimal numbers
(xxxx.xxxx.xxxx).
The dest_net_mask. is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.
The mask must be immediately followed by a period, which must in turn be immediately followed by
the destination-node-mask. You can enter this value only when dest_node is specified.
The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers
(xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when
dest_node is specified.
The dest_net_mask. is an eight-digit hexadecimal number that uniquely identifies the network cable
segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks. You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA. Following are dest_net_mask. examples:
•
123A
•
123A.1.2.3
•
123A.1.2.3 ffff.ffff.ffff
•
1.2.3.4 ffff.ffff.ffff.ffff
Use the show security acl command to display the list.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-544
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ipx
Examples
This example shows how to block traffic from a specified source IPX address:
Console> (enable) set security acl ipx IPXACL1 deny 1.a
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to deny traffic from hosts in specific subnet (10.1.2.0/8):
Console> (enable) set security acl ipx SERVER deny ip 10.1.2.0 0.0.0.255 host 10.1.1.100
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Related Commands
clear security acl
clear security acl capture-ports
clear security acl map
commit
set security acl map
set security acl capture-ports
show security acl
show security acl capture-ports
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-545
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl log
set security acl log
To configure the security ACL log table, use the set security acl log command.
set security acl log maxflow max_flows
set security acl log ratelimit max_rate
Syntax Description
maxflow
max_flows
Specifies the maximum flow pattern number in packets per second;
valid values are from 256 to 2048.
ratelimit
max_rate
Specifies the redirect rate in packets per second; valid values are 0
and from 500 to 5000. See the “Usage Guidelines” section for more
information.
Defaults
The default max_number is 500 packets per second and the default ratelimit is 2500 packets per second.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The command is supported on systems configured with Supervisor Engine 2 with Layer 3 Switching
Engine II (PFC2) only.
The set security acl log maxflow command tries to allocate a new log table based on the maximum flow
pattern number to store logged packet information. If successful, the new buffer replaces the old one and
all flows in the old table are cleared. If either memory is not enough or the maximum number is over the
limit, an error message is displayed and the command is dropped.
The set security acl log ratelimit command tries to set the redirect rate in packets per second. If the
configuration is over the range, the command is discarded and the range is displayed on the console.
If you want to disable rate limiting for VACL logging, enter a rate argument of 0.
Examples
This example shows how to set the maximum flow:
Console> (enable) set security acl log maxflow 322
Log table size set to 322 flow entries.
Console> (enable)
This example shows how to set the rate limit:
Console> (enable) set security acl log ratelimit 3444
Max logging eligible packet rate set to 3444pps.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-546
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl log
This example shows how to disable rate limiting:
Console>
CAUTION:
2003 Apr
Console>
Related Commands
(enable) set security acl log rate-limit 0
Rate limit for logging eligible packet is disabled.
07 07:13:36 %ACL-4-VACLLOGRATELIMITDISABLED:VACL Logging rate limit disabled
(enable)
clear security acl log flow
set security acl log
show security acl log
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-547
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl mac
set security acl mac
To create a new entry in a non-IP or non-IPX protocol VACL and to append the new entry at the end of
the VACL, use the set security acl mac command.
set security acl mac {acl_name} {permit | deny} {src_mac_addr_spec}
{dest_mac_addr_spec} [ether-type] [capture] [before editbuffer_index |
modify editbuffer_index]
Syntax Description
acl_name
Unique name that identifies the list to which the entry belongs.
permit
Allows traffic from the specified source MAC address.
deny
Blocks traffic from the specified source MAC address.
src_mac_addr_spec
Source MAC address and mask in the form
source_mac_address source_mac_address_mask.
dest_mac_addr_spec
Destination MAC address and mask.
ether-type
(Optional) Number or name that matches the Ethertype for
Ethernet-encapsulated packets; valid values are 0x0600, 0x0601,
0x0BAD, 0x0BAF, 0x6000-0x6009, 0x8038-0x8042, 0x809b, and
0x80f3. See the “Usage Guidelines” section for a list of valid names.
capture
(Optional) Specifies packets are switched normally and captured.
before editbuffer_index (Optional) Inserts the new ACE in front of another ACE.
modify
editbuffer_index
(Optional) Replaces an ACE with the new ACE.
Defaults
There are no default ACLs and no default ACL-VLAN mappings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and hardware only after you
enter the commit command. Enter ACEs in batches, and then enter the commit command to save all of
them in NVRAM and in the hardware.
If you use the capture keyword, the ports that capture the traffic and transmit out are specified by
entering the set security acl capture-ports command.
When you enter the ACL name, follow these naming conventions:
•
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
•
Case sensitive
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-548
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl mac
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
The src_mac_addr_spec is a 48-bit source MAC address and mask and entered in the form of
source_mac_address source_mac_address_mask (for example, 08-11-22-33-44-55 ff-ff-ff-ff-ff-ff).
Place ones in the bit positions you want to mask. When you specify the src_mac_addr_spec, follow these
guidelines:
•
The source_mask is required; 0 indicates a care bit; 1 indicates a don’t-care bit.
•
Use a 32-bit quantity in four-part dotted-decimal format.
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0
255.255.255.255.
•
Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
The dest_mac_spec is a 48-bit destination MAC address and mask and entered in the form of
dest_mac_address dest_mac_address_mask (for example, 08-00-00-00-02-00/ff-ff-ff-00-00-00). Place
ones in the bit positions you want to mask. The destination mask is mandatory. When you specify the
dest_mac_spec, use the following guidelines:
•
Use a 48-bit quantity in 6-part dotted-hexadecimal format for a source address and mask.
•
Use the keyword any as an abbreviation for a source and source-wildcard of 0-0-0-0-0-0-0
ff-ff-ff-ff-ff-ff.
•
Use host source as an abbreviation for a destination and destination-wildcard of destination
0-0-0-0-0-0.
Valid names for Ethertypes (and corresponding numbers) are EtherTalk (0x809B), AARP (0x8053),
dec-mop-dump (0x6001), dec-mop-remote-console (0x6002), dec-phase-iv (0x6003), dec-lat (0x6004),
dec-diagnostic-protocol (0x6005), dec-lavc-sca (0x6007), dec-amber (0x6008), dec-mumps (0x6009),
dec-lanbridge (0x8038), dec-dsm (0x8039), dec-netbios (0x8040), dec-msdos (0x8041),
banyan-vines-echo (0x0baf), xerox-ns-idp (0x0600), and xerox-address-translation (0x0601).
Use the show security acl command to display the list.
Examples
This example shows how to block traffic to an IP address:
Console> (enable) set security acl mac MACACL1 deny 01-02-02-03-04-05
MACACL1 editbuffer modified. User ‘commit’ command to apply changes.
Console> (enable)
Related Commands
clear security acl
clear security acl capture-ports
clear security acl map
commit
set security acl map
set security acl capture-ports
show security acl
show security acl capture-ports
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-549
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl map
set security acl map
To map an existing VACL to a VLAN, use the set security acl map command.
set security acl map acl_name vlan
Syntax Description
acl_name
Unique name that identifies the list to which the entry belongs.
vlan
Number of the VLAN to be mapped to the VACL; valid values are from 1 to 1005 and
from 1025 to 4094.
Defaults
There are no default ACLs and no default ACL-VLAN mappings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved in NVRAM. This command does not
require that you enter the commit command. Each VLAN can be mapped to only one ACL of each type
(IP, IPX, and MAC). An ACL can be mapped to a VLAN only after you have committed the ACL.
When you enter the ACL name, follow these naming conventions:
Caution
Examples
•
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
•
Must start with an alpha character and must be unique across all ACLs of all types
•
Case sensitive
•
Cannot be a number
•
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Use the copy command to save the ACL configuration to Flash memory.
This example shows how to map an existing VACL to a VLAN:
Console> (enable) set security acl map IPACL1 1
ACL IPACL1 mapped to vlan 1
Console> (enable)
This example shows the output if you try to map an ACL that has not been committed:
Console> (enable) set security acl map IPACL1 1
Commit ACL IPACL1 before mapping.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-550
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl map
This example shows the output if you try to map an ACL that is already mapped to a VLAN for the ACL
type (IP, IPX, or MAC):
Console> (enable) set security acl map IPACL2 1
Mapping for this type already exists for this VLAN.
Console> (enable)
Related Commands
clear security acl
clear security acl map
commit
show security acl
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-551
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp
set snmp
To enable or disable the processing of SNMP requests to the switch and SNMP traps from the switch,
use the set snmp command.
set snmp {enable | disable}
Syntax Description
enable
Enables SNMP processing.
disable
Disables SNMP processing.
Defaults
By default, SNMP processing is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When SNMP processing is enabled, the switch processes SNMP inquiries and sends out SMNP traps if
there are no conflicts with other SNMP configurations. When SNMP processing is disabled, the switch
ignores SNMP requests and no SNMP traps are sent out regardless of other SNMP configurations.
Whether SNMP processing is enabled or disabled, you can change other SNMP configurations, and
RMON-related processes are not affected.
The SNMP ifIndex persistence feature is always enabled. With the ifIndex persistence feature, the
ifIndex value of the port and VLAN is always retained and used after the following occurrences:
•
Switch reboot
•
High-availability switchover
•
Software upgrade
•
Module reset
•
Module removal and insertion of the same type of module
For Fast EtherChannel and Gigabit EtherChannel interfaces, the ifIndex value is only retained and used
after a high-availability switchover.
Examples
This example shows how to disable SNMP processing:
Console> (enable) set snmp disable
SNMP disabled
Console> (enable)
Related Commands
show snmp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-552
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp access
set snmp access
To define the access rights of an SNMP group, use the set snmp access command.
set snmp access [-hex] {groupname} {security-model {v1 | v2c}}
[read [-hex] {readview}] [write [-hex] {writeview}] [notify [-hex] {notifyview}]
[volatile | nonvolatile]
set snmp access [-hex] {groupname} {security-model v3 {noauthentication |
authentication | privacy}} [read [-hex] {readview}] [write [-hex] {writeview}]
[notify [-hex] {notifyview}] [context [-hex] contextname [exact | prefix]] [volatile |
nonvolatile]
Syntax Description
Defaults
-hex
(Optional) Displays the groupname, readview, writeview, notifyview, and
contextname in a hexadecimal format.
groupname
Name of the SNMP group.
security-model v1 |
v2c
Specifies security-model v1 or v2c.
read readview
(Optional) Specifies the name of the view that allows you to see the MIB
objects.
write writeview
(Optional) Specifies the name of the view that allows you to configure
the contents of the agent.
notify notifyview
(Optional) Specifies the name of the view that allows you to send a trap
about MIB objects.
v3
Specifies security model v3.
noauthentication
Specifies security model is not set to use authentication protocol.
authentication
Specifies the type of authentication protocol.
privacy
Specifies the messages sent on behalf of the user are protected from
disclosure.
volatile
(Optional) Specifies that the storage type is defined as temporary
memory and the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent memory
and the content remains after the device is turned off and on again.
context contextname
(Optional) Specifies the name of the context string and the way to match
the context string; maximum of 32 characters.
exact
(Optional) Specifies that an exact match between the contextname and
the value of vacmAccessContextPrefix is required to select this entry.
prefix
(Optional) Specifies that only a match between
vacmAccessContextPrefix and the starting portion of contextname is
required to select this entry.
The defaults are as follows:
•
storage type is nonvolatile.
•
read readview is Internet OID space.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-553
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp access
•
write writeview is NULL OID.
•
notify notifyview is NULL OID.
•
context contextname is a NULL string.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname, readview, writeview, and notifyview (nonprintable
delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal
digits separated by a colon (:); for example, 00:ab:34.
readview is assumed to be every object belonging to the Internet (1.3.6.1) OID space; you can use the
read option to override this state.
For writeview, you must also configure write access.
For notifyview, if a view is specified, any notifications in that view are sent to all users associated with
the group. (An SNMP server host configuration must exist for the user.)
For contextname, the string is treated as either a full context name or the prefix of a context name,
depending on whether you enter the exact or prefix keyword. If you enter the prefix keyword, this
allows you to enter a simple form of wildcarding. For example, if you enter a contextname of vlan, vlan-1
and vlan-100 will be selected.
If you do not enter a context name, a NULL context string is used.
Examples
This example shows how to set the SNMP access rights for a group:
Console> (enable) set snmp access cisco-group security-model v3 authentication
SNMP access group was set to cisco-group version v3 level authentication, readview
internet, nonvolatile.
Console> (enable)
Related Commands
clear snmp access
show snmp access
show snmp context
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-554
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp access-list
set snmp access-list
To specify an access list number for a host or group of hosts, use the set snmp access-list command.
set snmp access-list access_number IP_address [ipmask maskaddr]
Syntax Description
access_number
Number that specifies a list of hosts that are pemitted to use a specific
community string; valid values are 1 to 65535.
IP_address
IP address that is associated with the access list. See the “Usage Guidelines”
section for more information.
ipmask maskaddr
(Optional) Sets a mask for the IP address. See the “Usage Guidelines”
section for more in information.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify more than one IP address, separate each IP address with a space.
If you use anaccess list number that is already in use, the new IP addresses are appended to the access
list. You can clear one or more IP addresses associated with an access list by entering the clear snmp
access-list command.
The maskaddr variable is in the format xxx.xxx.xxx.xxx.
Examples
This example shows how to associate the IP address of a host to access list number 1:
Console> (enable) set snmp access-list 1 172.20.60.100
Host 172.20.60.100 is associated with access number 1.
Console> (enable)
This example shows how to associate the IP addresses of two hosts to access list number 101:
Console> (enable) set snmp access-list 101 172.20.60.10 172.20.60.90
Hosts 172.20.60.10, 172.20.60.90 are associated with access number 101.
Console> (enable)
This example shows how to associate the IP address and subnet mask of a host to access list number 2:
Console> (enable) set snmp access-list 2 172.20.60.100 ipmask 255.0.0.0
Access nmber 2 has been created with new IP Address 172.20.60.100 mask 255.0.0.0
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-555
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp access-list
Related Commands
clear snmp access-list
show snmp access-list
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-556
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp buffer
set snmp buffer
To set the size of the SNMP UDP socket receive buffer, use the set snmp buffer command.
set snmp buffer {packets}
Syntax Description
packets
Defaults
95 packets.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can adjust the SNMP UDP socket receive buffer up to 95 packets by using the set snmp buffer
command.
Examples
This example shows how to set the SNMP UDP socket receive buffer to 45:
Number of packets allowed in the buffer; valid ranges are from 32 to 95.
Console> (enable) set snmp buffer 45
SNMP socket receive buffer set to 45 packets.
Console> (enable)
This example shows the error message the displays when you try to set the SNMP UDP socket receive
buffer above the valid range:
Console> (enable) set snmp buffer 100
Invalid input. Must be an integer between 32 and 95.
Console> (enable)
Related Commands
show snmp buffer
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-557
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp chassis-alias
set snmp chassis-alias
To set the chassis alias and save it in NVRAM and in the configuration file, use the set snmp
chassis-alias command.
set snmp chassis-alias [chassisAlias]
Syntax Description
chassisAlias
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The chassisAlias value must be from 0 to 32 characters.
(Optional) Chassis entPhysicalAlias. See the “Usage Guidelines” section
for more information about setting the chassis alias.
To clear the chassisAlias value, enter the set snmp chassis-alias command without entering a
chassisAlias value.
Examples
This example shows how to set the chassis alias:
Console> (enable) set snmp chassis-alias my chassis
SNMP chassis entPhysicalAlias set to 'my chassis'.
Console> (enable)
This example shows how to clear the chassis alias:
Console> (enable) set snmp chassis-alias
SNMP chassis entPhysicalAlias cleared.
Console> (enable)
This example shows the message that appears when you attempt to set a chassis alias that exceeds 32
characters:
Console> (enable) set snmp chassis-alias 123456789123456789123456789123456789
Chassis entPhysicalAlias must be less than 33 characters.
Console> (enable)
Related Commands
show snmp
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-558
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp community
set snmp community
To set SNMP communities and associated access types, use the set snmp community command.
set snmp community {read-only | read-write | read-write-all} [community_string]
set snmp community index [-hex] index-name name community_string security [-hex]
security-name [context [-hex] context-name] [volatile | nonvolatile]
[transporttag [-hex] tag-value]
Syntax Description
Defaults
read-only
Assigns read-only access to the specified SNMP community.
read-write
Assigns read-write access to the specified SNMP community.
read-write-all
Assigns read-write access to the specified SNMP community.
community_string
(Optional) Name of the SNMP community.
index
Sets the SNMP community index
-hex
(Optional) Specifies the SNMP community index in hexadecimal format.
index-name
SNMP community index name.
name
Sets the SNMP community name.
security
Sets the SNMP community security name.
security-name
SNMP community security name.
context
(Optional) Sets the SNMP context name.
context-name
(Optional) SNMP community context name.
volatile
(Optional) Specifies that the storage type is defined as temporary memory
and the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent memory
and the content remains after the device is turned off and on again.
transporttag
(Optional) Specifies SNMP transport endpoints.
tag-value
(Optional) Transport tag value.
The default is the following communities and access types are defined:
•
public—read-only
•
private—read-write
•
secret—read-write-all
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-559
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp community
There are three configurable SNMP communities, one for each access type. If you do not specify the
community string, the community string configured for that access type is cleared.
The community_string variable cannot contain the @ symbol.
To support the access types, you also need to configure four MIB tables: vacmContextTable,
vacmSecurityToGroupTable, vacmAccessTable, and vacmViewTreeFamilyTable. Use the clear config
snmp command to reset these tables to the default values.
Examples
This example shows how to set read-write access to the SNMP community called yappledapple:
Console> (enable) set snmp community read-write yappledapple
SNMP read-write community string set to yappledapple.
Console> (enable)
This example shows how to clear the community string defined for read-only access:
Console> (enable) set snmp community read-only
SNMP read-only community string cleared.
Console> (enable)
Related Commands
clear config
clear snmp community
show snmp
show snmp community
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-560
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp community-ext
set snmp community-ext
To set additional community strings, use the set snmp community-ext command.
set snmp community-ext community_string {read-only | read-write | read-write-all}
[view view_oid] [access access_number]
Syntax Description
community_string
Name of the SNMP community.
read-only
Assigns read-only access to the specified SNMP community.
read-write
Assigns read-write access to the specified SNMP community.
read-write-all
Assigns read-write access to the specified SNMP community.
view view_oid
(Optional) Restricts the community string to a view. See the “Usage
Guidelines” section for more information.
access access_number
(Optional) Restricts the community string to an access number; valid values
are from 1 to 65335.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Types
Privileged.
Usage Guidelines
Adding a new community string using the set snmp community-ext command creates appropriate
entries in the vacmAccessTable (if a view is specified), snmpCommunityTable, and
vacmSecurityToGroup tables.
An example of the view_oid variable is 1.3.6.1.2.1.
Examples
This example shows how to set an additional SNMP community string:
Console> (enable) set snmp community-ext public1 read-only
Community string public1 is created with access type as read-only
Console> (enable)
This example shows how to restrict the community string to an access number:
Console> (enable) set snmp community-ext private1 read-write access 2
Community string private1 is created with access type as read-write access
number 2
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-561
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp community-ext
This example shows how to change the access number to the community string:
Console> (enable) set snmp community-ext private1 read-write access 3
Community string private1 is updated with access type as read-write access
number 3
Console> (enable)
Related Commands
clear snmp community-ext
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-562
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp extendedrmon netflow
set snmp extendedrmon netflow
To enable or disable the SNMP extended RMON support for the NAM module, use the set snmp
extendedrmon netflow command.
set snmp extendedrmon netflow {enable | disable} {mod}
Syntax Description
enable
Enables the extended RMON support.
disable
Disables the extended RMON support.
mod
Module number of the extended RMON NAM.
Defaults
The default is SNMP-extended RMON NetFlow is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable SNMP-extended RMON NetFlow support:
Console> (enable) set snmp extendedrmon netflow enable 2
Snmp extended RMON netflow enabled
Console> (enable)
This example shows how to disable SNMP-extended RMON NetFlow support:
Console> (enable) set snmp extendedrmon netflow disable 2
Snmp extended RMON netflow disabled
Console> (enable)
This example shows the response when the SNMP-extended RMON NetFlow feature is not supported:
Console> (enable) set snmp extendedrmon enable 4
NAM card is not installed.
Console> (enable)
Related Commands
set snmp rmon
show snmp
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-563
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp group
set snmp group
To establish the relationship between an SNMP group and a user with a specific security model, use the
set snmp group command.
set snmp group [-hex] {groupname} user [-hex] {username}
{security-model {v1 | v2c | v3}} [volatile | nonvolatile]
Syntax Description
-hex
(Optional) Displays the groupname and username in a hexadecimal
format.
groupname
Name of the SNMP group that defines an access control; the maximum
length is 32 bytes.
user
Specifies the SNMP group username.
username
Name of the SNMP user that belongs to the SNMP group; the maximum
length is 32 bytes.
security-model
v1 | v2c | v3
Specifies security-model v1, v2c, or v3.
volatile
(Optional) Specifies that the storage type is defined as temporary memory
and the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent memory
and the content remains after the device is turned off and on again.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname or username (nonprintable delimiters for these parameters),
you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:);
for example, 00:ab:34.
Examples
This example shows how to set the SNMP group:
Console> (enable) set snmp group cisco-group user joe security-model v3
SNMP group was set to cisco-group user joe and version v3,nonvolatile.
Console> (enable)
Related Commands
clear snmp group
show snmp group
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-564
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp ifalias
set snmp ifalias
To set the SNMP interface alias, use the set snmp ifalias command.
set snmp ifalias {ifIndex} [ifAlias]
Syntax Description
ifIndex
Interface index number.
ifAlias
(Optional) Name of the interface alias. See the “Usage Guidelines” section for more
information.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The ifAlias string can contain 0 to 64 characters.
Examples
This example shows how to set the SNMP interface alias:
Console> (enable) set snmp ifalias 1 Inband port
ifIndex 1 alias set
Console> (enable)
Related Commands
clear snmp ifalias
show snmp ifalias
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-565
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp notify
set snmp notify
To set the notifyname entry in the snmpNotifyTable and the notifytag entry in the
snmpTargetAddrTable, use the set snmp notify command.
set snmp notify [-hex] {notifyname} tag [-hex] {notifytag}
[trap | inform] [volatile | nonvolatile]
Syntax Description
-hex
(Optional) Displays the notifyname and notifytag in a hexadecimal format.
notifyname
Identifier to index the snmpNotifyTable.
tag
Specifies the tag name in the taglist.
notifytag
Name of entries in the snmpTargetAddrTable.
trap
(Optional) Specifies all messages that contain snmpv2-Trap PDUs.
inform
(Optional) Specifies all messages that contain InfoRequest PDUs.
volatile
(Optional) Specifies that the storage type is defined as temporary memory and
the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent memory and
the content remains after the device is turned off and on again.
Defaults
The defaults are storage type is volatile and notify type is trap.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the notifyname and notifytag (nonprintable delimiters for these
parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by
a colon (:); for example, 00:ab:34.
Examples
This example shows how to set the SNMP notify for a specific notifyname:
Console> (enable) set snmp notify hello tag world inform
SNMP notify name was set to hello with tag world notifyType inform, and storageType
nonvolatile.
Console> (enable)
Related Commands
clear snmp notify
show snmp notify
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-566
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp rmon
set snmp rmon
To enable or disable SNMP RMON support, use the set snmp rmon command.
set snmp rmon {enable | disable}
Syntax Description
enable
Activates SNMP RMON support.
disable
Deactivates SNMP RMON support.
Defaults
The default is RMON support is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
RMON statistics are collected on a segment basis.
The RMON feature deinstalls all of the domains for all of the interfaces on an Ethernet module that has
been removed from the system.
When you enable RMON, the supported RMON groups for Ethernet ports are Statistics, History,
Alarms, and Events as specified in RFC 1757.
Use of this command requires a separate software license.
Examples
This example shows how to enable RMON support:
Console> (enable) set snmp rmon enable
SNMP RMON support enabled.
Console> (enable)
This example shows how to disable RMON support:
Console> (enable) set snmp rmon disable
SNMP RMON support disabled.
Console> (enable)
Related Commands
show port counters
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-567
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp rmonmemory
set snmp rmonmemory
To set the memory usage limit in percentage, use the set snmp rmonmemory command.
set snmp rmonmemory percentage
Syntax Description
percentage
Defaults
The default is 85 percent.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Memory usage limit; see the “Usage Guidelines” section for
additional information.
When using this command, setting the percentage value to 85 does not mean that RMON can use
85 percent of memory, it means that you cannot create new RMON entries or restore entries from the
NVRAM if the memory usage exceeds 85 percent.
If you expect the device to run other sessions such as Telnet, a lower value should be set to the memory
limit. Otherwise, the new Telnet sessions may fail because the available memory is not enough.
Examples
This example shows how to set the memory usage limit:
Console> (enable) set snmp rmonmemory 90
Console> (enable)
Related Commands
show snmp rmonmemory
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-568
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp targetaddr
set snmp targetaddr
To configure the SNMP target address entries in the snmpTargetAddressTable, use the set snmp
targetaddr command.
set snmp targetaddr [-hex] {addrname} param [-hex] {paramsname} {ipaddr}
[udpport {port}] [timeout {value}] [retries {value}] [volatile | nonvolatile]
[taglist {[-hex] tag}] [[-hex] tag tagvalue]
Syntax Description
Defaults
-hex
(Optional) Displays addrname, paramsname, tagvalue, and tag in a
hexadecimal format.
addrname
Unique identifier to index the snmpTargetAddrTable; the maximum
length is 32 bytes.
param
Specifies an entry in the snmpTargetParamsTable that provides
parameters to be used when generating a message to the target; the
maximum length is 32 bytes.
paramsname
Entry in the snmpTargetParamsTable; the maximum length is 32 bytes.
ipaddr
IP address of the target.
udpport port
(Optional) Specifies which UDP port of the target host to use.
timeout value
(Optional) Specifies the number of timeouts.
retries value
(Optional) Specifies the number of retries.
volatile
(Optional) Specifies that the storage type is defined as temporary
memory and the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent
memory and the content remains after the device is turned off and on
again.
taglist tag
(Optional) Specifies a tag name in the taglist.
tag tagvalue
(Optional) Specifies the tag name.
The defaults are as follows:
•
storage type is nonvolatile.
•
udpport is 162.
•
timeout is 1500.
•
retries is 3.
•
taglist is NULL.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-569
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp targetaddr
Usage Guidelines
If you use special characters for the addrname, paramsname, tag, and tagvalue (nonprintable delimiters
for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits
separated by a colon (:); for example, 00:ab:34.
The maximum tagvalue and taglist length is 255 bytes.
Examples
This example shows how to set the target address in the snmpTargetAddressTable:
Console> (enable) set snmp targetaddr foo param bar 10.1.2.4 udp 160 timeout 10 retries 3
taglist tag1 tag2 tag3
SNMP targetaddr name was set to foo with param bar ipAddr 10.1.2.4, udpport 160, timeout
10, retries 3, storageType nonvolatile with taglist tag1 tag2 tag3.
Console> (enable)
Related Commands
clear snmp targetaddr
show snmp targetaddr
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-570
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp targetparams
set snmp targetparams
To configure the SNMP parameters used in the snmpTargetParamsTable when generating a message to
a target, use the set snmp targetparams command.
set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model {v1 |
v2c}} {message-processing {v1 | v2c | v3}} [volatile | nonvolatile]
set snmp targetparams [-hex] {paramsname} user [-hex] {username} {security-model v3}
{message-processing v3 {noauthentication | authentication | privacy}} [volatile |
nonvolatile]
Syntax Description
-hex
(Optional) Displays the paramsname and username in a hexadecimal
format.
paramsname
Name of the parameter in the snmpTargetParamsTable; the maximum
length is 32 bytes.
user
Specifies the SNMP group username.
username
Name of the SNMP user that belongs to the SNMP group; the maximum
length is 32 bytes.
security-model
v1 | v2c
Specifies security-model v1 or v2c.
message-processing Specifies the version number used by the message processing model.
v1 | v2c | v3
security-model v3
Specifies security-model v3.
message-processing Specifies v3 is used by the message-processing model.
v3
noauthentication
Specifies the security model is not set to use the authentication protocol.
authentication
Specifies the type of authentication protocol.
privacy
Specifies the messages sent on behalf of the user are protected from
disclosure.
volatile
(Optional) Specifies that the storage type is defined as temporary
memory and the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent
memory and the content remains after the device is turned off and on
again.
Defaults
The default storage type is volatile.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-571
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp targetparams
Usage Guidelines
If you use special characters for the paramsname and username (nonprintable delimiters for these
parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by
a colon (:); for example, 00:ab:34.
Examples
This example shows how to set target parameters in the snmpTargetParamsTable:
Console> (enable) set snmp targetparams bar user joe security-model v3 message-processing
v3 authentication
SNMP target params was set to bar v3 authentication, message-processing v3, user joe
nonvolatile.
Console> (enable)
Related Commands
clear snmp targetparams
show snmp targetparams
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-572
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp trap
set snmp trap
To enable or disable the different SNMP traps on the system or to add an entry into the SNMP
authentication trap receiver table, use the set snmp trap command.
set snmp trap {enable | disable} [all | auth | bridge | chassis | config | entity | entityfru |
envfan | envpower | envshutdown | flashinsert | flashremove | ippermit | macnotification |
module | stpx | syslog | system | vmps | vtp]
set snmp trap rcvr_addr rcvr_community [port rcvr_port] [owner rcvr_owner] [index rcvr_index]
Syntax Description
enable
Enables SNMP traps.
disable
Disables SNMP traps.
all
(Optional) Specifies all trap types and all port traps. See the “Usage
Guidelines” section before using this option.
auth
(Optional) Specifies the authenticationFailure trap from RFC 1157.
bridge
(Optional) Specifies the newRoot and topologyChange traps from RFC
1493 (the BRIDGE-MIB).
chassis
(Optional) Specifies the chassisAlarmOn and chassisAlarmOff traps from
the CISCO-STACK-MIB.
config
(Optional) Specifies the sysConfigChange trap from the
CISCO-STACK-MIB.
entity
(Optional) Specifies the entityMIB trap from the ENTITY-MIB.
entityfru
(Optional) Specifies the entity field replaceable unit (FRU).
envfan
(Optional) Specifies the environmental fan.
envpower
(Optional) Specifies the environmental power.
envshutdown
(Optional) Specifies the environmental shutdown.
flashinsert
(Optional) Specifies flash insertion.
flashremove
(Optional) Specifies flash removal.
ippermit
(Optional) Specifies the IP Permit Denied access from the
CISCO-STACK-MIB.
macnotification
(Optional) Specifies MAC address notification traps.
module
(Optional) Specifies the moduleUp and moduleDown traps from the
CISCO-STACK-MIB.
stpx
(Optional) Specifies the STPX trap.
syslog
(Optional) Specifies the syslog notification traps.
system
(Optional) Specifies the system.
vmps
(Optional) Specifies the vmVmpsChange trap from the
CISCO-VLAN-MEMBERSHIP-MIB.
vtp
(Optional) Specifies the VTP from the CISCO-VTP-MIB.
rcvr_addr
IP address or IP alias of the system to receive SNMP traps.
rcvr_community
Community string to use when sending authentication traps.
port rcvr_port
(Optional) Specifies the UDP port and port number; valid values are from
0 to 65535.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-573
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp trap
owner
rcvr_owner
(Optional) Specifies the user who configured the settings for the SNMP
trap; the valid value is a character string from 1 to 21 characters in length.
index rcvr_index (Optional) Specifies index entries with the same rcvr_addr; valid values
are from 0 to 65535.
Defaults
The default is SNMP traps are disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
An IP permit trap is sent when unauthorized access based on the IP permit list is attempted.
Use the show snmp command to verify the appropriate traps were configured.
To use this command, you must configure all notification tables: snmpTargetAddrTable,
snmpTargetParamsTable, and snmpNotifyTable.
Use the all option to enable or disable all trap types and all port traps.
Use the set port trap command to enable or disable a single port or a range of ports.
The trap configuration is saved in NVRAM and the configuration file.
Examples
This example shows how to enable SNMP chassis traps:
Console> (enable) set snmp trap enable chassis
SNMP chassis alarm traps enabled.
Console> (enable)
This example shows how to enable all traps:
Console> (enable) set snmp trap enable
All SNMP traps enabled.
Console> (enable)
This example shows how to disable SNMP chassis traps:
Console> (enable) set snmp trap disable chassis
SNMP chassis alarm traps disabled.
Console> (enable)
This example shows how to enable SNMP MAC address notification traps:
Console> (enable) set snmp trap enable macnotification
SNMP MAC notification trap enabled.
Console> (enable)
This example shows how to add an entry in the SNMP trap receiver table:
Console> (enable) set snmp trap 192.122.173.42 public
SNMP trap receiver added.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-574
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp trap
Console> (enable)
Related Commands
clear snmp trap
set port trap
show snmp
test snmp trap
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-575
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp user
set snmp user
To configure a new SNMP user, use the set snmp user command.
set snmp user [-hex] {username} {remote {engineid}} [authentication {md5 | sha |
authpassword}] [privacy {privpassword}] [volatile | nonvolatile]
Syntax Description
-hex
(Optional) Displays username in a hexadecimal format.
username
Name of the SNMP user.
remote engineid
Specifies the remote SNMP engine ID.
authentication
(Optional) Specifies the authentication protocol.
md5
Specifies HMAC-MD5-96 authentication protocol.
sha
Specifies HMAC-SHA-96 authentication protocol.
authpassword
Password for authentication.
privacy
privpassword
(Optional) Enables the host to encrypt the contents of the message
sent to or from the agent; the maximum length is 32 bytes.
volatile
(Optional) Specifies that the storage type is defined as temporary
memory and the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent
memory and the content remains after the device is turned off and on
again.
Defaults
The default storage type is volatile. If you do not specify authentication, the security level default will
be noauthentication. If you do not specify privacy, the default will be no privacy.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for username (nonprintable delimiters for this parameter), you must use a
hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example,
00:ab:34.
The authpassword and privpassword values must be hexadecimal characters without delimiters in
between.
Examples
This example shows how to set a specific username:
Console> (enable) set snmp user joe
Snmp user was set to joe authProt no-auth
Console> (enable)
privProt no-priv with engineid 00:00.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-576
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp user
This example shows how to set a specific username, authentication, and authpassword:
Console> (enable) set snmp user John authentication md5 arizona2
Snmp user was set to John authProt md5 authPasswd arizona2. privProt no-priv wi.
Console> (enable)
Related Commands
clear snmp user
show snmp user
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-577
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp view
set snmp view
To configure the SNMP MIB view, use the set snmp view command.
set snmp view [-hex]{viewname}{subtree}[mask] [included | excluded] [volatile | nonvolatile]
Syntax Description
Defaults
-hex
(Optional) Displays the viewname value in a hexadecimal format.
viewname
Name of a MIB view.
subtree
MIB subtree.
mask
(Optional) Specifies that the bit mask is used with the subtree. A bit mask
can be all ones, all zeros, or any combination; the maximum length is 3
bytes.
included |
excluded
(Optional) Specifies that the MIB subtree is included or excluded.
volatile
(Optional) Specifies that the storage type is defined as temporary memory
and the content is deleted if the device is turned off.
nonvolatile
(Optional) Specifies that the storage type is defined as persistent memory
and the content remains after the device is turned off and on again.
The defaults are as follows:
•
Storage type is volatile.
•
Bit mask is NULL.
•
MIB subtree is included.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for viewname (nonprintable delimiters for this parameter), you must use a
hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example,
00:ab:34.
A MIB subtree with a mask defines a view subtree. The MIB subtree can be in object identifier (OID)
format or a text name mapped to a valid OID.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-578
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set snmp view
Examples
This example shows how to assign a subtree to the view public:
Console> (enable) set snmp view public 1.3.6.1 included
Snmp view name was set to public with subtree 1.3.6.1 included, nonvolatile.
Control> (enable)
This example shows the response when the subtree is incorrect:
Console> (enable) set snmp view stats statistics excluded
Statistics is not a valid subtree OID
Control> (enable)
Related Commands
clear snmp view
show snmp view
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-579
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set span
set span
To enable or disable SPAN and to set up the switch port and VLAN analyzer for multiple SPAN sessions,
use the set span command.
set span disable [dest_mod/dest_port | all]
set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx | tx | both] [inpkts
{enable | disable}] [learning {enable | disable}] [multicast {enable | disable}]
[filter vlans...] [create]
Syntax Description
disable
Disables SPAN.
dest_mod
(Optional) Monitoring module (SPAN destination).
dest_port
(Optional) Monitoring port (SPAN destination).
all
(Optional) Disables all SPAN sessions.
src_mod
Monitored module (SPAN source).
src_ports
Monitored ports (SPAN source).
src_vlans
Monitored VLANs (SPAN source).
sc0
Specifies the inband port is a valid source.
rx
(Optional) Specifies that information received at the source (ingress
SPAN) is monitored.
tx
(Optional) Specifies that information transmitted from the source (egress
SPAN) is monitored.
both
(Optional) Specifies that information both transmitted from the source
(ingress SPAN) and received (egress SPAN) at the source are monitored.
inpkts enable
(Optional) Enables the receiving of normal inbound traffic on the SPAN
destination port.
inpkts disable
(Optional) Disables the receiving of normal inbound traffic on the SPAN
destination port.
learning enable
(Optional) Enables learning for the SPAN destination port.
learning disable
(Optional) Disables learning for the SPAN destination port.
multicast enable
(Optional) Enables monitoring multicast traffic (egress traffic only).
multicast disable
(Optional) Disables monitoring multicast traffic (egress traffic only).
filter vlans
(Optional) Monitors traffic on selected VLANs on source trunk ports.
create
(Optional) Create a SPAN port.
Defaults
The default is SPAN is disabled, no VLAN filtering is enabled, multicast is enabled, input packets are
disabled, and learning is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-580
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set span
Usage Guidelines
After you enable SPAN, system defaults are used if no parameters were ever set. If you changed
parameters, the old parameters are stored in NVRAM, and the new parameters are used.
Use a network analyzer to monitor ports.
If you specify multiple SPAN source ports, the ports can belong to different VLANs.
A maximum of two rx or both SPAN sessions and four tx SPAN sessions can exist simultaneously. If
you use a remote SPAN station, the maximum number of rx or both SPAN sessions is one.
Use the inpkts keyword with the enable option to allow the SPAN destination port to receive normal
incoming traffic in addition to the traffic mirrored from the SPAN source. Use the disable option to
prevent the SPAN destination port from receiving normal incoming traffic.
You can specify an MSM port as the SPAN source port. However, you cannot specify an MSM port as
the SPAN destination port.
When you enable the inpkts option, a warning message notifies you that the destination port does not
join STP and may cause loops if this option is enabled.
When you configure multiple SPAN sessions, the destination module number/port number must be
known to index the particular SPAN session.
If you do not specify the keyword create and you have only one session, the session will be overwritten.
If a matching destination port exists, the particular session will be overwritten (with or without
specifying create). If you specify the keyword create and there is no matching destination port, the
session will be created.
If any VLANs on SPAN source port(s) are blocked by spanning tree, you may see extra packets
transmitted on the destination port that were not actually transmitted out of the source port(s). The extra
packets seen at the destination port are packets sent through the switch fabric to the source port and then
blocked by spanning tree at the source port.
Examples
This example shows how to configure SPAN so that both transmit and receive traffic from port 1/1 (the
SPAN source) is mirrored on port 2/1 (the SPAN destination):
Console> (enable) set span 1/1 2/1
Enabled monitoring of Port 1/1 transmit/receive traffic by Port 2/1
Console> (enable)
This example shows how to set VLAN 522 as the SPAN source and port 2/1 as the SPAN destination:
Console> (enable) set span 522 2/1
Enabled monitoring of VLAN 522 transmit/receive traffic by Port 2/1
Console> (enable)
This example shows how to set VLAN 522 as the SPAN source and port 3/12 as the SPAN destination.
Only transmit traffic is monitored. Normal incoming packets on the SPAN destination port are allowed:
Console> (enable) set span 522 2/12 tx inpkts enable
SPAN destination port incoming packets enabled.
Enabled monitoring of VLAN 522 transmit traffic by Port 2/12
Console> (enable)
This example shows how to set port 3/2 as the SPAN source and port 2/2 as the SPAN destination:
Console> (enable) set span 3/2 2/2 tx create
Enabled monitoring of port 3/2 transmit traffic by Port 2/1
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-581
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set span
This example shows how to disable SPAN if multiple SPAN sessions are not defined:
Console> (enable) set span disable
This command WILL disable your span session(s).
Do you want to continue (y/n) [n]?y
Disabled all sessions
Console> (enable)
This example shows what happens if you try to enter the set span disable command (without the
destination module number/port number defined) and multiple SPAN sessions are defined:
Console> (enable) set span disable
Multiple active span sessions. Please specify span destination to disable.
Console> (enable)
Related Commands
clear config
show span
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-582
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree backbonefast
set spantree backbonefast
To enable or disable the spanning tree BackboneFast Convergence feature, use the set spantree
backbonefast command.
set spantree backbonefast {enable | disable}
Syntax Description
enable
Enables BackboneFast Convergence.
disable
Disables BackboneFast Convergence.
Defaults
The default is BackboneFast convergence is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
This command is not available in Multi-Instance Spanning Tree Protocol (MISTP) mode.
This command is not available in Multiple Spanning Tree (MST) mode.
For BackboneFast Convergence to work, you must enable it on all switches in the network.
When you try to enable BackboneFast and the switch is in Rapid PVST+ mode, this message is
displayed:
Cannot enable backbonefast when the spantree mode is RAPID-PVST+.
Examples
This example shows how to enable BackboneFast Convergence:
Console> (enable) set spantree backbonefast enable
Backbonefast enabled for all VLANs.
Console> (enable)
This example shows the message that is displayed when you try to enable BackboneFast in Rapid PVST+
mode:
Console> (enable) set spantree backbonefast enable
Cannot enable backbonefast when the spantree mode is RAPID-PVST+.
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-583
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree bpdu-filter
set spantree bpdu-filter
To enable or disable BPDU packet filtering on a port, use the set spantree bpdu-filter command.
set spantree bpdu-filter mod/port {enable | disable | default}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables BPDU packet filtering.
disable
Disables BPDU packet filtering.
default
Sets BPDU packet filtering to the global BPDU packet filtering state.
See the “Usage Guidelines” section for more information.
Defaults
The default is BPDU packet filtering is default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
BPDU packet filtering turns off BPDU transmission on ports.
If you enter the default keyword, the spanning tree port is set to the global BPDU filtering state.
To enable or disable BPDU filtering for all ports on the switch, enter the set spantree global-default
bpdu-filter command.
Examples
This example shows how to enable BPDU filtering on module 3, port 4:
Console> (enable) set spantree bpdu-filter 3/4 enable
Warning: Ports enabled with bpdu filter will not send BPDUs and drop all
received BPDUs. You may cause loops in the bridged network if you misuse
this feature.
Spantree port 3/4 bpdu filter enabled.
Console> (enable)
Related Commands
set spantree global-default
show spantree portfast
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-584
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree bpdu-guard
set spantree bpdu-guard
To enable or disable spanning tree BPDU guard on a port, use the set spantree bpdu-guard command.
set spantree bpdu-guard mod/port {enable | disable | default}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables the spanning tree BPDU guard.
disable
Disables the spanning tree BPDU guard.
default
Sets spanning tree BPDU guard to the global BPDU guard state. See
the “Usage Guidelines” section for more information.
Defaults
The default is BPDU guard is default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
You must enable PortFast mode before you can enable BPDU guard for BPDU guard to work correctly.
When you enable BPDU guard, a port is moved into an errdisable state when a BPDU is received on that
port. When you disable a BPDU guard, a PortFast-enabled nontrunking port will stay up when it receives
BPDUs, which may cause spanning tree loops.
If you enter the default keyword, the spanning tree port is set to the global BPDU guard state.
To enable or disable BPDU guard for all ports on the switch, enter the set spantree global-default
bpdu-guard command.
Examples
This example shows how to enable BPDU guard on module 3, port 1:
Console> (enable) set spantree bpdu-guard 3/1 enable
Spantree port 3/1 bpdu guard enabled.
Console> (enable)
Related Commands
set spantree global-default
show spantree portfast
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-585
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree bpdu-skewing
set spantree bpdu-skewing
To enable or disable collection of the spanning tree BPDU skewing detection statistics, use the set
spantree bpdu-skewing command.
set spantree bpdu-skewing {enable | disable}
Syntax Description
enable
Enables BPDU skewing detection statistics collection.
disable
Disables BPDU skewing detection statistics collection.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
You can use this command to troubleshoot slow network convergence due to skewing. Skewing occurs
when spanning tree timers lapse, expected BPDUs are not received, and spanning tree detects topology
changes. The difference between the expected result and the BPDUs actually received is a “skew.” The
skew causes BPDUs to reflood the network to keep the spanning tree topology database up to date.
Examples
This example shows how to enable the BPDU skew detection feature:
Console> (enable) set spantree bpdu-skewing enable
Spantree bpdu-skewing enabled on this switch.
Console> (enable)
This example shows how to disable the BPDU skew detection feature:
Console> (enable) set spantree bpdu-skewing disable
Spantree bpdu-skewing disabled on this switch.
Console> (enable)
Related Commands
show spantree bpdu-skewing
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-586
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree channelcost
set spantree channelcost
To set the channel path cost and to automatically adjust the channel port costs, use the set spantree
channelcost command.
set spantree channelcost {channel_id | all} cost
Syntax Description
channel_id
Channel identification number.
all
Configures all channels.
cost
Channel port costs.
Defaults
The port cost is updated automatically based on the current port costs of the channeling ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can use this command when your switch is in Link Aggregation Control Protocol (LACP) channel
mode or in PAgP channel mode.
For differences between PAgP and LACP, refer to the “Guidelines for Port Configuration” section of the
“Configuring EtherChannel” chapter of the Catalyst 6500 Series Switch Software Configuration Guide.
Examples
This example shows how to set the channel 768 path cost to 12.
Console> (enable) set spantree channelcost 768 12
Port(s) 1/1-2 port path cost are updated to 19.
Channel 768 cost is set to 12.
Warning: channel cost may not be applicable if channel is broken.
Console> (enable)
This example shows how to set all channel path costs to 15:
Console> (enable) set spantree channelcost all 15
Port(s) 1/1-2 port path cost are updated to 24.
Channel 768 cost is set to 15.
Port(s) 4/3-4 cost is set to 15.
channel 769 cost is set to 15.
Port(s) 4/7-8 cost is set to 15.
channel 770 cost is set to 15.
Warning: channel cost may not be applicable if channel is broken.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-587
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree channelcost
Related Commands
clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
set spantree channelvlancost
show lacp-channel
show port lacp-channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-588
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree channelvlancost
set spantree channelvlancost
To set the channel VLAN path cost and adjust the port VLAN costs of the ports that belong to the
channel, use the set spantree channelvlancost command.
set spantree channelvlancost channel_id cost
Syntax Description
channel_id
Number of the channel identification.
cost
Port costs of the ports in the channel.
Defaults
The command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must set the channel VLAN cost one channel at a time.
You can use this command when your system is in LACP channel mode or PAgP channel mode.
For differences between PAgP and LACP, refer to the “Guidelines for Port Configuration” section of the
“Configuring EtherChannel” chapter of the Catalyst 6500 Series Switch Software Configuration Guide.
Examples
This example shows how to set the VLAN cost to 10 for channel 768:
Console> (enable) set spantree channelvlancost 768 10
Port(s) 1/1-2 vlan cost are updated to 24.
Channel 768 vlancost is set to 10.
Console> (enable)
Related Commands
clear lacp-channel statistics
set channelprotocol
set lacp-channel system-priority
set port lacp-channel
set spantree channelcost
show lacp-channel
show port lacp-channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-589
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree defaultcostmode
set spantree defaultcostmode
To specify the spanning tree default port cost mode, use the set spantree defaultcostmode command.
set spantree defaultcostmode {short | long}
Syntax Description
short
Sets the default port cost for port speeds slower than 10 gigabits.
long
Sets the default port cost mode port speeds of 10 gigabits and faster.
Defaults
The default is short.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set spantree defaultcostmode long command is available in PVST+ mode only. If you enter this
command in MISTP or MISTP-PVST+ mode, this message is displayed:
In MISTP or MISTP-PVST+ mode, default portcost and portinstancecost always
use long format default values.
All switches in a network must have the same default. If any switch in the network supports port speeds
of 10 gigabits and greater, the default cost mode must be set to long on all the switches in the network.
For port speeds of 1 gigabits and greater, the default port cost should be set to long. For port speeds less
than 10 gigabits, the default port cost can be set to short.
The default path cost is based on port speed; see Table 2-22 and Table 2-23 for default settings.
Table 2-22 Default Port Cost—Short Mode
Port Speed
Default Port Cost
4 Mb
250
10 Mb
100
16 Mb
62
100 Mb
19
155 Mb
14
1 Gb
4
10 Gb
2
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-590
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree defaultcostmode
Table 2-23 Default Port Cost—Long Mode
Examples
Port Speed
Default Port Cost
100 Kb
200,000,000
1 Mb
20,000,000
10 Mb
2,000,000
100 Mb
200,000
1 Gb
20,000
10 Gb
2,000
100 Gb
200
1 Tb
20
10 Tb
2
This example shows how to set the spanning tree default port cost mode:
Console> (enable) set spantree defaultcostmode long
Portcost and portvlancost set to use long format default values.
Console> (enable)
Related Commands
show spantree defaultcostmode
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-591
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree disable
set spantree disable
To disable the spanning tree algorithm for all VLANs or a specific VLAN or disable spanning tree
instance, use the set spantree disable command.
set spantree disable vlan
set spantree disable all
set spantree disable mistp-instance instance
set spantree disable mistp-instance all
Syntax Description
vlan
Number of the VLAN; valid values are from 1 to 1005 and from
1025 to 4094.
all
Specifies all VLANs.
mistp-instance
instance
Specifies the instance number; valid values are from 1 to 16.
mistp-instance all Deletes all instances.
Defaults
The default is spanning tree is enabled, and all instances are enabled (flooding disabled).
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
If you do not specify a VLAN number or an instance number, 1 is assumed.
When an instance is enabled, the Spanning Tree Protocol starts running on that instance.
When an instance is disabled, the switch stops sending out config type-length values (TLVs) for that
instance and starts flooding incoming TLVs for the same instance (but checks the VLAN mapping on
the incoming side). All the traffic running on the VLANs mapped to the instance is flooded as well.
This command is not available in MST mode.
Examples
This example shows how to disable the spanning tree for VLAN 1:
Console> (enable) set spantree disable 1
VLAN 1 bridge spanning tree disabled.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-592
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree disable
This example shows how to disable spanning tree for a specific instance:
Console> (enable) set spantree disable mistp-instance 2
MI-STP instance 2 disabled.
Console> (enable)
Related Commands
set spantree enable
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-593
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree enable
set spantree enable
To enable the spanning tree algorithm for all VLANs, a specific VLAN, a specific instance, or all
instances, use the set spantree enable command.
set spantree enable vlans
set spantree enable all
set spantree enable mistp-instance instance
set spantree enable mistp-instance all
Syntax Description
vlans
Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
all
Specifies all VLANs.
mistp-instance
instance
Specifies the instance number; valid values are from 1 to 16.
mistp-instance all
Enables all instances.
Defaults
The default is enabled, and all instances are enabled (flooding disabled).
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
MISTP and VTP pruning cannot be enabled at the same time.
If you do not specify a VLAN number or an instance number, 1 is assumed.
This command is not available in MST mode.
Examples
This example shows how to activate spanning tree for VLAN 1:
Console> (enable) set spantree enable 1
VLAN 1 bridge spanning tree enabled.
Console> (enable)
This example shows how to activate spanning tree for an instance:
Console> (enable) set spantree enable mistp-instance 1
-STP instance 1 enabled.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-594
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree enable
Related Commands
set spantree disable
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-595
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree fwddelay
set spantree fwddelay
To set the bridge forward delay for a VLAN or an instance, use the set spantree fwddelay command.
set spantree fwddelay delay [vlans]
set spantree fwddelay delay mistp-instance [instances]
set spantree fwddelay delay mst
Syntax Description
delay
Number of seconds for the bridge forward delay; valid values are
from 4 to 30 seconds.
vlans
(Optional) Number of the VLAN; valid values are from 1 to 1005
and from 1025 to 4094.
mistp-instance
instances
Specifies the instance number; valid values are from 1 to 16.
mst
Sets the forward delay time for the IST instance and all MST
instances; see the “Usage Guidelines” section for more information.
Defaults
The default is the bridge forward delay is set to 15 seconds for all VLANs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a VLAN number or an instance number, 1 is assumed.
This command is not supported by the NAM.
If you enable MISTP, you cannot set the VLAN bridge forward delay.
If you enable PVST+, you cannot set the instance bridge forward delay.
If you enter the set spantree fwddelay delay mst command, you set the forward delay time for the IST
instance and all MST instances. You do not need to set the forward delay time for each MST instance.
Examples
This example shows how to set the bridge forward delay for VLAN 100 to 16 seconds:
Console> (enable) set spantree fwddelay 16 100
Spantree 100 forward delay set to 16 seconds.
Console> (enable)
This example shows how to set the bridge forward delay for an instance to 16 seconds:
Console> (enable) set spantree fwddelay 16 mistp-instance 1
Instance 1 forward delay set to 16 seconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-596
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree fwddelay
This example shows how to set the bridge forward delay for the IST and all MST instances to 15 seconds:
Console> (enable) set spantree fwddelay 15 mst
MST forward delay set to 15 seconds.
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-597
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree global-default
set spantree global-default
To set the global states on the switch, use the set spantree global-default command.
set spantree global-default portfast {enable | disable}
set spantree global-default loop-guard {enable | disable}
set spantree global-default bpdu-guard {enable | disable}
set spantree global-default bpdu-filter {enable | disable}
Syntax Description
Defaults
portfast
Sets the global PortFast state.
enable
Enables the global state.
disable
Disables the global state.
loop-guard
Sets the global loop guard state.
bpdu-guard
Sets the global BPDU guard state.
bpdu-filter
Sets the global BPDU filter state.
All ports are in nonedge state.
Loop guard is disabled on all ports.
BPDU guard is disabled on all ports.
BPDU filter is disabled on all ports.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to disable the global PortFast state on the switch:
Console> (enable) set spantree global-default portfast disable
Spantree global portfast state disabled on this switch.
Console> (enable)
This example shows how to enable the global loop guard state on the switch:
Console> (enable) set spantree global-default loop-guard enable
Spantree global loop-guard state enabled on the switch.
Console> (enable)
This example shows how to disable the global BPDU guard state on the switch:
Console> (enable) set spantree global-default bpdu-guard disable
Spantree global-default bpdu-guard disabled on this switch.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-598
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree global-default
This example shows how to disable the global BPDU filter state on the switch:
Console> (enable) set spantree global-default bpdu-filter disable
Spantree global-default bpdu-filter disabled on this switch.
Console> (enable)
Related Commands
clear spantree mst
set spantree mst config
set spantree portfast bpdu-filter
set spantree portfast bpdu-guard
show spantree mst config
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-599
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree guard
set spantree guard
To enable or disable the spanning tree root guard or loop guard feature on a per-port basis, use the set
spantree guard command.
set spantree guard {none | root | loop} mod/port
Syntax Description
none
Disables the spanning tree guard feature.
root
Enables the root guard feature.
loop
Enables the loop guard feature.
mod/port
Number of the module and ports on the module.
Defaults
The default is root guard and loop guard are disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enable loop guard on a channel and the first link becomes unidirectional, loop guard will block
the entire channel until the affected port is removed from the channel.
You can use the root guard feature to prevent switches from becoming the root switch. The root guard
feature forces a port to become a designated port so that no switch on the other end of the link can
become a root switch.
When you enable root guard, it is automatically applied to all of the active instances or VLANs to which
that port belongs. When you disable root guard, it is disabled for the specified ports. If a port goes into
the root-inconsistent state, it automatically goes into the listening state. Disabling loop guard moves all
loop-inconsistent ports to the listening state.
When using the loop guard feature, follow these guidelines:
•
Use care when enabling loop guard. Loop guard is useful only in those topologies where there are
blocked ports. Topologies where there are no blocked ports are loop free by definition and do not
need this feature to be enabled.
•
Enable loop guard only on root and alternate root ports.
•
Use loop guard mainly on access switches.
•
You cannot enable loop guard on PortFast-enabled or dynamic VLAN ports.
•
You cannot enable PortFast on loop guard-enabled ports.
•
You cannot enable loop guard if root guard is enabled.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-600
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree guard
Examples
This example shows how to enable root guard:
Console> (enable) set spantree guard root 5/1
Rootguard on port 5/1 is enabled.
Warning!! Enabling rootguard may result in a topolopy change.
Console> (enable)
This example shows how to enable the loop guard feature:
Console> (enable) set spantree guard loop 5/1
Rootguard is enabled on port 5/1, enabling loopguard will disable rootguard on
this port.
Do you want to continue (y/n) [n]? y
Loopguard on port 5/1 is enabled.
Console> (enable)
Related Commands
show spantree guard
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-601
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree hello
set spantree hello
To set the bridge hello time for a VLAN or an instance, use the set spantree hello command.
set spantree hello interval [vlans]
set spantree hello interval mistp-instance instances
set spantree hello interval mst
Syntax Description
interval
Number of seconds the system waits before sending a bridge hello
message (a multicast message indicating that the system is active); valid
values are from 1 to 10 seconds.
vlans
(Optional) Number of the VLAN; valid values are from 1 to 1005 and from
1025 to 4094.
mistp-instance
instances
Specifies the instance number; valid values are from 1 to 16.
mst
Sets the hello time for the IST instance and all MST instances. See the
“Usage Guidelines” section for more information.
Defaults
The default is the bridge hello time is set to 2 seconds for all VLANs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a VLAN number or an instance number, 1 is assumed.
This command is not supported by the NAM.
If you enable MISTP, you cannot set the VLAN hello time.
If you enable PVST+, you cannot set the instance hello time.
If you enter the set spantree hello interval mst command, you set the hello time for the
Internal Spanning Tree (IST) instance and all MST instances. You do not need to set the hello time for
each MST instance.
Examples
This example shows how to set the spantree hello time for VLAN 100 to 3 seconds:
Console> (enable) set spantree hello 3 100
Spantree 100 hello time set to 3 seconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-602
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree hello
This example shows how to set the spantree hello time for an instance to 3 seconds:
Console> (enable) set spantree hello 3 mistp-instance 1
Spantree 1 hello time set to 3 seconds.
Console> (enable)
This example shows how to set the spantree hello time for the IST and all MST instances to 2 seconds:
Console> (enable) set spantree hello 2 mst
MST hello time set to 2 seconds.
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-603
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree link-type
set spantree link-type
To configure the link type of a port, use the set spantree link-type command.
set spantree link-type mod/port {auto | point-to-point | shared}
Syntax Description
mod/port
Number of the module and the port on the module.
auto
Derives the link from either a half-duplex or full-duplex link type. See
“Usage Guidelines” for more information.
point-to-point
Connects the port to a point-to-point link.
shared
Connects the port to a shared medium.
Defaults
The link type is auto.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If the link type is set to auto and the link is a half-duplex link, then the link is a shared link. If the link
type is set to auto and the link is a full-duplex link, then the link is a point-to-point link.
The set spantree link-type command is the same as the set spantree mst link-type command.
Examples
This example shows how to connect port 1 on module 3 to a point-to-point link:
Console> (enable) set spantree link-type 3/1 point-to-point
Link type set to point-to-point on port 3/1
Console> (enable)
Related Commands
set spantree global-default
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-604
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree macreduction
set spantree macreduction
To enable or disable the spanning tree MAC address reduction feature, use the set spantree
macreduction command.
set spantree macreduction enable | disable
Syntax Description
enable
Enables MAC address reduction.
disable
Disables MAC address reduction.
Defaults
The default is MAC address reduction is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The MAC address reduction feature is used to enable extended-range VLAN identification and allows
the switch to support a large number of spanning tree instances with a very limited number of MAC addresses
and still maintain the IEEE 802.1D bridge-ID requirement for each STP instance.
You cannot disable this feature if extended-range VLANs exist.
You cannot disable this feature on chassis with 64 MAC addresses.
Examples
This example shows how to disable the MAC address reduction feature:
Console> (enable) set spantree macreduction disable
MAC address reduction disabled
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-605
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree maxage
set spantree maxage
To set the bridge maximum aging time for a VLAN or an instance, use the set spantree maxage
command.
set spantree maxage agingtime [vlans]
set spantree maxage agingtime mistp-instance instances
set spantree maxage agingtime mst
Syntax Description
agingtime
Maximum number of seconds that the system retains the information
received from other bridges through Spanning Tree Protocol; valid values
are from 6 to 40 seconds.
vlans
(Optional) Number of the VLAN; valid values 1 to 1005 and from 1025 to
4094.
mistp-instance
instances
Specifies the instance number; valid values are from 1 to 16.
mst
Sets the maximum aging time for the IST instance and all MST instances.
See the “Usage Guidelines” section for more information.
Defaults
The default configuration is 20 seconds for all VLANs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a VLAN number or an instance number, 1 is assumed.
This command is not supported by the NAM.
If you enable MISTP, you cannot set the VLAN maximum aging time.
If you enable PVST+, you cannot set the instance maximum aging time.
If you enter the set spantree maxage agingtime mst command, you set the maximum aging time for the
IST instance and all MST instances. You do not need to set the maximum aging time for each MST
instance.
Examples
This example shows how to set the maximum aging time for VLAN 1000 to 25 seconds:
Console> (enable) set spantree maxage 25 1000
Spantree 1000 max aging time set to 25 seconds.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-606
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree maxage
This example shows how to set the maximum aging time for an instance to 25 seconds:
Console> (enable) set spantree maxage 25 mistp-instance 1
Instance 1 max aging time set to 25 seconds.
Console> (enable)
This example shows how to set the maximum aging time for the IST and all MST instances to 20
seconds:
Console> (enable) set spantree maxage 20 mst
MST max age set to 20 seconds.
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-607
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mode
set spantree mode
To configure the type of Spanning Tree Protocol mode to run, use the set spantree mode command.
set spantree mode {mistp | pvst+ | mistp-pvst+ | mst | rapid-pvst+}
Syntax Description
mistp
Specifies MISTP mode.
pvst+
Specifies PVST+ mode.
mistp-pvst+
Allows the switch running MISTP to tunnel BPDUs with remote switches
running PVST+.
mst
Specifies MST mode.
rapid-pvst+
Specifies per VLAN Rapid Spanning Tree (IEEE 802.1w).
Defaults
The default is rapid-pvst+.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
When you connect through Telnet into a switch and try to change the spanning tree mode from PVST+
to MISTP or MISTP-PVST+, and no VLANs are mapped to any instance on that switch, this warning
message is displayed:
Console> (enable) set spantree mode mistp
Warning!! Changing the STP mode from a telnet session will disconnect the
session because there are no VLANs mapped to any MISTP instance.
Do you want to continue [n]?
When you connect through Telnet into a switch and try to change the spanning tree mode from MISTP
or MISTP-PVST+ to PVST+, or when you connect through Telnet into a switch and try to change the
spanning tree mode from PVST+ to MISTP or MISTP-PVST+ and additional VLAN-instance mappings
are on that switch, this warning message is displayed:
Console> (enable) set spantree mode pvst+
Warning!! Changing the STP mode from a telnet session might disconnect the
session.
Do you want to continue [n]?
When you change from MISTP to Rapid PVST+ and over 8000 VLAN ports are currently configured on
the switch, this warning message is displayed:
Console> (enable) set spantree mode rapid-pvst+
Warning!! This switch has 12345 VLAN-ports currently configured for STP.
Going out of MISTP mode could impact system performance.
Do you want to continue [n]?
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-608
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mode
If you change the spanning tree mode from PVST+ to MISTP or MISTP to PVST+, the STP mode
previously running stops, all the information collected at runtime is used to build the port database for the
new mode, and the new STP mode restarts the computation of the active topology from zero. All the
parameters of the previous STP per VLAN or per instance are kept in NVRAM.
If you change the spanning tree mode from PVST+ to MISTP or MISTP to PVST+ and BackboneFast is
enabled, this message is displayed:
Console> (enable) set spantree mode mistp
Cannot change the spantree mode to MISTP when backbonefast is enabled.
Examples
This example shows how to set the spanning tree mode to PVST+:
Console> (enable) set spantree mode pvst+
Warning!! Changing the STP mode from a telnet session might disconnect the session.
Do you want to continue [n]? y
Spantree mode set to PVST+.
Console> (enable)
This example shows what happens if you change the spanning tree mode from PVST+ to MISTP:
Console> (enable) set spantree mode mistp
Warning!! Changing the STP mode from a telnet session will disconnect the session because
there are no VLANs mapped to any MISTP instance.
Do you want to continue [n]? y
Console> (enable)
This example shows how to set the spanning tree mode to MST:
Console> (enable) set spantree mode mst
Warning!! Changing the STP mode from a telnet session will disconnect the sessi
n because there are no VLANs mapped to any MISTP instance.
Do you want to continue [n]? y
Console> (enable)
This example shows how to set the spanning tree mode to rapid PVST+:
Console> (enable) set spantree mode rapid-pvst+
Warning!! Changing the STP mode from a telnet session might disconnect the session.
Do you want to continue [n]? y
Console> (enable)
Related Commands
set vlan
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-609
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mst
set spantree mst
To configure the mapping of VLANs to an MST instance, use the set spantree mst command.
set spantree mst instance vlan vlan
Syntax Description
instance
Number of the instance; valid values are from 0 to 15.
vlan vlan
Specifies the VLAN number; valid values are from 1 to 1005 and from 1025 to 4094.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
All changes made to the region configuration (region information and VLAN mapping) are buffered.
Only one user can hold the buffer at a time. This buffer is locked when you first use the set spantree
mst instance or set spantree mst config commands.
If the VLAN is already mapped to some other instance, the VLAN is unmapped from that instance and
mapped to the new instance.
Each time you map a new VLAN or VLANs, they are added to the existing mapping.
All unmapped VLANs are automatically mapped to MST instance 0 (IST).
Examples
This example shows how to map VLAN 1 to an MST instance 2:
Console> (enable) set spantree mst 2 vlan 1
Console> (enable)
Related Commands
clear spantree mst
set spantree mst config
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-610
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mst config
set spantree mst config
To change the MST region information, use the set spantree mst config command.
set spantree mst config [name name] [revision number]
set spantree mst config commit
set spantree mst config rollback [force]
Syntax Description
Defaults
name name
(Optional) Specifies the MST region name. See the “Usage Guidelines”
section for more information.
revision number
(Optional) Specifies the MST region revision number; number is from 0 to
65535. See the “Usage Guidelines” section for more information.
commit
Puts the new MST VLAN mapping into effect.
rollback
Discards changes made to the MST configuration that have not been
applied yet.
force
(Optional) Unlocks the MST edit buffer when it is held by another user.
Unless you specify a region name, no region name will be given.
The default revision number is 1.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The region name can be up to 32 characters long.
The region name and revision number are copied from NVRAM MST region information. You must
enter the revision number if the revision number needs to be updated. The revision number is not
incremented automatically each time that the MST configuration is committed.
Changes that you make to MST VLAN mapping are buffered, and by entering the set spantree mst
config commit command, you put the new MST VLAN mapping into effect. After you enter the set
spantree mst config commit command, the lock for the MST edit buffer is released.
If you enter the set spantree mst config rollback command, you discard the changes made to the MST
region configuration that are not applied yet (only if you have locked the edit buffer). You can forcefully
release the lock set by another user by entering the command set spantreee mst config rollback force.
The set spantree mst config commit and set spantree mst config rollback commands are stored in
NVRAM.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-611
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mst config
Examples
This example shows how to configure an MST region and to give that region a name and revision
number:
Console> (enable) set spantree mst config name test-lab revision 10
Edit Buffer modified. Use 'set spantree mst config commit' to apply the
changes
Console> (enable)
This example shows how to put the new MST VLAN mapping into effect:
Console> (enable) set spantree mst config commit
Console> (enable)
This example shows how to discard MST region configuration when you hold the MST edit buffer:
Console> (enable) set spantree mst config rollback
Console> (enable)
This example shows how to unlock the MST edit buffer when it is held by another user:
Console> (enable) set spantree mst config rollback force
Console> (enable)
Related Commands
clear spantree mst
show spantree mst
show spantree mst config
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-612
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mst link-type
set spantree mst link-type
To configure the link type of a port, use the set spantree mst link-type command.
set spantree mst link-type mod/port {auto | point-to-point | shared}
Syntax Description
mod/port
Number of the module and the port on the module.
auto
Derives the link from either a half-duplex or full-duplex link type. See the
“Usage Guidelines” section for more information about auto.
point-to-point
Connects the port to a point-to-point link.
shared
Connects the port to a shared medium.
Defaults
The default link type is auto.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
MST rapid connectivity only works on point-to-point links between two bridges.
If the link type is set to auto and the link is a half-duplex link, then the link is a shared link. If the link
type is set to auto and the link is a full-duplex link, then the link is a point-to-point link.
Examples
This example shows how to connect port 1 on module 3 to a point-to-point link:
Console> (enable) set spantree mst link-type 3/1 point-to-point
Link type set to point-to-point on port 3/1
Console> (enable)
Related Commands
clear spantree mst
set spantree global-default
set spantree mst config
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-613
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mst maxhops
set spantree mst maxhops
To set the spanning tree hop count, use the set spantree mst maxhops command.
set spantree mst maxhops maxhops
Syntax Description
maxhops
Defaults
The bridge forward delay default is 20 seconds for all instances.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the maximum number of hops:
Maximum number of hops. Valid values are 1 to 40.
Console> (enable) set spantree mst maxhops 20
Console> (enable)
Related Commands
clear spantree mst
set spantree mst config
set spantree mst link-type
set spantree mst vlan
show spantree mst
show spantree mst config
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-614
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree mst vlan
set spantree mst vlan
To configure the mapping of VLANs to an MST instance, use the set spantree mst vlan command.
set spantree mst instance vlan vlan
Syntax Description
instance
Number of the instance; valid values are from 0 to 15.
vlan vlan
Specifies the VLAN number; valid values are from 1 to 1005 and from 1025 to 4094.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
All changes made to the region configuration (region information and VLAN mapping) are buffered.
Only one user can hold the buffer at a time. This buffer is locked when you first enter the set spantree
mst instance or set spantree mst config commands.
If the VLAN is already mapped to some other instance, the VLAN is unmapped from that instance and
mapped to the new instance.
Each time you map a new VLAN or VLANs, they are added to the existing mapping.
All unmapped VLANs are mapped to MST instance 0 (IST).
Examples
This example shows how to map VLANs 400 through 499 to MST instance 4:
Console> (enable) set spantree mst 4 vlan 400-499
Edit Buffer modified. Use 'set spantree mst config commit' to apply the
changes
Console> (enable)
Related Commands
clear spantree mst
set spantree mst config
show spantree mst
show spantree mst config
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-615
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portcost
set spantree portcost
To set the path cost for a port, use the set spantree portcost command.
set spantree portcost mod/port cost [mst]
Syntax Description
Defaults
mod/port
Number of the module and the port on the module.
cost
Number of the path cost; see the “Usage Guidelines” section for additional information.
mst
(Optional) Sets the path cost for an MST port.
The default path cost is based on port speed; see Table 2-24 and Table 2-25 for default settings.
Table 2-24 Default Port Cost—Short Mode
Port Speed
Default Port Cost
4 Mb
250
10 Mb
100
16 Mb
62
100 Mb
19
155 Mb
14
1 Gb
4
10 Gb
2
Table 2-25 Default Port Cost—Long Mode
Port Speed
Default Port Cost
100 Kb
200000000 (200 million)
1 Mb
20000000 (20 million)
10 Mb
2000000 (2 million)
10 Mb
200000 (200 thousand)
1 Gb
20000 (20 thousand)
10 Gb
2000 (2 thousand)
100 Gb
200
1 Tb
20
10 Tb
2
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-616
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portcost
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If the spanning tree mode is short and long or MISTP, valid cost values are from 1 to 65535; otherwise,
valid cost values are from 1 to 2000000.
This command is not supported by the NAM.
The Spanning Tree Protocol uses port path costs to determine which port to select as a forwarding port.
You should assign lower numbers to ports attached to faster media (such as full duplex) and higher
numbers to ports attached to slower media.
Examples
This example shows how to set the port cost for port 12 on module 2 to 19:
Console> (enable) set spantree portcost 2/12 19
Spantree port 2/12 path cost set to 19.
Console> (enable)
Related Commands
set spantree defaultcostmode
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-617
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portfast
set spantree portfast
To allow a port that is connected to a single workstation or PC to start faster when it is connected, use
the set spantree portfast command.
set spantree portfast mod/port {enable [trunk] | disable | default}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables the spanning tree PortFast-start feature on the port.
trunk
(Optional) Enables the spanning tree PortFast-start feature on the trunk port.
disable
Disables the spanning tree PortFast-start feature on the port.
default
Sets the spanning tree PortFast-start feature back to its default setting.
Defaults
The default is the PortFast-start feature is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
When a port configured with the spantree portfast enable command is connected, the port immediately
enters the spanning tree forwarding state rather than going through the normal spanning tree states, such
as listening and learning.
If you enter the trunk keyword, the spanning tree PortFast-start feature is enabled on the specified trunk
port.
Examples
This example shows how to enable the spanning tree PortFast-start feature on port 2 on module 1:
Console> (enable) set spantree portfast 1/2 enable
Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning tree
loops. Use with caution.
Spantree port 1/2 fast start enabled.
Console> (enable)
This example shows how to enable the spanning tree PortFast-start feature on the trunk port:
Console> (enable) set spantree portfast 3/2 enable trunk
Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning tree
loops. Use with caution.
Spantree port 1/2 fast start enabled.
Console> (enable)
Related Commands
show spantree portfast
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-618
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portfast bpdu-filter
set spantree portfast bpdu-filter
To enable or disable spanning tree PortFast BPDU packet filtering on a port, use the set spantree
portfast bpdu-filter command.
set spantree portfast bpdu-filter mod/port {enable | disable | default}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables spanning tree PortFast BPDU packet filtering.
disable
Disables spanning tree PortFast BPDU packet filtering.
default
Sets spanning tree PortFast BPDU packet filtering to the global BPDU packet filtering
state. See the “Usage Guidelines” section for more information.
Defaults
The default is BPDU packet filtering is default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Spanning tree PortFast BPDU packet filtering turns off BPDU transmission on PortFast-enabled ports
and nontrunking ports.
If you enter the default keyword, the spanning tree port is set to the global BPDU filtering state.
To enable or disable spanning tree PortFast BPDU filtering for all ports on the switch, enter the set
spantree global-default bpdu-filter command.
Examples
This example shows how to enable spanning tree PortFast BPDU filtering on module 3, port 4:
Console> (enable) set spantree portfast bpdu-filter 3/4 enable
Warning: Ports enabled with bpdu filter will not send BPDUs and drop all
received BPDUs. You may cause loops in the bridged network if you misuse
this feature.
Spantree port 3/4 bpdu filter enabled.
Console> (enable)
Related Commands
set spantree global-default
show spantree portfast
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-619
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portfast bpdu-guard
set spantree portfast bpdu-guard
To enable or disable spanning tree PortFast BPDU guard on a port, use the set spantree portfast
bpdu-guard command.
set spantree portfast bpdu-guard mod/port {enable | disable | default}
Syntax Description
mod/port
Number of the module and the port on the module.
enable
Enables the spanning tree PortFast BPDU guard.
disable
Disables the spanning tree PortFast BPDU guard.
default
Sets spanning tree PortFast BPDU guard to the global BPDU guard state. See the
“Usage Guidelines” section for more information.
Defaults
The default is PortFast BPDU guard is default.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
You must enable spanning tree PortFast mode before you can enable spanning tree PortFast BPDU guard
for BPDU guard to work correctly.
When you enable spanning tree PortFast BPDU guard, a nontrunking PortFast-enabled port is moved
into an errdisable state when a BPDU is received on that port. When you disable spanning tree PortFast
BPDU guard, a PortFast-enabled nontrunking port will stay up when it receives BPDUs, which may
cause spanning tree loops.
If you enter the default keyword, the spanning tree port is set to the global BPDU guard state.
To enable or disable BPDU guard for all ports on the switch, enter the set spantree global-default
bpdu-guard command.
Examples
This example shows how to enable spanning tree BPDU guard on module 3, port 1:
Console> (enable) set spantree portfast bpdu-guard 3/1 enable
Spantree port 3/1 bpdu guard enabled.
Console> (enable)
Related Commands
set spantree global-default
show spantree portfast
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-620
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portinstancecost
set spantree portinstancecost
To assign the path cost of the port for the specified instances, use the set spantree portinstancecost
command.
set spantree portinstancecost mod/port [cost cost] [instances]
set spantree portinstancecost mod/port [cost cost] mst [instances]
Syntax Description
Defaults
mod/port
Number of the module and the port on the module.
cost cost
(Optional) Indicates the path cost; see the “Usage Guidelines” section for
additional information.
mst
Sets the cost for an MST instance.
instances
(Optional) Instance number; valid values are from 0 to 15.
The default path cost is based on port speed; see Table 2-26 for default settings.
Table 2-26 Default Port Cost—Short Mode
Port Speed
Default Port Cost
4 Mb
250
10 Mb
100
16 Mb
62
100 Mb
19
155 Mb
14
1 Gb
4
10 Gb
2
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
If the spanning tree mode is short and long or MISTP, valid cost values are from 1 to 65535; otherwise,
valid cost values are from 1 to 2,000,000.
The port instance cost applies to trunk ports only.
The value specified is used as the path cost of the port for the specified instances. The rest of the
instances have a path cost equal to the port path cost set through the set spantree instancecost
command. (If not set, the value is the default path cost of the port.)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-621
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portinstancecost
Examples
These examples show how to use the set spantree portinstancecost command and explicitly specify the
path cost of a port:
Console> (enable) set spantree portinstancecost 2/10 cost 6 1-10
Port 2/10 instances 11-16 have path cost 2000000.
Port 2/10 instances 1-10 have path cost 6.
This parameter applies to trunking ports only.
Console> (enable)
These examples show how to use the set spantree portinstancecost command without explicitly
specifying the path cost of a port:
Console> (enable) set spantree portinstancecost 1/2
Port 1/2 Instances 1-1005 have path cost 3100.
Console> (enable)
Console> (enable) set spantree portinstancecost 1/2 16
Port 1/2 Instances 16,22-1005 have path cost 3100.
Console> (enable)
This example shows the display if you enter the command when PVST+ is enabled:
Console> (enable) set spantree portinstancecost 3/1
This command is only valid when STP is in MISTP or MISTP-PVST+ mode.
Console> (enable)
This example shows how to set the port cost for a specific MST instance:
Console> (enable) set spantree portinstancecost 2/10 cost 6 1-10 mst
Port 2/10 mst instances 1-10 have path cost 6.
This parameter applies to trunking ports only.
Console> (enable)
Related Commands
clear spantree portinstancecost
show spantree mistp-instance
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-622
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portinstancepri
set spantree portinstancepri
To set the port priority for instances in the trunk port, use the set spantree portinstancepri command.
set spantree portinstancepri mod/port priority [instances]
set spantree portinstancepri mod/port priority mst [instances]
Syntax Description
mod/port
Number of the module and the port on the module.
priority
Number that represents the cost of a link in a spanning tree bridge; valid values are 0,
16, 32, 48, 64, 80, 96, 112, 128, 144,160, 176, 192, 208, 224, 240, with 0 indicating
high priority and 240, low priority. See the “Usage Guidelines” section for more
information.
mst
Specifies the port priority for MST instances.
instances
(Optional) Instance number; valid values are from 0 to 15.
Defaults
The default is the port priority is set to 0, with no instances specified.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Priority values that are not a multiple of 16 (between the values of 0 to 63) are converted to the nearest
multiple of 16.
This command is not supported by the NAM.
Use this command to add instances to a specified port priority level. Subsequent calls to this command
do not replace instances that are already set at a specified port priority level.
This feature is not supported for the MSM.
The set spantree portinstancepri command applies to trunk ports only. If you enter this command, you
see this message:
Port xx is not a trunk-capable port
Examples
This example shows how to set the port priority for module 1, port 2, on specific instances:
Console> (enable) set spantree portinstancepri 1/2 16 1-11
Port 1/2 instances 1-11 using portpri 16.
This parameter applies to trunking ports only.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-623
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portinstancepri
This example shows how to set the port priority for module 8, port 1, on MST instance 2:
Console>
Port 8/1
Port 8/1
Console>
Related Commands
(enable) set spantree portinstancepri 8/1 31 mst 2
instances 2 using portpri 31.
instances 0-1, 3-15 using portpri 32.
(enable)
clear spantree portinstancecost
show spantree mistp-instance
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-624
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portpri
set spantree portpri
To set the bridge priority for a spanning tree port, use the set spantree portpri command.
set spantree portpri mod/port priority [mst]
Syntax Description
mod/port
Number of the module and the port on the module.
priority
Number that represents the cost of a link in a spanning tree bridge; valid values are
0, 16, 32, 48, 64, 80, 96, 112, 128, 144,160, 176, 192, 208, 224, 240, with 0
indicating high priority and 240, low priority. See the “Usage Guidelines” section
for more information.
mst
(Optional) Sets the bridge priority for an MST port.
Defaults
The default is all ports with bridge priority are set to 32.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A priority value that is not a multiple of 16 (between the values of 0 to 63) is converted to the nearest
multiple of 16.
This command is not supported by the NAM.
Examples
This example shows how to set the priority of port 1 on module 4 to 63:
Console> (enable) set spantree portpri 2/3 48
Bridge port 2/3 port priority set to 48.
Console> (enable)
This example shows the output when you have specified a priority value that is not a multiple of 16:
Console> (enable) set spantree portpri 2/3 2
Vlan port priority must be one of these numbers:0, 16, 32, 48, 64, 80,
96, 112, 128, 144,
160, 176, 192, 208, 224, 240
converting 2 to 0 nearest multiple of 16
Bridge port 2/3 port priority set to 0.
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-625
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portvlancost
set spantree portvlancost
To assign a lower path cost to a set of VLANs on a port, use the set spantree portvlancost command.
set spantree portvlancost mod/port [cost cost] [vlan_list]
Syntax Description
Defaults
mod/port
Number of the module and the port on the module.
cost cost
(Optional) Sets the path cost; valid values are from 1 to 65535.
vlan_list
(Optional) Number of the VLAN; valid values are from 1 to 1005 and from
1025 to 4094.
The default path cost is based on port speed; see Table 2-27 and Table 2-28 for default settings.
Table 2-27 Default Port Cost—Short Mode
Port Speed
Default Port Cost
4 Mb
250
10 Mb
100
16 Mb
62
100 Mb
19
155 Mb
14
1 Gb
4
10 Gb
2
Table 2-28 Default Port Cost—Long Mode
Command Types
Port Speed
Default Port Cost
100 Kb
200,000,000
1 Mb
20,000,000
10 Mb
2,000,000
10 Mb
200,000
1 Gb
20,000
10 Gb
2,000
100 Gb
200
1 Tb
20
10 Tb
2
Switch command.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-626
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portvlancost
Command Modes
Privileged.
Usage Guidelines
Follow these guidelines when you set the path cost for VLANs on a port:
•
The cost value specified is used as the path cost of the port for the specified set of VLANs. The rest
of the VLANs have a path cost equal to the port path cost set through the set spantree portcost
command. If not set, the value is the default path cost of the port.
•
You must supply a vlan_list argument when you first set the cost value. When you subsequently set
a new cost value, all cost values previously set by entering this command are changed to the new
cost value. If you have never explicitly set a cost value for a VLAN by entering this command, the
cost value for the VLAN does not change.
•
If you do not explicitly specify a cost value but cost values were specified previously, the port
VLAN cost is set to 1 less than the current port cost for a port. However, this reduction might not
assure load balancing in all cases.
•
When setting the path cost for extended-range VLANs, you can create a maximum of 64 nondefault
entries or create entries until NVRAM is full.
This command is not supported by the NAM.
This command is not supported in MISTP mode.
Examples
These examples show how to use the set spantree portvlancost command and explicitly specify the
path cost of a port:
Console> (enable) set spantree portvlancost 2/10 cost 25 1-20
Cannot set portvlancost to a higher value than the port cost, 10, for port 2/10.
Console> (enable)
Console> (enable) set spantree portvlancost 2/10 cost 1-20
Port 2/10 VLANs 1-20 have a path cost of 9.
Console> (enable)
Console> (enable) set spantree portvlancost 2/10 cost 4 1-20
Port 2/10 VLANs 1-20 have path cost 4.
Port 2/10 VLANs 21-1000 have path cost 10.
Console> (enable)
Console> (enable) set spantree portvlancost 2/10 cost 6 21
Port 2/10 VLANs 1-21 have path cost 6.
Port 2/10 VLANs 22-1000 have path cost 10.
Console> (enable)
These examples show how to use the set spantree portvlancost command without explicitly specifying
the path cost of a port:
Console> (enable) set spantree portvlancost 1/2
Port 1/2 VLANs 1-1005 have path cost 3100.
Console> (enable)
Console>
Port 1/2
Port 1/2
Console>
(enable) set spantree portvlancost 1/2 21
VLANs 1-20,22-1005 have path cost 3100.
VLANs 21 have path cost 3099.
(enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-627
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portvlancost
Related Commands
clear spantree portvlancost
set channel vlancost
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-628
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portvlanpri
set spantree portvlanpri
To set the port priority for a subset of VLANs in the trunk port, use the set spantree portvlanpri
command.
set spantree portvlanpri mod/port priority [vlans]
Syntax Description
mod/port
Number of the module and the port on the module.
priority
Number that represents the cost of a link in a spanning tree bridge; valid values are 0,
16, 32, 48, 64, 80, 96, 112, 128, 144,160, 176, 192, 208, 224, 240, with 0 indicating
high priority and 240, low priority. See the “Usage Guidelines” section for more
information.
vlans
(Optional) VLANs that use the specified priority level; valid values are from 1 to
1005.
Defaults
The default is the port VLAN priority is set to 0, with no VLANs specified.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The priority value that is not a multiple of 16 (between the values of 0 to 63) is converted to the nearest
multiple of 16.
This command is not supported by the NAM.
This command is not supported by extended-range VLANs.
Use this command to add VLANs to a specified port priority level. Subsequent calls to this command do
not replace VLANs that are already set at a specified port priority level.
This feature is not supported for the MSM.
The set spantree portvlanpri command applies only to trunk ports. If you enter this command, you see
this message:
Port xx is not a trunk-capable port
Examples
This example shows how to set the port priority for module 1, port 2, on VLANs 21 to 40:
Console>
Port 1/2
Port 1/2
Console>
(enable) set spantree portvlanpri 1/2 16 21-40
vlans 3,6-20,41-1000 using portpri 32
vlans 1-2,4-5,21-40 using portpri 16
(enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-629
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree portvlanpri
Related Commands
clear spantree portvlanpri
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-630
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree priority
set spantree priority
To set the bridge priority for a VLAN or an instance when PVST+ or MISTP is running, use the set
spantree priority command.
set spantree priority bridge_priority vlans
set spantree priority bridge_priority mistp-instance instances
set spantree priority bridge_priority mst instances
Syntax Description
bridge_priority
Number representing the priority of the bridge; see the “Usage Guidelines”
section for valid values.
vlans
Number of the VLAN; valid values are from 1 to 1005 and from 1025 to 4094.
mistp-instance
instances
Specifies the instance numbers; valid values are from 1 to 16.
mst instances
Specifies the MST instance numbers; valid values are from 1 to 15.
Defaults
The default is the bridge priority is set to 32768.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM or the MSM.
If MISTP or the MAC reduction feature is enabled, valid bridge_priority values are 0, 4096, 8192,
12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440,
with 0 indicating high priority and 61440, low priority.
If MISTP or the MAC reduction feature is disabled, valid bridge_priority values are from 0 to 65535.
If you enable MISTP, you cannot set the VLAN bridge priority.
If you enable PVST+, you cannot set the instance priority.
If you try to set instance priority with PVST+ enabled, this message is displayed:
This command is only valid when STP is in MISTP or MISTP-PVST+ mode.
Examples
This example shows how to set the bridge priority of instance 3:
Console> (enable) set spantree priority 14 mistp-instance 3
Instance 3 bridge priority set to 14.
Instance 3 does not exist.
Your configuration has been saved to NVRAM only.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-631
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree priority
This example shows how to set the bridge priority for MST instance 0:
Console> (enable) set spantree priority 28672 mst 0
MST Spantree 0 bridge priority set to 28672.
Console> (enable)
This example shows how to set the bridge priority for multiple MST instances:
Console> (enable) set spantree priority 28672 mst 0-4
MST Spantrees 0-4 bridge priority set to 28672.
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-632
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree root
set spantree root
To set the primary or secondary root for specific VLANs, all VLANs of the switch, or an instance, use
the set spantree root command.
set spantree root [secondary] [vlans] [dia network_diameter] [hello hello_time]
set spantree root [secondary] mistp-instance instance [dia network_diameter]
[hello hello_time]
set spantree root [secondary] mst instance [dia network_diameter] [hello hello_time]
Syntax Description
secondary
(Optional) Designates this switch as a secondary root, should the
primary root fail.
vlans
(Optional) Number of the VLAN; valid values are from 1 to 1005
and from 1025 to 4094.
dia network_diameter (Optional) Specifies the maximum number of bridges between any
two points of end stations; valid values are from 1 through 7.
Defaults
hello hello_time
(Optional) Specifies in seconds, the duration between the
generation of configuration messages by the root switch.
mistp-instance
instance
Specifies the instance number; valid values are from 1 to 16.
mst
instance
Specifies an MST instance; valid values are from 1 to 16.
If you do not specify the secondary keyword, the default is to make the switch the primary root.
The default value of the network diameter is 7.
If you do not specify the hello_time value, the current value of hello_time is calculated from the network
diameter.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a VLAN number, VLAN 1 is assumed.
This command is not supported by the NAM.
This command is run on backbone or distribution switches.
You can run the secondary root many times to create backup switches in case of a root failure.
The set spantree root secondary bridge priority value is 16384, except when MAC reduction or MISTP
are enabled, then the value is 28672.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-633
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree root
The set spantree root bridge priority value is 16384, except when MAC reduction or MISTP are
enabled, then the value is 24576.
This command increases path costs to a value greater than 3000.
If you enable MISTP, you cannot set the VLAN root. If you enable PVST+, you cannot set the instance
root.
Examples
This example shows how to set the primary root for a range of VLANs:
Console> (enable)
VLANs 1-10 bridge
VLANs 1-10 bridge
VLANs 1-10 bridge
VLANs 1-10 bridge
Switch is now the
Console> (enable)
set spantree root 1-10 dia 4
priority set to 8192
max aging time set to 14 seconds.
hello time set to 2 seconds.
forward delay set to 9 seconds.
root switch for active VLANs 1-6.
This example shows how to set the primary root for an instance:
Console> (enable) set spantree root mistp-instance 2-4 dia 4
Instances 2-4 bridge priority set to 8192
VLInstances 2-4 bridge max aging time set to 14 seconds.
Instances 2-4 bridge hello time set to 2 seconds.
Instances 2-4 bridge forward delay set to 9 seconds.
Switch is now the root switch for active Instances 1-6.
Console> (enable)
This example shows how to set the primary root for MST instance 5:
Console> (enable)
Instance 5 bridge
Instance 5 bridge
Instance 5 bridge
Instance 5 bridge
Switch is now the
Console> (enable)
set spantree root mst 5
priority set to 24576.
max aging time set to 16.
hello time set to 2.
forward delay set to 15.
root switch for active Instance 5.
This example shows how to set the secondary root for MST instance 0:
Console>
Instance
Instance
Instance
Instance
Console>
(enable)
0 bridge
0 bridge
0 bridge
0 bridge
(enable)
set spantree root secondary mst 0
priority set to 28672.
max aging time set to 20.
hello time set to 2.
forward delay set to 15.
This example shows how to set the maximum number of bridges and the hello time of the root for MST
instance 0:
Console> (enable)
Instance 0 bridge
Instance 0 bridge
Instance 0 bridge
Instance 0 bridge
Switch is now the
Console> (enable)
set spantree root mst 0 dia 7 hello 2
priority set to 24576.
max aging time set to 20.
hello time set to 2.
forward delay set to 15.
root switch for active Instance 0.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-634
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree root
These examples show that setting the bridge priority to 8192 was not sufficient to make this switch the
root. The priority was further reduced to 7192 (100 less than the current root switch) to make this switch
the root switch. However, reducing it to this value did not make it the root switch for active VLANs 16
and 17.
Console> (enable) set spantree root 11-20.
VLANs 11-20 bridge priority set to 7192
VLANs 11-10 bridge max aging time set to 20 seconds.
VLANs 1-10 bridge hello time set to 2 seconds.
VLANs 1-10 bridge forward delay set to 13 seconds.
Switch is now the root switch for active VLANs 11-15,18-20.
Switch could not become root switch for active VLAN 16-17.
Console> (enable)
Console> (enable) set spantree root secondary 22,24 dia 5 hello 1
VLANs 22,24 bridge priority set to 16384.
VLANs 22,24 bridge max aging time set to 10 seconds.
VLANs 22,24 bridge hello time set to 1 second.
VLANs 22,24 bridge forward delay set to 7 seconds.
Console> (enable)
Related Commands
show spantree
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-635
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree uplinkfast
set spantree uplinkfast
To enable fast switchover to alternate ports when the root port fails, use the set spantree uplinkfast
command. This command applies to a switch, not to a WAN.
set spantree uplinkfast {enable | disable} [rate station_update_rate] [all-protocols {off | on}]
Syntax Description
enable
Enables fast switchover.
disable
Disables fast switchover.
rate
station_update_rate
(Optional) Specifies the number of multicast packets
transmitted per 100 ms when an alternate port is chosen after
the root port goes down.
all-protocols
(Optional) Specifies whether or not to generate multicast
packets for all protocols (IP, IPX, AppleTalk, and Layer 2
packets).
off
(Optional) Turns off the all-protocols feature.
on
(Optional) Turns on the all-protocols feature.
Defaults
The default station_update_rate is 15 packets per 100 milliseconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
This command is not available in MST mode.
The set spantree uplinkfast enable command has the following results:
•
Changes the bridge priority to 49152 for all VLANs (allowed VLANs).
•
Increases the path cost and portvlancost of all ports to a value greater than 3000.
•
On detecting the failure of a root port, an instant cutover occurs to an alternate port selected by
Spanning Tree Protocol.
If you run the set spantree uplinkfast enable command on a switch that has this feature already enabled,
only the station update rate is updated. The rest of the parameters are not modified.
If you run the set spantree uplinkfast disable command on a switch, the UplinkFast feature is disabled
but the switch priority and port cost values are not reset to the default settings. To reset the values to the
default settings, enter the clear spantree uplinkfast command.
The default station_update_rate value is 15 packets per 100 milliseconds, which is equivalent to a
1-percent load on a 10-megabit per second Ethernet network. If you specify this value as 0, the
generation of these packets is turned off.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-636
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set spantree uplinkfast
You do not have to turn on the all-protocols feature on Catalyst 6500 series switches that have both the
UplinkFast and protocol filtering features enabled. Use the all-protocols feature only on Catalyst 6500
series switches that have UplinkFast enabled but do not have protocol filtering; upstream switches in the
network use protocol filtering. You must enter the all-protocols option to inform the UplinkFast task
whether or not to generate multicast packets for all protocols.
Examples
This example shows how to enable spantree UplinkFast and specify the number of multicast packets
transmitted to 40 packets per 100 milliseconds:
Console> (enable) set spantree uplinkfast enable rate 40
VLANs 1-4094 bridge priority set to 49152.
The port cost and portvlancost of all ports set to above 3000.
Station update rate set to 40 packets/100ms.
uplinkfast all-protocols field set to off.
uplinkfast enabled for bridge.
Console> (enable)
This example shows how to disable spantree UplinkFast:
Console> (enable) set spantree uplinkfast disable
Uplinkfast disabled for switch.
Use clear spantree uplinkfast to return stp parameters to default.
Console> (enable) clear spantree uplink
This command will cause all portcosts, portvlancosts, and the
bridge priority on all vlans to be set to default.
Do you want to continue (y/n) [n]? y
VLANs 1-1005 bridge priority set to 32768.
The port cost of all bridge ports set to default value.
The portvlancost of all bridge ports set to default value.
uplinkfast disabled for bridge.
Console> (enable)
This example shows how to turn on the all-protocols feature:
Console> (enable) set spantree uplinkfast enable all-protocols on
uplinkfast update packets enabled for all protocols.
uplinkfast enabled for bridge.
Console> (enable)
This example shows how to turn off the all-protocols feature:
Console> (enable) set spantree uplinkfast enable all-protocols off
uplinkfast all-protocols field set to off.
uplinkfast already enabled for bridge.
Console> (enable)
This example shows the output when instances have been configured:
Console> (enable) set spantree uplinkfast enable
Instances 1-15 bridge priority set to 49152.
The port cost and portinstancecost of all ports set to above 3000.
Station update rate set to 15 mpackets/100ms.
uplinkfast all-protocols field set to off.
uplinkfast already enabled for bridge.
Console> (enable)
Related Commands
clear spantree uplinkfast
show spantree uplinkfast
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-637
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set summertime
set summertime
To specify whether the system should set the clock ahead one hour during daylight saving time, use the
set summertime command.
set summertime {enable | disable} [zone]
set summertime recurring [{week} {day} {month} {hh:mm} {week | day | month | hh:mm} [offset]]
set summertime date {month} {date} {year} {hh:mm} {month | date | year | hh:mm}
[offset]
Syntax Description
enable
Causes the system to set the clock ahead one hour during daylight
saving time.
disable
Prevents the system from setting the clock ahead one hour during
daylight saving time.
zone
(Optional) Time zone used by the set summertime command.
recurring
Specifies the summertime dates that recur every year.
week
Week of the month (first, second, third, fourth, last, 1...5).
day
Day of the week (Sunday, Monday, Tuesday, and so forth).
month
Month of the year (January, February, March, and so forth).
hh:mm
Hours and minutes.
offset
(Optional) Amount of offset in minutes (from 1 to 1440 minutes).
date
Day of the month ( from 1 to 31).
year
Number of the year ( from 1993 to 2035).
Defaults
By default, the set summertime command is disabled. Once enabled, the default for offset is 60 minutes,
following U.S. standards.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After you enter the clear config command, the dates and times are set to default.
Unless you configure it otherwise, this command advances the clock one hour at 2:00 a.m. on the first
Sunday in April and moves back the clock one hour at 2:00 a.m. on the last Sunday in October.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-638
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set summertime
Examples
This example shows how to cause the system to set the clock ahead one hour during daylight saving time:
Console> (enable) set summertime enable PDT
Summertime is enabled and set to “PDT”.
Console> (enable)
This example shows how to prevent the system from setting the clock ahead one hour during daylight
saving time:
Console> (enable) set summertime disable
Summertime disabled.
Console> (enable)
This example shows how to set daylight saving time to the zonename AUS and repeat every year, starting
from the third Monday of February at noon and ending at the second Saturday of August at
3:00 p.m. with an offset of 30 minutes:
Console> (enable) set summertime AUS recurring 3 Mon Feb 12:00 2 Saturday Aug 15:00 30
Summer time is disabled and set to ’AUS’ with offset 30 minutes.
start: 12:00:00 Sun Feb 13 2000
end:
14:00:00 Sat Aug 26 2000
Recurring, starting at 12:00:00 on Sunday of the third week of February and ending
on Saturday of the fourth week of August.
Console> (enable)
This example shows how to set the daylight saving time to start on January 29, 1999 at 2:00 a.m. and
end on August 19, 2004 at 3:00 p.m. with an offset of 30 minutes:
Console> (enable) set summertime date jan 29 1999 02:00 aug 19 2004 15:00 30
Summertime is disabled and set to ''
Start : Fri Jan 29 1999, 02:00:00
End
: Thu Aug 19 2004, 15:00:00
Offset: 30 minutes
Recurring: no
Console> (enable)
This example shows how to set recurring to reset default to US summertime:
Console> (enable) set summertime recurring 3 mon feb 4 thurs oct 8:00 500
Command authorization none.
Summertime is enabled and set to ‘’
Start : Mon Feb 21 2000, 03:00:00
End
: Fri Oct 20 2000, 08:00:00
Offset: 500 minutes (8 hours 20 minutes)
Recurring: yes, starting at 03:00am of third Monday of February and ending on 08:00am of
fourth Thursday of October.
Console> (enable)
Related Commands
show summertime
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-639
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system baud
set system baud
To set the console port baud rate, use the set system baud command.
set system baud rate
Syntax Description
rate
Defaults
The default is 9600 baud.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the system baud rate to 19200:
Baud rate; valid rates are 600, 1200, 2400, 4800, 9600, 19200, and 38400.
Console> (enable) set system baud 19200
System console port baud rate set to 19200.
Console> (enable)
Related Commands
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-640
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system contact
set system contact
To identify a contact person for the system, use the set system contact command.
set system contact [contact_string]
Syntax Description
contact_string
Defaults
The default is no system contact is configured.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the system contact string:
(Optional) Text string that contains the name of the person to
contact for system administration. If you do not specify a contact
string, the system contact string is cleared.
Console> (enable) set system contact Xena ext.24
System contact set.
Console> (enable)
Related Commands
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-641
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system core-dump
set system core-dump
To enable or disable the core dump feature, use the set system core-dump command.
set system core-dump {enable | disable}
Syntax Description
enable
Enables the core dump feature.
disable
Disables the core dump feature.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The core dump feature generates a report of images when your system fails due to a software error. The core
image is stored in the file system. From this file, you can examine an error condition of a process when it is
terminated due to an exception.
The size of the file system depends on the memory card size. The core dump file generated is
proportional to the size of the system DRAM. Make sure that you have enough memory available to store
the core dump file.
In order to maintain the core dump image, the yield CPU is disabled during the core dump process. You
should have a redundant supervisor engine installed to take over normal operations. If the switch has a
redundant supervisor engine setup, the redundant supervisor engine takes over automatically before the
core dump occurs. The previously active supervisor engine resets itself after the core dump completes.
Examples
This example shows how to enable the core dump feature:
Console> (enable) set system core-dump enable
(1) In the event of a system crash, this feature will
cause a core file to be written out.
(2) Core file generation may take up to 20 minutes.
(3) Selected core file is slot0:crash.hz
(4) Please make sure the above device has been installed,
and ready to use
Core-dump enabled
Console> (enable)
This example shows how to disable the core dump feature:
Console> (enable) set system core-dump disable
Core-dump disabled
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-642
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system core-file
set system core-file
To specify the core image filename, use the set system core-file command.
set system core-file {device:[filename]}
Syntax Description
device
Device where the core image file resides; valid values are
bootflash and slot0.
filename
(Optional) Name of the core image file.
Defaults
The default filename is “crashinfo.”
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A device name check is performed when you enter the set system core-file command. If a valid device
name is not found, an error message displays.
When a core dump occurs, the actual file written out will append the date to the filename in this format:
_{yymmdd}-{hhmmss}.
Examples
This example shows how to use the default core image filename:
Console> (enable) set system core-file bootflash:
Attach default filename crashinfo to the device
System core-file set.
Console> (enable)
This example shows how to set the core image filename:
Console> (enable) set system core-file slot0:abc
System core-file set.
Console> (enable)
Related Commands
set system core-dump
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-643
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system countrycode
set system countrycode
To specify the country where the system is physically located, use the set system countrycode
command.
set system countrycode code
Syntax Description
code
Defaults
The default is US (United States).
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The country code is a two-letter country code taken from ISO-3166 (for example, VA=Holy See [Vatican
City State], VU=Vanuatu, and TF=French Southern Territories).
Examples
This example shows how to set the system country code:
Country code; see the “Usage Guidelines” section for format information.
Console> (enable) set system countrycode US
Country code is set to US.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-644
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system crossbar-fallback
set system crossbar-fallback
To select the action taken when the Switch Fabric Module fails, use the set system crossbar-fallback
command.
set system crossbar-fallback {bus-mode | none}
Syntax Description
bus-mode
Fails to the system bus.
none
Does not fail over to the system bus.
Defaults
The default is bus-mode.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can either have the Switch Fabric Module fail over to the bus or have the switch not fail over at all
(in which case, the switch should be down).
This command is supported on systems configured with a Switch Fabric Module and the Supervisor
Engine 2 with Layer 3 Switching Engine II (PFC2) only.
Examples
This example shows how to set the Switch Fabric Module to fail over to the system bus:
Console> (enable) set system crossbar-fallback bus-mode
System crossbar-fallback set to bus-mode.
Console> (enable)
This example shows how to set the Switch Fabric Module to not fail over:
Console> (enable) set system crossbar-fallback none
System crossbar-fallback set to none.
Console> (enable)
Related Commands
show fabric channel
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-645
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system highavailability
set system highavailability
To enable or disable high system availability for the switch, use the set system highavailability
command.
set system highavailability {enable | disable}
Syntax Description
enable
Activates system high availability.
disable
Deactivates system high availability.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
High availability provides Layer 2 and Layer 3 protocol redundancy.
If you enable high availability while the redundant supervisor engine is running, the switch checks the
version compatibility between the two supervisor engines. If the versions are compatible, database
synchronization occurs. When you disable high availability, database synchronization does not occur
and protocols restart on the redundant supervisor engine after switchover.
If you disable high availability from the enabled state, synchronization from the active supervisor engine
is stopped. On the redundant supervisor engine, current synchronization data is discarded. If you enable
high availability from the disabled state, synchronization from the active supervisor engine to the
redundant supervisor engine starts (if you have a redundant supervisor engine and its image version is
compatible with the active supervisor engine).
Examples
This example shows how to enable high availability:
Console> (enable) set system highavailability enable
System high availability enabled.
Console> (enable)
This example shows how to disable high availability:
Console> (enable) set system highavailability disable
System high availability disabled.
Console> (enable)
Related Commands
set system highavailability versioning
show system highavailability
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-646
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system highavailability versioning
set system highavailability versioning
To enable and disable support for supervisor engine image versioning, use the set system
highavailability versioning command.
set system highavailability versioning {enable | disable}
Syntax Description
enable
Activates system high-availability versioning.
disable
Deactivates system high-availability versioning.
Defaults
The default is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The high-availability versioning feature allows the Catalyst 6500 series switch to run different images
on the active and redundant supervisor engines. When you enable image versioning, Flash image
synchronization (from active to the redundant supervisor engines) does not occur, allowing active and
redundant supervisor engines to run different images.
Caution
When you disable image versioning, the active and redundant supervisor engines must run the same
image version.
If you disable the image versioning option from the enabled state, no additional action is necessary on
the redundant supervisor engine. (The redundant supervisor engine should be running the same image
as the active supervisor engine.) If you want to load a different image, you have to restart the redundant
supervisor engine.
If you enable the image versioning option from the disabled state and you have a redundant supervisor
engine and active supervisor engine running a different image than that of the active supervisor engine,
Flash synchronization will copy the active supervisor engine image to the redundant supervisor engine
image and then restart it.
If you enable the image versioning option on the active supervisor engine and the redundant supervisor
engine is running a different image, the NVRAM synchronization cannot occur because the NVRAM
versions are not compatible. If this is the case, after switchover, the old NVRAM configuration on the
supervisor engine is used.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-647
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system highavailability versioning
Examples
This example shows how to enable high-availability versioning:
Console> (enable) set system highavailability versioning enable
Image versioning enabled.
Console> (enable)
This example shows how to disable high-availability versioning:
Console> (enable) set system highavailability versioning disable
Image versioning disabled.
Console> (enable)
Related Commands
set system highavailability
show system highavailability
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-648
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system info-log
set system info-log
To log the output of specified show commands to a server for troubleshooting and debugging, use the set
system info-log command.
set system info-log {enable | disable}
set system info-log command {ccommand_stringc} [position]
set system info-log interval mins
set system info-log {tftp | ftp | rcp username} host filename
Syntax Description
Defaults
enable | disable
Activates or deactivates system information logging.
command
Logs the specified show command to the server.
c
Delimiting character used to begin and end the show command.
command_string
Show command whose output is logged; valid values are show commands.
position
(Optional) Position of the show command in the system information
logging index; valid values are from 1 to 15.
interval
Specifies the amount of time between system information logging events.
mins
Minutes between system information logging events; valid values are from
1 to 64800 minutes (45 days).
tftp
Copies system information logging output to a TFTP server.
ftp
Copies system information loggging output to an FTP server.
rcp
Copies system information logging output to an RCP server.
username
RCP username.
host
IP address or IP alias of the host.
filename
Name of the file.
System information logging is disabled.
The interval between system information logging events is 1440 minutes.
System information logging output is copied to a TFTP server, and the filename is sysinfo.
If you do not provide an absolute path for the file, the TFTP directory is tftpboot. For RCP, the directory
is the user’s home directory.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-649
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system info-log
Usage Guidelines
When you enter the show command whose output is to be logged, you must type a delimiting character
with no spaces on either side of the command. You can add only one show command at a time.
You can enter a maximum of 15 show commands for system information logging.
Examples
This example shows how to activate the system information logging feature:
Console> (enable) set system info-log enable
Successfully enabled system information logging.
Console> (enable)
This example shows how to include the output of the show version command in the log:
Console> (enable) set system info-log command "show version"
System command was successfully added to the list.
Console> (enable)
This example shows how to list the show module command as the third command in the system
information logging index:
Console> (enable) set system info-log command >show module> 3
System command was successfully added to the list.
Console> (enable)
This example shows how to save system information logging with a specific filename to a specific TFTP
server:
Console> (enable) set system info-log tftp 10.5.2.10 sysinfo
Successfully set the system information logging file to tftp:sysinfo
Console> (enable)
This example shows how to save system information logging with a specific filename to an RCP server:
Console> (enable) set system info-log rcp shravan 10.5.2.10 sysinfo
Successfully set the system information logging file to rcp:sysinfo
Console> (enable)
Related Commands
clear config
clear system info-log command
show system info-log
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-650
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system location
set system location
To identify the location of the system, use the set system location command.
set system location [location_string]
Syntax Description
location_string
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a location string, the system location is cleared.
Examples
This example shows how to set the system location string:
(Optional) Text string that indicates where the system is located.
Console> (enable) set system location Closet 230 4/F
System location set.
Console> (enable)
Related Commands
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-651
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system modem
set system modem
To enable or disable modem control lines on the console port, use the set system modem command.
set system modem {enable | disable}
Syntax Description
enable
Activates modem control lines on the console port.
disable
Deactivates modem control lines on the console port.
Defaults
The default is modem control lines are disabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to disable modem control lines on the console port:
Console> (enable) set system modem disable
Modem control lines disabled on console port.
Console> (enable)
Related Commands
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-652
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system name
set system name
To configure a name for the system, use the set system name command.
set system name [name_string]
Syntax Description
name_string
Defaults
The default is no system name is configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the set system name command to assign a name to the switch, the switch name is used as the
prompt string. However, if you specify a different prompt string using the set prompt command, that
string is used for the prompt.
(Optional) Text string that identifies the system.
If you do not specify a system name, the system name is cleared and a DNS lookup is initiated for a
system name. If a name is found, that is the name used; if no name is found, no name is designated.
The system name can be 255 characters long, and the prompt can be 20 characters long. The system name
is truncated appropriately when used as a prompt; a greater-than symbol (>) is appended to the truncated
system name. If the system name was found from a DNS lookup, it is truncated to remove the domain
name.
If the prompt is obtained using the system name, it is updated whenever the system name changes. You
can overwrite this prompt any time by setting the prompt manually. Any change in the prompt is reflected
in all current open sessions.
If you do not specify a name, the system name is cleared.
Examples
This example shows how to set the system name to Information Systems:
Console> (enable) set system name Information Systems
System name set.
Console> (enable)
Related Commands
set prompt
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-653
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system supervisor-update
set system supervisor-update
To configure the Erasable Programmable Logic Device (EPLD) upgrade process, use the set system
supervisor-update command.
set system supervisor-update {automatic | disable | force}
Syntax Description
automatic
Upgrades an earlier supervisor engine EPLD image at bootup.
force
Upgrades supervisor engine EPLD image regardless of the version label.
disable
Disables automatic updates of supervisor engine EPLD image at bootup.
Defaults
The supervisor engine EPLD upgrade is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify the automatic keyword, the system checks the version level of the bundled EPLD image
and performs the upgrade if the bundled EPLD image version is greater than the existing version.
If you specify the force keyword, the system upgrades the existing EPLD image with the bundled EPLD
image regardless of the version level. After a forced upgrade, the configuration reverts back to the
automatic default setting.
If you specify the disable keyword, the automatic EPLD upgrade process is disabled.
Note
Supervisor engine EPLD upgrades are supported only on Supervisor Engine 2. Non-supervisor engine
module (switching modules and service modules) EPLD upgrades are supported using Supervisor
Engine 1 or Supervisor Engine 2.
The EPLD image for Supervisor Engine 2 is included in the Catalyst supervisor engine software image.
The EPLD image for non-supervisor engine modules is provided in a separate downloadable image.
Examples
This example shows how to specify the automatic option for EPLD upgrades:
Console> (enable) set system supervisor-update automatic
Down-rev supervisor EPLD's will be re-programmed next reset.
Console> (enable)
This example shows how to specify the force option for EPLD upgrades:
Console> (enable) set system supervisor-update force
Supervisor EPLD's will synchronize to the image bundle during the next reset.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-654
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system supervisor-update
This example shows how to disable EPLD upgrades:
Console> (enable) set system supervisor-update disable
Supervisor EPLD update during reset is disabled.
Console> (enable)
Related Commands
download
show system supervisor-update
show version
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-655
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system switchmode allow
set system switchmode allow
To configure the switching mode for the system, use the set system switchmode allow command.
set system switchmode allow {truncated | bus-only}
Syntax Description
truncated
Specifies truncated mode; see the “Usage Guidelines” section for additional
information.
bus-only
Forces the system to be in flow-through mode.
Defaults
The default is truncated.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you install a Switch Fabric Module in a Catalyst 6500 series switch, the traffic is forwarded to and
from modules in one of the following modes:
•
Flow-through mode—In this mode, data passes between the local bus and the supervisor engine bus.
This mode is used for traffic to or from nonfabric-enabled modules.
•
Truncated mode—In this mode, only the truncated data (the first 64 bytes of the frame) is sent over
the switch fabric channel if both the destination and the source modules are fabric-enabled modules.
If either the source or destination is not a fabric-enabled module, the data goes through the switch
fabric channel and the data bus. The Switch Fabric Module does not get involved when traffic is
forwarded between nonfabric-enabled modules.
•
Compact mode—In this mode, a compact version of the DBus header is forwarded over the switch
fabric channel, delivering the best possible switching rate. Nonfabric-enabled modules do not
support the compact mode and will generate CRC errors if they receive frames in compact mode.
This mode is only used if nonfabric-enabled modules are not installed in the chassis.
If you enter the truncated keyword and your system does not contain nonfabric-enabled modules, the
system is placed in compact mode.
If two or more fabric-enabled modules are installed in your system with a nonfabric-enabled module,
forwarding between these modules occurs in truncated mode.
If there is a combination of a Supervisor Engine 720 with switch fabric capability and nonfabric-enabled
modules in the chassis, the bus-only keyword is not permitted. The system stays in truncated mode.
Examples
This example shows how to set the switching mode to truncated:
Console> (enable) set system switchmode allow truncated
System switchmode allow set to truncated.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-656
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system switchmode allow
This example shows how to set the switching mode to bus-only:
Console> (enable) set system switchmode allow bus-only
System switchmode allow set to bus-only.
Console> (enable)
Related Commands
show system switchmode
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-657
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system syslog-dump
set system syslog-dump
To write system messages in the syslog buffer to a flash file before the system fails, use the set system
syslog-dump command.
set system syslog-dump {enable | disable}
Syntax Description
enable
Enables the syslog dump feature.
disable
Disables the syslog dump feature.
Defaults
The syslog dump feature is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If the system fails, a file containing the system messages in the syslog buffer (as displayed when entering
the show logging buffer command) is produced.
Enter the set system syslog-file command to specify the flash device and syslog file name for the syslog
dump when the system fails.
Examples
This example shows how to enable the syslog dump feature:
Console> (enable) set system syslog-dump enable
(1) In the event of a system crash, this feature will
cause a syslog file to be written out.
(2) Selected syslog file is slot0:sysloginfo
(3) Please make sure the above device has been installed,
and ready to use.
Syslog-dump enabled
Console> (enable)
This example shows how to disable the syslog dump feature:
Console> (enable) set system syslog-dump disable
Syslog-dump disabled
Console> (enable)
Related Commands
set system syslog-file
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-658
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set system syslog-file
set system syslog-file
To specify the flash device and file name for the syslog dump when the system fails, use the set system
syslog-file command.
set system syslog-file [device:[filename]]
Syntax Description
Defaults
device:
(Optional) Name of the flash device.
filename
(Optional) Name of the file for the syslog dump.
The flash device is slot0.
The file name is sysloginfo.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Enter the set system syslog-dump command to enable or disable the syslog dump feature. You can
change the flash device and the file name when the syslog dump feature is enabled or disabled.
If you only specify the flash device, the file name is automatically set to sysloginfo. If you do not specify
the device or the file name, the previous file name for the syslog dump is cleared, and the default flash
device and file name (slot0:sysloginfo) are used.
Examples
This example shows how to set the flash device for the syslog dump feature:
Console> (enable) set system syslog-file bootflash:
Default filename sysloginfo added to the device bootflash:
System syslog-file set.
Console> (enable)
This example shows how to set the flash device and the file name:
Console> (enable) set system syslog-file bootflash:sysmsgs1
System syslog-file set.
Console> (enable)
This example shows how to restore the flash device and the file name to the default settings:
Console> (enable) set system syslog-file
System syslog-file set to the default file.
Console> (enable)
Related Commands
set system syslog-dump
show system
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-659
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set tacacs attempts
set tacacs attempts
To configure the maximum number of login attempts allowed to the TACACS+ server, use the set tacacs
attempts command.
set tacacs attempts count
Syntax Description
count
Defaults
The default is three attempts.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to configure the TACACS+ server to allow a maximum of six login attempts:
Number of login attempts allowed; valid values are from 1 to 10.
Console> (enable) set tacacs attempts 6
Tacacs number of attempts set to 6.
Console> (enable)
Related Commands
show tacacs
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-660
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set tacacs directedrequest
set tacacs directedrequest
To enable or disable the TACACS+ directed-request option, use the set tacacs directedrequest
command. When enabled, you can direct a request to any of the configured TACACS+ servers and only
the username is sent to the specified server.
set tacacs directedrequest {enable | disable}
Syntax Description
enable
Sends the portion of the address before the @ sign (the username) to the host
specified after the @ sign.
disable
Sends the entire address string to the default TACACS+ server.
Defaults
The default is the TACACS+ directed-request option is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable TACACS+ directed-request, you must specify a configured TACACS+ server after the
@ sign. If the specified host name does not match the IP address of a configured TACACS+ server, the
request is rejected. When TACACS+ directed-request is disabled, the Catalyst 6500 series switch queries
the list of servers beginning with the first server in the list and then sends the entire string, accepting the
first response from the server. This command is useful for sites that have developed their own TACACS+
server software to parse the entire address string and make decisions based on the contents of the string.
Examples
This example shows how to enable the tacacs directedrequest option:
Console> (enable) set tacacs directedrequest enable
Tacacs direct request has been enabled.
Console> (enable)
Related Commands
show tacacs
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-661
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set tacacs key
set tacacs key
To set the key for TACACS+ authentication and encryption, use the set tacacs key command.
set tacacs key key
Syntax Description
key
Defaults
The default value of key is null.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The key must be the same key used on the TACACS+ server. All leading spaces are ignored. Spaces
within the key and at the end of the key are included. Double quotation marks are not required, even if
there are spaces between words in the key, unless the quotation marks themselves are part of the key. The
key can consist of any printable ASCII characters except the tab character.
Printable ASCII characters used for authentication and encryption.
The key length must be less than 100 characters long.
Examples
This example shows how to set the authentication and encryption key:
Console> (enable) set tacacs key Who Goes There
The tacacs key has been set to Who Goes There.
Console> (enable)
Related Commands
clear spantree uplinkfast
show tacacs
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-662
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set tacacs server
set tacacs server
To define a TACACS+ server, use the set tacacs server command.
set tacacs server ip_addr [primary]
Syntax Description
ip_addr
IP address of the server on which the TACACS+ server resides.
primary
(Optional) Designates the specified server as the primary TACACS+ server.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure a maximum of three servers. The primary server, if configured, is contacted first. If
no primary server is configured, the first server configured becomes the primary server.
Examples
This example shows how to configure the server on which the TACACS+ server resides and to designate
it as the primary server:
Console> (enable) set tacacs server 170.1.2.20 primary
170.1.2.20 added to TACACS server table as primary server.
Console> (enable)
Related Commands
clear tacacs server
show tacacs
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-663
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set tacacs timeout
set tacacs timeout
To set the response timeout interval for the TACACS+ server daemon, use the set tacacs timeout
command. The TACACS+ server must respond to a TACACS+ authentication request before this interval
expires or the next configured server is queried.
set tacacs timeout seconds
Syntax Description
seconds
Defaults
The default is 5 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the response timeout interval for the TACACS+ server to 8 seconds:
Timeout response interval in seconds; valid values are from 1 to 255.
Console> (enable) set tacacs timeout 8
Tacacs timeout set to 8 seconds.
Console> (enable)
Related Commands
show tacacs
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-664
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set test diagfail-action
set test diagfail-action
To set the action that the supervisor engine takes when a diagnostics test fails, use the set test
diagfail-action command.
set test diagfail-action {offline | ignore}
Syntax Description
offline
Sets the supervisor engine to stay offline after a diagnostics test failure.
ignore
Sets the supervisor engine to ignore the diagnostics test failure and to boot up.
Defaults
The supervisor engine stays offline.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Enter the show test diagfail-action command to display the action that the supervisor engine takes after
a test failure.
Examples
This example shows how to set the supervisor engine to stay offline:
Console> (enable) set test diagfail-action offline
Diagnostic failure action for SUP set to offline.
Console> (enable)
This example shows how to set the supervisor engine to ignore the diagnostics test failure and to boot up:
Console> (enable) set test diagfail-action ignore
Diagnostic failure action for SUP set to ignore.
Console> (enable)
Related Commands
show test
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-665
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set test diaglevel
set test diaglevel
To set the diagnostic level, use the set test diaglevel command.
set test diaglevel {complete | minimal | bypass}
Syntax Description
complete
Specifies complete diagnostics.
minimal
Specifies minimal diagnostics.
bypass
Specifies bypass diagnostics.
Defaults
The default is minimal diagnostics. See the “Usage Guidelines” section for more information about the
three diagnostic levels.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Setting the diagnostic level determines the level of testing that occurs when the system or module is
reset. The three levels are as follows:
Note
Examples
•
complete—This level runs all tests.
•
minimal—This level runs only EARL tests for the supervisor engine and loopback tests for all ports
in the system.
•
bypass—This level skips all tests.
Although the default is minimal, we recommend that you set the diagnostic level at complete.
This example shows how to set the diagnostic level to complete:
Console> (enable) set test diaglevel complete
Diagnostic level set to complete.
Console> (enable)
This example shows how to set the diagnostic level to bypass:
Console> (enable) set test diaglevel bypass
Diagnostic level set to bypass.
Console> (enable)
Related Commands
show test
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-666
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set time
set time
To change the time of day on the system clock, use the set time command.
set time [day_of_week] [mm/dd/yy] [hh:mm:ss]
Syntax Description
day_of_week (Optional) Day of the week.
mm/dd/yy
(Optional) Month, day, and year.
hh:mm:ss
(Optional) Current time in 24-hour format.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the system clock to Saturday, October 31, 1998, 7:50 a.m:
Console> (enable) set time sat 10/31/98 7:50
Sat Oct 31 1998, 07:50:00
Console> (enable)
Related Commands
show time
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-667
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set timezone
set timezone
To set the time zone for the system, use the set timezone command.
set timezone [zone_name] [hours [minutes]]
Syntax Description
zone_name
(Optional) Name of the time zone to be displayed.
hours
(Optional) Number of hours offset from UTC.
minutes
(Optional) Number of minutes offset from UTC. If the specified
hours value is a negative number, then the minutes value is assumed
to be negative as well.
Defaults
The default is the time zone is set to UTC.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set timezone command is effective only when Network Time Protocol (NTP) is running. If you set
the time explicitly and NTP is disengaged, the set timezone command has no effect. If you have enabled
NTP and have not entered the set timezone command, the Catalyst 6500 series switch displays UTC by
default.
Examples
This example shows how to set the time zone to pacific standard time with an offset of minus 8 hours
from UTC:
Console> (enable) set timezone PST -8
Timezone set to “PST”, offset from UTC is -8 hours.
Console> (enable)
Related Commands
clear timezone
show timezone
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-668
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set traffic monitor
set traffic monitor
To configure the threshold at which a high-traffic log will be generated, use the set traffic monitor
command.
set traffic monitor threshold
Syntax Description
threshold
Defaults
The threshold is set to 100 percent; no high-traffic log is created.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If backplane traffic exceeds the threshold configured by the set traffic monitor command, a high-traffic
log is created. If the threshold is set to 100 percent, no high-traffic system warning is generated.
Examples
This example shows how to set the high-traffic threshold to 80 percent:
1 to 100 percent.
Console> (enable) set traffic monitor 80
Traffic monitoring threshold set to 80%.
Console> (enable)
Related Commands
show traffic
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-669
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set trunk
set trunk
To configure trunk ports and to add VLANs to the allowed VLAN list for existing trunks, use the set
trunk command.
set trunk mod/port {on | off | desirable | auto | nonegotiate} [vlans]
[isl | dot1q [ethertype {value | default }] | dot10 | lane | negotiate]
set trunk all off
Syntax Description
mod/port
Number of the module and the port on the module.
on
Forces the port to become a trunk port and persuade the neighboring port to
become a trunk port. The port becomes a trunk port even if the neighboring port
does not agree to become a trunk.
off
Forces the port to become a nontrunk port and persuade the neighboring port to
become a nontrunk port. The port becomes a nontrunk port even if the neighboring
port does not agree to become a nontrunk port.
desirable
Causes the port to negotiate actively with the neighboring port to become a trunk
link.
auto
Causes the port to become a trunk port if the neighboring port tries to negotiate a
trunk link.
nonegotiate
Forces the port to become a trunk port but prevents it from sending DTP frames to
its neighbor.
vlans
(Optional) VLANs to add to the list of allowed VLANs on the trunk; valid values
are from 1 to 1000 and 1025 to 4094.
isl
(Optional) Specifies an ISL trunk on a Fast or Gigabit Ethernet port.
dot1q
(Optional) Specifies an IEEE 802.1Q trunk on a Fast or Gigabit Ethernet port.
ethertype
(Optional) Customizes the two-byte Ethertype field in the 802.1Q tag.
value
Hexidecimal value for the two-byte Ethertype field.
default
Sets the two-byte Ethertype field to the default value of 0x8100.
dot10
(Optional) Specifies an IEEE 802.10 trunk on a FDDI or CDDI port.
lane
(Optional) Specifies an ATM LANE trunk on an ATM port.
negotiate
(Optional) Specifies that the port become an ISL (preferred) or 802.1Q trunk,
depending on the configuration and capabilities of the neighboring port.
all off
Turns off trunking on all ports.
Defaults
The default port mode is auto.
Command Types
Switch command.
Command Modes
Privileged.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-670
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set trunk
Usage Guidelines
This command is not supported by the NAM.
The following usage guidelines apply when using the set trunk command:
Examples
•
If a trunk-type keyword (isl, dot1q, negotiate) is not specified when configuring an EtherChannel
trunk, the current trunk type is not affected.
•
To return a trunk to its default trunk type and mode, enter the clear trunk mod/port command.
•
Trunking capabilities are hardware-dependent. Refer to the Catalyst 6500 Series Module
Installation Guide to determine the trunking capabilities of your hardware, or enter the show port
capabilities command.
•
Catalyst 6500 series switches use DTP to negotiate trunk links automatically on EtherChannel ports.
Whether or not a port will negotiate to become a trunk port depends on both the mode and the trunk
type specified for that port. Refer to the Catalyst 6500 Series Switch Switch Software Configuration
Guide for detailed information on how trunk ports are negotiated.
•
DTP is a point-to-point protocol. However, some internetworking devices might improperly forward
DTP frames. You can avoid this problem by ensuring that trunking is turned off on ports connected
to non-Catalyst 6500 series switch devices if you do not intend to trunk across those links. When
enabling trunking on a link to a Cisco router, enter the noneg keyword to cause the port to become
a trunk but not generate DTP frames.
•
To remove VLANs from the allowed list for a trunk, enter the clear trunk mod/port vlans command.
When you first configure a port as a trunk, the set trunk command always adds all VLANs to the
allowed VLAN list for the trunk, even if you specify a VLAN range. (The specified VLAN range is
ignored.)
•
To remove VLANs from the allowed list, enter the clear trunk mod/port vlans command. To later
add VLANs that were removed, enter the set trunk mod/port vlans command.
•
You cannot change the allowed VLAN range on the MSM port. The MSM port can be configured
only as an IEEE 802.1Q-type trunk.
•
For trunking to be negotiated on EtherChannel ports, the ports must be in the same VTP domain.
However, you can use the on or noneg mode to force a port to become a trunk, even if it is in a
different domain.
This example shows how to set port 2 on module 1 as a trunk port:
Console> (enable) set trunk 1/2 on
Port(s) 1/2 trunk mode set to on.
Console> (enable)
This example shows how to add VLANs 5 through 50 to the allowed VLAN list for a trunk port (VLANs
were previously removed from the allowed list with the clear trunk command):
Console> (enable) set trunk 1/1 5-50
Adding vlans 5-50 to allowed list.
Port(s) 1/1 allowed vlans modified to 1,5-50,101-1005.
Console> (enable)
This example shows how to set port 5 on module 4 as an 802.1Q trunk port in desirable mode:
Console> (enable) set trunk 4/5 desirable dot1q
Port(s) 4/5 trunk mode set to desirable.
Port(s) 4/5 trunk type set to dot1q.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-671
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set trunk
This example shows how to set the t runk mode to nonegotiate, the trunk type to 802.1Q, and the 802.1Q
Ethertype to 0x1234 on port 1/1:
Console> (enable) set trunk 1/1 nonegotiate dot1q ethertype 1234
Port(s) 1/1 trunk mode set to nonegotiate.
Port(s) 1/1 trunk type set to dot1q.
All the group ports associated with port 1/1 will be modified.
Do you want to continue (y/n)[n]? y
Dot1q Ethertype value set to 0x1234 on port(s) 1/1.
Console> (enable)
This example shows how to set the trunk mode to nonegotiate, to set the trunk type to 802.1Q, and to
return the 802.1Q Ethertype to the standard Ethertype (0x8100) on port 1/1:
Console> (enable) set trunk 1/1 nonegotiate dot1q ethertype default
Port(s) 1/1 trunk mode set to nonegotiate.
Port(s) 1/1 trunk type set to dot1q.
All the group ports associated with port 1/1 will be modified.
Do you want to continue (y/n)[n]? y
Dot1q Ethertype value set to 0x8100 on port(s) 1/1.
Console> (enable)
Related Commands
clear trunk
set vtp
show port dot1q-ethertype
show trunk
show vtp statistics
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-672
22
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set udld
set udld
To enable or disable the UDLD information display on specified ports or globally on all ports, use the
set udld command.
set udld enable | disable [mod/port]
Syntax Description
Defaults
enable
Enables the UDLD information display.
disable
Disables the UDLD information display.
mod/port
(Optional) Number of the module and port on the module.
The defaults are as follows:
•
UDLD global enable state—Globally disabled.
•
UDLD per-port enable state for fiber-optic media—Enabled on all Ethernet fiber-optic ports.
•
UDLD per-port enable state for twisted-pair (copper) media—Disabled on all Ethernet 10/100 and
1000BASE-TX ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Whenever a unidirectional connection is detected, UDLD displays a syslog message to notify you and
the network management application (through SNMP) that the port on which the misconfiguration has
been detected has been disabled.
If you enter the global set udld enable or disable command, UDLD is globally configured. If UDLD is
globally disabled, UDLD is automatically disabled on all interfaces, but the per-port enable (or disable)
configuration is not changed. If UDLD is globally enabled, whether or not UDLD is running on an
interface depends on its per-port configuration.
UDLD is supported on both Ethernet fiber and copper interfaces. UDLD can only be enabled on Ethernet
fiber or copper interfaces.
Examples
This example shows how to enable the UDLD message display for port 1 on module 2:
Console> (enable) set udld enable 2/1
UDLD enabled on port 2/1.
Warning:UniDirectional Link Detection
should be enabled only on ports not connected to hubs,
media converters or similar devices.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-673
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set udld
This example shows how to disable the UDLD message display for port 1 on module 2:
Console> (enable) set udld disable 2/1
UDLD disabled on port 2/1.
Warning:UniDirectional Link Detection
should be enabled only on ports not connected to hubs,
media converters or similar devices.
Console> (enable)
This example shows how to enable the UDLD message display for all ports on all modules:
Console> (enable) set udld enable
UDLD enabled globally.
Console> (enable)
This example shows how to disable the UDLD message display for all ports on all modules:
Console> (enable) set udld disable
UDLD disabled globally
Console> (enable)
Related Commands
show udld
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-674
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set udld aggressive-mode
set udld aggressive-mode
To enable or disable the UDLD aggressive mode on specified ports, use the set udld aggressive-mode
command.
set udld aggressive-mode enable | disable mod/port
Syntax Description
enable
Enables UDLD aggressive mode.
disable
Disables UDLD aggressive mode.
mod/port
Number of the module and port on the module.
Defaults
The default is aggressive mode is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can use the aggressive mode in cases in which a port that sits on a bidirectional link stops receiving
packets from its neighbor. When this happens, if aggressive mode is enabled on the port, UDLD will try
to reestablish the connection with the neighbor. If connection is not reestablished after eight failed
retries, the port is error disabled.
We recommend that you use this command on point-to-point links between Cisco switches only.
This command is not supported by the NAM.
Examples
This example shows how to enable aggressive mode:
Console> (enable) set udld aggressive-mode enable 2/1
Aggressive UDLD enabled on port 5/13.
Warning:Aggressive Mode for UniDirectional Link Detection
should be enabled only on ports not connected to hubs,
media converters or similar devices.
Console> (enable)
Related Commands
set udld
show udld
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-675
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set udld interval
set udld interval
To set the UDLD message interval timer, use the set udld interval command.
set udld interval interval
Syntax Description
interval
Defaults
The default is 15 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
Examples
This example shows how to set the message interval timer:
Message interval in seconds; valid values are from 7 to 90 seconds.
Console> (enable) set udld interval 90
UDLD message interval set to 90 seconds
Console> (enable)
Related Commands
set udld
show udld
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-676
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan
set vlan
To group ports into a VLAN, set the private VLAN type, map or unmap VLANs to or from an instance,
specify an 802.1x port to a VLAN, or secure a range of VLANs on a Firewall Services Module, use the
set vlan command.
set vlan {vlans}{mod/ports}
set vlan {vlans} [name name] [type type] [state state] [said said] [mtu mtu]
[bridge bridge_num] [mode bridge_mode] [stp stp_type] [translation vlan_num]
[aremaxhop hopcount] [pvlan-type pvlan_type] [mistp-instance mistp_instance]
[ring hex_ring_number] [decring decimal_ring_number] [parent vlan_num]
[backupcrf {off | on}] [stemaxhop hopcount] [rspan]
set vlan {vlans} firewall-vlan {mod}
Syntax Description
vlans
Number identifying the VLAN; valid values are from 1 to 1005 and
from 1025 to 4094.
mod/ports
Number of the module and ports on the module belonging to the
VLAN.
name name
(Optional) Defines a text string used as the name of the VLAN;
valid values are from 1 to 32 characters.
type type
(Optional) Identifies the VLAN type.
state state
(Optional) Specifies whether the state of the VLAN is active or
suspended.
said said
(Optional) Specifies the security association identifier; valid values
are from 1 to 4294967294.
mtu mtu
(Optional) Specifies the maximum transmission unit (packet size, in
bytes) that the VLAN can use; valid values are from 576 to 18190.
bridge bridge_num
(Optional) Specifies the identification number of the bridge; valid
values are hexadecimal numbers from 0x1 to 0xF.
mode bridge_mode
(Optional) Specifies the bridge mode; valid values are srt and srb.
stp stp_type
(Optional) Specifies the STP type; valid values are ieee, ibm, and
auto.
translation vlan_num
(Optional) Specifies a translational VLAN used to translate FDDI
or Token Ring to Ethernet; valid values are from 1 to 1000 and from
1025 to 4094.
aremaxhop hopcount
(Optional) Specifies the maximum number of hops for All-Routes
Explorer frames; valid values are from 1 to 13.
pvlan-type pvlan-type
(Optional) Keyword and options to specify the private VLAN type.
See the “Usage Guidelines” section for valid values.
mistp-instance
mistp_instance
(Optional) Specifies the MISTP instance; valid values are none and
from 1 to 16.
ring hex_ring_number
(Optional) Keyword to specify the VLAN as the primary VLAN in
a private VLAN.
decring
decimal_ring_number
(Optional) Specifies the decimal ring number; valid values are from
1 to 4095.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-677
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan
Defaults
parent vlan_num
(Optional) Specifies the VLAN number of the parent VLAN; valid
values are from 1 to 1000 and from 1025 to 4094.
backupcrf off | on
(Optional) Specifies whether the TrCRF is a backup path for traffic.
stemaxhop hopcount
(Optional) Specifies the maximum number of hops for Spanning
Tree Explorer frames; valid values are from 1 to 14.
rspan
(Optional) Creates a VLAN for remote SPAN.
firewall-vlan
Specifies VLANs that are secured by a Firewall Services Module;
see the “Usage Guidelines” section for more information about
specifying a VLAN range for a Firewall Services Module.
mod
Number of the Firewall Services Module.
The default values are as follows:
•
Switched Ethernet ports and Ethernet repeater ports are in VLAN 1.
•
said is 100001 for VLAN 1, 100002 for VLAN 2, 100003 for VLAN 3, and so forth.
•
type is Ethernet.
•
mtu is 1500 bytes.
•
state is active.
•
hopcount is 7.
•
pvlan type is none.
•
mistp_instance is no new instances have any VLANs mapped. For an existing VLAN, the existing
instance configuration is used.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM.
If you are configuring normal-range VLANs, you cannot use the set vlan command until the
Catalyst 6500 series switch is either in VTP transparent mode (set vtp mode transparent) or until a
VTP domain name has been set (set vtp domain name). To create a private VLAN, UTP mode must be
transparent.
If you set the VTP version to 3, VLAN 1 (the Cisco default VLAN) and VLANs 1002-1005 are
configurable. If your switch has VTP version 1 or VTP version 2 neighbors, only default values are
advertised for these VLANs. We recommend that you do not modify these VLANs if you want
interoperability with older versions of VTP.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-678
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan
If you specify a range of VLANs, you cannot use the VLAN name.
If you enter the mistp-instance none command, the specified VLANs are unmapped from any instance
they are mapped to.
The set vlan vlan_num mistp-instance mistp_instance command is available in PVST+ mode.
You cannot set multiple VLANs for ISL ports using this command. The VLAN name can be from 1 to
32 characters in length. If you are adding a new VLAN or modifying an existing VLAN, the VLAN
number must be within the range of 1 to 1000 and 1025 to 4094.
If you want to use the extended-range VLANs (1025 to 4094), you must enable the MAC address
reduction feature using the set spantree macreduction command. When you enable MAC address
reduction, the pool of MAC addresses used for the VLAN spanning tree is disabled, leaving a single
MAC address that identifies the switch.
If you use the rspan keyword for remote SPAN VLANs, you should not configure an access port (except
the remote SPAN destination ports) on these VLANs. Learning is disabled for remote SPAN VLANs.
If you use the rspan keyword for remote SPAN VLANs, only the name name and the state
{active | suspend} variables are supported.
The stemaxhop hopcount parameter is valid only when defining or configuring TrCRFs.
The bridge bridge_num, mode bridge_mode, stp stp_type, and translation vlan_num keywords and
values are supported only when the Catalyst 6500 series switch is used as a VTP server for Catalyst 5000
family switches in the Token Ring and FDDI networks.
You must configure a private VLAN on the supervisor engine.
Valid values for pvlan-type are as follows:
•
primary specifies the VLAN as the primary VLAN in a private VLAN.
•
isolated specifies the VLAN as the isolated VLAN in a private VLAN.
•
community specifies the VLAN as the community VLAN in a private VLAN.
•
twoway-community specifies the VLAN as a bidirectional community VLAN that carries the
traffic among community ports and to and from community ports to and from the MSFC.
•
none specifies that the VLAN is a normal Ethernet VLAN, not a private VLAN.
Only regular VLANs with no access ports assigned to them can be used in private VLANs. Do not use
the set vlan command to add ports to a private VLAN; use the set pvlan command to add ports to a
private VLAN.
VLANs 1001, 1002, 1003, 1004, and 1005 cannot be used in private VLANs.
VLANs 1025 to 4094 are extended-range VLANs.
VLANs in a suspended state do not pass packets.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-679
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan
To secure a range of VLANs on a Firewall Services Module, these conditions must be satisfied:
1.
Port membership must be defined for the VLANs, and the VLANs must be in active state.
2.
The VLANs do not have a Layer 3 interface in active state on the MSFC.
3.
The VLANs are not reserved VLANs.
VLANs that do not satisfy condition number 2 in the list above are discarded from the range of VLANs
that you attempt to secure on the Firewall Services Module. VLANs that meet condition number 2 and
condition number 3 but do not meet condition number 1 are stored in the supervisor engine database;
these VLANs are sent to the Firewall Services Module as soon as they meet condition number 1.
Examples
This example shows how to set VLAN 850 to include ports 3 through 7 on module 3:
Console> (enable) set vlan 850 3/4-7
VLAN 850 modified.
VLAN Mod/Ports
---- ----------------------850
3/4-7
Console> (enable)
This example shows how to set VLAN 7 as a primary VLAN:
Console> (enable) set vlan 7 pvlan-type primary
Console> (enable)
This example shows how to set VLAN 901 as an isolated VLAN:
Console> (enable) set vlan 901 pvlan-type isolated
Console> (enable)
This example shows how to set VLAN 903 as a community VLAN:
Console> (enable) set vlan 903 pvlan-type community
Console> (enable)
This example shows how to unmap all instances currently mapped to VLAN 5:
Console> (enable) set vlan 5 mistp-instance none
Vlan 5 configuration successful
Console> (enable)
This example shows how to secure a range of VLANs on a Firewall Services Module:
Console> (enable) set vlan 2-55 firewall-module 7
Console> (enable)
This example shows the message that appears when VLAN port-provisioning verification is enabled:
Console> (enable) set vlan 10 2/1
Port Provisioning Verification is enabled on the switch.
To move port(s) into the VLAN, use 'set vlan <vlan> <port> <vlan_name>'
command.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-680
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan
Related Commands
clear config pvlan
clear pvlan mapping
clear vlan
set pvlan
set spantree macreduction
set vlan mapping
set vlan verify-port-provisioning
show pvlan
show pvlan mapping
show vlan
set vlan verify-port-provisioning
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-681
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan mapping
set vlan mapping
To map reserved VLANs to nonreserved VLANs or map 802.1Q VLANs to ISL VLANs, use the set vlan
mapping command.
set vlan mapping reserved vlan non-reserved vlan
set vlan mapping dot1q 1q_vlan_num isl isl_vlan_num
Syntax Description
reserved vlan
Specifies the reserved VLAN; valid values are from 1006 to 1024.
non-reserved vlan
Specifies the nonreserved VLAN; valid values are from 1 to 1005
and from 1025 to 4094.
dot1q 1q_vlan_num
Specifies the 802.1Q VLAN; valid values are from 1001 to 4094.
isl isl_vlan_num
Specifies the ISL VLAN; valid values are from 1 to 1000.
Defaults
This command has no default settings.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
VLAN and MISTP instance mapping can be set only on the switch that is in either VTP server mode or
in transparent mode.
IEEE 802.1Q VLAN trunks support VLANs 1 through 4094. ISL VLAN trunks support VLANs 1
through 1024 (1005 to 1024 are reserved). The switch automatically maps 802.1Q VLANs 1000 and
lower to ISL VLANs with the same number.
Use this feature to map 802.1Q VLANs above 1000 to ISL VLANs.
The total of all mappings must be less than or equal to eight. Only one 802.1Q VLAN can be mapped to
an ISL VLAN. For example, if 802.1Q VLAN 800 has been automatically mapped to ISL VLAN 800,
do not manually map any other 802.1Q VLANs to ISL VLAN 800.
You cannot overwrite existing 802.1Q VLAN mapping. If the 802.1Q VLAN number already exists, the
command is aborted. You must first clear that mapping.
The reserved vlan range is 1002 to 1024. You can map the entire reserved range with the exception of
the default media VLANs 1002 to 1005.
You cannot overwrite existing VLAN mapping. If the VLAN number already exists, the command is
aborted. You must first clear that mapping.
If the VLAN number does not exist, then either of the following occurs:
•
If the switch is in server or transparent mode, the VLAN is created with all default values.
•
If the switch is in client mode, then the command proceeds without creating the VLAN. A warning
will be given indicating that the VLAN does not exist.
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-682
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan mapping
If the table is full, the command is aborted with an error message indicating the table is full.
The dot1q VLANs are rejected if any extended-range VLANs are present.
Examples
This example shows how to map reserved VLAN 1010 to nonreserved VLAN 4000:
Console> (enable) set vlan mapping reserved 1010 non-reserved 4000
Vlan 1010 successfully mapped to 4000.
Console> (enable)
This example shows the display if you enter an existing mapping:
Console> (enable) set vlan mapping reserved 1011 non-reserved 4001
Vlan mapping from vlan 1011 to vlan 4001 already exists.
Console> (enable)
This example shows the display if the mapping table is full:
Console> (enable) set vlan mapping reserved 1010 non-reserved 4000
Vlan mapping table full. Maximum of 8 mappings allowed.
Console> (enable)
This example shows how to map VLAN 850 to ISL VLAN 1022:
Console> (enable) set vlan mapping dot1q 850 isl 1022
Vlan 850 configuration successful
Vlan mapping successful
Console> (enable)
This example shows the display if you enter a VLAN that does not exist:
Console> (enable) set vlan mapping dot1q 2 isl 1016
Vlan Mapping Set
Warning: Vlan 2 Nonexistent
Console> (enable)
This example shows the display if you enter an existing mapping:
Console> (enable) set vlan mapping dot1q 3 isl 1022
1022 exists in the mapping table. Please clear the mapping first.
Console> (enable)
This example shows the display if the mapping table is full:
Console> (enable) set vlan mapping dot1q 99 isl 1017
Vlan Mapping Table Full.
Console> (enable)
Related Commands
clear vlan mapping
show vlan
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-683
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vlan verify-port-provisioning
set vlan verify-port-provisioning
To enable or disable VLAN port-provisioning verification on all ports, use the set vlan
verify-port-provisioning command.
set vlan verify-port-provisioning {enable | disable}
Syntax Description
enable
Enables VLAN port-provisioning verification.
disable
Disables VLAN port-provisioning verification.
Defaults
VLAN port-provisioning verification is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When VLAN port-provisioning verification is enabled, you must specify the VLAN name in addition to
the VLAN number when assigning switch ports to VLANs. Because you are required to specifiy both
the VLAN name and the VLAN number, this verification feature helps ensure that ports are not
inadvertently placed in the wrong VLAN.
When the feature is enabled, you can still create new VLANs using the set vlan vlan mod/port command,
but you cannot add additional ports to the VLAN without specifying both the VLAN number and the
VLAN name. The feature does not affect assigning ports to VLANs using other features such as SNMP,
dynamic VLANs, and 802.1x.
Examples
This example shows how to enable VLAN port-provisioning verification on all ports:
Console> (enable) set vlan verify-port-provisioning enable
Vlan verify-port-provisioning feature enabled
Console> (enable)
This example shows how to disable VLAN port-provisioning verification on all ports:
Console> (enable) set vlan verify-port-provisioning disable
vlan verify-port-provisioning feature disabled
Console> (enable)
Related Commands
show vlan verify-port-provisioning
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-684
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vmps downloadmethod
set vmps downloadmethod
To specify whether to use TFTP or rcp to download the VMPS database, use the set vmps
downloadmethod command.
set vmps downloadmethod {rcp | tftp} [username]
Syntax Description
rcp
Specifies rcp as the method for downloading the VLAN
Membership Policy Server (VMPS) database.
tftp
Specifies TFTP as the method for downloading the VMPS database.
username
(Optional) Username for downloading with rcp.
Defaults
If no method is specified, TFTP will be used.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The username option is not allowed if you specify tftp as the download method.
Examples
This example shows how to specify the method for downloading the VMPS database:
Console> (enable) set vmps downloadmethod rcp jdoe
vmps downloadmethod : RCP
rcp vmps username
: jdoe
Console> (enable)
Related Commands
download
set rcp username
show vmps
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-685
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vmps downloadserver
set vmps downloadserver
To specify the IP address of the TFTP or rcp server from which the VMPS database is downloaded, use
the set vmps downloadserver command.
set vmps downloadserver ip_addr [filename]
Syntax Description
ip_addr
IP address of the TFTP or rcp server from which the VMPS database is
downloaded.
filename
(Optional) VMPS configuration filename on the TFTP or rcp server.
Defaults
If filename is not specified, the set vmps downloadserver command uses the default filename
vmps-config-database.1.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to specify the server from which the VMPS database is downloaded and how
to specify the configuration filename:
Console> (enable) set vmps downloadserver 192.168.69.100 vmps_config.1
IP address of the server set to 192.168.69.100
VMPS configuration filename set to vmps_config.1
Console> (enable)
Related Commands
download
set vmps state
show vmps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-686
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vmps server
set vmps server
To configure the VMPS, use the set vmps server command.
set vmps server ip_addr [primary]
set vmps server retry count
set vmps server reconfirminterval interval
Syntax Description
ip_addr
IP address of the VMPS.
primary
(Optional) Specifies the device as the primary VMPS.
retry count
Specifies the retry interval; valid values are from 1 to 10 minutes.
reconfirminterval
interval
Specifies the reconfirmation interval; valid values are from 0 to 120 minutes.
Defaults
If no IP address is specified, the VMPS uses the local VMPS configuration.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can specify the IP addresses of up to three VMPSs. You can define any VMPS as the primary VMPS.
If the primary VMPS is down, all subsequent queries go to a secondary VMPS. VMPS checks on the
primary server’s availability once every five minutes. When the primary VMPS comes back online,
subsequent VMPS queries are directed back to the primary VMPS.
To use a co-resident VMPS (when VMPS is enabled in a device), configure one of the three VMPS
addresses as the IP address of interface sc0.
When you specify the reconfirminterval interval, enter 0 to disable reconfirmation.
Examples
This example shows how to define a primary VMPS:
Console> (enable) set vmps server 192.168.10.140 primary
192.168.10.140 added to VMPS table as primary domain server.
Console> (enable)
This example shows how to define a secondary VMPS:
Console> (enable) set vmps server 192.168.69.171
192.168.69.171 added to VMPS table as backup domain server.
Console> (enable)
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-687
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vmps server
Related Commands
clear vmps server
show vmps
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-688
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vmps state
set vmps state
To enable or disable VMPS, use the set vmps state command.
set vmps state {enable | disable}
Syntax Description
enable
Enables VMPS.
disable
Disables VMPS.
Defaults
By default, VMPS is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Before using the set vmps state command, you must use the set vmps tftpserver command to specify
the IP address of the server from which the VMPS database is downloaded.
Examples
This example shows how to enable VMPS:
Console> (enable) set vmps state enable
Vlan membership Policy Server enabled.
Console> (enable)
This example shows how to disable VMPS:
Console> (enable) set vmps state disable
All the VMPS configuration information will be lost and the resources released on disable.
Do you want to continue (y/n[n]):y
VLAN Membership Policy Server disabled.
Console> (enable)
Related Commands
download
show vmps
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-689
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vtp
set vtp
To set the options for VTP, use the set vtp command.
set vtp domain domain_name
set vtp mode {client | server | transparent | off} [vlan | unknown]
set vtp passwd passwd [hidden]
set vtp pruning {enable | disable}
set vtp version {1 | 2 | 3}
set vtp primary [feature] [force]
Syntax Description
domain
domain_name
Defines the name that identifies the VLAN management domain. The
domain_name can be from 1 to 32 characters in length.
mode {client |
Specifies the VTP mode.
server |
transparent | off}
vlan
(Optional) Specifies the VLAN database.
unknown
(Optional) Specifies an unknown feature. See the “Usage Guidelines” section for
more information.
passwd passwd
Defines the VTP password; the VTP password can be from 1 to 64 characters in
length.
hidden
(Optional) Hides the password in the configuration. See the “Usage Guidelines”
section for more information.
pruning {enable | Enables or disables VTP pruning for the entire management domain in VTP
disable}
versions 1 and 2. Enables or disables VTP pruning only on the local switch in
VTP version 3.
version {1 | 2 | 3} Specifies the VTP version.
Defaults
primary
Sets the VTP version 3 primary server.
feature
(Optional) Database to which the VTP mode applies. See the “Usage Guidelines”
section for more information.
force
(Optional) Forces the switch to be the primary server
The defaults are as follows:
•
no domain name
•
server mode
•
no password
•
pruning disabled
•
version 1
Catalyst 6500 Series Switch Command Reference—Release 8.1
78-15474-01
2-690
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vtp
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The following guidelines apply to VTP versions 1, 2, and 3:
Caution
•
VTP supports four different modes: server, client, transparent, and off. If you make a change to the
VTP or VLAN configuration on a switch in server mode, that change is propagated to all of the
switches in the same VTP domain.
•
If the VTP password has already been defined, entering passwd 0 (zero) clears the VTP password.
If you enter the hidden keyword after you specify the VTP password, the password does not appear
in the configuration; an encrypted hexadecimal value appears in place of the password.
•
If the receiving switch is in server mode and its revision number is higher than the sending switch,
the configuration is not changed. If the revision number is lower, the configuration is duplicated.
•
VTP can be set to either server or client mode only when dynamic VLAN creation is disabled.
•
If the receiving switch is in server mode, the configuration is not changed.
•
If the receiving switch is in client mode, the client switch changes its configuration to duplicate the
configuration of the server. Make sure to make all VTP or VLAN configuration changes on a switch
in server mode.
•
If the receiving switch is in transparent mode, the configuration is not changed. Switches in
transparent mode do not participate in VTP. If you make VTP or VLAN configuration changes on a
switch in transparent mode, the changes are not propagated to the other switches in the network.
•
When you configure the VTP off mode, the switch functions the same as in VTP transparent mode
except that VTP advertisements are not forwarded.
•
You cannot enable VTP pruning and MISTP at the same time.
•
Use the clear config all command to remove the domain from the switch.
Be careful when you use the clear config all command. This command clears the entire switch
configuration, not just the VTP domain.
•
The set vtp command is not supported by the NAM.
The following guidelines apply only to VTP versions 1 and 2:
•
All switches in a VTP domain must run the same version of VTP. VTP version 1 and VTP version 2
do not operate on switches in the same domain.
•
If all switches in a VTP domain are VTP version 2-capable, you only need to enable VTP version 2
on one switch by using the set vtp version 2 command. The version number is then propogated to
other version 2-capable switches in the VTP domain.
•
The pruning keyword is used to enable or disable VTP pruning for the entire VTP domain. VTP
pruning causes information about each pruning-eligible VLAN to be removed from VTP updates if
there are no stations belonging to that VLAN out a particular switch port. Use the set vtp
pruneeligible and clear vtp pruneeligible commands to specify which VLANs should or should
not be pruned when pruning is enabled for the domain.
Catalyst 6500 Series Switch Command Reference—Release 8.1
2-691
78-15474-01
Chapter 2
Catalyst 6500 Series Switch and ROM Monitor Commands
set vtp
The following guidelines apply only to VTP version 3:
Note
•
VTP version 3 works concurrently with VTP versisons 1 and 2. VTP version 3 is implemented
independently because it only distributes a list of databases over an administrative domain. VTP
version 3 does not directly handle VLANs.
•
The unknown keyword allows you to configure the behavior of the switch databases that it cannot
interpret. (These databases will be features handled by future extensions of VTP version 3). If you
enter set vtp mode transparent unknown, p