manualshive.com logo in svg

Cisco 220 Series Smart Plus, Reference Manual

The Cisco 220 Series Smart Plus is a cutting-edge network switch designed to optimize connectivity and enhance business productivity. Easily configure and manage your network settings with the comprehensive Reference Manual available for free download on our website manualshive.com. Discover powerful features and enjoy seamless networking with this reliable solution.

Share
Download
background image

SYN Protection Commands

show security-suite syn protection

Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x

452

34

Parameters

pps

—The number of packets per second from a specific port that triggers 

identification of TCP SYN attack. (Range: 20 to 60 packets per second)

Default Configuration

The default SYN protection threshold is 60 packets per second. 

Command Mode

Global Configuration mode

Example

The following example sets the SYN protection threshold to 40 packets per 
second: 

switchxxxxxx(config)# 

security-suite syn protection threshold 40

show security-suite syn protection

To show the SYN protection settings and the operational status per interface, use 
the show security-suite syn protection Privileged EXEC Mode command. 

Syntax

show security-suite syn protection

Parameters

N/A

Command Mode

Privileged EXEC Mode

Example

switchxxxxxx# 

show security-suite syn protection

Protection Mode: Block
Threshold: 80
Recovery : 60

Summary of Contents for 220 Series Smart Plus

Page 1: ...Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1 0 0 x CLI GUIDE ...

Page 2: ...Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R ...

Page 3: ...he Console Interface 28 Using Telnet over an Ethernet Interface 30 CLI Command Conventions 30 Editing Features 31 Entering Commands 31 Terminal Command Buffer 32 Negating the Effect of Commands 32 Command Completion 33 Keyboard Shortcuts 33 Copying and Pasting Text 33 Interface Naming Conventions 34 Interface ID 34 Interface Range 35 Interface List 35 Chapter 2 802 1X Commands 36 dot1x guest vlan ...

Page 4: ... 48 Chapter 3 AAA Commands 50 aaa authentication enable 50 aaa authentication login 52 enable authentication 53 enable password 54 ip http authentication 56 login authentication 57 passwords aging 58 passwords complexity attributes 59 passwords complexity enable 60 show aaa authentication lists 62 show line lists 62 show passwords configuration 63 show username 64 username 65 Chapter 4 ACL Command...

Page 5: ...ow access lists utilization 86 Chapter 5 Address Table Commands 88 bridge multicast reserved address 88 clear mac address table 89 mac address table aging time 90 mac address table static 90 show bridge multicast reserved address 93 show mac address table 94 show mac address table aging time 95 show port security 96 switchport port security 97 switchport port security mode maximum 98 Chapter 6 Bon...

Page 6: ... log mismatch voip 109 cdp mandatory tlvs validation 110 cdp pdu 110 cdp run 111 cdp timer 112 clear cdp counter 113 clear cdp table 114 show cdp 114 show cdp entry 115 show cdp interfaces 116 show cdp neighbor 116 show cdp tlv 118 show cdp traffic global 118 show cdp traffic Interface 120 Chapter 8 Clock Commands 124 clock set 124 clock source 125 clock summer time 125 clock timezone 127 show clo...

Page 7: ... ip address 138 management vlan ipv6 dhcp client information refresh 139 management vlan ipv6 dhcp client stateless 140 renew dhcp force autoconfig 141 show backup config 142 show boot 144 show bootvar 145 show ip dhcp tftp server 146 show running config 147 show startup config 150 write 152 Chapter 10 EEE Commands 154 eee enable Interface 154 Chapter 11 Ethernet Configuration Commands 155 clear c...

Page 8: ...rol broadcast 170 storm control broadcast level 171 storm control enable 172 storm control ifg 173 storm control unit 173 storm control unknown multicast 174 storm control unknown multicast level 175 storm control unknown unicast 176 storm control unknown unicast level 176 Chapter 12 GVRP Commands 178 clear gvrp statistics 178 gvrp enable Global 179 gvrp enable Interface 179 gvrp registration mode...

Page 9: ...gmp snooping vlan 203 ip igmp snooping vlan immediate leave 204 ip igmp snooping vlan forbidden mrouter 205 ip igmp snooping vlan forbidden forward all 206 ip igmp snooping vlan last member query count 207 ip igmp snooping vlan last member query interval 207 ip igmp snooping vlan mrouter 208 ip igmp snooping vlan querier 209 ip igmp snooping vlan querier version 210 ip igmp snooping vlan query int...

Page 10: ...gmp snooping querier 224 show ip igmp snooping vlan 224 Chapter 14 IP Addressing Commands 226 clear arp cache 226 ip default gateway 226 ip domain lookup 227 ip domain name 228 ip host 229 ip name server 230 management vlan ip address 231 management vlan ip dhcp client 232 show arp 233 show hosts 233 show ip 234 show ip dhcp 235 Chapter 15 IP ARP Inspection Commands 236 clear ip arp inspection sta...

Page 11: ...tistics 248 ip dhcp snooping 249 ip dhcp snooping database 249 ip dhcp snooping information option 251 ip dhcp snooping information option allow untrusted 252 ip dhcp snooping limit rate 253 ip dhcp snooping trust 254 ip dhcp snooping verify mac address 255 ip dhcp snooping vlan 256 ip dhcp snooping vlan information option circuit id 257 renew ip dhcp snooping database 258 show ip dhcp snooping 25...

Page 12: ...er 19 IPv6 MLD Snooping Commands 276 clear ipv6 mld snooping groups 276 clear ipv6 mld snooping statistics 276 ipv6 mld filter 277 ipv6 mld max groups 278 ipv6 mld profile 279 ipv6 mld snooping 280 ipv6 mld snooping report suppression 281 ipv6 mld snooping vlan 281 ipv6 mld snooping vlan immediate leave 282 ipv6 mld snooping vlan forbidden mrouter 283 ipv6 mld snooping vlan forbidden forward all 2...

Page 13: ...ilter 295 show ipv6 mld max group 296 show ipv6 mld max group action 297 show ipv6 mld profile 297 show ipv6 mld snooping 298 show ipv6 mld snooping forward all 299 show ipv6 mld snooping groups 300 show ipv6 mld snooping mrouter 301 show ipv6 mld snooping vlan 302 Chapter 20 LACP Commands 303 lacp port priority 303 lacp system priority 304 lacp timeout 304 show lacp 305 Chapter 21 Line Commands 3...

Page 14: ...licy voice auto 322 lldp med network policy Global 323 lldp med network policy Interface 325 lldp med tlv select 326 lldp receive 327 lldp reinit 328 lldp run 328 lldp tlv select 802 1 329 lldp tlv select TLV 330 lldp transmit 331 lldp tx delay 332 lldp timer 332 show lldp 333 show lldp interfaces 337 show lldp interfaces tlvs overloading 338 show lldp local device 339 show lldp med 340 show lldp ...

Page 15: ...h 352 show fiber ports optical transceiver 355 Chapter 25 Power over Ethernet PoE Commands 357 power inline 357 power inline legacy enable 358 power inline limit 358 power inline limit mode 359 power inline priority 360 power inline traps enable 361 power inline usage threshold 361 show env all 362 show power inline 363 show power inline consumption 367 Chapter 26 Port Channel Commands 368 channel...

Page 16: ...ow monitor 377 show vlan remote span 378 Chapter 28 QoS Commands 379 class 379 class map 380 match 381 police 382 police aggregate 383 policy map 384 priority queue out num of queues 386 qos 387 qos advanced mode trust 388 qos aggregate policer 389 qos cos 391 qos map cos queue 391 qos map dscp queue 392 qos map precedence queue 393 qos map queue cos 394 qos map queue dscp 395 qos map queue preced...

Page 17: ...s 404 show qos map 405 show qos queueing 407 show rate limit vlan 407 traffic shape 408 trust shape Interface 409 traffic shape queue 410 trust 410 rate limit Interface 412 rate limit VLAN 413 wrr queue bandwidth 414 Chapter 29 RADIUS Commands 416 radius server default param 416 radius server host 417 show radius server 419 show radius server default param 420 Chapter 30 RMON Commands 422 clear rm...

Page 18: ...y suite dos ip gratuitous arps 439 show security suite dos 439 show security suite dos interfaces 440 Chapter 32 SNMP Commands 442 show snmp server 442 show snmp server community 443 show snmp server engineid 444 show snmp server group 445 show snmp server host 446 show snmp server trap 447 show snmp server view 448 show snmp server user 449 snmp server 451 snmp server community 451 snmp server co...

Page 19: ... tree mst 468 show spanning tree mst configuration 469 show spanning tree mst interfaces 470 spanning tree 471 spanning tree bpdu Global 471 spanning tree bpdu filter Interface 472 spanning tree bpdu guard Interface 473 spanning tree cost Interface 474 spanning tree forward time 475 spanning tree hello time 475 spanning tree link type Interface 476 spanning tree mst port priority 477 spanning tree...

Page 20: ...syn protection mode 488 security suite syn protection recovery 489 security suite syn protection threshold 489 show security suite syn protection 490 Chapter 35 Syslog Commands 492 clear logging 492 logging host 492 logging on 494 logging severity 495 show logging 496 Chapter 36 System Management Commands 499 hostname 499 ping 499 reload 501 show cpu input rate 501 show cpu utilization 502 show me...

Page 21: ...cacs 515 tacacs server default param 516 tacacs server host 517 Chapter 38 Telnet and SSH Commands 519 crypto certificate generate 519 crypto key generate 520 ip ssh server 521 ip telnet server 522 Chapter 39 User Interface Commands 524 banner exec 524 banner login 525 configure 527 do 527 disable 528 end 529 enable 529 exit Configuration 530 exit EXEC 531 history 531 show banner 532 show history ...

Page 22: ...e vlan oui table 543 voice vlan state 545 voice vlan id 546 voice vlan vpt 546 Chapter 41 VLAN Commands 548 name vlan 548 management vlan 549 show interfaces protected ports 549 show interfaces switchport 550 show management vlan 552 show vlan 553 show vlan default vlan 554 switchport access vlan 554 switchport default vlan tagged 555 switchport dot1q tunnel vlan 557 switchport forbidden default v...

Page 23: ...mode 564 switchport mode trunk uplink 565 switchport protected 566 switchport trunk allowed vlan 567 switchport trunk native vlan 568 switchport vlan tpid 569 vlan 569 vlan default vlan 570 Chapter 42 Web Server Commands 572 ip http secure server 572 ip http server 573 ip http timeout policy 573 show ip http 574 show ip https 575 show services tcp udp 576 Appendix A Where to Go From Here 579 ...

Page 24: ...to use the command line interface and contains the following topics Overview User Privilege Levels CLI Command Modes Accessing the CLI CLI Command Conventions Editing Features Interface Naming Conventions Overview The command line interface is divided into various modes Each mode has a group of commands available in it These modes are described in the CLI Command Modes section Users are assigned p...

Page 25: ...el can raise their level by entering the enable command and the password for level 15 The higher level holds only for the current session The disable command returns the user to a lower level To create a user and assign a user level use the username command Only users with privilege level 15 can create users at this level Example 1 The following example creates the password for level 15 by the adm...

Page 26: ...nd set of CLI commands Entering a question mark at the console prompt displays a list of available commands for the current mode and for the level of the user Specific commands are used to switch from one mode to another Users are assigned privilege levels that determine the modes and commands available to them User levels are described in the User Privilege Levels section User EXEC Mode Users wit...

Page 27: ...disable command Global Configuration Mode The Global Configuration mode is used to run the commands that configure the features at the system level as opposed to the interface level Only users with command level 15 can access this mode To access the Global Configuration mode from the Privileged EXEC mode enter the configure command at the Privileged EXEC mode prompt and press Enter The Global Conf...

Page 28: ...des are available Interface Contains commands that configure a specific interface port or port channel or a range of interfaces The interface Global Configuration mode command is used to enter the Interface Configuration mode Port Channel Contains commands used to configure port channels for example assigning ports to a port channel Most of these commands are the same as the commands in the Ethern...

Page 29: ...guration mode command is used to enter the IGMP Profile Configuration mode MLD Profile Contains commands used to define the settings of MLD profiles The ipv6 mld profile Global Configuration mode command is used to enter the MLD Profile Configuration mode To return from any Interface Configuration mode to the Global Configuration mode use the exit command Accessing the CLI The command line interfa...

Page 30: ...n to access the command line interface To access the command line interface using the HyperTerminal application perform the following steps STEP 1 Click the Start button STEP 2 Select All Programs Accessories Communications HyperTerminal STEP 3 Enter a name for this connection Select an icon for the application then click OK STEP 4 Select a port such as COM1 to communicate with the switch STEP 5 S...

Page 31: ...Y N Y STEP 8 Enter Y and set a new administrator password Password complexity is enabled on the switch by default Passwords must conform to the following default settings Have a minimum length of eight characters Contain characters from at least three character classes uppercase letters lowercase letters numbers and special characters available on a standard keyboard Are different from the current...

Page 32: ...lnet session from the command prompt perform the following steps STEP 1 Click Start then select All Programs Accessories Command Prompt to open a command prompt STEP 2 At the prompt enter telnet IP address of switch then press Enter The command line interface is displayed CLI Command Conventions There are certain command entry standards that apply to all commands The following table describes the ...

Page 33: ... displayed The standard command to request help is There are two instances where help information can be displayed Keyword lookup The character is entered in place of a command A list of all valid commands and corresponding help messages are displayed In a command line curly brackets indicate a selection of compulsory parameters separated with the character One option must be selected For example ...

Page 34: ...story buffer refer to the history command There is a standard default number of commands that are stored in the buffer The standard number of 10 commands can be increased to 256 For more information on configuring the command history buffer refer to the history command To display the history buffer refer to the show history command Negating the Effect of Commands For many configuration commands th...

Page 35: ... in editing the CLI commands The following table describes the CLI shortcuts Copying and Pasting Text Up to 1000 lines of text or commands can be copied and pasted into the device NOTE It is the user s responsibility to ensure that the text copied into the device consists of legal commands only Up arrow Recalls commands from the history buffer beginning with the most recent command Repeat the key ...

Page 36: ...ithin the command line interface the interfaces are denoted by concatenating the following elements Type of interface The following types of interfaces are found on the various types of devices Fast Ethernet 10 100 bits This can be written as FastEthernet or fa Gigabit Ethernet ports 10 100 1000 bits This can be written either GigabitEthernet or gi LAG Port Channel This can be written as either Po...

Page 37: ...shown in the example below switchxxxxxx configure switchxxxxxx config interface range gi1 5 switchxxxxxx config if range Interface List A combination of interface types can be specified in the interface range command in the following format range list interface range range list interface range NOTE Range lists can contain either ports or port channels The space after the comma is optional When a r...

Page 38: ...lan id Identifier of the VLAN set as the guest VLAN Default Configuration Guest VLAN is disabled on the switch Command Mode Global Configuration mode User Guidelines Use the dot1x guest vlan enable Interface Configuration mode command to enable unauthorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the interface automatically joins the guest VLAN when ...

Page 39: ...sers on the interface accessing the guest VLAN use the no form of this command Syntax dot1x guest vlan enable no dot1x guest vlan enable Parameters N A Default Configuration Unauthorized users cannot access the guest VLAN by default Command Mode Interface Configuration Ethernet mode User Guidelines The switch can have only one guest VLAN The guest VLAN is defined in the dot1x guest vlan enable Glo...

Page 40: ...and Syntax dot1x max req count no dot1x max req Parameters count The maximum number of times that the switch sends an EAP request or identity frame before restarting the authentication process Range 1 to 10 Default Configuration The default maximum number of attempts is 2 Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to ...

Page 41: ...horized Disables 802 1X authentication on the interface and causes the interface to transition to the authorized state without any authentication exchange required The interface resends and receives normal traffic without 802 1X based client authentication force unauthorized Denies all access through this interface by forcing it to transition to the unauthorized state and ignoring all attempts by ...

Page 42: ...ot1x reauthentication To enable periodic reauthentication of the client use the dot1x reauthentication Interface Configuration Ethernet mode command To disable periodic reauthentication of the client use the no form of this command Syntax dot1x reauthentication no dot1x reauthentication Parameters N A Default Configuration Periodic reauthentication is disabled Command Mode Interface Configuration ...

Page 43: ...o dot1x system auth control Parameters N A Default Configuration 802 1X is disabled Command Mode Global Configuration mode Example switchxxxxxx config dot1x system auth control dot1x timeout quiet period To set the time interval that the switch remains in a quiet state following a failed authentication exchange for example the client provided an invalid password use the dot1x timeout quiet period ...

Page 44: ...ue of this command should only be changed to adjust to unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers To provide faster response time to the user a smaller number than the default value should be entered Example The following example sets the time interval to 10 seconds switchxxxxxx config interface gi15 switchxxxxxx c...

Page 45: ... To set the time interval during which the switch waits for a response to an Extensible Authentication Protocol EAP request frame from the client before resending the request use the dot1x timeout supp timeout Interface Configuration Ethernet mode command To revert to its default setting use the no form of this command Syntax dot1x timeout supp timeout seconds no dot1x timeout supp timeout Paramet...

Page 46: ...nks or specific behavioral problems with certain clients and authentication servers Example The following example sets the time interval to 3600 seconds switchxxxxxx config interface gi15 switchxxxxxx config if dot1x timeout supp timeout 3600 show dot1x To show the 802 1X status use the show dot1x Privileged EXEC mode command Syntax show dot1x Parameters N A Default Configuration N A Command Mode ...

Page 47: ...C mode command Syntax show dot1x authenticated hosts Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Examples switchxxxxxx show dot1x authenticated hosts User Name Port Session Time Authentication Method MAC Address The following table describes the significant fields shown in the example Field Description 802 1x protocol is Port based 802 1X authentication is enabled or...

Page 48: ...ot1x guest vlan Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show dot1x guest vlan Guest VLAN ID none disabled Port Guest VLAN In Guest VLAN gi1 Enabled No gi2 Disabled gi3 Disabled gi4 Disabled gi5 Disabled gi6 Disabled gi7 Disabled Port Port number Session Time Amount of time that the supplicant was logged on the port Authentication Method Metho...

Page 49: ... Disabled gi25 Disabled gi26 Disabled gi27 Disabled gi28 Disabled gi29 Disabled gi30 Disabled gi31 Disabled gi32 Disabled gi33 Disabled gi34 Disabled gi35 Disabled gi36 Disabled gi37 Disabled gi38 Disabled gi39 Disabled gi40 Disabled gi41 Disabled gi42 Disabled gi43 Disabled gi44 Disabled gi45 Disabled gi46 Disabled gi47 Disabled gi48 Disabled gi49 Disabled gi50 Disabled gi51 Disabled gi52 Disable...

Page 50: ...rface id An interface ID or a list of interfaces Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show dot1x interfaces gi11 Port Mode Current State Reauth Control Reauth P eriod gi11 Authentication Initialize Enabled 5000 Quiet Period 60 Second Supplicant timeout 30 Second Max req 2 Session Time HH MM SS 0 0 0 0 Guest VLAN Shows whether 802 1X authentication is ena...

Page 51: ...zation state Reauth Control Shows that reauthentication is enabled or disabled on the port Reauth Period Number of seconds after which the selected port is reauthenticated Quiet Period Number of seconds that the switch remains in the quiet state following a failed authentication exchange Supplicant timeout Number of seconds that lapses before EAP requests are resent to the supplicant Max req Maxim...

Page 52: ...fault LISTNAME Parameters default Uses the default authentication method list when accessing higher privilege levels LISTNAME Name of the authentication method list activated when users access higher privilege levels Length 1 to 32 characters method1 method2 A list of methods that the authentication algorithm tries in the given sequence Default Configuration The enable password command defines the...

Page 53: ...er string used to name this list The method argument identifies the list of methods that the authentication algorithm tries in the given sequence All aaa authentication enable default requests sent by the switch to a RADIUS or a TACACS server include the username enabx where x is the requested privilege level The no aaa authentication enable LISTNAME command deletes the list name if it has not bee...

Page 54: ...n Length 1 to 32 characters method1 method2 A list of methods that the authentication algorithm tries in the given sequence Default Configuration If no authentication method is specified the default is to use the locally defined users and passwords It is the same as entering the aaa authentication login local command NOTE If no authentication method is defined the console users can log in without ...

Page 55: ...r command Example The following example sets the authentication login method for console sessions switchxxxxxx config aaa authentication login authen list radius local none switchxxxxxx config line console switchxxxxxx config line login authentication authen list enable authentication To specify the authentication method for accessing a higher privilege level from a remote Telnet or console use th...

Page 56: ...line enable authentication default Example 2 The following example sets a list of authentication methods for accessing higher privilege levels switchxxxxxx config aaa authentication enable enable list radius none switchxxxxxx config line console switchxxxxxx config line enable authentication enable list enable password To set a local password to control access to normal and privilege levels use th...

Page 57: ...assword this password is encrypted automatically and saved to the configuration file No matter how the password was entered it appears in the configuration file with the keyword encrypted and the encrypted value If the administrator wants to manually copy a password that was configured on one switch switch B to another switch switch A the administrator must add encrypted in front of this encrypted...

Page 58: ...authentication list to user access with the HTTP protocol https Optional Binds a login authentication list to user access with the HTTPS protocol default Uses the default login authentication method list LISTNAME Name of the login authentication method list Default Configuration The default login authentication list is used for HTTP and HTTPS sessions by default Command Mode Global Configuration m...

Page 59: ...hentication list LISTNAME Name of a specific authentication list created with the aaa authentication login command Default Configuration The default login authentication list is used used for each line Command Mode Line Configuration mode Examples Example 1 The following example specifies the default login authentication method for a console session switchxxxxxx config line console switchxxxxxx co...

Page 60: ...rds aging Parameters days The number of days before a password change is forced The value of zero means disabling aging Range 0 to 365 Default Configuration The number of days is 180 Command Mode Global Configuration mode User Guidelines Aging is relevant only to local users with the privilege level 15 To disable the password aging use passwords aging 0 Using no passwords aging restores the aging ...

Page 61: ...rent no passwords complexity not current passwords complexity no repeat number no password complexity no repeat passwords complexity not username no passwords complexity not username Parameters min length number Specifies the minimum length of the password Range 0 to 64 characters min classes number Specifies the minimum character classes uppercase letters lowercase letters numbers and special cha...

Page 62: ...ollowing example changes the minimum required password length to 10 characters switchxxxxxx config passwords complexity min length 10 passwords complexity enable To enforce the minimum password complexity use the passwords complexity enable Global Configuration mode command To disable enforcing the password complexity use the no form of this command Syntax passwords complexity enable no passwords ...

Page 63: ...ord complexity with specific commands described in this section If you have previously configured other complexity settings then those settings are used This command does not eliminate the other settings It works only as a toggle Example The following example enables enforcing the password complexity on the switch and shows the current password complexity settings switchxxxxxx config passwords com...

Page 64: ...hentication login lists enable Displays information for the AAA authentication enable lists Command Mode Privileged EXEC mode Example The following examples show information for all existing login and enable authentication lists switchxxxxxx show aaa authentication login lists Login List Name Authentication Method List default local switchxxxxxx show aaa authentication enable lists Enable List Nam...

Page 65: ...A method lists for different line types switchxxxxxxx show line lists Line Type AAA Type List Name console login default enable default telnet login default enable default ssh login default enable default http login default https login default show passwords configuration To show the password management configuration use the show passwords configuration Privileged EXEC mode command Syntax show pas...

Page 66: ... 3 characters Minimal classes 3 New password must be different than the current Enabled Maximum consecutive same characters 3 New password must be different than the user name Enabled show username To show all user accounts in local database use the show username Privileged EXEC mode command Syntax show username Parameters None Default Configuration None Command Mode Privileged EXEC mode Example T...

Page 67: ...ies the privilege level to 1 privilege 15 Optional Specifies the privilege level to 15 privilege admin Optional Specifies the privilege level to 15 privilege user Optional Specifies the privilege level to 1 nopassword No password is required for this user to log in secret Encrypted encrypted password Specifies an encrypted password for the user Use this keyword to enter a password that is already ...

Page 68: ... password switchxxxxxx config username tom privilege 15 nopassword Example 2 The following example sets a password for user jerry level 15 that has already been encrypted It will be copied to the configuration file just as it is entered To use it the user must know its unencrypted form switchxxxxxx config username jerry privilege 15 secret encrypted 4b529f21c93d4706090285b0c10172eb073ffebc4 ...

Page 69: ...type value disable port no sequence value Parameters any Any source or destination MAC address of the packet source Source MAC address of the packet source wildcard Wildcard bits to be applied to the source MAC address destination Destination MAC address of the packet destination wildcard Wildcard bits to be applied to the destination MAC address vlan vlan id Optional Specifies the VLAN ID of the ...

Page 70: ...ist extended server1 switchxxxxxx config mac acl deny 00 00 00 00 00 01 00 00 00 00 00 ff any deny IP To set deny conditions for an IPv4 based ACL use the deny IP Access List Configuration mode command To remove an IPv4 based ACE use the no sequence command Syntax sequence value deny protocol any source source wildcard any destination destination wildcard dscp number precedence number disable port...

Page 71: ...UDP or TCP source port Predefined port names are defined in the destination port port range parameter Range 0 to 65535 destination Destination IP address of the packet destination wildcard Wildcard bits to be applied to the destination IP address destination port port range UDP or TCP destination port You can enter a range of ports by using hyphen such as 20 21 For TCP enter a number or one of the...

Page 72: ... that should occur If a flag should be set it is prefixed by If a flag should be unset it is prefixed by Available options are urg ack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to one string such as fin ack Default Configuration No IPv4 based ACE is defined Command Mode IP Access List Configuration mode User Guidelines After an ACE is added to an ACL an implicit deny a...

Page 73: ...e deny tcp any source prefix length any source port port range any destination prefix length any destination port port range dscp number precedence number match all list of flags disable port sequence value deny udp any source prefix length any source port port range any destination prefix length any destination port port range dscp number precedence number match all list of flags disable port no ...

Page 74: ...lnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 non500 isakmp 4500 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpc 111 syslog 514 tacacs 49 talk 517 tftp 69 time 37 who 513 or xdmcp 177 Range 0 to 65535 dscp number Optional Specifie...

Page 75: ...r a source port in ACE it is not counted again if it is also used for a source port in another ACE If a range of ports is used for a destination port in ACE it is not counted again if it is also used for a destination port in another ACE If a range of ports is used for a source port it is counted again if it is also used for a destination port Example switchxxxxxx config ipv6 access list server sw...

Page 76: ...ess group v4acl1 in ip access list extended To name an IPv4 based ACL and to enter the IPv4 Access List Configuration mode use the ip access list extended Global Configuration mode command To remove an IPv4 based ACL use the no form of this command Syntax ip access list extended acl name no ip access list extended acl name Parameters acl name Name of the IPv4 based ACL Range 1 to 32 characters Def...

Page 77: ...6 access group in To bind an IPv6 based ACL to an interface use the ipv6 access group in Interface Configuration mode command To remove all IPv6 based ACLs from an interface use the no form of this command Syntax ipv6 access group acl name in no ipv6 access group in Parameters acl name Name of the IPv6 based ACL Range 1 to 32 characters Default Configuration No IPv6 based ACL is applied to the int...

Page 78: ...ny IPv6 commands An IPv6 based ACL is defined by a unique name IPv4 based ACL IPv6 based ACL MAC based ACL or policy map cannot have the same name Each IPv6 based ACL has implicit permit icmp any any nd ns any permit icmp any any nd na any and deny ipv6 any any statements as its last match conditions The former two match conditions allow for ICMPv6 neighbor discovery The IPv6 neighbor discovery pr...

Page 79: ...roup acl name in no mac access group in Parameters acl name Name of the MAC based ACL Range 1 to 32 characters Default Configuration No MAC based ACL is applied to the interface Command Mode Interface Configuration Ethernet mode Example witchxxxxxx config interface gi11 witchxxxxxx config if mac access group macac11 in mac access list extended To define a Layer 2 ACL based on source MAC address fi...

Page 80: ...based ACL are defined in the permit MAC and deny MAC commands A MAC based ACL is defined by a unique name IPv4 based ACL IPv6 based ACL MAC based ACL or policy map cannot have the same name Example switchxxxxxx config mac access list extended server1 switchxxxxxx config mac acl permit 00 00 00 00 00 01 00 00 00 00 00 ff any no sequence To remove a permit or deny ACE for an IPv4 based ACL an IPv6 b...

Page 81: ...the permit IP Access List Configuration mode command To remove an IPv4 based ACE use the no sequence command Syntax sequence value permit protocol any source source wildcard any destination destination wildcard dscp number precedence number sequence value permit icmp any source source wildcard any destination destination wildcard any icmp type any icmp code dscp number precedence number sequence v...

Page 82: ...t range Optional The UDP or TCP destination port You can enter a range of ports by using hyphen such as 20 21 For TCP enter a number or one of these values bgp 179 chargen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpc 1110 syslog 514 tacacs ds 49 talk 517 telnet 2...

Page 83: ...n ack Default Configuration No IPv4 based ACE is defined Command Mode IP Access List Configuration mode User Guidelines After an ACE is added to an ACL an implicit deny any any condition exists at the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list permits all packets up to ASIC specific ranges for TCP and up to ASIC specific ra...

Page 84: ...rce port port range any destination prefix length any destination port port range dscp number precedence number no sequence value Parameters sequence value Optional The sequence number for the IPv6 based ACL The acceptable range is from 1 to 2147483547 If not specified the switch provides a number starting from 1 in ascending order protocol The name or the number of an IP protocol Available protoc...

Page 85: ... rip 520 snmp 161 snmptrap 162 sunrpc 111 syslog 514 tacacs 49 talk 517 tftp 69 time 35 who 513 or xdmcp 177 Range 0 to 65535 dscp number Optional Specifies the DSCP value Range 0 to 63 precedence number Optional Specifies the IP precedence value icmp type Optional The ICMP message type for filtering ICMP packets Enter a number or one of these values destination unreachable 1 packet too big 2 time...

Page 86: ...also used for a destination port Example This example defines an IPv6 based ACL by the server name and enters an IPv6 based ACE for TCP packets switchxxxxxx config ipv6 access list server switchxxxxxx config ipv6 acl permit tcp 3001 2 64 any any 80 permit MAC To set permit conditions for a MAC based ACL use the permit command in the MAC Access List Configuration mode To remove a MAC based ACE use ...

Page 87: ...nal Specifies the Ethernet type in hexadecimal format of the packet Range 1501 to 65535 Default Configuration No MAC based ACE is defined Command Mode MAC Access List Configuration mode User Guidelines After an ACE is added to an ACL an implicit deny any any condition exists at the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list...

Page 88: ...ers Command Mode Privileged EXEC mode Example switchxxxxxx show ip access lists show access lists To display all ACLs configured on the switch use the show access lists Privileged EXEC mode command Syntax show access lists Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show access lists MAC access list macacl1 sequence 1 permit any any cos 7 5 IPv6 access list v6acl1 sequenc...

Page 89: ... 0 0 x 87 4 show access lists utilization To display the utilization of the access list group use the show access lists utilization Privileged EXEC mode command Syntax show access lists utilization Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show access lists utilization Max TCAM entries 1408 In used 0 ...

Page 90: ...be reserved bridge Forwards the packets discard Discards the packets peer Processes the packets based on its protocols or applications Default Configuration If the MAC address is not used by any protocol the default action is bridge Command Mode Global Configuration mode User Guidelines The configurations that contain service type have precedence over less specific configurations that contain only...

Page 91: ...ged EXEC command Syntax clear mac address table dynamic interfaces interface id vlan vlan id Parameters interfaces interface id Optional Deletes all dynamic learned addresses on specific interfaces The interface can be one of these types Ethernet port or port channel vlan vlan id Optional Deletes all secure addresses learned on a VLAN Default Configuration If no interface or VLAN is specified all ...

Page 92: ...dicates no aging Default Configuration The default aging time is 300 seconds Command Mode Global Configuration mode Example switchxxxxxx config mac address table aging time 600 mac address table static To add a MAC layer station source address to the MAC address table use the mac address table static Global Configuration mode command To delete a MAC address from the MAC address table use the no fo...

Page 93: ...he Startup Configuration it is retained after rebooting The keyword is applied by the default secure Optional Specifies that the MAC address is secure when the interface is in classic locked mode drop Drops the packets with the specified source or destination unicast MAC address Default Configuration No static addresses are defined The default mode for an added address is permanent Command Mode Gl...

Page 94: ...C address may be added only in a secure port mode dynamic A MAC address learned by the switch in nonsecure mode A value of its time to live attribute is delete on timeout Examples Example 1 The following example adds two permanent static MAC addresses switchxxxxxx config mac address table static 00 3f bd 45 5a b1 vlan 1 interfaces gi1 switchxxxxxx config mac address table static 00 3f bd 45 5a b2 ...

Page 95: ...erved address Command Mode Privileged EXEC mode Example switchxxxxxx show bridge multicast reserved address Reserved mac address action 01 80 C2 00 00 02 peer 01 80 C2 00 00 03 bridge 01 80 C2 00 00 04 bridge 01 80 C2 00 00 05 bridge 01 80 C2 00 00 06 bridge 01 80 C2 00 00 07 bridge 01 80 C2 00 00 08 bridge 01 80 C2 00 00 09 bridge 01 80 C2 00 00 0A bridge 01 80 C2 00 00 0B bridge 01 80 C2 00 00 0...

Page 96: ...9 bridge 01 80 C2 00 00 2A bridge 01 80 C2 00 00 2B bridge 01 80 C2 00 00 2C bridge 01 80 C2 00 00 2D bridge 01 80 C2 00 00 2E bridge show mac address table To show the entries in the MAC address table use the show mac address table Privileged EXEC command Syntax show mac address table dynamic static interfaces interface id vlan vlan show mac address table mac address vlan vlan Parameters dynamic ...

Page 97: ...le Example 1 Displays the entire MAC address table switchxxxxxx show mac address table VID MAC Address Type Ports 1 00 03 6D 00 01 20 Management CPU 1 00 10 60 DB 6E FE Dynamic fa1 1 10 8C CF CD 0C 05 Dynamic fa1 Total number of entries 3 Example 2 Displays the address entries containing the specified MAC address switchxxxxxx show mac address table 00 3f bd 45 5a b1 vlan 1 Aging time is 300 sec VL...

Page 98: ...ime Mac Address Table aging time 300 show port security To show the port security status use the show port security Privileged EXEC mode command Syntax show port security interfaces interface id Parameters interfaces interface id Specifies an Ethernet interface ID or a list of Ethernet interface IDs Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show port security...

Page 99: ... Classic Disabled 0 Discard The following table describes the significant fields shown in the example switchport port security To enable the port security on an interface use the switchport port security Interface Configuration mode command To disable the port security on an interface use the no form of this command Field Description Port The port number Mode The learning mode classic or dynamic S...

Page 100: ...rt security learning mode and the maximum number of MAC addresses that can be learned on an interface use the switchport port security mode maximum Interface Configuration mode command To revert to its default settings use the no form of this command Syntax switchport port security mode classic dynamic maximum max addr action discard discard snmp log trap freq seconds discard snmp log shutdown tra...

Page 101: ...th unlearned source addresses an SNMP trap is sent a SYSLOG message is logged and shuts down the port forward Forwards the packets with unlearned source addresses but does not learn the address trap freq seconds Sends SNMP traps and specifies the minimum time interval in seconds between consecutive traps Range 1 to 1000000 Default Configuration The feature is disabled by default The default mode i...

Page 102: ...t security maximum command cancels a secure mode on a port all secure addresses defined on the port are deleted Example The following example discards all packets to gi11 when the learning reaches the address limit 50 without learning any more addresses of packets from unknown sources and sends the SNMP traps every 100 seconds if a packet with an unknown source address is received switchxxxxxx con...

Page 103: ...enable Bonjour globally on the switch use the bonjour enable Global Configuration mode command To disable Bonjour use the no form of this command Syntax bonjour enable no bonjour enable Parameters N A Default Configuration Bonjour is enabled by default Command Mode Global Configuration mode Example switchxxxxxx config bonjour enable ...

Page 104: ... Syntax show bonjour Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays the Bonjour service information switchxxxxxx show bonjour Bonjour status enabled L2 interface status Up IP Address 192 168 1 254 Service Admin Status Oper Status csco sb enabled enabled csco api enabled enabled https enabled enabled http enabled enabled ssh enabled...

Page 105: ... 2 for all transmitted CDP packets use the cdp advertise v2 Global Configuration mode command To use CDP version 1 use the no form of this command Syntax cdp advertise v2 no cdp advertise v2 Parameters N A Default Configuration CDP version 2 is used by default Command Mode Global Configuration mode Example switchxxxxxx config cdp run switchxxxxxx config cdp advertise v2 ...

Page 106: ...VID to which this interface belongs 0 CDP packets transmitting through this interface will contain Appliance VLAN ID TLV with the value of 0 VoIP and related packets are expected to be sent and received with the value of 0 VLAN ID 0 and a 802 1p priority 1 to 4094 CDP packets transmitting through this interface will contain Appliance VLAN ID TLV with N VoIP and related packets are expected to be s...

Page 107: ...e Parameters mac The Device ID TLV contains the MAC address of the switch serial number The Device ID TLV contains the hardware serial number of the switch hostname The Device ID TLV contains the hostname of the switch Default Configuration The MAC address of the switch is contained by default Command Mode Global Configuration mode Example switchxxxxxx config cdp device id format serial number cdp...

Page 108: ...switch by using the cdp run command Example switchxxxxxx config cdp run switchxxxxxx config interface fa5 switchxxxxxx config if cdp enable cdp holdtime To specify the number of seconds that CDP packets are held before the packets are discarded measured in multiples of the TLV Advertise Interval use the cdp holdtime Global Configuration mode command Syntax cdp holdtime seconds Parameters seconds N...

Page 109: ...uration mode Example switchxxxxxx config cdp holdtime 120 cdp log mismatch duplex To enable validating that the duplex status of an interface received in a CDP packet matches its actual configuration use the cdp log mismatch duplex Interface Configuration mode command To disable generating the SYSLOG messages for duplex mismatches use the no form of this command Syntax cdp log mismatch duplex no c...

Page 110: ...dating that the native VLAN received in a CDP packet matches the actual native VLAN of the interface use the cdp log mismatch native Interface Configuration mode command To disable generating the SYSLOG messages for native VLAN mismatches use the no form of this command Syntax cdp log mismatch native no cdp log mismatch native Parameters N A Default Configuration The switch reports the native VLAN...

Page 111: ...figuration mode command To disable generating the SYSLOG messages for VoIP mismatches use the no form of this command Syntax cdp log mismatch voip no cdp log mismatch voip Parameters N A Default Configuration The switch reports the VoIP mismatches from all interfaces Command Mode Interface Configuration mode User Guidelines When a voice VLAN mismatch is detected which means that the voice VLAN inf...

Page 112: ... command Syntax cdp mandatory tlvs validation no cdp mandatory tlvs validation Parameters N A Default Configuration CDP mandatory TLVs validation is enabled by default Command Mode Global Configuration mode User Guidelines If the CDP mandatory TLVs validation is enabled incoming CDP packets not containing the mandatory TLVs are discarded and the invalid error counter is incremented Example switchx...

Page 113: ...d Mode Global Configuration mode User Guidelines When CDP is globally enabled CDP packets are filtered discarded on the CDP disabled ports In the flooding mode the VLAN filtering rules are not applied but the STP rules are applied In case of MSTP CDP packets are classified to the instance 0 Example The following example specifies that when CDP is globally disabled CDP packets are flooded to all po...

Page 114: ...vertisement from other device s only if the CDP incapable devices flood the CDP packets that they receive If the CDP incapable devices perform VLAN aware flooding then the CDP capable devices can hear each other only if they are in the same VLAN It should be noted that a CDP capable device may receive the advertisement from more than one device if the CDP incapable devices flood the CDP packets To...

Page 115: ...es are sent Range 5 to 254 seconds Default Configuration The default transmission timer is 60 seconds Command Mode Global Configuration mode Example switchxxxxxx config cdp timer 200 clear cdp counter To reset the CDP traffic counters to 0 use the clear cdp counter Privileged EXEC Mode command Syntax clear cdp counter Parameters N A Command Mode Privileged EXEC Mode Example switchxxxxxx clear cdp ...

Page 116: ...se the clear cdp table Privileged EXEC Mode command Syntax clear cdp table Parameters N A Command Mode Privileged EXEC Mode Example switchxxxxxx clear cdp table show cdp To show the CDP global settings use the show cdp Privileged EXEC mode command Syntax show cdp Parameters N A Command Mode Privileged EXEC Mode Example switchxxxxxx show cdp CDP Global Configuration CDP is globally enabled ...

Page 117: ...ode is flooding show cdp entry To show information for all CDP neighbors or for a specific CDP neighbor use the show cdp entry Privileged EXEC mode command You can limit the display to protocol or version information Syntax show cdp entry WORD protocol version Parameters Displays information for all CDP neighbors WORD Displays information for a specific CDP neighbor You need to specify the name of...

Page 118: ... interface IDs Command Mode Privileged EXEC Mode Example switchxxxxxx show cdp interfaces fa11 CDP is globally enabled CDP log duplex mismatch Globally is enabled Per interface is enabled CDP log voice VLAN mismatch Globally is enabled Per interface is enabled CDP log native VLAN mismatch Globally is enabled Per interface is enabled fa11 is Down CDP is enabled Sending CDP packets every 200 seconds...

Page 119: ...emotely Managed Device C CAST Phone Port W Two Port MAC Relay Device ID Local Adv Holdtime Capability Platform Port ID Interface Ver The following table describes the significant fields shown in the example Field Description Device ID Neighbor s device ID Local Interface Number of the local interface to which the neighbor is connected Adv Ver CDP protocol version Holdtime Time interval in seconds ...

Page 120: ...xxxxxx show cdp tlv fa5 CDP is globally enabled Interface TLV fa5 CDP is enabled on fa5 Interface fa5 is Up Device ID TLV type is Host name Value is switchxxxxxx Address TLV IPv4 192 168 1 254 IPv6 fe80 66d8 14ff fe5d 6d36 Port ID TLV fa5 Capabilities Switch IGMP Version TLV 1 1 0 9 Platform TLV MS200X 24P Native VLAN TLV 1 Full Half Duplex TLV full duplex Appliance VLAN ID TLV Appliance ID is 1 V...

Page 121: ...e describes the significant fields shown in the example Field Description Total packets output input Total number of CDP packets received and transmitted on all interfaces Hdr syntax Number of times that packet information could not be stored in cache because of lack of room Chksum error Number of packets received with illegal checksum value Invalid packet Number of packets received with errors ot...

Page 122: ...le switchxxxxxx show cdp traffic fa1 Total packets output 0 Input 0 Hdr syntax 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements output 0 Input 0 CDP version 2 advertisements output 0 Input 0 fa2 Total packets output 0 Input 0 Hdr syntax 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements output 0 Input 0 CDP version 2 adv...

Page 123: ...nts output 0 Input 0 CDP version 2 advertisements output 0 Input 0 fa9 Total packets output 0 Input 0 Hdr syntax 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements output 0 Input 0 CDP version 2 advertisements output 0 Input 0 fa10 Total packets output 0 Input 0 Hdr syntax 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements...

Page 124: ...t 0 CDP version 2 advertisements output 0 Input 0 fa18 Total packets output 0 Input 0 Hdr syntax 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements output 0 Input 0 CDP version 2 advertisements output 0 Input 0 fa19 Total packets output 0 Input 0 Hdr syntax 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements output 0 Input ...

Page 125: ... 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements output 0 Input 0 CDP version 2 advertisements output 0 Input 0 gi1 Total packets output 0 Input 0 Hdr syntax 0 Chksum error 0 Invalid packet 0 No memory in main cache 0 CDP version 1 advertisements output 0 Input 0 CDP version 2 advertisements output 0 Input 0 gi2 Total packets output 0 Input 0 Hdr syntax 0 C...

Page 126: ...S The current time in hours military format minutes and seconds Range HH 0 to 23 MM 0 to 59 SS 0 to 59 month The current month using the first three letters of the month name Range jan dec day The current day of the month Range 1 to 31 year The current year Range 2000 to 2037 Command Mode Privileged EXEC mode Example The following example sets the system time to 13 32 00 on August 7 2014 switchxxx...

Page 127: ...default is to use the local time as the source of the system clock Command Mode Global Configuration mode Example The following example configures the SNTP server as an external time source switchxxxxxx config clock source sntp clock summer time To enable the switch to automatically switch to the summer time Daylight Saving Time use the clock summer time Global Configuration mode command To disabl...

Page 128: ...irst date listed in the command and ends on the second date in the command month Starting month first three characters by name such as feb day Starting date Range 1 to 31 year Starting date no abbreviation Range 2000 to 2037 HH MM Starting time military format in hours and minutes Range hh 0 to 23 mm 0 to 59 offset Optional Number of minutes to add during the summer time The default is 60 minutes ...

Page 129: ...form of this command Syntax clock timezone zone HOUR OFFSET minutes no clock timezone Parameters zone The acronym of the time zone Range Up to 4 characters HOUR OFFSET Hours difference from UTC Range 12 to 13 minutes Optional Minutes difference from UTC Range 0 to 59 Default Configuration HOUR Offset is 8 Acronym is DFL Command Mode Global Configuration mode User Guidelines The system internally k...

Page 130: ... time zone and summer time configuration Command Mode Privileged EXEC mode Examples Example 1 The following example displays the system time and date switchxxxxxx show clock 08 11 18 abc UTC 2 32 Mar 07 2012 Time source is sntp Example 2 The following example displays the system time and date along with the time zone and the summer time configuration switchxxxxxx show clock detail 08 11 44 abc UTC...

Page 131: ...xxxxx show sntp configuration SNTP is Enabled SNTP Server address 192 1 1 1 SNTP Server port 123 sntp server To use SNTP to request and accept Network Time Protocol NTP traffic from a specific server meaning to accept system time from an SNTP server use the sntp server Global Configuration mode command To remove the SNTP server use the no form of this command Syntax sntp server ip address hostname...

Page 132: ...er used for the SNTP client on the switch The default is the well known IANA port number for this service 123 Range 1 to 65535 Default Configuration No SNTP servers are defined Command Mode Global Configuration mode Example The following example configures the switch to accept SNTP traffic from the server on 192 1 1 1 with port 123 switchxxxxxx config sntp server 192 1 1 1 port 123 ...

Page 133: ...ode User Guidelines Auto Configuration enables passing configuration information to hosts on a TCP IP network Based on this protocol the Auto Configuration feature enables a switch to download configuration files from a TFTP server The switch can be configured as a DHCPv4 client in which auto configuration from a DHCPv4 server is supported or a DHCPv6 client in which auto configuration from a DHCP...

Page 134: ...use the boot system Global Configuration mode command Syntax boot system image 1 image 2 Parameters image 1 Specifies that image1 will be loaded as the system image during the next startup image 2 Specifies that image2 will be loaded as the system image during the next startup Default Configuration N A Command Mode Global Configuration mode Example The following example specifies image1 as the act...

Page 135: ...wnloaded to this file without giving a file name This can then be copied to the Running configuration file or the Startup configuration file flash Copy from the flash file system mirror config Mirror configuration file If the Running configuration file and the Startup configuration file have been identical for 24 hours the Startup configuration file is automatically copied to the Mirror Configurat...

Page 136: ...r using TFTP Use the copy backup config tftp command to copy the Backup Configuration file to a network server using TFTP Saving the Running Configuration to the Startup Configuration Use the copy running config startup config command to copy the Running Configuration file to the Startup Configuration file Backing Up the Running Configuration or Startup Configuration to the Backup Configuration Us...

Page 137: ...ple copies the Mirror Configuration file saved by the system to the Startup Configuration file switchxxxxxx copy mirror config startup config delete backup config To delete the Backup Configuration from the flash memory use the delete backup config Privileged EXEC mode command Syntax delete backup config Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The followi...

Page 138: ...eged EXEC mode command The system will start with the default configuration during the next startup Syntax delete startup config Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example deletes the Startup Configuration file from the flash memory switchxxxxxx delete startup config Delete startup config y n dir To show information for the files in the...

Page 139: ...08 01 08 image 1 13828096 7125944 2013 12 27 19 36 56 image 2 13828096 7141865 2014 01 10 17 44 55 Total size of flash 32112640 bytes Free size of flash 4450720 bytes ip dhcp tftp server file To set the full name of the configuration file located on the TFTP server use the ip dhcp tftp server file Global Configuration mode command To delete the configuration file setting use the no form of this co...

Page 140: ...e following example specifies the backup configuration file name as autodhcp cfg switchxxxxxx config ip dhcp tftp server file autodhcp cfg ip dhcp tftp server ip address To set the IP address or hostname of the TFTP server from which the switch can automatically download the configuration file by using the DHCP options use the ip dhcp tftp server ip address Global Configuration mode command To del...

Page 141: ...chxxxxxx config ip dhcp tftp server ip address autodhcp management vlan ipv6 dhcp client information refresh To set the refresh time and the minimum refresh time for DHCPv6 stateless client use the management vlan ipv6 dhcp client information refresh Global Configuration mode command To use the default refresh time use the no form of these commands Syntax management vlan ipv6 dhcp client informati...

Page 142: ...mum refresh time defined in this command the switch uses the minimum refresh time defined in this command Example The following example configures the refresh time and the minimum refresh time for DHCPv6 stateless client switchxxxxxx config management vlan ipv6 dhcp client information refresh 115200 switchxxxxxx config management vlan ipv6 dhcp client information refresh minimum 115200 management ...

Page 143: ...stateless client on the switch switchxxxxxx config management vlan ipv6 dhcp client stateless renew dhcp force autoconfig To force the DHCP Auto Configuration procedure to be initated use the renew dhcp force autoconfig Privileged EXEC mode command Syntax renew dhcp force autoconfig Parameters N A Default Configuration N A Command Mode Privileged EXEC mode User Guidelines After executing this comm...

Page 144: ...n show backup config To show information of the Backup Configuration file use the show backup config Privileged EXEC mode command Syntax show backup config Parameters N A Command Mode Privileged EXEC mode User Guidelines The Backup Configuration file does not contain all information that can be displayed in the output Only nondefault settings are displayed Example switchxxxxxx show backup config c...

Page 145: ... vlan oui table add 00 E0 75 Veritel voice vlan oui table add 00 D0 1E Pingtel voice vlan oui table add 00 01 E3 Siemens voice vlan oui table add 00 60 B9 NEC Philips voice vlan oui table add 00 0F E2 H3C voice vlan oui table add 00 09 6E Avaya spanning tree mst configuration name 00 E0 4C 86 70 01 interface gi1 interface gi2 interface gi3 interface gi4 interface gi5 interface gi6 interface gi7 in...

Page 146: ...rface gi13 interface gi14 interface gi15 interface gi16 interface gi17 interface gi18 interface gi19 interface gi20 interface gi21 interface gi22 interface gi23 interface gi24 interface gi25 interface gi26 interface gi27 interface gi28 switchxxxxxx show boot To show information of the DHCP Auto Configuration feature use the show boot Privileged EXEC mode command Syntax show boot ...

Page 147: ...Mode Privileged EXEC mode Example switchxxxxxx config show boot Auto Config Config Download via DHCP enabled show bootvar To show information of the system image file in the flash memory use the show bootvar Privilege EXEC mode command Syntax show bootvar Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show bootvar Image File Name Version Date Status...

Page 148: ...how ip dhcp tftp server To show information about the active and user defined TFTP servers use the show ip dhcp tftp server Privileged EXEC mode command Syntax show ip dhcp tftp server Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example shows information of the TFTP servers used for auto configuration through DHCP switchxxxxxx show ip dhcp tftp ...

Page 149: ...The interface can be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode User Guidelines The Running Configuration file does not contain all of the information that can be displayed in the output Only nondefault settings are displayed Examples Example 1 The following example shows the entire Running Configuration file switchxxxxx show running config config file heade...

Page 150: ...00 60 B9 NEC Philips voice vlan oui table add 00 0F E2 H3C voice vlan oui table add 00 09 6E Avaya spanning tree mst configuration name 00 E0 4C 86 70 01 snmp server ip telnet server ip ssh server interface gi1 interface gi2 interface gi3 interface gi4 interface gi5 interface gi6 interface gi7 interface gi8 interface gi9 interface gi10 interface gi11 interface gi12 interface gi13 ...

Page 151: ...ace gi15 interface gi16 interface gi17 interface gi18 interface gi19 interface gi20 interface gi21 interface gi22 interface gi23 interface gi24 interface gi25 interface gi26 interface gi27 interface gi28 Example 2 The following example shows the Running Configuration file for fa2 and fa3 switchxxxxxx show running config interfaces gi1 2 interface gi1 interface gi2 switchxxxxxx ...

Page 152: ...ile does not contain all information that can be displayed in the output Only nondefault settings are displayed Example switchxxxxxx show startup config config file header Switch867001 v1 0 0 16 CLI v1 0 username cisco secret encrypted ZGZlYWYxMDM5MGU1NjBhZWE3NDVjY2JhNTNlMDQ0ZWQ voice vlan oui table add 00 E0 BB 3COM voice vlan oui table add 00 03 6B Cisco voice vlan oui table add 00 E0 75 Veritel...

Page 153: ...ference Guide Release 1 0 0 x 151 9 spanning tree mst configuration name 00 E0 4C 86 70 01 interface gi1 interface gi2 interface gi3 interface gi4 interface gi5 interface gi6 interface gi7 interface gi8 interface gi9 interface gi10 interface gi11 interface gi12 interface gi13 interface gi14 interface gi15 interface gi16 ...

Page 154: ... gi18 interface gi19 interface gi20 interface gi21 interface gi22 interface gi23 interface gi24 interface gi25 interface gi26 interface gi27 interface gi28 write To save the current Running Configuration to the Startup Configuration file use the write Privileged EXEC mode command Syntax write Parameters N A Default Configuration N A Command Mode Privileged EXEC mode ...

Page 155: ...figuration and Image File Commands write Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1 0 0 x 153 9 Examples switchxxxxxx write Building configuration OK switchxxxxxx ...

Page 156: ...uration mode command To disable the EEE mode on an Ethernet interface use the no form of this command Syntax eee enable no eee enable Parameters N A Default Configuration EEE is enabled Command Mode Interface Configuration Ethernet mode Example switchxxxxxx config interface gi1 switchxxxxxx config if eee enable Enabling or disabling EEE will cause the port first link down and then up Are you sure ...

Page 157: ... clear counters Privileged EXEC Mode command Syntax clear counters interfaces interface id Parameters interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interface ID can be one of these types Ethernet port or port channel Default Configuration N A Command Mode Privileged EXEC Mode Example The following example clears the statistics counters for gi5 switchxxxx...

Page 158: ...stics Privileged EXEC Mode command Syntax clear etherlike statistics Parameters N A Default Configuration N A Command Mode Privileged EXEC Mode Example switchxxxxxx clear etherlike statistics default interface To restore an interface to its default settings use the default interface Interface Configuration mode command Syntax default interface interface id Parameters interface id The Ethernet inte...

Page 159: ...o an interface use the description Interface Configuration mode command To delete the description of an interface use the no form of this command Syntax description string no description Parameters string The description of an interface Length 0 to 32 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet port channel mode Example s...

Page 160: ...ration full Forces the full duplex operation auto Enables auto duplex configuration Default Configuration The interface operates in the full duplex mode Command Mode Interface Configuration port channel mode Example The following example configures gi5 to operate in the full duplex mode switchxxxxxx config interface gi5 switchxxxxxx config if duplex full errdisable recovery To enable errdisable re...

Page 161: ...ecover from the ACL causes arp inspection Enables the timer to recover from the ARP inspection causes bpduguard Enables the timer to recover from the BPDU Guard causes broadcast flood Enables the timer to recover from the flood causes dhcp rate limit Enables the timer to recover from the DHCP rate limit causes psecure violation Enables the timer to recover from the port security causes selfloop En...

Page 162: ...n interface use the flowcontrol Interface Configuration mode command To disable flow control on an interface use the no form of this command Syntax flowcontrol auto on off no flowcontrol Parameters auto Automatically enables or disables flow control on the interface on Enables flow control on the interface off Disables flow control on the interface Default Configuration Flow control is disabled Co...

Page 163: ...tunnel Default Configuration N A Command Mode Interface Configuration Ethernet port channel VLAN Range mode Examples Example 1 The following example enters the Interface Configuration mode in order to configure a Gigabit Ethernet port switchxxxxxx config interface gi1 switchxxxxxx config if Example 2 The following example enters the Interface Configuration mode in order to configure a Fast Etherne...

Page 164: ... Command Mode Interface Configuration Ethernet port channel or VLAN mode User Guidelines The commands under the interface range are executed independently on each interface in the range If the command returns an error on one of the interfaces it does not stop the execution of the command on other interfaces Example switchxxxxxx config interface range gi1 20 switchxxxxxx config if range jumbo frame...

Page 165: ...e switch Command Mode Global Configuration mode User Guidelines This command takes effect only after resetting the switch Example The following example enables jumbo frames on the switch and sets the maximum frame size to 1538 bytes switchxxxxxx config jumbo frame 1538 show errdisable recovery To show the error disable recovery status and the interfaces in the error disabled state use the show err...

Page 166: ...tion disabled dhcp rate limit disabled arp inspection disabled Timer Interval 300 seconds Interfaces that will be enabled at the next timeout Port Error Disable Reason Time Left show interface status To show the status for all interfaces or for a specific interface use the show interface status Privileged EXEC Mode command Syntax show interface status interface id Parameters interface id Optional ...

Page 167: ... notconnect 1 auto auto Copper gi15 notconnect 1 auto auto Copper gi16 notconnect 1 auto auto Copper gi17 notconnect 1 auto auto Copper gi18 connected 1 a full a 1000M Copper gi19 notconnect 1 auto auto Copper gi20 notconnect 1 auto auto Copper gi21 notconnect 1 auto auto Copper gi22 notconnect 1 auto auto Copper gi23 notconnect 1 auto auto Copper gi24 notconnect 1 auto auto Copper gi25 notconnect...

Page 168: ...f 10000 Off 10000 Off 10000 Drop gi4 disable Off 10000 Off 10000 Off 10000 Drop gi5 disable Off 10000 Off 10000 Off 10000 Drop gi6 disable Off 10000 Off 10000 Off 10000 Drop gi7 disable Off 10000 Off 10000 Off 10000 Drop gi8 disable Off 10000 Off 10000 Off 10000 Drop gi9 disable Off 10000 Off 10000 Off 10000 Drop gi10 disable Off 10000 Off 10000 Off 10000 Drop gi11 disable Off 10000 Off 10000 Off ...

Page 169: ...isable Off 10000 Off 10000 Off 10000 Drop gi24 disable Off 10000 Off 10000 Off 10000 Drop gi25 disable Off 10000 Off 10000 Off 10000 Drop gi26 disable Off 10000 Off 10000 Off 10000 Drop gi27 disable Off 10000 Off 10000 Off 10000 Drop gi28 disable Off 10000 Off 10000 Off 10000 Drop shutdown To disable an interface use the shutdown Interface Configuration mode command To restart a disabled interface...

Page 170: ...or a given Ethernet interface when not using auto negotiation use the speed Interface Configuration mode command Syntax speed 10 100 1000 auto Parameters 10 Enables 10 Mbps operation 100 Enables 100 Mbps operation 1000 Enables 1000 Mbps operation Auto Enables auto speed configuration The port automatically detects the speed at which it should run at based on the port at the other end of the link I...

Page 171: ... or auto If the speed is set to auto the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value The duplex setting remains as configured on each end of the link which could result in a duplex setting mismatch If both ends of the line support autonegotiation we highly recommend that you use the default autonegot...

Page 172: ... maximum rate on an interface Default Configuration The default action is drop Command Mode Interface Configuration Ethernet mode Example switchxxxxxx config interface gi5 switchxxxxxx config if storm control action drop storm control broadcast To enable storm control of broadcast traffic on an interface use the storm control broadcast Interface Configuration mode command To disable storm control ...

Page 173: ...ration mode command To revert to its default setting use the no form of this command Syntax storm control broadcast level pps kbps no storm control broadcast level Parameters pps kbps Specifies the maximum rate of broadcast traffic on a port The unit of this rate depends on the settings in the storm control unit command Range 1 to 262134 pps or 16 to 1000000 kbps Default Configuration 10000 Comman...

Page 174: ...broadcast level 12345 storm control enable To enable storm control on an interface use the storm control enable Interface Configuration mode command To disable storm control use the no form of this command Syntax storm control enable no storm control enable Parameters N A Default Configuration Disabled Command Mode Interface Configuration mode Example switchxxxxxx config interface gi11 switchxxxxx...

Page 175: ...g include exclude Parameters include Includes preamble and IFG exclude Excludes preamble and IFG Default Configuration Exclude Command Mode Global Configuration mode Example switchxxxxxx config storm control ifg include storm control unit To set the unit of storm control counting use the storm control unit Global Configuration command Syntax storm control unit bps pps Parameters bps Specifies the ...

Page 176: ...le storm control for unknown multicast traffic on an interface use the storm control unknown multicast Interface Configuration mode command To disable storm control for unknown multicast traffic use the no form of this command Syntax storm control unknown multicast no storm control unknown multicast Parameters N A Default Configuration Disabled Command Mode Interface Configuration Ethernet mode Ex...

Page 177: ...nown multicast level Parameters pps kbps Specifies the maximum rate of unknown multicast traffic on an interface The unit of this rate depends on the settings in the storm control unit Global Configuration mode command Range 1 to 262134 pps or 16 to 1000000 kbps Default Configuration 10000 Command Mode Interface Configuration Ethernet mode User Guidelines Use the storm control unknown multicast le...

Page 178: ...ommand Syntax storm control unknown unicast no storm control unknown unicast Parameters N A Default Configuration Disabled Command Mode Interface Configuration Ethernet mode Example switchxxxxxx config interface gi5 switchxxxxxx config if storm control unknown unicast storm control unknown unicast level To configure the maximum rate of unknown unicast traffic on an interface use the storm control ...

Page 179: ...trol unit Global Configuration mode command Range 1 to 262134 pps or 16 to 1000000 kbps Default Configuration 10000 Command Mode Interface Configuration Ethernet mode User Guidelines Use the storm control unknown unicast level Interface Configuration command to enable storm control for unknown unicast traffic on an interface The calculated rate includes the 20 bytes of Ethernet framing overhead pr...

Page 180: ...r gvrp statistics Privileged EXEC command Syntax clear gvrp error statistics statistics interfaces interface id Parameters error statistics Clears error statistics only statistics Clears normal statistics interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interface must be an Ethernet port Default Configuration N A Command Mode Privileged EXEC Mode Example sw...

Page 181: ... use the no form of this command Syntax gvrp enable no gvrp enable Parameters N A Default Configuration GVRP is globally disabled Command Mode Global Configuration mode Example switchxxxxxx config gvrp enable gvrp enable Interface To enable GVRP on an interface use the gvrp enable Interface Configuration mode command To disable GVRP on an interface use the no form of this command Syntax gvrp enabl...

Page 182: ...s the PVID must be manually defined as the untagged VLAN ID Example switchxxxxxx config interface gi6 switchxxxxxx config if gvrp enable gvrp registration mode To deregister all dynamic VLANs on an interface and prevent VLAN creation or registration on the interface use the gvrp registration mode Interface Configuration mode command Syntax gvrp registration mode fixed forbidden normal Parameters f...

Page 183: ...vlan creation forbid To disable dynamic VLAN creation or modification use the gvrp vlan creation forbid Interface Configuration mode command To enable dynamic VLAN creation or modification use the no form of this command Syntax gvrp vlan creation forbid no gvrp vlan creation forbid Parameters N A Default Configuration Dynamic VLAN creation is enabled Command Mode Interface Configuration Ethernet p...

Page 184: ...ged EXEC mode Example switchxxxxxx show gvrp GVRP Status GVRP Disabled Join time 200 ms Leave time 600 ms LeaveAll time 10000 ms show gvrp configuration To show the GVRP configuration on specific interfaces use the show gvrp configuration Privileged EXEC mode command Syntax show gvrp configuration interfaces interface id Parameters interfaces interface id Optional Specifies an interface ID or a li...

Page 185: ...isabled Normal Enabled gi10 Disabled Normal Enabled gi11 Disabled Normal Enabled gi12 Disabled Normal Enabled gi13 Disabled Normal Enabled gi14 Disabled Normal Enabled gi15 Disabled Normal Enabled gi16 Disabled Normal Enabled gi17 Disabled Normal Enabled gi18 Disabled Normal Enabled gi19 Disabled Normal Enabled gi20 Disabled Normal Enabled gi21 Disabled Normal Enabled gi22 Disabled Normal Enabled ...

Page 186: ...ese types Ethernet port or port channel If no interface ID is specified GVRP error statistics for all interfaces are displayed Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show gvrp error statistics Legend INVPROT Invalid protocoal Id INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length INVAVAL Invalid Attribute Value INVEVENT Invalid Event Port INVPR...

Page 187: ...0 po8 0 0 0 0 0 show gvrp statistics To show the GVRP statistics for all interfaces or for a specific interface use the show gvrp statistics Privileged EXEC mode command Syntax show gvrp statistics interfaces interface id Parameters interfaces interface id Optional Specifies an interface ID or a list of interfaces The interfaces can be one of these types Ethernet port or port channel If no interfa...

Page 188: ...aveAll TX 0 Port id fa2 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa3 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll T...

Page 189: ... LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa6 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa7 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEm...

Page 190: ... 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa9 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa10 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 Leav...

Page 191: ... JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa13 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa14 Total RX 0 JoinEmpty RX 0 JoinI...

Page 192: ... TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa16 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa17 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 ...

Page 193: ...tal RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa20 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa21 Total RX...

Page 194: ...RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa23 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id fa24 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 T...

Page 195: ...aveAll TX 0 Port id gi2 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id po1 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll T...

Page 196: ...mpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id po4 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id po5 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX ...

Page 197: ...X 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id po7 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 JoinIn TX 0 Empty TX 0 LeaveIn TX 0 LeaveEmpty TX 0 LeaveAll TX 0 Port id po8 Total RX 0 JoinEmpty RX 0 JoinIn RX 0 Empty RX 0 LeaveIn RX 0 LeaveEmpty RX 0 LeaveAll RX 0 Total TX 0 JoinEmpty TX 0 Join...

Page 198: ...groups Privileged EXEC mode command Syntax clear ip igmp snooping groups dynamic static Parameters dynamic Optional Deletes dynamic group entries static Optional Deletes static group entries Command Mode Privileged EXEC mode Example switchxxxxxx clear ip igmp snooping groups clear ip igmp snooping statistics To clear the IGMP Snooping statistics use the clear ip igmp snooping statistics Privileged...

Page 199: ...roups by applying an IGMP profile to the interface use the ip igmp filter Interface Configuration mode command To remove an IGMP profile from the interface use the no form of this command Syntax ip igmp filter profile number no ip igmp filter Parameter profile number The IGMP profile number to be applied Range 1 to 128 Default Configuration No IGMP profiles are applied Command Mode Interface Confi...

Page 200: ...action the report is dropped use the no form of this command Syntax ip igmp max groups number no ip igmp max groups ip igmp max groups action deny replace Parameters number The maximum number of IGMP groups that an interface can join action deny Drops the next IGMP join report when the maximum number of entries in the IGMP Snooping forwarding table is reached This is the default action action repl...

Page 201: ...mum number of entries in the forwarding table is reached the switch replaces a randomly selected multicast entry with the received IGMP report Example switchxxxxxx config interface gi1 switchxxxxxx config if ip igmp max groups 25 switchxxxxxx config if ip igmp max groups action replace ip igmp profile To create an IGMP profile and enter the IGMP Profile Configuration mode use the ip igmp profile G...

Page 202: ...nfig igmp profile ip igmp snooping To enable IGMP Snooping on the switch use the ip igmp snooping Global Configuration mode command To disable IGMP Snooping on the switch use the no form of this command Syntax ip igmp snooping no ip igmp snooping Parameters N A Default Configuration IGMP Snooping is enabled by default Command Mode Global Configuration mode Example switchxxxxxx config ip igmp snoop...

Page 203: ...n as IGMPv2 version 3 Specifies the IGMP version as IGMPv3 Default Configuration IGMPv2 Command Mode Global Configuration mode Example switchxxxxxx config ip igmp snooping version 3 ip igmp snooping report suppression To enable IGMP Snooping report suppression use the ip igmp snooping report suppression Global Configuration mode command To disable IGMP Snooping report suppression and forward all I...

Page 204: ...nds the first IGMP report from all hosts for a group to all the multicast routers The switch does not send the remaining IGMP reports for the group to the multicast routers This feature prevents duplicate reports from being sent to the multicast devices If you disable IGMP report suppression by entering the no ip igmp snooping report suppression command all IGMP reports are forwarded to the multic...

Page 205: ...fault is flood Command Mode Global Configuration mode Example switchxxxxxx config ip igmp snooping unknown multicast action drop ip igmp snooping vlan To enable IGMP Snooping on specific VLANs use the ip igmp snooping vlan Global Configuration mode command To disable IGMP Snooping on specific VLANs use the no form of this command Syntax ip igmp snooping vlan VLAN LIST no ip igmp snooping vlan VLAN...

Page 206: ... igmp snooping vlan immediate leave Global Configuration mode command To disable IGMP Snooping immediate leave processing use the no form of this command Syntax ip igmp snooping vlan VLAN LIST immediate leave no ip igmp snooping vlan VLAN LIST immediate leave Parameters VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 Default Configuration IGMP Snooping immediate leave is disabled by defa...

Page 207: ...n mrouter interfaces interface id no ip igmp snooping vlan VLAN LIST forbidden mrouter interfaces interface id Parameters VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 interfaces interface id Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Default Configuration No ports are defined Command Mode Global Configura...

Page 208: ...an VLAN LIST forbidden forward all interfaces interface id Parameter VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 interfaces interface id Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Default Configuration No port is configured as a member of a multicast group Command Mode Global Configuration mode User Guid...

Page 209: ...N LIST last member query count Parameter VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 count The number of times that group specific or group source specific queries are sent upon receipt of a message indicating a leave Range 1 to 7 Default Configuration 2 Command Mode Global Configuration mode User Guidelines You can execute the command before the VLAN is created Example switchxxxxxx ...

Page 210: ...rface Range 1 to 25 Default Configuration 1 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example switchxxxxxx config ip igmp snooping vlan 3 last member query interval 2 ip igmp snooping vlan mrouter To enable automatic learning of multicast router ports on a VLAN use the ip igmp snooping vlan mrouter Global Configuration mod...

Page 211: ...ived on the port MOSPF received on the port You can execute the command before the VLAN is created Example switchxxxxxx config ip igmp snooping vlan 1 mrouter learn pim dvmrp ip igmp snooping vlan querier To enable the IGMP querier on specific VLANs use the ip igmp snooping vlan querier Global Configuration mode command To disable the IGMP querier on specific VLANs use the no form of this command ...

Page 212: ...rier ip igmp snooping vlan querier version To configure the IGMP version for an IGMP querier on specific VLANs use the ip igmp snooping vlan querier version Global Configuration mode command To revert to its default setting use the no form of this command Syntax ip igmp snooping vlan VLAN LIST querier version 2 3 no ip igmp snooping vlan VLAN LIST querier version Parameters VLAN LIST A VLAN ID or ...

Page 213: ...its default setting use the no form of this command Syntax ip igmp snooping vlan VLAN LIST query interval seconds no ip igmp snooping vlan VLAN LIST query interval Parameters VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 seconds The frequency in seconds at which IGMP query messages are sent on the interface Range 30 to 18000 Default Configuration The default IGMP query interval is 125 ...

Page 214: ...econds no ip igmp snooping vlan VLAN LIST response time Parameters VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 seconds Maximum response time in seconds advertised in IGMP queries Range 5 to 20 Default Configuration 10 Command Mode Global Configuration mode User Guidelines You can execute the command before the VLAN is created Example switchxxxxxx config ip igmp snooping vlan 3 respon...

Page 215: ...tion mode Example switchxxxxxx config interface vlan 1 robustness variable 5 ip igmp snooping vlan static To enable the IGMP Snooping static group processing on a VLAN use the ip igmp snooping vlan static Global Configuration mode command To disable this feature use the no form of this command Syntax ip igmp snooping vlan VLAN LIST static IPv4 Addr interface interface id no ip igmp snooping vlan V...

Page 216: ...ig ip igmp snooping vlan 1 static 192 168 1 110 interface gi1 switchxxxxxx config ip igmp snooping vlan 1 static 192 168 1 200 interface po1 ip igmp snooping vlan mrouter To register a Layer 2 port as a member of a static multicast group to the bridge table use the ip igmp snooping vlan mrouter Global Configuration mode command To remove the ports as the members of a static Mrouter port use the no...

Page 217: ...xx config ip igmp snooping vlan 1 mrouter interfaces gi1 ip igmp snooping vlan forward all To enable the IGMP Snooping forward all static port processing on a VLAN use the ip igmp snooping vlan forward all Global Configuration mode command To disable this feature use the no form of this command Syntax ip igmp snooping vlan VLAN LIST forward all interfaces interface id no ip igmp snooping vlan VLAN...

Page 218: ...ard all interfaces gi1 switchxxxxxx config ip igmp snooping vlan 1 forward all interfaces po1 profile range To create an IGMP profile use the profile range IGMP profile Configuration mode command Syntax profile range ip ip range action permit deny Parameters ip ip range Specifies a range of IPv4 addresses This can be a single IPv4 address or a range of addresses When entering a range enter the low...

Page 219: ... all interfaces or a specific interface use the show ip igmp filter Privileged EXEC mode command Syntax show ip igmp filter interfaces interface id Parameters interfaces interface id Optional Specifies an interface ID or a list of interface IDs Command Mode Privileged EXEC mode Example switchxxxxxx show ip igmp filter Port ID Profile ID fa1 1 fa2 1 fa3 2 fa4 2 fa5 None fa6 None fa7 None fa8 None f...

Page 220: ...oups on a specific interface or all interfaces use the show ip igmp max group Privileged EXEC mode command Syntax show ip igmp max group interfaces interface id Parameters interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode User Guidelines If no interface is sp...

Page 221: ...arameters interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode User Guidelines If no interface is specified the information for all interfaces is displayed Example switchxxxxxx show ip igmp max group action interface fa5 Port ID Max groups Action fa5 replacy sho...

Page 222: ...mp profile action permit Range low ip 10 172 11 1 Range high ip 10 172 11 20 show ip igmp snooping To display the IGMP Snooping status use the show ip igmp snooping Privileged EXEC mode command Syntax show ip igmp snooping Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show ip igmp snooping IGMP Snooping Status Snooping Enabled Report Suppression Enabled Operation Version v2...

Page 223: ...ail Group Source Query TX 0 show ip igmp snooping forward all To display information for IGMP Snooping forward all use the show ip igmp snooping forward all Privileged EXEC mode command Syntax show ip igmp snooping forward all vlan VLAN_LIST Parameters vlan VLAN LIST Optional Specifies a VLAN ID or a list of VLANs Range 1 to 4094 Command Mode Privileged EXEC mode Example switchxxxxxx show ip igmp ...

Page 224: ...ptional Displays IPv4 group total entries dynamic Optional Displays dynamic groups static Optional Displays static groups Command Mode Privileged EXEC mode User Guidelines To display all multicast groups learned by IGMP Snooping use the show ip igmp snooping groups command without parameters To display a needed subset of all multicast groups learned by IGMP Snooping use the show ip igmp snooping g...

Page 225: ... the show ip igmp snooping mrouter Privileged EXEC mode command Syntax show ip igmp snooping mrouter dynamic static forbidden Parameters dynamic Optional Displays dynamic routers forbidden Optional Displays forbidden routers static Optional Displays static routers Command Mode Privileged EXEC mode Example switchxxxxxx show ip igmp snooping mrouter Dynamic Mrouter Table VID Port Expiry Time Sec Tot...

Page 226: ...oping querier Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show ip igmp snooping querier VID State Status Version Querier IP 1 Disabled Non Querier No 104 Disabled Non Querier No Total Entry 2 show ip igmp snooping vlan To display the IGMP Snooping configuration for specific VLANs use the show ip igmp snooping vlan Privileged EXEC mode command Syntax show ip igmp snooping ...

Page 227: ...Snooping VLAN 1 admin disabled IGMP Snooping operation mode disabled IGMP Snooping robustness admin 2 oper 2 IGMP Snooping query interval admin 125 sec oper 125 sec IGMP Snooping query max response admin 10 sec oper 10 sec IGMP Snooping last member query counter admin 2 oper 2 IGMP Snooping last member query interval admin 1 sec oper 1 sec IGMP Snooping immediate leave disabled IGMP Snooping autom...

Page 228: ... cache Privileged EXEC mode command Syntax clear arp cache ip address Parameters ip address Optional The IP address to be deleted Command Mode Privileged EXEC mode Example switchxxxxxx clear arp cache ip default gateway To define a default gateway use the ip default gateway Global Configuration mode command To revert to its default setting use the no form of this command Syntax ip default gateway ...

Page 229: ...mple switchxxxxxx config ip default gateway 192 168 1 100 ip domain lookup To enable the IP Domain Naming System DNS based host name to address translation use the ip domain lookup Global Configuration mode command To revert to its default setting use the no form of this command Syntax ip domain lookup no ip domain lookup Parameters N A Default Configuration Enabled Command Mode Global Configurati...

Page 230: ... domain name used to complete unqualified host names Do not include the initial period that separates an unqualified name from the domain name Length 1 to 255 characters Maximum label length of each domain level is 63 characters Default Configuration No default domain name is defined Command Mode Global Configuration mode User Guidelines Any IP hostname that does not contain a domain name that is ...

Page 231: ...p host hostname address1 address2 address8 no ip host hostname address1 address2 address8 Parameters hostname Name of the host Length 1 to 158 characters Maximum label length of each domain level is 63 characters address1 Associated host IP address IPv4 or IPv6 if IPv6 stack is supported address2 address8 Optional Up to seven additional associated IP addresses delimited by a single space IPv4 or I...

Page 232: ...y is deleted if all its addresses are deleted Example switchxxxxxx config ip host accounting website com 176 10 23 1 ip name server To configure the DNS servers use the ip name server Global Configuration mode command To disable the DNS servers use the no form of this command Syntax ip name server server address1 server address2 server address8 no ip name server Parameters server address1 IPv4 or ...

Page 233: ...ters ip address The IP address mask The network mask of the IP address Default Configuration The default IP address of the management VLAN is 192 168 1 254 Command Mode Global Configuration mode User Guidelines If a dynamic IP address is already defined the user must enter the no management ip dhcp client command to disable it before setting a static IP address If you modify the static IP address ...

Page 234: ...ers N A Default Configuration DHCP client is enabled Command Mode Global Configuration mode User Guidelines This command enables the switch to dynamically learn its IP address by using the DHCP protocol DHCP client configuration on the switch implicitly removes the static IP address configuration on the management VLAN If the switch is configured to obtain its IP address from a DHCP server it send...

Page 235: ...d EXEC mode command Syntax show arp Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show arp Address HWtype HWaddress Flags Mask Iface 192 168 1 22 ether 00 10 60 DB 6E FE C eth0 show hosts To display the DNS servers defined on the switch use the show hosts Privileged EXEC mode command Syntax show hosts Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx sho...

Page 236: ...ain Table Domain Source Preference Name Server Table IP Address Source Preference Cache Table Flags STA OK STA Static OK Okay Host IP Address Type State show ip To display the IP address of the management VLAN use the show ip Privileged EXEC mode command Syntax show ip Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show ip ...

Page 237: ...35 14 IP Address 192 168 1 254 Subnet Netmask 255 255 255 0 Default Gateway 192 168 1 1 show ip dhcp To display the IP DHCP status use the show ip dhcp Privileged EXEC mode command Syntax show ip dhcp Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show ip dhcp DHCP Status disabled ...

Page 238: ...tics vlan Privileged EXEC mode command Syntax clear ip arp inspection statistics vlan VLAN LIST Parameters VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 Command Mode Privileged EXEC mode Example switchxxxxxx clear ip arp inspection statistics vlan 1 ip arp inspection To enable dynamic ARP inspection on the switch use the ip arp inspection Global Configuration mode command To disable dy...

Page 239: ...and responses on an interface use the ip arp inspection limit rate Interface Configuration mode command To revert to its default setting use the no form of this command Syntax ip arp inspection limit rate VALUE no ip arp inspection limit rate Parameters VALUE Maximum number of incoming packets per second that are allowed on the interface Range 1 to 300 pps Default Configuration The default rate is...

Page 240: ...terface also changes its rate limit to the default value for that trust state After you configure the rate limit the interface retains the rate limit even when its trust state is changed If you enter the no ip arp inspection limit command the interface reverts to its default rate limit You should configure trunk ports with higher rates to reflect their aggregation When the rate of incoming packets...

Page 241: ...arp inspection trust no ip arp inspection trust Parameters N A Default Configuration The interface is untrusted Command Mode Interface Configuration mode User Guidelines The switch does not check ARP packets that are received on the trusted interface It only forwards these packets For untrusted interfaces the switch intercepts all ARP requests and responses It verifies that the intercepted packets...

Page 242: ... IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Sender IP addresses are compared in all ARP requests and responses Target IP addresses are compared only in ARP responses allow zeros Optional Modifies the IP validation test so that ARPs with an address of 0 0 0 0 are not denied src mac Compares the source MAC address in the Ethernet header against the sender M...

Page 243: ...ample switchxxxxxx config ip arp inspection validate dst mac switchxxxxxx config ip arp inspection validate src mac switchxxxxxx config ip arp inspection validate ip switchxxxxxx config ip arp inspection validate ip allow zeros ip arp inspection vlan To enable dynamic ARP inspection on specific VLANs use the ip arp inspection vlan Global Configuration mode command To disable dynamic ARP inspection...

Page 244: ... vlan 5 show ip arp inspection To show the ARP Inspection status use the show ip arp inspection Privileged EXEC mode command Syntax show ip arp inspection Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show ip arp inspection Dynamic ARP Inspection disabled Source Mac Validation disabled Destination Mac Validation disabled IP Address Validation disabled Enable on Vlans None T...

Page 245: ...be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode Example switchxxxxxx show ip arp inspection interfaces gi1 Interfaces Trust State Rate pps gi1 Untrusted 15 Source Mac Validation Shows whether to compare the source MAC address in the Ethernet header against the sender MAC address in ARP body Destination Mac Validation Shows whether to compare the destination MA...

Page 246: ...ode Privileged EXEC mode Example switchxxxxxx show ip arp inspection statistics vlan 1 Vlan Forward Source MAC Failures Dest MAC Failures SIP Validation Failures DIP Validation Failures IP MAC Mismatch Failures Field Description Interfaces Port or LAG on which ARP Inspection trust mode can be enabled Trust State Shows whether ARP Inspection trust mode is enabled or disabled on the interface Enable...

Page 247: ...packets forwarded by the VLAN Source MAC Failures Total number of ARP packets that include wrong source MAC addresses Dest MAC Failures Total number of ARP packets that include wrong destination MAC addresses SIP Validation Failures Total number of ARP packets that the source IP address validation fails DIP Validation Failures Total number of ARP packets that the destination IP address validation ...

Page 248: ...ged EXEC mode command Syntax clear ip dhcp snooping binding IPv4 Addr Parameters Clears all dynamic entries IPv4 Addr The entry for an IPv4 address Command Mode Privileged EXEC mode Example switchxxxxxx clear ip dhcp snooping binding 192 168 1 1 clear ip dhcp snooping binding interface To clear the DHCP snooping binding entries for specific interfaces use the clear ip dhcp snooping binding interfa...

Page 249: ...t channel Command Mode Privileged EXEC mode Example switchxxxxxx clear ip dhcp snooping binding interface fa5 clear ip dhcp snooping binding vlan To clear the DHCP snooping binding entries for specific VLANs use the clear ip dhcp snooping binding vlan Privileged EXEC mode command Syntax clear ip dhcp snooping binding vlan vlan id Parameters vlan id The VLAN ID Command Mode Privileged EXEC mode Exa...

Page 250: ... A Command Mode Privileged EXEC mode Example switchxxxxxx clear ip dhcp snooping database statistics clear ip dhcp snooping interfaces statistics To clear the DHCP snooping database statistics for specific interfaces use the clear ip dhcp snooping interfaces statistics Privileged EXEC mode command Syntax clear ip dhcp snooping interfaces interface id statistics Parameters interface id An interface...

Page 251: ...DHCP snooping is disabled Command Mode Global Configuration mode User Guidelines To apply any DHCP snooping configuration you must enable DHCP snooping globally on the switch DHCP snooping is not active until you enable DHCP snooping on a VLAN by using the ip dhcp snooping vlan Global Configuration mode command Example switchxxxxxx config ip dhcp snooping ip dhcp snooping database To configure the...

Page 252: ... Use 0 to define an infinite duration write delay VALUE Specifies the duration in seconds for which the transfer should be delayed after the binding database changes Range 15 to 86400 seconds Default Configuration The URL for the database agent is not defined The default timeout is 300 seconds 5 minutes The default write delay is 300 seconds 5 minutes Command Mode Global Configuration mode User Gu...

Page 253: ...00 switchxxxxxx config ip dhcp snooping database write delay 3000 ip dhcp snooping information option To enable DHCP option 82 data insertion use the ip dhcp snooping information option Global Configuration mode command To disable DHCP option 82 data insertion use the no form of this command Syntax ip dhcp snooping information option format remote id STRING no ip dhcp snooping information option f...

Page 254: ...as relayed to the server by the switch When both the client and server are on the same subnet the server broadcasts the reply The switch inspects the remote ID and possibly the circuit ID fields to verify that it originally inserted the option 82 data The switch removes the option 82 field and forwards the packet to the switch port that connects to the DHCP host that sends the DHCP request Example...

Page 255: ... not learn DHCP snooping bindings for connected devices on a trusted interface If the edge switch to which a host is connected inserts option 82 information and you want to use DHCP snooping on an aggregation switch enter the ip dhcp snooping information option allow untrusted command on the aggregation switch The aggregation switch can learn the bindings for a host even though the aggregation swi...

Page 256: ...oped on the switch and you will need to adjust the interface rate limit to a higher value If the rate limit is exceeded the interface is error disabled If you enable error recovery by entering the errdisable recovery cause dhcp rate limit Global Configuration mode command the interface retries the operation again when all causes have timed out If the error recovery function is not enabled the inte...

Page 257: ...itches or routers as trusted ports Configure the ports that are connected to DHCP clients as untrusted ports Example switchxxxxxx config interface fa3 switchxxxxxx config if ip dhcp snooping trust ip dhcp snooping verify mac address To configure the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address use the ip dhcp snooping verify...

Page 258: ...e DHCP client hardware address can match or not If the addresses match the switch forwards the packet If the addresses do not match the switch drops the packet Example switchxxxxxx config ip dhcp snooping verify mac address ip dhcp snooping vlan To enable DHCP snooping on specific VLANs use the ip dhcp snooping vlan Global Configuration mode command To disable DHCP snooping on specific VLANs use t...

Page 259: ...the ip dhcp snooping vlan information option circuit id Interface Configuration mode command To revert to its default setting use the no form of this command Syntax ip dhcp snooping vlan VLAN LIST information option circuit id STRING no ip dhcp snooping vlan VLAN LIST information option circuit id Parameters VLAN LIST A VLAN ID or a list of VLAN IDs Range 1 to 4094 STRING A circuit ID using from 1...

Page 260: ...to be the circuit ID When you want to override the vlan mod port format type and use the circuit ID to define the subscriber information use the override keyword Example switchxxxxxx config interface fa7 switchxxxxxx config if ip dhcp snooping vlan 3 information option circuit id test renew ip dhcp snooping database To renew the DHCP snooping binding database use the renew ip dhcp snooping databas...

Page 261: ... A Command Mode Privileged EXEC mode Example switchxxxxxx show ip dhcp snooping DHCP Snooping enabled Enable on following Vlans None Verification of hwaddr disabled Insertion of option 82 disabled circuit id default format vlan port remote id vlan1_md_fa11 show ip dhcp snooping binding To display the DHCP snooping binding configuration for all interfaces use the show ip dhcp snooping binding Privi...

Page 262: ...base To display the status of the DHCP snooping binding database agent use the show ip dhcp snooping database Privileged EXEC mode command Syntax show ip dhcp snooping database Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show ip dhcp snooping database Type None FileName Write delay Timer 300 seconds Abort Timer 300 seconds Agent Running None Delay Timer Expiry Not Running...

Page 263: ... information option format remote id Privileged EXEC mode command Syntax show ip dhcp snooping information option format remote id Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show ip dhcp snooping information option format remote id Remote ID vlan md fa11 show ip dhcp snooping interfaces To display the DHCP snooping configuration for specific interfaces use the show ip dh...

Page 264: ...ces statistics To display the DHCP snooping statistics for specific interfaces use the show ip dhcp snooping interfaces statistics Privileged EXEC mode command Syntax show ip dhcp snooping interfaces interface id statistics Parameters interface id An interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode Exam...

Page 265: ...IP DHCP Snooping Commands show ip dhcp snooping interfaces statistics Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1 0 0 x 263 16 0 fa4 0 0 0 0 0 fa5 0 0 0 0 0 ...

Page 266: ...ommand Syntax ip source binding MAC Addr vlan VLAN LIST IPv4 Addr interface interface id no ip source binding MAC Addr vlan VLAN LIST IPv4 Addr interface interface id Parameters MAC Addr MAC address for IP source binding vlan VLAN LIST Specifies a VLAN ID or a range of VLAN IDs for IP source binding IPv4 Addr IP address for IP source binding interface interface id Specifies an interface ID or a li...

Page 267: ...92 168 1 50 interface fa1 switchxxxxxx config ip source binding 00 bb bb cc dd ee vlan 7 192 168 1 60 interface gi1 switchxxxxxx config ip source binding 00 cc bb cc dd ee vlan 10 192 168 1 90 interface po1 ip source binding max entry To set the maximum number of IP source binding rules on an interface use the ip source binding max entry Interface Configuration mode command Syntax ip source bindin...

Page 268: ...Optional Enables IP source guard with IP and MAC address filtering If you do not enter the mac and ip keyword IP address filtering is enabled by default Default Configuration IP source guard is disabled Command Mode Interface Configuration mode User Guidelines To enable IP source guard with source IP address filtering use the ip verify source Interface Configuration mode command To enable IP sourc...

Page 269: ... by DHCP snooping static Optional Displays information for static IP source bindings Command Mode Privileged EXEC mode User Guidelines The show ip source binding command output shows all dynamic and static IP source binding entries in the binding database Example switchxxxxxx show ip source binding Bind Table Maximun Binding Entry Number 191 Port VID MAC Address IP Type Lease Time fa11 2 00 03 6D ...

Page 270: ...hese types Ethernet port or port channel Command Mode Privileged EXEC mode Example switchxxxxxx show ip verify source interfaces fa1 10 Port Status Max Entry Current Entry fa1 disabled No Limit 1 fa2 disabled No Limit 0 fa3 disabled No Limit 0 fa4 disabled No Limit 0 fa5 disabled No Limit 0 MAC Address MAC address of the interface IP IP address of the interface Type IP address type The possible fi...

Page 271: ... No Limit 0 fa9 disabled No Limit 0 fa10 disabled No Limit 0 The following table describes the significant fields shown in the example Field Description Port Interface number Status Shows whether IP source guard is enabled or disabled on the interface Max Entry Maximum number of binding entries allowed in the IP source binding database Current Entry Current number of binding entries in the IP sour...

Page 272: ...delines Configuring a new default gateway without deleting the previous configured information overwrites the previous configuration A configured default gateway has a higher precedence over an automatically advertised by using a router advertisement message Precedence takes effect after the configured default gateway is reachable Reachability state is not verified automatically by the neighbor di...

Page 273: ...ress ipv6 address prefix length prefix length Parameters ipv6 address The IPv6 network assigned to the interface This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16 bit values between colons prefix length prefix length Specifies the length of the IPv6 prefix A decimal value that indicates how many of the high order contiguous bits of the ...

Page 274: ...ss autoconfiguration on the switch use the no form of this command Syntax management vlan ipv6 address autoconfig no management vlan ipv6 address autoconfig Parameters N A Default Configuration IPv6 address autoconfiguration is enabled on the switch No IPv6 address is assigned by default Command Mode Global Configuration mode User Guidelines When IPv6 address autoconfiguration is enabled the route...

Page 275: ... the management vlan ipv6 address dhcp Global Configuration mode command To remove the IPv6 address from the interface use the no form of this command Syntax management vlan ipv6 address dhcp no management vlan ipv6 address dhcp Parameters N A Default Configuration N A Command Mode Global Configuration mode User Guidelines The management vlan ipv6 address dhcp Global Configuration command allows t...

Page 276: ...t Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show ipv6 IPv6 DHCP Configuration Disabled IPv6 DHCP DUID IPv6 Auto Configuration Enabled IPv6 Link Local Address fe80 2e36 f8ff fe4b e227 64 IPv6 static Address 0 IPv6 static Gateway Address IPv6 in use Address fe80 2e36 f8ff fe4b e227 64 show ipv6 dhcp To display the IPv6 DHCP parameters configured on the switch use the s...

Page 277: ...mmands show ipv6 dhcp Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1 0 0 x 275 18 Command Mode Privileged EXEC mode Example switchxxxxxx config show ipv6 dhcp DHCPv6 Status enabled ...

Page 278: ...groups Privileged EXEC mode command Syntax clear ipv6 mld snooping groups dynamic static Parameters dynamic Optional Deletes dynamic MLD groups static Optional Deletes static MLD groups Command Mode Privileged EXEC mode Example switchxxxxxx clear ipv6 mld snooping groups clear ipv6 mld snooping statistics To clear the IPv6 MLD snooping statistics use the clear ipv6 mld snooping statistics Privileg...

Page 279: ... the interface use the ipv6 mld filter Interface Configuration mode command To remove a MLD profile from the interface use the no form of this command Syntax ipv6 mld filter profile number no ipv6 mld filter Parameter profile number The MLD profile number to be applied Range 1 to 128 Default Configuration No MLD profiles are applied Command Mode Interface Configuration mode User Guidelines You can...

Page 280: ... to return to the default throttling action which is to drop the report use the no form of this command Syntax ipv6 mld max groups number no ipv6 mld max groups number ipv6 mld max groups action deny replace Parameters number The maximum number of MLD groups that an interface can join action deny When the maximum number of entries in the MLD snooping forwarding table is reached drops the next MLD ...

Page 281: ...usly in the forwarding table are removed When the maximum number of entries in the forwarding table is reached the switch replaces a randomly selected multicast entry with the received MLD report Example switchxxxxxx config interface gi1 switchxxxxxx config if ipv6 mld max groups 25 switchxxxxxx config if ipv6 mld max groups action replace ipv6 mld profile To create a MLD profile and enter the MLD...

Page 282: ...nable IPv6 MLD snooping on the switch use the ipv6 mld snooping Global Configuration mode command To disable IPv6 MLD snooping use the no form of this command Syntax ipv6 mld snooping version 1 2 no ipv6 mld snooping Parameters version 1 Optional Specifies the MLD operation version as v1 version 2 Optional Specifies the MLD operation version as v2 Default Configuration The default MLD version is v...

Page 283: ...guration IPv6 MLD snooping report suppression is disabled by default Command Mode Global Configuration mode User Guidelines MLD snooping listener message suppression is equivalent to IGMP Snooping report suppression When enabling MLD snooping report suppression received MLDv1 reports to a group are forwarded to IPv6 multicast routers only once in every report forward time This funciton prevents th...

Page 284: ...ration mode Example switchxxxxxx config ipv6 mld snooping vlan 100 ipv6 mld snooping vlan immediate leave To enable MLD snooping immediate leave processing on the VLANs use the ipv6 mld snooping vlan immediate leave Global Configuration mode command To revert to its default setting use the no form of this command Syntax ipv6 mld snooping vlan VLAN LIST immediate leave no ipv6 mld snooping vlan VLA...

Page 285: ...ng defined as a multicast router port by static configuration or by automatic learning use the ipv6 mld snooping vlan forbidden mrouter Global Configuration mode command To revert to its default settings use the no form of this command Syntax ipv6 mld snooping vlan VLAN LIST forbidden mrouter interfaces interface id no ipv6 mld snooping vlan VLAN LIST forbidden mrouter interfaces interface id Para...

Page 286: ...ssing on the VLANs use the ipv6 mld snooping vlan forbidden port Global Configuration mode command To disable this feature use the no form of this command Syntax ip6 mld snooping vlan VLAN LIST forbidden forward all interfaces interface id no ip6 mld snooping vlan VLAN LIST forbidden forward all interfaces interface id Parameters VLAN LIST A VLAN ID or a range of VLAN IDs interfaces interface id S...

Page 287: ...snooping vlan last member query count To configure IPv6 MLD multicast Address Specific Queries MASQs that will be sent before aging out a client use the ipv6 mld vlan snooping last member query count Global Configuration mode command To revert to the default settings use the no form of this command Syntax ipv6 mld snooping vlan VLAN LIST last member query count VALUE no ipv6 mld snooping vlan VLAN...

Page 288: ...D client is aged out Example switchxxxxxx config ipv6 mld snooping vlan 2 last member query count 5 ipv6 mld snooping vlan last member query interval To configure IPv6 MLD snooping last listener query interval on the switch or on a VLAN use the ipv6 mld snooping vlan last member query interval Global Configuration mode command This time interval is the maximum time that a multicast router waits af...

Page 289: ...terval is set this interval overrides the global query interval When the VLAN interval is set at 0 the global value is used Example switchxxxxxx config ipv6 mld snooping vlan 3 last member query interval 30 ipv6 mld snooping vlan mrouter learn pim dvmrp To enable automatic learning of multicast router ports on the switch or on a VLAN use the ipv6 mld snooping vlan mrouter learn pim dvmrp Global Co...

Page 290: ... snooping query interval on the switch or on a VLAN use the ipv6 mld snooping vlan query interval Global Configuration mode command This time interval is the maximum time that a multicast router waits after issuing an MASQ before deleting a port from the multicast group To revert to the default settings use the no form of this command Syntax ipv6 mld snooping vlan VLAN LIST query interval VALUE no...

Page 291: ...re deleting a nonresponsive port from the multicast group Example switchxxxxxx config ipv6 mld snooping vlan 7 query interval 250 ipv6 mld snooping vlan response time To configure the Query Maximum Response time on the VLANs use the ipv6 mld snooping vlan response time Global Configuration mode command To revert to its default setting use the no form of this command Syntax ipv6 mld snooping vlan V...

Page 292: ... the no form of this command Syntax ipv6 mld snooping vlan VLAN LIST robustness variable VALUE no ipv6 mld snooping vlan VLAN LIST robustness variable Parameters VLAN LIST A VLAN ID or a list of VLAN IDs VALUE The range is 1 to 7 Default Configuration The default VLAN robustness variable is 2 Command Mode Global Configuration mode User Guidelines Robustness is measured in terms of the number of ML...

Page 293: ...VLAN LIST static IPv6 Addr interface interface id no ipv6 mld snooping vlan VLAN LIST static IPv6 Addr interface interface id Parameters VLAN LIST A VLAN ID or a list of VLAN IDs IPv6 Addr The IPv6 multicast address interface id The interface ID which can be one of these types Ethernet port or port channel Default Configuration No ports are configured as a member of a multicast group Command Mode ...

Page 294: ...N LIST mrouter interfaces interface id no ipv6 mld snooping vlan VLAN LIST mrouter interfaces interface id Parameters VLAN LIST A VLAN ID or a list of VLAN IDs interfaces interface id Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Default Configuration No port is configured as a member of a static Mrouter port Command Mod...

Page 295: ...vlan VLAN LIST forward all interfaces interface id Parameters VLAN LIST A VLAN ID or a list of VLAN IDs interfaces interface id Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Default Configuration No port is configured as a member of a multicast group Command Mode Global Configuration mode User Guidelines You can execute ...

Page 296: ...pv6 ipv6 range action deny permit Parameters ipv6 ipv6 range Specifies a range of IPv6 addresses for the profile This can be a single IPv6 address or a range with a start and an end address When entering a range enter the low IPv6 multicast address a space and the high IPv6 multicast address action deny Denies the matching addresses action permit Permits the matching addresses Default Configuratio...

Page 297: ...nd Syntax show ipv6 mld filter interfaces interface id Parameters interfaces interface id Optional Specifies an interface ID or a list of interface IDs Command Mode Privileged EXEC mode Example switchxxxxxx show ipv6 mld filter Port ID Profile ID fa1 None fa2 1 fa3 1 fa4 2 fa5 None fa6 None fa7 None fa8 None fa9 None fa10 None fa11 None fa12 None fa13 None fa14 None fa15 None fa16 None fa17 None f...

Page 298: ... interfaces use the show ipv6 mld max group Privileged EXEC mode command Syntax show ipv6 mld max group interfaces interface id Parameters interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode User Guidelines If no interface is specified the information for all i...

Page 299: ...aces interface id Parameters interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interfaces can be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode User Guidelines If no interface is specified the information for all interfaces is displayed Example switchxxxxxx show ipv6 mld max group action interfaces fa5 Port ID Max groups A...

Page 300: ...d profile action deny Range low ip ff51 Range high ip ff52 show ipv6 mld snooping To display the MLD snooping configuration use the show ipv6 mld snooping Privileged EXEC mode command Syntax show ipv6 mld snooping Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show ipv6 mld snooping MLD Snooping Status Snooping Disabled Report Suppression Enabled Operation Version v1 Forward...

Page 301: ...nooping forward all To display information for IPv6 MLD snooping forward all use the show ipv6 mld snooping forward all Privileged EXEC mode command Syntax show ipv6 mld snooping forward all vlan VLAN_LIST Parameters vlan VLAN LIST Optional Specifies a VLAN ID or a list of VLAN IDs Command Mode Privileged EXEC mode Example switchxxxxxx show ipv6 mld snooping forward all MLD Snooping VLAN 1 MLD Sno...

Page 302: ...ng forbidden port None MLD Snooping VLAN 8 MLD Snooping static port None MLD Snooping forbidden port None MLD Snooping VLAN 9 MLD Snooping static port None MLD Snooping forbidden port None MLD Snooping VLAN 10 MLD Snooping static port None MLD Snooping forbidden port None show ipv6 mld snooping groups To display multicast groups learned by MLD snooping use the show ipv6 mld snooping groups Privile...

Page 303: ...x show ipv6 mld snooping groups VLAN Gourp IP Address Type Life Sec Port Total Number of Entry 0 show ipv6 mld snooping mrouter To display information for dynamically static or forbidden learned multicast router port for all VLANs or for a specific VLAN use show ipv6 mld snooping mrouter Privileged EXEC mode command Syntax show ipv6 mld snooping mrouter dynamic static forbidden Parameters dynamic ...

Page 304: ...ng vlan VLAN LIST Parameters VLAN LIST Optional A VLAN ID or a list of VLAN IDs Command Mode Privileged EXEC mode Example switchxxxxxx show ipv6 mld snooping vlan 100 MLD Snooping is globaly enabled MLD Snooping VLAN 1 admin disabled MLD Snooping oper mode disabled MLD Snooping robustness admin 2 oper 2 MLD Snooping query interval admin 125 sec oper 125 sec MLD Snooping query max response admin 10...

Page 305: ...rity Interface Configuration mode command To revert to its default setting use the no form of this command Syntax lacp port priority VALUE no lacp port priority Parameters VALUE The LACP priority value for an interface Range 1 to 65535 Default Configuration The default LACP port priority is 1 Command Mode Interface Configuration Ethernet mode Example switchxxxxxx config interface gi6 switchxxxxxx ...

Page 306: ...cp system priority VALUE no lacp system priority Parameters VALUE The LACP priority value for all interfaces Range 1 to 65535 Default Configuration The default LACP system priority is 32768 Command Mode Global Configuration mode Example switchxxxxxx config lacp system priority 120 lacp timeout To assign an administrative LACP timeout to an interface use the lacp timeout Interface Configuration mod...

Page 307: ...rface gi6 switchxxxxxx config if lacp timeout long show lacp To show LACP channel group information use the show lacp Privileged EXEC mode command Syntax show lacp sys id show lacp channel group number counters show lacp channel group number internal neighbor detail Parameters sys id Displays the system identifier that is being used by LACP The system identifier is made up of the LAPC system prior...

Page 308: ...groups appears You can enter the channel group number option to specify a channel group for all keywords except sys id Examples Example 1 The following example shows the LACP statistics switchxxxxxx show lacp counters LACPDUs LACPDUs Port Sent Recv Pkts Err Channel group 1 fa1 5 3 0 fa2 8 0 0 Channel group 2 fa3 3 5 0 fa4 0 0 0 The following table describes the significant fields shown in the exam...

Page 309: ...e9 0x3 0x3d fa4 SA down 1 0x3e9 0x3e9 0x4 0x45 The following table describes the significant fields shown in the example Field Description State State of the specific port The available values are bndl Port is attached to an aggregator and bundled with other ports susp Port is in a suspended state it is not attached to any aggregator hot sby Port is in a hot standby state 1indiv Port is incapable ...

Page 310: ...defines the ability of a port to aggregate with other ports A port s ability to aggregate with other ports is determined by the port physical characteristics for example data rate and duplex capability and configuration restrictions that you establish Oper Key Runtime operational key that is being used by this port LACP automatically generates this value as a hexadecimal number Port Number Port id...

Page 311: ...Port Number Age Flags gi14 32768 00e0 4c86 7001 0x2 63s SA LACP Partner Partner Partner Port Priority Oper Key Port State 1 0x3e8 0x3d Port State Flags Decode Activity Timeout Aggregation Synchronization Active Long Yes Yes Collecting Distributing Defaulted Expired Yes Yes No No Partner Partner Partner Port System ID Port Number Age Flags gi15 32768 00e0 4c86 7001 0x3 90s SA LACP Partner Partner P...

Page 312: ...erence Guide Release 1 0 0 x 310 20 32768 00e0 4c86 7001 The system identification is made up of the system priority and the system MAC address The first two bytes are the system priority and the last six bytes are the globally administered individual MAC address associated to the system ...

Page 313: ...ar line ssh telnet Parameters ssh Disconnects SSH sessions telnet Disconnects Telnet sessions Default Configuration N A Command Mode Privileged EXEC Mode Example switchxxxxxx clear line telnet exec timeout To set the session idle time during which the switch waits for user input before automatic logoff use the exec timeout Line Configuration mode command To revert to the default setting use the no...

Page 314: ...ng example sets the idle time for Telnet sessions to 20 minutes switchxxxxxx config line telnet switchxxxxxx config line exec timeout 20 line To identify a specific line for configuration and enter the Line Configuration command mode use the line Global Configuration mode command Syntax line console ssh telnet Parameters console Specifies the terminal line mode telnet Specifies the switch as a vir...

Page 315: ...xxxxxx config line password thresh To set the login password intrusion threshold use the password thresh Line Configuration mode command Syntax password thresh value Parameters value The number of allowed password attempts Range 0 to 120 0 indicates no threshold Default Configuration The default threshold value is 0 which indicates no threshold Command Mode Line Configuration mode Example switchxx...

Page 316: ...s the SSH configuration Default Configuration If the line is not specified all line configuration parameters are displayed Command Mode Privileged EXEC mode Example The following example displays all line configuration parameters switchxxxxxx show line Console Baudrate 9600 Session Timeout 10 minutes History Count 128 Password Retry 3 Silent Time 0 seconds Telnet Telnet Server enabled Session Time...

Page 317: ...ter login failure Range 0 to 65535 0 indicates no silent time Default Configuration No silent time Command Mode Line Configuration mode Example switchxxxxxx config line console switchxxxxxx config line silent time 10 speed To set the console port baud rate use the speed Line Configuration mode command To revert to the default setting use the no form of this command Syntax speed bps no speed Parame...

Page 318: ...fault console port baud rate is 9600 bps Command Mode Line Configuration mode User Guidelines The configured speed is applied when autobaud is disabled This configuration applies to the current session only Example The following example sets the console baud rate to 115200 bps switchxxxxxx config line console switchxxxxxx config line speed 115200 ...

Page 319: ...stics Privileged EXEC mode command Syntax clear lldp statistics Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx clear lldp statistics lldp holdtime multiplier To specify how long the receiving device holds a LLDP packet before discarding it use the lldp holdtime multiplier Global Configuration mode command To revert to its default setting use the no ...

Page 320: ... 4 Command Mode Global Configuration mode User Guidelines The time to live TTL value the LLDP transmission interval multiplies the holdtime multiplier should be smaller than 65535 The actual TTL value of LLDP frames is calculated by the following formula TTL min 65535 LLDP Timer LLDP hold multiplier For example if the value of the LLDP timer is 30 seconds and the value of the LLDP holdtime multipl...

Page 321: ...ckets are flooded when LLDP is globally disabled Command Mode Global Configuration mode User Guidelines If the STP mode is set to MSTP the LLDP packet handling mode cannot be set to flooding The STP mode cannot be set to MSTP if the LLDP packet handling mode is flooding If LLDP is globally disabled and the LLDP packet handling mode is flooding LLDP packets are treated as data packets with the foll...

Page 322: ... the interface Default Configuration LLDP MED is enabled with the network policy TLV Command Mode Interface Configuration Ethernet mode Example switchxxxxxx config interface gi3 switchxxxxxx config if lldp med enable lldp med fast start repeat count When an interface comes up LLDP can send packets more quickly than usual using its fast start mechanism To configure the number of packets that is sen...

Page 323: ...p med location To configure the LLDP MED location for an interface use the lldp med location Interface Configuration mode command To remove the LLDP MED location for an interface use the no form of this command Syntax lldp med location civic address data coordinate data ecs elin data no lldp med location civic address coordinate ecs elin Parameters civic address data Specifies the location data as...

Page 324: ...6263646566 lldp med network policy voice auto To automatically create an LLDP MED network policy for voice application if the voice VLAN operation mode is auto voice VLAN use the lldp med network policy auto Global Configuration mode command The voice VLAN 802 1p priority and the DSCP value of the voice VLAN are used in the policy To disable this feature use the no form of this command Syntax lldp...

Page 325: ...here must be no manual preconfigured network policies for the voice application In the Auto mode you cannot manually define a network policy for the voice application using the lldp med network policy global command Example switchxxxxxx config lldp med network policy voice auto lldp med network policy Global To manually define an LLDP MED network policy use the lldp med network policy Global Confi...

Page 326: ...ity used for the specified application dscp value Specifies the DSCP value used for the specified application Default Configuration No network policy is defined Command Mode Global Configuration mode User Guidelines This command creates the network policy which can be attached to a port by using the lldp med network policy interface command Use the lldp med network policy Interface Configuration m...

Page 327: ...taches the specified network policy to the interface remove number Removes the specified network policy to the interface Default Configuration No network policy is attached to the interface Command Mode Interface Configuration Ethernet mode User Guidelines For each interface only one network policy per application can be defined Network policies are created by using the lldp med network policy glo...

Page 328: ...at should be included or excluded Available TLVs are network policy location poe pse and inventory The capabilities TLV is always included if LLDP MED is enabled Default Configuration Network policy TLV Command Mode Interface Configuration Ethernet mode Example The following example enables LLDP MED with the location TLV on gi5 switchxxxxxx config interface gi5 switchxxxxxx config if lldp med tlv ...

Page 329: ... port For example LLDP frames are received on the blocked ports If a port is controlled by 802 1x LLDP operates only if the port is authorized Example switchxxxxxx config interface gi1 switchxxxxxx config if lldp receive lldp reinit To specify the minimum time that an LLDP enabled port waits before reinitializing the LLDP transmission use the lldp reinit Global Configuration mode command To revert...

Page 330: ...on mode Example switchxxxxxx config lldp reinit 4 lldp run To enable LLDP globally on the switch use the lldp run Global Configuration mode command To disable LLDP globally on the switch use the no form of this command Syntax lldp run no lldp run Parameters N A Default Configuration LLDP is enabled by default Command Mode Global Configuration mode Example switchxxxxxx config lldp run ...

Page 331: ...select 802 1 vlan name add vlan id lldp tlv select 802 1 vlan name remove vlan id Parameters pvid enable Specifies that the PVID is advertised pvid disable Specifies that the PVID is not advertised vlan name add vlan id Specifies that the VLAN ID is advertised Range 1 to 4094 vlan name remove vlan id Specifies that the VLAN ID is not advertised Range 1 to 4094 Default Configuration 802 1 pvid TLV ...

Page 332: ...ldp tlv select Parameters TLV Optional Available optional TLVs are port desc sys name sys desc sys cap mac phy lag max frame size and management addr Default Configuration The sys name and sys cap TLVs are selected Command Mode Interface Configuration mode Example switchxxxxxx config interface gi20 switchxxxxxx config if lldp tlv select port desc sys name sys desc lldp transmit To enable transmitt...

Page 333: ...e STP state of a port For example LLDP frames are sent on the blocked ports If a port is controlled by 802 1x LLDP operates only if the port is authorized Example switchxxxxxx config interface gi5 switchxxxxxx config if lldp transmit lldp tx delay To set the delay time between two successive LLDP frame transmissions initiated by value or status changes in the LLDP local system MIB use the lldp tx ...

Page 334: ...lldp tx delay 10 lldp timer To specify how often the system sends the LLDP updates use the lldp timer Global Configuration mode command To revert to its default setting use the no form of this command Syntax lldp timer seconds no lldp timer Parameters seconds The minimum time in seconds that an LLDP port transmits the advertisement periodically Range 5 to 32767 Default Configuration 30 seconds Com...

Page 335: ...A Command Mode Privileged EXEC mode Example switchxxxxxx show lldp State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds LLDP packet handling Flooding Port State Optional TLVs Address gi1 RX TX SN SC 192 168 1 254 gi2 RX TX SN SC 192 168 1 254 gi3 RX TX SN SC 192 168 1 254 gi4 RX TX SN SC 192 168 1 254 gi5 RX TX SN SC 192 168 1 254 gi6 RX TX SN SC 192 168 1 254...

Page 336: ...3 RX TX SN SC 192 168 1 254 gi24 RX TX SN SC 192 168 1 254 gi25 RX TX SN SC 192 168 1 254 gi26 RX TX SN SC 192 168 1 254 gi27 RX TX SN SC 192 168 1 254 gi28 RX TX SN SC 192 168 1 254 Port ID gi1 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi2 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi3 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi4 802 3 opti...

Page 337: ... 1 optional TLVs PVID Enabled Port ID gi12 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi13 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi14 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi15 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi16 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi17 802 3 optional TLVs 802 1 o...

Page 338: ... PVID Enabled Port ID gi22 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi23 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi24 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi25 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi26 802 3 optional TLVs 802 1 optional TLVs PVID Enabled Port ID gi27 802 3 optional TLVs 802 1 optional TLVs PVI...

Page 339: ...C mode command Syntax show lldp interfaces interface id Parameters interface id An interface ID or a list of interface IDs Command Mode Privileged EXEC mode Example switchxxxxxx show lldp interfaces gi11 State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds LLDP packet handling Flooding Port State Optional TLVs Address gi11 RX TX SN SC 192 168 1 254 Port ID gi1...

Page 340: ...eters interface id An interface ID or a list of interface IDs Command Mode Privileged EXEC mode User Guidelines When an LLDP packet contains too much information for one packet this is called overloading The command calculates the overloading status of the current LLDP configuration not for the last LLDP packet that was sent Example switchxxxxxx show lldp interfaces gi11 tlvs overloading gi11 TLVs...

Page 341: ...leged EXEC mode Examples Example 1 The following example displays the LLDP local device information that is advertised from fa11 switchxxxxxx show lldp interfaces gi11 local device Device ID 00 E0 4C 86 70 01 Port ID gi11 System Name switchxxxxxx Capabilities Bridge System description 28 Port Gigabit PoE Smart Plus Switch Port description Time To Live 120 802 1 PVID 1 LLDP MED capabilities Capabil...

Page 342: ...or a list of interface IDs If not specified the command displays information for all interfaces Command Mode Privileged EXEC mode Examples Example 1 The following example shows the LLDP MED configuration for all interfaces switchxxxxxx show lldp med Fast Start Repeat Count 3 lldp med network policy voice auto Port Capabilities Network Policy Location Inventory POE gi1 Yes Yes No No No gi2 Yes Yes ...

Page 343: ... gi28 Yes Yes No No No Example 2 The following example shows the LLDP MED configuration for gi11 switchxxxxxx show lldp interfaces gi11 med Port Capabilities Network Policy Location Inventory POE gi11 Yes Yes No No No Port ID gi11 Network policies show lldp neighbor To show information about neighboring devices discovered using LLDP use the show lldp neighbor Privileged EXEC mode command Syntax sh...

Page 344: ...owing table describes the significant fields shown in the example Field Description Port Local port number Device ID The neighbor device s configured ID name or MAC address Port ID The neighbor device s port ID SysName The neighbor device s administratively assigned name Capabilities The capabilities discovered on the neighbor device Possible values are B Bridge R Router W WLAN Access Point T Tele...

Page 345: ...displays information for all interfaces Command Mode Privileged EXEC mode Example switchxxxxxx show lldp interfaces gi1 2 statistics LLDP Port Statistics TX Frames RX Frames RX TLVs RX Ageouts Port Total Total Discarded Errors Discarded Unrecognized Total gi1 0 0 0 0 0 0 0 gi2 0 0 0 0 0 0 0 The following table describes the significant fields shown in the example Field Description Port Identifier ...

Page 346: ...nd Line Interface Reference Guide Release 1 0 0 x 344 22 RX TLVs Discarded Total number of received TLVs that were discarded RX TLVs Unrecognized Total number of received TLVs that were unrecognized RX Ageouts Total Number of neighbor age outs on the interface Field Description ...

Page 347: ...atement The acceptable range is from 1 to 65535 If not specified the switch provides a number starting from 1 in ascending order interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interface can be one of these types Ethernet port or port channel service service Specifies the type of service Possible values are all Telnet SSH HTTP HTTPS and SNMP ip ipv4 addres...

Page 348: ...faces gi11 service http switchxxxxxx config macl exit management access class To restrict the management connections by defining the active management ACLs use the management access class Global Configuration mode command To disable the management connection restrictions use the no form of this command Syntax management access class console only name no management access class Parameters console o...

Page 349: ... management access list To configure a management access control list ACL and enter the Management Access List Configuration command mode use the management access list Global Configuration mode command To delete a management ACL use the no form of this command Syntax management access list name no management access list name Parameters name The ACL name Default Configuration N A Command Mode Glob...

Page 350: ...CL called mlist configures fa9 and fa11 as the management interfaces and adds the new ACL to the active ACL switchxxxxxx config management access list mlist switchxxxxxx config macl permit ip 192 168 1 111 0 0 255 255 interfaces gi9 service all switchxxxxxx config macl permit ip 192 168 1 111 0 0 255 255 interfaces gi11 service all switchxxxxxx config macl exit switchxxxxxx config Example 2 The fo...

Page 351: ... command Syntax no sequence Parameters N A Command Mode Management Access List Configuration mode Example switchxxxxxx show management access list 2 management access lists are created console only sequence 1 deny interfaces fa1 24 gi1 2 po1 8 service all Note all other access implicitly denied mgmtacl1 sequence 1 permit interfaces fa1 service telnet Note all other access implicitly denied switchx...

Page 352: ...ed the switch provides a number starting from 1 in ascending order interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interface can be one of these types Ethernet port or port channel service service Specifies the type of service Possible values are all Telnet SSH HTTP HTTPS or SNMP ip ipv4 address ipv4 mask Specifies the source IPv4 address and mask address ...

Page 353: ... the active management ACL use the show management access class Privileged EXEC mode command Syntax show management access class Command Mode Privileged EXEC mode Example switchxxxxxx show management access class Management access class is enabled using access list mlist show management access list To show information for all management ACLs or for a specific management ACL use the show management...

Page 354: ...eged EXEC mode Example The following example displays information for all management ACLs switchxxxxxx show management access list 2 management access lists are created console only sequence 1 deny interfaces fa1 24 gi1 2 po1 8 service all Note all other access implicitly denied mlist sequence 1 permit interfaces fa11 service all Note all other access implicitly denied ...

Page 355: ...able length interfaces interface id Parameters interfaces interface id Specifies an Ethernet interface ID or a list of Ethernet interface IDs Default Configuration N A Command Mode Privileged EXEC Mode User Guidelines The interface must be active and working at 100 Mbps or 1000 Mbps Example switchxxxxxx show cable diagnostics cable length interfaces gi1 24 Port Speed Local pair Pair length Pair st...

Page 356: ...pen gi6 auto Pair A 0 90 Open Pair B 0 90 Open Pair C 0 88 Open Pair D 0 87 Open gi7 auto Pair A 0 96 Open Pair B 0 95 Open Pair C 0 91 Open Pair D 0 90 Open gi8 auto Pair A 0 92 Open Pair B 0 93 Open Pair C 0 88 Open Pair D 0 88 Open gi9 auto Pair A 0 90 Open Pair B 0 90 Open Pair C 0 87 Open Pair D 0 85 Open gi10 auto Pair A 0 86 Open Pair B 0 86 Open Pair C 0 83 Open Pair D 0 81 Open gi11 auto ...

Page 357: ...i17 auto Pair A 0 98 Open Pair B 0 91 Open Pair C 0 85 Open Pair D 0 90 Open gi18 auto Pair A 6 00 Normal Pair B 6 00 Normal Pair C 6 00 Normal Pair D 6 00 Normal gi19 auto Pair A 0 97 Open Pair B 0 93 Open Pair C 0 87 Open Pair D 0 86 Open gi20 auto Pair A 0 95 Open Pair B 0 95 Open Pair C 0 87 Open Pair D 0 91 Open gi21 auto Pair A 0 90 Open Pair B 0 88 Open Pair C 0 83 Open Pair D 0 82 Open gi2...

Page 358: ... interfaces interface id detailed Parameters interfaces interface id Specifies an Ethernet interface ID or a list of Ethernet interface IDs detailed Optional Displays the detailed diagnostics Command Mode Privileged EXEC Mode Example switchxxxxxx show fiber ports optical transceiver interfaces gi1 24 detailed Port Temperature Voltage Current Output power Input power LOS C Volt mA mWatt mWatt gi1 C...

Page 359: ...opper gi19 Copper gi20 Copper gi21 Copper gi22 Copper gi23 Copper gi24 Copper Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E Error ...

Page 360: ...power inline Interface Configuration mode command Syntax power inline auto never Parameters auto Turns on the device discovery protocol and applies power to the device never Turns off the device discovery protocol and stops supplying power to the device Default Configuration The default is auto Command Mode Interface Configuration Ethernet mode Example The following example turns on the device dis...

Page 361: ...legacy enable Default Configuration Power inline legacy is disabled Command Mode Global Configuration mode User Guidelines This feature only works when establishing the autonegotiation connection For the legacy powered devices that are already connected disabling this feature only takes effect after you unplug their cables Example switchxxxxxx config power inline legacy enable power inline limit T...

Page 362: ... switchxxxxxx config interface gi1 switchxxxxxx config if power inline limit 20000 power inline limit mode To set the power limit mode use the power inline limit mode Global Configuration mode command To revert to its default setting use the no form of this command Syntax power inline limit mode class port no power inline limit mode Parameters class Specifies that the power limit of a port is base...

Page 363: ...nline priority Interface Configuration Ethernet mode command Syntax power inline priority critical high low Parameters critical Specifies that the powered device operation is critical high Specifies that the powered device operation is high priority low Specifies that the powered device operation is low priority Default Configuration The default is low Command Mode Interface Configuration Ethernet...

Page 364: ...Default Configuration Inline power traps are disabled by default Command Mode Global Configuration mode Example switchxxxxxx config power inline traps enable power inline usage threshold To configure the threshold for initiating inline power usage alarms use the power inline usage threshold Global Configuration mode command To revert to its default setting use the no form of this command Syntax po...

Page 365: ...inline usage threshold 90 show env all To show the environment temperature the temperature thresholds and the fan speeds use the show env all Privileged EXEC mode command Syntax show env all Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxx show env all Fan Status Speed RPM 1 Normal 4850 2 Normal 4950 3 Normal 4500 4 Normal 4400 Thermal State Temperatur...

Page 366: ...net interface ID or a list of Ethernet interface IDs Default Configuration N A Command Mode Privileged EXEC mode Example Example 1 The following example shows the inline power settings for all interfaces switchxxxxxx show power inline Power management mode Port limit mode Legacy device supports enabled Unit Power Status Nominal Allocated Consumed Available Usage Traps Power Power Power Power Thres...

Page 367: ...0000 N A gi19 Auto searching low N A 30000 30000 N A gi20 Auto searching low N A 30000 30000 N A gi21 Auto searching low N A 30000 30000 N A gi22 Auto searching low N A 30000 30000 N A gi23 Auto searching low N A 30000 30000 N A gi24 Auto searching low N A 30000 30000 N A The following table describes the significant fields shown in the example Field Description Port management mode The current po...

Page 368: ...ndicates if the inline power traps are enabled Port Port number State Shows that the port is enabled to provide power The possible values are Auto or Never Status Power operational state The possible values are on off test fail testing searching or fault Priority Port inline power management priority The possible values are critical high or low Class Power consumption classification of the powered...

Page 369: ...x Power Admin Maximum amount of power in milliwatts assigned to the PD connected to the selected port In Class Limit mode the value of the maximum power allocation will be determined on the class detection of PD connected 15 4 w 802 3af class 0 to 3 and 30 W 802 3at class 4 In Power Limit mode the value of maximum power allocation will be determined by the PoE standard of the port 15 4 w 802 3af a...

Page 370: ... IDs The interface must be an Ethernet port Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays the inline power consumption for port 1 switchxxxxxx show power inline consumption interfaces gi1 Port Max Power Admin Power Voltage Current mW mW mV mA gi1 30000 30000 0 0 0 The following table describes the significant fields shown in the example Field De...

Page 371: ...P unconditionally It forces unconditionally the port to join a channel as a result of a LACP operation on Enables static only It forces the port to join a channel without a LACP operation In this mode a usable EtherChannel exists only when both connected port groups are in the on mode passive Enables LACP only if a LACP device is detected It forces the port to join a channel as a result of a LACP ...

Page 372: ...command Syntax port channel load balance src dst mac src dst mac ip Parameters src dst mac Specifies that the port channel load balancing is based on the source and destination MAC addresses for all packets src dst mac ip Specifies that the port channel load balancing is based on the destination IP addresses source IP addresses destination MAC addresses and source MAC addresses for all packets Def...

Page 373: ...0 x 371 26 show etherchannel summary To show information for all port channels use the show etherchannel summary Privileged EXEC Mode command Syntax show etherchannel summary Parameters N A Command Mode Privileged EXEC Mode Examples switchxxxxxx show etherchannel summary Load Balancing src dst mac ip Group ID Type Ports 1 2 3 4 5 6 7 8 ...

Page 374: ...session number destination interface interface id allow ingress packet no monitor session session number destination interface interface id Parameters session number The identifier for a port monitor session Range 1 to 4 interface id The destination interface ID The interface must be an Ethernet interface allow ingress packet Optional Enables ingress traffic forwarding for the destination interfac...

Page 375: ...stination interface for remote SPAN use the monitor session destination remote span Global Configuration mode command To stop a destination interface for remote SPAN use the no form of this command Syntax monitor session session number destination remote span vlan vlan id reflector interface interface id no monitor session session number destination remote span Parameters session number The identi...

Page 376: ...nitor session mirroring use the monitor session source interfaces Global Configuration mode command Use the no form of this command to stop a port monitor session Syntax monitor session session number source interfaces interface id both rx tx no monitor session session number source interfaces interface id both rx tx monitor session session number source vlan vlan id no monitor session session num...

Page 377: ...twice one instance as normal forward and another instance as mirrored from port 2 Moreover if port 2 is an untagged member in VLAN 3 and port 4 is a tagged member then both instances will look different one tagged and the other is not Example The following example copies traffic for both directions Tx and Rx from the source port fa2 to the monitor session 1 switchxxxxxx config monitor session 1 so...

Page 378: ...rce remote span VLAN 2 for the monitor session 1 switchxxxxxx config vlan 2 switchxxxxxx config vlan remote span switchxxxxxx config vlan exit switchxxxxxx config monitor session 1 source remote span vlan 2 no monitor session To disable all monitor sessions or disable a specific monitor session use the no monitor session Global Configuration mode command Syntax no monitor session session number al...

Page 379: ...xxxxxx config no monitor session all remote span To enable remote SPAN use the remote span VLAN Configuration mode command To disable remote SPAN use the no form of this command Syntax remote span no remote span Parameters N A Command Mode VLAN Configuration mode Example The following example defines VLAN 2 as a RSPAN VLAN switchxxxxxx config vlan 2 switchxxxxxx config vlan remote span ...

Page 380: ... of the monitor session If not specified all monitor sessions will be displayed Range 1 to 4 Default Configuration N A Command Mode Privileged EXEC Mode Example switchxxxxxx show monitor Session 1 Configuration Session Type Unknown Mirrored source Not Config Destination port Not Config Session 2 Configuration Session Type Unknown Mirrored source Not Config Destination port Not Config Session 3 Con...

Page 381: ...nce Guide Release 1 0 0 x 379 27 show vlan remote span To show the remote SPAN VLAN use the show vlan remote span Privileged EXEC Mode command Syntax show vlan remote span Parameters N A Default Configuration N A Command Mode Privileged EXEC Mode Example switchxxxxxx show vlan remote span Remote SPAN VLAN ID 3 ...

Page 382: ... quality of service QoS advanced mode Syntax class class map name no class class map name Parameters class map name Enter the name for an existing class map If the class map does not exist a new class map is created under the specified name Default Configuration No class map is defined for the policy map Command Mode Policy map Configuration mode User Guidelines This command is the same as creatin...

Page 383: ...the class map Global Configuration mode command and its subcommands To delete a class map use the no form of this command NOTE All class map commands are available only when the switch is in QoS advanced mode Syntax class map class map name match any no class map class map name Parameters class map name The class map name match any Optional Performs a logical OR of the criteria of ACLs belonging t...

Page 384: ...ring the Class map Configuration mode the following configuration commands are available do Run the EXEC commands in the Class map Configuration mode end End the current mode and return to the Privileged EXEC mode exit Exit the Class map Configuration mode and return to the Global Configuration mode match Configure the match criteria to classify traffic no Remove a match statement from a class map...

Page 385: ...ass1 contains an ACL called enterprise Only traffic matching all criteria in enterprise belongs to the class map switchxxxxxx config class map class1 switchxxxxxx config cmap match access group enterprise police To define a policer for classified traffic use the police Policy map Class Configuration mode command This command defines another group of actions for the policy map per class map To remo...

Page 386: ...epresents the speed with which the token is added to the bucket Example The following example defines a policer for classified traffic When the traffic rate exceeds 124 000 kbps the packet is dropped The class is called class1 and is in a policy map called policy1 switchxxxxxx config policy map policy1 switchxxxxxx config pmap class class1 switchxxxxxx config pmap c police 124000 exceed action dro...

Page 387: ...ollowing example applies the aggregate policer called Policer1 to a class called class1 in a policy map called policy1 and class2 in policy map policy2 switchxxxxxx config qos aggregate policer policer1 124000 exceed action drop switchxxxxxx config policy map policy1 switchxxxxxx config pmap class class1 switchxxxxxx config pmap c police aggregate policer1 switchxxxxxx config pmap c exit switchxxx...

Page 388: ...created added to or modified before configuring policies for classes whose match criteria are defined in a class map Entering the Policy map Global Configuration mode also enables configuring or modifying the class policies for that policy map Class policies in a policy map can be configured only if the classes have match criteria defined for them Policy map is applied on the ingress path The matc...

Page 389: ...eues are assured forwarding according to the WRR weights If the number of queues is set to 8 all queues are expedited SP queues Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines An expedite queue is a Strict Priority SP queue which is serviced until empty before the other lower priority queues are serviced The weighted round robin WRR weigh...

Page 390: ...nal and relevant for advanced mode only Indicates that the packets which are not classified by policy map rules to a QoS action are mapped to egress queue 0 This is the default setting in advanced mode ports trusted Optional and relevant for advanced mode only Indicates that the packets which are not classified by policy map rules to a QoS action are mapped to an egress queue based on the packet s...

Page 391: ...ult setting use the no form of this command Syntax qos advanced mode trust cos cos dscp dscp ip precedence no qos advanced mode trust Parameters cos Classifies ingress packets with the packet CoS values For untagged packets the port default CoS is used cos dscp Classifies ingress packets with the packet DSCP values for IP packets For other packet types use the packet CoS values dscp Classifies ing...

Page 392: ...s that can be applied to multiple traffic classes within the same policy map use the qos aggregate policer Global Configuration mode command To remove an existing aggregate policer use the no form of this command NOTE This command is only available when the switch is in QoS advanced mode Syntax qos aggregate policer name committed rate kbps exceed action drop forward no qos aggregate policer name ...

Page 393: ...olicing purposes An aggregate policer can be applied to multiple classes in the same policy map An aggregate policer cannot be deleted if it is being used in a policy map The no police aggregate Policy map Class Configuration mode command must first be used to delete the aggregate policer from all policy maps before using the no mls qos aggregate policer command Policing uses a token bucket algori...

Page 394: ...ed and the packet is untagged then the default CoS value becomes the CoS value Range 0 to 7 Default Configuration The default CoS value of an interface is 0 Command Mode Interface Configuration mode User Guidelines Use the default CoS value to assign a CoS value to all untagged packets entering the interface Example switchxxxxxx config interface gi5 switchxxxxxx config if qos cos 5 qos map cos que...

Page 395: ...tion CoS to Queue mapping matrix Command Mode Global Configuration mode Example switchxxxxxx config qos map cos queue 2 to 7 qos map dscp queue To configure the DSCP to CoS map use the qos map dscp queue Global Configuration mode command Syntax qos map dscp queue dscp list to queue id Parameters dscp list Up to eight DSCP values separated by spaces to map to the specified queue number Range 0 to 6...

Page 396: ...eue map use the qos map precedence queue Global Configuration mode command Syntax qos map precedence queue ip precedence list to queue id Parameters ip precedence list Up to eight IP precedence values separated by spaces to map to the specified queue number Range 0 to 7 to queue id Specifies the queue number to which the IP precedence values are mapped Default Configuration IP precedence to queue ...

Page 397: ...ue to CoS map use the qos map queue cos Global Configuration mode command Syntax qos map queue cos queue list to cos id Parameters queue list Up to eight queue numbers to map to the specified CoS value Range 1 to 8 to cos id Specifies the CoS value to which the queue values are mapped Default Configuration Queue to CoS mapping matrix Command Mode Global Configuration mode Example switchxxxxxx conf...

Page 398: ...ers to map to the specified DSCP values Range 1 to 8 to dscp id Specifies the DSCP values to which the queue values are mapped Default Configuration Queue to DSCP mapping matrix Command Mode Global Configuration mode Example switchxxxxxx config qos map queue dscp 7 to 50 qos map queue precedence To configure the queue to precedence map use the qos map queue precedence Global Configuration mode com...

Page 399: ...e Global Configuration mode Example switchxxxxxx config qos map queue precedence 8 to 7 qos remark To configure the remarking state of each interface use the qos remark Interface Configuration mode command To revert to its default setting use the no form of this command Syntax qos remark cos dscp ip precedence no qos remark cos dscp ip precedence Parameters cos Remarks the ingress packets with the...

Page 400: ...ion mode command To revert to its default setting use the no form of this command NOTE This command is available only when the switch is in QoS basic mode Syntax qos trust cos cos dscp dscp ip precedence no qos trust Parameters cos Classifies the ingress packets with packet CoS value Untagged packets are classified with the default port CoS value cos dscp Classifies the ingress packets with packet...

Page 401: ...ort is trusted and which fields of the packet to use to classify traffic When the switch is configured with trust DSCP the traffic is mapped to the queue by the DSCP to queue map When the switch is configured with trust CoS the traffic is mapped to the queue by the CoS to queue map Example switchxxxxxx config qos trust cos qos trust Interface To enable the trust state on an interface when the swit...

Page 402: ...map from an interface use the no form of this command NOTE This command is available only when the switch is in QoS advanced mode Syntax service policy input policy map name no service policy input Parameters input policy map name Specifies the policy map to apply to the input interface Command Mode Interface Configuration Ethernet port channel mode User Guidelines Only one policy map per interfac...

Page 403: ...tion mode User Guidelines The set and trust commands are mutually exclusive within the same policy map To return to the Global Configuration mode use the exit command To return to the Privileged EXEC mode use the end command Example The following example creates an ACL places it into a class map places the class map into a policy map and sets the DSCP value in the packet to 56 for classes in the p...

Page 404: ...ss map name Parameters class map name Optional The class map name Command Mode Privileged EXEC mode Example switchxxxxxx show class map class1 Class Map match any class1 id4 Match IP dscp 11 21 show policy map To show information for all policy maps or for a specific policy map use the show policy map Privileged EXEC mode command NOTE This command is available only when the switch is in QoS advanc...

Page 405: ...n drop class class3 police 124000 exceed action policed dscp transmit show policy map interface To show the policy map that is applied to an interface use the show policy map interface Privileged EXEC mode command Syntax show policy map interface interface id Parameters interface id An interface ID or a list of interface IDs The interface can be one of these types Ethernet port or port channel Com...

Page 406: ...s Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Examples Example 1 The following example displays QoS attributes when the switch is in QoS basic mode switchxxxxxx show qos Basic trust dscp Qos basic Example 2 The following example displays QoS attributes when the switch is in QoS advanced mode switchxxxxxx show qos QoS Mode advanced Advanced mode trust type cos Advance...

Page 407: ...te policer name Parameters aggregate policer name Optional The aggregate policer name Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show qos aggregate policer policer1 aggregate policer policer1 96000 exceed action drop show qos interfaces To show the QoS configuration on all interfaces or on an interface use the show qos interfaces Privileged EXEC mode command S...

Page 408: ...how qos map To show information for various types of QoS mapping use the show qos map Privileged EXEC mode command Syntax show qos map cos queue dscp queue ip precedence queue queue cos queue dscp queue precedence Parameters cos queue Optional Displays the CoS to queue mapping dscp queue Optional Displays the DSCP to queue mapping ip precedence queue Optional Displays the IP precedence to queue ma...

Page 409: ...mappings d1 d2 0 1 2 3 4 5 6 7 8 9 0 1 1 1 1 1 1 1 1 2 2 1 2 2 2 2 2 2 3 3 3 3 2 3 3 3 3 4 4 4 4 4 4 3 4 4 5 5 5 5 5 5 5 5 4 6 6 6 6 6 6 6 6 7 7 5 7 7 7 7 7 7 8 8 8 8 6 8 8 8 8 IP Precedence to Queue mappings IP Precedence 0 1 2 3 4 5 6 7 Queue 2 1 3 4 5 6 7 8 Queue to CoS mappings Queue 1 2 3 4 5 6 7 8 CoS 1 0 2 3 4 5 6 7 Queue to DSCP mappings Queue 1 2 3 4 5 6 7 8 DSCP 0 8 16 24 32 40 48 56 Que...

Page 410: ...yntax show qos queueing Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show qos queueing qid weights Ef Priority 1 N A ena 1 2 N A ena 2 3 N A ena 3 4 N A ena 4 5 N A ena 5 6 N A ena 6 7 N A ena 7 8 N A ena 8 show rate limit vlan To show the port rate limit for a specific VLAN or for all VLANs use the show rate limit vlan Prvileged EXEC mode command Syntax show rate limit vl...

Page 411: ...erface Configuration mode command To disable the shaper use the no form of this command Syntax traffic shape burst queue committed burst no traffic shape Parameters queue Optional The queue number to which the shaper is assigned committed burst The maximum permitted excess burst size CBS in bytes Range 128 to 56319 bytes Default Configuration The default shaper burst is 768 bytes Command Mode Inte...

Page 412: ...ic transmit rate Tx rate To disable the shaper use the no form of this command Syntax traffic shape committed rate no traffic shape Parameters committed rate The maximum average traffic rate in 16 kbits per second kbps Range 16 to 1000000 kbps Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet port channel mode Example The following example sets a traffic sh...

Page 413: ...d rate no traffic shape queue queue id Parameters queue id The queue number to which the shaper is assigned Range 1 to 8 committed rate The average traffic rate in 16 kbits per second kbps Range 16 to 1000000 Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet port channel mode Example The following example sets a shaper on queue 1 when the average traffic ra...

Page 414: ...he QoS trust behavior for certain traffic from others For example incoming traffic with certain DSCP values can be trusted A class map can be configured to match and trust the DSCP values in incoming traffic The type of trust is determined in the qos advanced mode trust command Trust values set with this command supersede trust values set on specific interfaces with the qos trust Interface Interfa...

Page 415: ...map c1 switchxxxxxx config cmap match access group ip1 switchxxxxxx config cmap exit switchxxxxxx config policy map p1 switchxxxxxx config pmap class c1 switchxxxxxx config pmap c trust rate limit Interface To limit the incoming traffic rate on an interface use the rate limit Interface Configuration mode command To disable the rate limit on an interface use the no form of this command Syntax rate ...

Page 416: ...sable the rate limit for a VLAN use the no form of this command Syntax rate limit committed rate vlan vlan id no rate limit vlan vlan id Parameters committed rate The average traffic rate CIR in kbps Range 16 to 1000000 vlan vlan id Specifies the VLAN ID Default Configuration Rate limiting is disabled Command Mode Global Configuration mode User Guidelines Traffic policing in a policy map takes pre...

Page 417: ...h value by a space Range for each weight 1 to 127 Default Configuration WRR is disabled by default The default WRR weight is 1 for all queues Command Mode Global Configuration mode User Guidelines The weight ratio determines the frequency at which the packet scheduler removes packets from each queue The ratio for each queue is defined as the queue weight divided by the sum of all queue weights the...

Page 418: ...he expedite queues whose corresponding weight is not used in the ratio calculation An expedite SP queue is a priority queue which is serviced until empty before the other queues are serviced The expedite queues are designated by the priority queue out num of queues command Example switchxxxxxx config priority queue out num of queues 4 switchxxxxxx config wrr queue bandwidth 6 6 6 6 ...

Page 419: ...Y Optional Specifies the key string used for authenticating and encrypting the RADIUS attributes communicated between the switch and the RADIUS server This key must match the encryption used on the RADIUS daemon To specify an empty string enter Length 0 to 128 characters retransmit retries Optional Specifies the number of transmitted requests that are sent to the RADIUS server before a failure is ...

Page 420: ...tional Specifies the UDP port number of the RADIUS server for accounting requests If the UDP port number is set to 0 the host is not used for accounting Range 0 to 65535 auth port auth port number Optional Specifies the UDP port number of the RADIUS server for authentication requests If the UDP port number is set to 0 the host is not used for authentication Range 0 to 65535 key key string Optional...

Page 421: ...ng users that want to administer the switch Default Configuration The default authentication port number is 1812 If timeout is not specified the global value set in the radius server default param command is used If retransmit is not specified the global value set in the radius server default param command is used If key string is not specified the global value set in the radius server default par...

Page 422: ...t Retries Timeout Usage Type Key 1 10 193 22 1 1812 3 3 All The following table describes the significant fields shown in the example Field Description Prio Priority of the RADIUS server where 0 has the highest priority IP Address IP address or hostname of the RADIUS server Auth Port UDP port number of the RADIUS server for authentication requests The value of zero indicates that the host is not u...

Page 423: ...XEC mode Example switchxxxxxx show radius server default param Retries Timeout Key 3 3 Usage Type Authentication type of the RADIUS server The possible values are 802 1x The RADIUS server is used for 802 1x port authentication all The RADIUS server is used for user login authentication and 802 1x port authentication login The RADIUS server is used for user login authentication authenticating users...

Page 424: ...e example Field Description Retries Default number of requests that are sent to the RADIUS server before a failure is considered to have occurred Timeout Default number of seconds that the switch waits for an answer from the RADIUS server before retrying the query or switching to the next server Key Default key for authenticating and encrypting the RADIUS communications between the switch and the ...

Page 425: ...tistics Privileged EXEC mode command Syntax clear rmon statistics interfaces interface id Parameters interfaces interface id Optional Specifies an interface or a list of interfaces to be sampled Command Mode Privileged EXEC mode Example The following example clears the RMON statistics for port 1 switchxxxxxx clear rmon statistics interfaces gi1 rmon alarm To configure a RMON alarm use the rmon ala...

Page 426: ...pkts Broadcast packets collisions Collision crc align errors CRC alignment error drop events Total number of events received in which the packets were dropped fragments Total number of packet fragment jabbers Total number of packet jabber multicast pkts Multicast packets octets Octets oversize pkts Number of oversized packets pkts Number of packets pkts1024to1518octets Number of packets size 1024 ...

Page 427: ...threshold alarm Range 0 to 2147483647 falling event The index of the event triggered when a falling threshold is crossed Range 0 to 65535 startup rising rising falling falling Specifies the alarm that may be sent when this entry becomes valid The possible values are rising A single rising alarm is generated if the first sample after this entry becomes valid is greater than or equal to the rising t...

Page 428: ... trap COMMUNITY description DESCRIPTION owner NAME no rmon event index Parameters index The event index Range 1 to 65535 log Specifies that a notification entry is generated in the log table by the switch for this event trap COMMUNITY Specifies that an SNMP trap community is sent to one or more management stations by the switch for this event log trap COMMUNITY Specifies that an entry is generated...

Page 429: ...the rmon history Global Configuration command To remove a RMON history use the no form of this command Syntax rmon history index interface interface id buckets bucket number interval seconds owner NAME no rmon history index Parameters index The history index Range 1 to 65535 interface interface id Specifies the interface to be sampled buckets bucket number Optional Specifies the maximum number of ...

Page 430: ...ets 50 interval 300 owner john show rmon alarm To display information for a specific RMON alarm or for all RMON alarms use the show rmon alarm Privileged EXEC mode command Syntax show rmon alarm all index Parameters all Displays all alarms index Information for a specific RMON alarm Range 1 to 65535 Command Mode Privileged EXEC mode Example The following example displays information of the RMON al...

Page 431: ...ple Type Method of sampling the variable and calculating the value compared against the thresholds If the value is absolute the variable value is compared directly with the thresholds at the end of the sampling interval If the value is delta the variable value at the last sample is subtracted from the current value and the difference is compared with the thresholds Startup Alarm Alarm that is sent...

Page 432: ...C mode Example The following example displays all entries in the RMON event table switchxxxxxx show rmon event all Rmon Event Index 10 Rmon Event Type Log Rmon Event Community Rmon Event Description Rmon Event Last Sent 0 0 00 00 00 Rmon Event Owner Falling Threshold Sampled statistic falling threshold When the current sampled value is less than or equal to this threshold and the value at the last...

Page 433: ...n the RMON log table switchxxxxxx show rmon event 1 log Maximum table size 500 800 after reset Field Description Index Unique index that identifies this event Type Type of notification that the device generates about this event The available values are none log trap and log trap In the case of log an entry is made in the log table for each event In the case of trap a SNMP trap is sent to one or mo...

Page 434: ...n history Privileged EXEC mode command Syntax show rmon history all index statistic Parameters all Displays all histories index The set of samples Range 1 to 65535 statistic Optional Displays the statistics for a specific RMON history Command Mode Privileged EXEC mode Example The following example displays all RMON histories switchxxxxxx show rmon history all Rmon History Index 1 Rmon Collection I...

Page 435: ...rt channel Command Mode Privileged EXEC mode Example The following example displays the RMON statistics for fa1 switchxxxxxx show rmon statistics interfaces gi1 Port gi1 etherStatsDropEvents 0 etherStatsOctets 178566 etherStatsPkts 2261 etherStatsBroadcastPkts 299 etherStatsMulticastPkts 147 etherStatsCRCAlignErrors 0 etherStatsUnderSizePkts 0 etherStatsOverSizePkts 0 Index The history index Colle...

Page 436: ...ta including those in bad packets received on the network excluding framing bits but including FCS octets Packets Total number of packets including bad packets broadcast packets and multicast packets received Broadcast Packets Total number of good packets received and directed to the broadcast address This does not include multicast packets Multicast Packets Total number of good packets received a...

Page 437: ... a non integral number of octets Alignment Error Collisions Best estimate of the total number of collisions on this Ethernet segment 64 Octets Total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets Total number of packets including bad packets received that are between 65 and 127 octets in length inclusiv...

Page 438: ...rt Plus Switches Command Line Interface Reference Guide Release 1 0 0 x 388 30 1024 to 1518 Octets Total number of packets including bad packets received that were between 1024 octets and 1518 octets in length inclusive excluding framing bits but including FCS octets ...

Page 439: ... tcphdr min check udpblat deny xma deny security suite dos icmp ping max length MAX_LEN security suite dos ipv6 min frag size length MIN_LEN security suite dos smurf netmask MASK security suite dos tcphdr min length HDR_MIN_LEN no security suite dos daeqsa deny icmp frag pkts deny icmpv4 ping max check icmpv6 ping max check ipv6 min frag size check land deny nullscan deny pod deny smurf deny syn s...

Page 440: ...YN and RST bits set tcp frag off min check Drops the TCP fragment packets with offset equals to one tcpblat deny Drops TCP fragment packets with offset equals to one tcphdr min check Checks the minimum TCP header and drops the TCP packets with the header smaller than the minimum size udpblat deny Drops the packets if the source UDP port equals to the destination UDP port xma deny Drops the packets...

Page 441: ...owing example enables checking the minimum size of IPv6 fragments and sets the minimum fragment size to 1000 bytes switchxxxxxx config security suite dos ipv6 min frag size check switchxxxxxx config security suite dos ipv6 min frag size length 1000 security suite dos Interface To enable DoS protections on an interface use the security suite dos Interface Configuration Ethernet mode command To disa...

Page 442: ...e gratuitous ARP protection on an interface use the security suite ip gratuitous arps Interface Configuration Ethernet mode command To disable this feature on an interface use the no form of this command Syntax security suite dos ip gratuitous arps no security suite dos ip gratuitous arps Parameters N A Default Configuration Disabled Command Mode Interface Configuration Ethernet mode Example switc...

Page 443: ... show security suite dos Type State Length DMAC equal to SMAC enabled Land DIP SIP enabled UDP Blat DPORT SPORT enabled TCP Blat DPORT SPORT enabled POD Ping of Death enabled IPv6 Min Fragment Size enabled 1000 Bytes ICMP Fragment Packets enabled IPv4 Ping Max Packet Size enabled 512 Bytes IPv6 Ping Max Packet Size enabled 512 Bytes Smurf Attack enabled Netmask Length 0 TCP Min Header Length enabl...

Page 444: ...tuitous ARP protection status per interface use the show security suite dos interfaces Privileged EXEC Mode command Syntax show security suite dos interfaces interface id Parameters interface id An interface ID or a list of interface IDs Command Mode Privileged EXEC Mode Example switchxxxxxx show security suite interface gi1 3 Port DoS Protection Gratuitous ARP gi1 enabled enabled gi2 disabled dis...

Page 445: ...ver To show the Simple Network Management Protocol SNMP service status use the show snmp server Privileged EXEC mode command Syntax show snmp server Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show snmp server SNMP is enabled System Contact test System Location test_location ...

Page 446: ...er community Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show snmp server community Commnunity Name Group Name View Access test all ro Total Entries 1 The following table describes the significant fields shown in the example Field Description Commnunity Name SNMP community name Group name SNMP group associated with the SNMP community to determine the access rights View SN...

Page 447: ...erver engineid Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show snmp engineid Local SNMPV3 Engine id 00036D001000 IP address Remote SNMP engineID 192 168 1 55 00036D10000A Total Entries 1 Access Community access level The options are ro Read Only Management access is restricted to read only Changes cannot be made to the community rw Read Write Management access is read wr...

Page 448: ...e show snmp server group Privileged EXEC mode command Syntax show snmp server group Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show snmp server group Group Name Model Level ReadView WriteView NotifyView testgroup v1 noauth all all all Total Entries 1 Field Description Local SNMPV3 Engine id Local SNMP engine ID of the switch IP address IP addres...

Page 449: ...MP Group name Model SNMP version in use v1 v2c or v3 Level Packet authentication with encryption Applicable to SNMPv3 security only The options are noauth No packet authentication will be performed auth Packet authentication without encryption will be performed priv Packet authentication with encryption will be performed ReadView SNMP view enabling viewing the agent contents If not specified all o...

Page 450: ...how whether SNMP traps are enabled or disabled on the switch use the show snmp server trap Privileged EXEC mode command Syntax show snmp server trap Parameters N A Field Description Server IP address or hostname of the SNMP notification recipient Community Name SNMP community of the trap manager Notification Version SNMP version for SNMP traps Notification Type Send traps or informs to the recipie...

Page 451: ...P linkUpDown trap Enable SNMP warm start trap Enable SNMP cold start trap Enable SNMP port security trap Enable show snmp server view To show all SNMP views defined on the switch use the show snmp server view Privileged EXEC mode command Syntax show snmp server view Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show snmp server view View Name Subtr...

Page 452: ... Privileged EXEC mode command Syntax show snmp server user Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show snmp server user Username snmpuser Password Access GroupName snmpgroup Authentication Protocol md5 Encryption Protocol none Field Description View Name SNMP view name Subtree OID Subtree Object ID All descendents of this node are included o...

Page 453: ...e MD5 protocol to authenticate the SNMP user sha Use the SHA Secure Hash Algorithm protocol to authenticate the SNMP user Encryption Protocol Encryption protocol to encrypt the authentication password Access SecLevel Security level attached to the group The available options are noauth No Authentication and No Privacy Neither the Authentication nor the Privacy security levels are assigned to the g...

Page 454: ...erver Parameters N A Default Configuration N A Command Mode Global Configuration mode Example switchxxxxxx config snmp server snmp server community To define an SNMP community that permits access to SNMP commands v1 and v2 use the snmp server community Global Configuration mode command To delete an SNMP community use the no form of this command Syntax snmp server community community string view vi...

Page 455: ... the objects available to the community Range 1 to 30 characters Default Configuration No SNMP community is defined Command Mode Global Configuration mode User Guidelines To associate communities with access rights directly basic mode use the snmp server community community string view view name ro rw command The view name value is used to restrict the access rights of a community string When a vi...

Page 456: ...e defines an SNMP community comm1 and associates it with the group abcd switchxxxxxx config snmp server community comm1 group abcd snmp server contact To set the system contact use the snmp server contact Global Configuration mode command Syntax snmp server contact contact Parameters contact The system contact name Length 0 to 256 characters Default Configuration No contact name is defined Command...

Page 457: ...al number must be divided by 2 Default Configuration The default SNMP engine ID is based on the MAC address of the switch Command Mode Global Configuration mode Example switchxxxxxx config snmp server engineid 00036D001122 snmp server engineid remote To define a remote host for the SNMP engine use the snmp server engineid remote Global Configuration mode command Syntax snmp server engineid remote ...

Page 458: ...3 noauth auth priv read view readview write view writeview notify view notifyview no snmp server group groupname v1 v2c v3 noauth auth priv Parameters groupname The SNMP group name Length 1 to 30 characters v1 v2c v3 Specifies the SNMP version noauth Specifies that no packet authentication will be performed Applicable only to the SNMP version 3 security model auth Specifies that packet authenticat...

Page 459: ...w value is not specified the notify view is not defined If the readview value is not specified all objects except for the community table SNMPv3 user and access tables are available for retrieval If the writeview value is not specified the write view is not defined Command Mode Global Configuration mode User Guidelines The group defined in this command is used in the snmp server user command to ma...

Page 460: ... 1 SNMPv1 traps are used 2c SNMPv2 traps or informs are used 3 SNMP version 3 is used noauth Optional Specifies that no packet authentication will be performed Applicable only to the SNMP version 3 security model auth Optional Specifies that packet authentication without encryption will be performed Applicable only to the SNMP version 3 security model priv Optional Specifies that packet authentica...

Page 461: ...snmp server view commands to create a SNMP user a SNMP group or a SNMP view Example switchxxxxxx config snmp server host 1 1 1 121 abc snmp server location To set the system location use the snmp server location Global Configuration mode command Syntax snmp server location location Parameters location The system location Length 0 to 256 characters Default Configuration No location name is defined ...

Page 462: ...tart Parameters auth Optional Enables the SNMP authentication failure trap cold start Optional Enables the SNMP bootup cold startup trap linkUpDown Optional Enables the SNMP link up and down trap port security Optional Enables the port security trap warm start Optional Enables the SNMP bootup warm startup trap Default Configuration SNMP auth cold start warm start port security and linkUpDown traps...

Page 463: ... in the snmp server host command groupname Specifies the SNMP group to which the SNMP user belongs The SNMP group should be configured using the snmp server group command with v1 or v2c parameters Range 1 to 30 characters auth md5 sha Optional Specifies the protocol to authenticate the SNMP user The options are md5 Uses the HMAC MD5 96 authentication protocol Sha Uses the HMAC SHA 96 authenticatio...

Page 464: ...g of numbers such as 1 3 6 2 4 or a word such as System and optionally a sequence of numbers Replace a single subidentifier with the asterisk wildcard to specify a subtree family for example 1 3 4 This parameter depends on the MIB being specified oid mask all MASK Specifies the family mask It is used to define a family of view subtrees For example OID mask is 11111010 10000000 The length of the OI...

Page 465: ...tches Command Line Interface Reference Guide Release 1 0 0 x 449 32 Example switchxxxxxx config ssnmp server view agon subtree 1 3 6 1 oid mask all viewtype included switchxxxxxx config snmp server view userview subtree 1 3 6 1 2 oid mask 1111110 viewtype excluded ...

Page 466: ...pecific interface use the clear spanning tree detected protocols Interface Configuration mode command Syntax clear spanning tree detected protocols interfaces interface id Parameters interfaces interface id An interface ID or a list of interface IDs Default Configuration N A Command Mode Interface Configuration Ethernet port channel mode User Guidelines This feature can only be used when the switc...

Page 467: ...nstance To specify a range use a hyphen To specify a series use a comma Range 1 to 4094 Default Configuration All VLANs are mapped to the Common and Internal Spanning Tree CIST instance instance 0 Command Mode MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MSTP instance are mapped to the CIST instance instance 0 and cannot be unmapped from the CIST For two or...

Page 468: ... no name Parameters string The MSTP instance name Length 1 to 32 characters Default Configuration The default MSTP name is the bridge MAC address Command Mode MST Configuration mode Example switchxxxxxx config spanning tree mst configuration switchxxxxxx config mst name region1 revision MST To define the revision number for current MSTP configuration use the revision MST Configuration mode command...

Page 469: ...5 Default Configuration The default revision number is 0 Command Mode MST Configuration mode Example switchxxxxxx config spanning tree mst configuration switchxxxxxx config mst revision 1 show spanning tree To show the STP configuration use the show spanning tree Privileged EXEC mode command Syntax show spanning tree Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Exampl...

Page 470: ...Type fa22 enabled 128 22 19 Frw Desg No P2P STP show spanning tree interfaces To show the STP statistics for specific interfaces use the show spanning tree interfaces Privileged EXEC mode command Syntax show spanning tree interfaces interface id statistic Parameters interface id An interface ID or a list of interface IDs The interface can be one of these types Ethernet port or port channel statist...

Page 471: ...i1 switchxxxxxx show spanning tree interfaces gi1 statistic STP Port Statistic Port fa1 Configuration BDPUs Received 0 TCN BDPUs Received 8 MSTP BDPUs Received 15 Configuration BDPUs Transmitted 86696 TCN BDPUs Transmitted 0 MSTP BDPUs Transmitted 0 show spanning tree mst To show the MSTP instance information use the show spanning tree mst Privileged EXEC mode command Syntax show spanning tree mst...

Page 472: ...hanges 4 Last Topology Change 0 VLANs mapped 1 4094 Interface Role Sts Cost Prio Nbr Type gi1 Desg FWD 200000 128 1 P2P STP show spanning tree mst configuration To show the MSTP instance configuration use the show spanning tree mst configuration Privileged EXEC mode command Syntax show spanning tree mst configuration Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show spanni...

Page 473: ...rfaces interface id Parameters instance id The MSTP instance ID Range 0 to 15 interface id An interface ID or a list of interface IDs The interface can be one of these types Ethernet port or port channel Command Mode Privileged EXEC mode Example switchxxxxxx show spanning tree mst 1 interfaces gi1 MST Port Information Instance Type MSTI 1 Port Identifier 128 1 Internal Path Cost 0 200000 Regional ...

Page 474: ...nning tree Parameters N A Default Configuration STP is enabled Command Mode Global Configuration mode Example switchxxxxxx config spanning tree spanning tree bpdu Global To define Bridge Protocol Data Unit BPDU handling when STP is disabled globally use the spanning tree bpdu Global Configuration mode command To revert to its default setting use the no form of this command Syntax spanning tree bpd...

Page 475: ... switchxxxxxx config spanning tree bpdu flooding spanning tree bpdu filter Interface To define BPDU filtering when STP is enabled globally or on a single interface use the spanning tree bpdu filter Interface Configuration mode command To revert to its default setting use the no form of this command Syntax spanning tree bpdu filter disable enable no spanning tree bpdu filter Parameters disable Spec...

Page 476: ... a BPDU use the spanning tree bpdu guard Interface Configuration mode command To revert to its default setting use the no form of this command Syntax spanning tree bpdu guard disable enable no spanning tree bpdu guard Parameters disable Disables BPDU guard enable Enables BPDU guard Default Configuration BPDU guard is disabled Command Mode Interface Configuration Ethernet port channel mode User Gui...

Page 477: ...ntax spanning tree cost cost no spanning tree cost Parameters cost The port path cost Range 0 to 200000000 0 indicates Auto Default Configuration The default path cost is determined by the port speed and the path cost method long or short Command Mode Interface Configuration Ethernet port channel mode Example The following example configures the STP path cost on fa15 to 35000 switchxxxxxx config i...

Page 478: ...rm of this command Syntax spanning tree forward time seconds no spanning tree forward time Parameters seconds The STP forward delay time Range 4 to 30 seconds Default Configuration 15 seconds Command Mode Global Configuration mode User Guidelines When configuring the forwarding time the following relationship should be maintained 2 Forward Time 1 Max Age Example switchxxxxxx config spanning tree f...

Page 479: ...figuring the hello time the following relationship should be maintained Max Age 2 Hello Time 1 Example switchxxxxxx config spanning tree hello time 5 spanning tree link type Interface To specify the RSTP link type for an interface use the spanning tree link type Interface Configuration mode command To revert to its default setting use the no form of this command Syntax spanning tree link type poin...

Page 480: ...priority To configure the priority of a port use the spanning tree mst port priority Interface Configuration mode command To revert to its default setting use the no form of this command Syntax spanning tree mst instance id port priority priority no spanning tree mst instance id port priority Parameters instance id The spanning tree instance ID Range 0 to 15 priority The port priority Range 0 to 2...

Page 481: ...he number of hops in an MSTP region before BDPU is discarded and the port information is aged out use the spanning tree max hops Global Configuration mode command To revert to its default setting use the no form of this command Syntax spanning tree max hops hop count no spanning tree max hops Parameters hop count The number of hops in an MSTP region before BDPU is discarded Range 1 to 40 Default C...

Page 482: ...o its default setting use the no form of this command Syntax spanning tree max age seconds no spanning tree max age Parameters seconds The interval in seconds that the switch can wait without receiving a configuration message before attempting to redefine its own configuration Range 6 to 40 Default Configuration The default value is 20 seconds Command Mode Global Configuration mode User Guidelines...

Page 483: ...ic STP mode Default Configuration The default mode is classic STP Command Mode Global Configuration mode User Guidelines In the RSTP mode the switch uses STP when the neighbor device uses STP In the MSTP mode the switch uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP Example switchxxxxxx config spanning tree mode mstp spanning tree mst configuration To e...

Page 484: ...xx config mst revision 1 spanning tree mst cost To configure the path cost for MSTP calculations use the spanning tree mst cost Interface Configuration mode command If a loop occurs the STP considers the path cost when selecting an interface to put in the Forwarding state To revert to its default setting use the no form of this command Syntax spanning tree mst instance id cost cost no spanning tre...

Page 485: ...and To revert to its default setting use the no form of this command Syntax spanning tree mst instance id priority priority no spanning tree mst instance id priority Parameters instance id The STP instance ID Range 0 to 15 priority The priority for the specified STP instance This setting ensures the probility that the switch is selected as the root switch A lower value increases the probability th...

Page 486: ...ning tree pathcost method Global Configuration mode command Syntax spanning tree pathcost method long short Parameters long The default port path costs are within the range 1 through 200 000 000 short The default port path costs are within the range 1 through 65 535 Default Configuration Short path cost method Command Mode Global Configuration mode User Guidelines This command applies to all STP i...

Page 487: ...n mode command To disable the PortFast mode on an interface use the no form of this command Syntax spanning tree portfast no spanning tree portfast Parameters N A Default Configuration The PortFast mode is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines In the PortFast mode the interface is immediately put into the forwarding state upon linkup without waiti...

Page 488: ...rity Parameters priority The port priority Range 0 to 240 Default Configuration The default port priority is 128 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The priority value must be a multiple of 16 Example switchxxxxxx config interface gi15 switchxxxxxx config if spanning tree port priority 96 spanning tree priority To configure the device STP priority used t...

Page 489: ... the root of the STP When more than one switch has the lowest priority the switch with the lowest MAC address is selected as the root Example switchxxxxxx config spanning tree priority 12288 spanning tree tx hold count To set the Tx Hold Count used to limit the maximum transmission packet number per second use the spanning tree tx hold count Global Configuration mode command To revert to its defau...

Page 490: ...ning tree tx hold count Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1 0 0 x 440 33 Command Mode Global Configuration mode Example switchxxxxxx config spanning tree tx hold count 5 ...

Page 491: ...on mode block disabled report Parameters block Blocks the TCP SYN traffic from attacking ports destined to the local system and generates a rate limited syslog message disabled Disables the SYN protection feature report Reports for the SYN protection feature about TCP SYN traffic per port including rate limited syslog message when an attack is identified Default Configuration The default mode is b...

Page 492: ...ed gets unblocked Note that if a SYN attack is still active on this interface it may become blocked again Range 10 to 600 seconds Default Configuration The default timeout is 60 seconds Command Mode Global Configuration mode User Guidelines If the timeout is modified the new value is only used on interfaces that are not currently under attack Example The following example sets the SYN protection a...

Page 493: ...s per second Command Mode Global Configuration mode Example The following example sets the SYN protection threshold to 40 packets per second switchxxxxxx config security suite syn protection threshold 40 show security suite syn protection To show the SYN protection settings and the operational status per interface use the show security suite syn protection Privileged EXEC Mode command Syntax show ...

Page 494: ...age is generated Disabled The SYN protection feature is disabled Report The TCP SYN traffic from attacking ports destined to the local system is blocked and a rate limited syslog message is generated The SYN protection feature reports about TCP SYN traffic per port including rate limited syslog message when an attack is identified Threshold Number of packets per second from a specific port that tr...

Page 495: ...fered file Parameters buffered Clears the log messages stored in RAM file Clears the log messages stored in flash Command Mode Privileged EXEC mode Example The following example clears the log messages stored in RAM switchxxxxxx clear logging buffered logging host To define a remote SYSLOG server where log messages are sent using the SYSLOG protocol use the logging host Global Configuration mode c...

Page 496: ...cal2 local3 local4 local5 local 6 and local7 The default is local7 port port Optional Specifies the port number for SYSLOG messages The default port number is 514 Range 0 to 65535 severity level Optional Specifies the severity of log messages sent to the SYSLOG server The optional severity levels are 0 7 Minimum severity 0 7 EMEGR DEBUG emergencies System is unusable alerts Immediate action needed...

Page 497: ...sable logging on the switch use the no form of this command Syntax logging on no logging on Parameters N A Default Configuration Message logging is enabled Command Mode Global Configuration mode User Guidelines This command sends debug or error messages asynchronously to the designated locations The logging process controls the logging message distribution at various destinations such as the loggi...

Page 498: ...d console file severity severity_level Parameters buffered Stores the messages in the RAM console Stores the messages on the console file Stores the messages in flash memory severity_level Optional The severity level of messages logged in the buffer The optional severity levels are 0 7 Minimum severity 0 7 EMEGR DEBUG emergencies System is unusable alerts Immediate action needed severity 1 critica...

Page 499: ...ng messages to RAM and flash as debugging switchxxxxxx config logging buffered severity 7 show logging To display the logging status and SYSLOG messages stored in the internal buffer use the show logging Privileged EXEC mode command Syntax show logging buffered file Parameters buffered Optional Displays the log messages stored in the RAM file Optional Displays the log messages stored in flash memo...

Page 500: ...vileged mode from console with level 15 success 2 Jan 01 14 31 22 AAA info User cisco is authorized with privilege level 15 3 Jan 01 14 31 22 AAA info User cisco login from console success 4 Jan 01 14 20 40 AAA info User cisco enter privileged mode from telnet with level 15 success 5 Jan 01 14 20 38 AAA info User cisco is authorized with privilege level 15 6 Jan 01 14 20 38 AAA info User cisco log...

Page 501: ... STP port state is set to Forwarding 11 Jan 01 00 00 40 STP info Port 1 STP port state is set to Learning 12 Jan 01 00 00 22 System info Sysinfo variable resetdefault is set to value 0 The following table describes the significant fields shown in the example Field Description NO Log entry number Timestamp Time when the log message was generated Category Log facility to which the event belongs Seve...

Page 502: ...bal Configuration mode command Syntax hostname name Parameters name The hostname of the switch Default Configuration N A Command Mode Global Configuration mode Example switchxxxxxx config hostname enterprise enterprise config ping To send ICMP echo request packets to another node on the network use the ping Privileged EXEC mode command Syntax ping ip ipv4 address hostname count packet_count ...

Page 503: ...e following example pings an IP address switchxxxxxx ping ip 10 1 1 1 PING 10 1 1 1 10 1 1 1 56 data bytes 10 1 1 1 ping statistics 4 packets transmitted 0 packets received 100 packet loss Example 2 The following example pings a site switchxxxxxx ping ip yahoo com Pinging yahoo com 66 218 71 198 with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1 ti...

Page 504: ...m 3003 11 icmp_seq 4 time 0 ms 3003 11 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 0 12 50 reload To reload the operating system use the reload Privileged EXEC mode command Syntax reload Parameters N A Default Usage N A Command Mode Privileged EXEC mode Example switchxxxxxx reload Proceed with reload confirm show cpu input rate To show the curre...

Page 505: ...vileged EXEC mode Example switchxxxxxx show cpu input rate Input Rate to CPU is 5 pps show cpu utilization To show the current CPU utilization of the switch use the show cpu utilization Privileged EXEC mode command Syntax show cpu utilization Parameters N A Default Usage N A Command Mode Privileged EXEC mode Example switchxxxxxx show cpu utilization CPU utilization service is on CPU utilization ...

Page 506: ... To show the current memory utilization of the switch use the show memory statistics Privileged EXEC mode command Syntax show memory statistics Parameters N A Default Usage N A Command Mode Privileged EXEC mode Example switchxxxxxx show memory statistics total KB used KB free KB shared KB buffer KB cache KB Mem 127392 40992 86400 0 1376 20344 buffers cache 19272 108120 Swap 0 0 0 ...

Page 507: ...ameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show services tcp udp Type Local IP address Remote IP address Service State tcp 80 http LISTEN tcp6 80 http LISTEN tcp 443 https LISTEN tcp6 443 https LISTEN udp 546 udp6 546 udp 546 udp6 546 udp 5353 bonjour udp6 5353 bonjour The following table describes the significant fields shown in the example Field ...

Page 508: ...yntax show system languages Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show system languages language Name Unicode Name Code Version MD5 English English en_US N A Remote IP Address IP address and port number of the remote end of the socket Service Name of the service State State of the socket Because there are no states in raw mode and usually n...

Page 509: ...ion Cisco Sx220 Series Switch Software Version 1 0 0 16 RELEASE SOFTWARE Copyright c 2014 by Cisco Systems Inc Compiled Tue Mar 19 10 56 27 UTC 2014 ROM Bootstrap program is Sx220 boot loader BOOTLDR Sx220 Boot Loader Version 1 0 0 6 RELEASE SOFTWARE Compiled Mar 19 2014 10 44 25 Switchxxxxxx uptime is 2 days 1 hours 33 mins 0 secs system image is image 1 Processor 700MHz with 128M bytes of memory...

Page 510: ...BhZWE3NDVjY2JhNTNlMDQ0ZWQ 01 secret cisco2 ZGRhYWJmYTBhNDhkNTZmY2NhNDgyYWExZjZlNmIzNGI show users Username Protocol Location cisco console 0 0 0 0 show running config config file header switchxxxxxx v1 0 0 16 CLI v1 0 username cisco secret encrypted ZGZlYWYxMDM5MGU1NjBhZWE3NDVjY2JhNTNlMDQ0ZWQ username cisco2 privilege user secret encrypted ZGRhYWJmYTBhNDhkNTZmY2NhNDgyYWExZjZlNmIzNGI enable passwor...

Page 511: ...ion enable default enable none ip http timeout policy 1 http only mac access list extended mac1 sequence 1 permit any any qos advanced qos map queue cos 2 to 2 class map c1 match any match access group mac1 class map c2 match any match access group mac1 class map c3 match any match access group mac1 interface gi1 interface gi2 interface gi3 interface gi4 interface gi5 interface gi6 interface gi7 i...

Page 512: ...gi12 interface gi13 interface gi14 interface gi15 interface gi16 interface gi17 interface gi18 interface gi19 interface gi20 interface gi21 interface gi22 interface gi23 interface gi24 show interfaces show username To show information about all administrative users use the show username Privileged EXEC mode command Syntax show username Parameters N A ...

Page 513: ...pe User Name Password 15 secret cisco Fz 1T6Qv98Ldo The following table describes the significant fields shown in the example show users To show information about all active users use the show users Privileged EXEC mode command Syntax show users Parameters N A Default Usage N A Field Description Priv Privilege level of the user Type Type of password set for the user User Name Name of the user Pass...

Page 514: ... cisco telnet 192 168 1 111 The following table describes the significant fields shown in the example show version To show the system version use the show version Privileged EXEC mode command Syntax show version Parameters N A Default Usage N A Command Mode Privileged EXEC mode Example Field Description Username Name of the current active user Protocol Interface protocol for the current active use...

Page 515: ...ytes of memory 28 Gigabit Ethernet interfaces 0 Fast Ethernet interfaces 32M bytes of flash memory Base MAC Address 00 E0 4C 86 70 01 IP Address 192 168 1 254 Subnet Mask 255 255 255 0 Model Number SG220 28MP Serial Number PID VID V01 traceroute To show the routes that the packets will take when traveling to their destination use the traceroute Privileged EXEC mode command Syntax traceroute ipv4 a...

Page 516: ...shown in the example The following are characters that can appear in the traceroute command output Field Description 1 Sequence number of the router in the path to the host 192 168 1 55 IP address of the destination host 3010 ms 3010 ms 3010 ms Round trip time for the probes that are sent Field Description The probe timed out Unknown packet type A Administratively unreachable Usually this is outpu...

Page 517: ...tacacs default config Privileged EXEC mode command Syntax show tacacs default config Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show tacacs default config Timeout Key 20 accounting12345 The following table describes the significant fields shown in the example Field Description Timeout Default number of seconds that passes before the connection b...

Page 518: ... Privileged EXEC mode Example switchxxxxxx show tacacs Prio Timeout IP Address Port Key 2 10 10 172 11 3 49 acounting1234 The following table describes the significant fields shown in the example Key Default authentication and encryption key for all TACACS communications between the switch and the TACACS server Field Description Field Description Prio Priority of the TACACS server where 0 has the ...

Page 519: ...TACACS server This key must match the encryption used on the TACACS daemon To specify an empty string enter Length 0 to 128 characters timeout timeout Optional Specifies the number of seconds that passes before the connection between the switch and the TACACS server times out Range 1 to 30 seconds Default Configuration N A Command Mode Global Configuration mode IP Address IP address or hostname of...

Page 520: ... TACACS host use the tacacs server host Global Configuration mode command To delete a TACACS host use the no form of this command Syntax tacacs server host ip address hostname key key string port port number priority priority timeout timeout no tacacs server host ip address hostname Parameters ip address IP address of the TACACS server hostname Hostname of the TACACS server key key string Optional...

Page 521: ...to 30 Default Configuration No TACACS host is specified If key string is not specified the global value set in the tacacs server default param command is used If timeout is not specified the global value set in the tacacs server default param command is used If a parameter was not set in one of the above commands the default for that command is used For example if a timeout value was not set in th...

Page 522: ...iguration mode Example switchxxxxxx config crypto certificate generate Generating a 1024 bit RSA private key writing new private key to mnt ssl_key pem You are about to be asked to enter information that will be incorporated into your certificate request What you are about to enter is what is called a Distinguished Name or a DN There are quite a few fields but you can leave some blank For some fie...

Page 523: ...s a DSA key pair rsa Creates a RSA key pair Default Configuration N A Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the switch already has DSA keys a warning is displayed with a prompt to replace the existing keys with new keys RSA keys are generated in pairs one public RSA key and one private RSA key If the swi...

Page 524: ...size Example 2 The following example generates RSA key pair switchxxxxxx config crypto key generate rsa Replace Existing Key Y N N Y Generating a SSHv2 default RSA Key This may take a few minutes depending on the key size ip ssh server To enable the Secure Shell SSH service on the switch use the ip ssh server Global Configuration mode command To disable the SSH service on the switch use the no for...

Page 525: ... SSH daemon enabled ip telnet server To enable the Teletype Network Telnet service on the switch use the ip telnet server Global Configuration mode command To disable the Telnet service on the switch use the no form of this command Syntax ip telnet server no ip telnet server Parameters N A Default Configuration Telnet is disabled by default Command Mode Global Configuration mode User Guidelines Th...

Page 526: ...Telnet and SSH Commands ip telnet server Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1 0 0 x 470 38 switchxxxxxx config ip telnet server ...

Page 527: ...eded and followed by the same single character delimiter The message is maximum 2000 characters long and should be typed in from a new line Default Configuration N A Command Mode Global Configuration mode User Guidelines The EXEC banner shows at the left top of the Getting Started page when users log in to the switch s web based interface or on the command line interface when users log in to the s...

Page 528: ...delete the login banner use the no form of this command Syntax banner login delimiter no banner login Parameters delimiter The text message that is preceded and followed by the same single character delimiter The message is maximum 2000 characters long and should be typed in from a new line Token Description hostname Displays the hostname for the switch bold Indicates that the next text is a bold ...

Page 529: ...f the switch switchxxxxxx config banner login Enter TEXT message End with the character WELCOME Host Name hostname Bold Text bold Bold Text bold Inverse inverse Inverse Test inverse Contact contact Location location Mac Addr mac address The following table describes the variables defined in the example Token Description hostname Displays the hostname for the switch bold Indicates that the next tex...

Page 530: ...C mode Syntax configure terminal Parameters terminal Optional Enters the Global Configuration mode with the keyword terminal Command Mode Privileged EXEC mode Example switchxxxxxx configure switchxxxxxx config do To execute an EXEC level command from the Global Configuration mode or any configuration submode use the do command Syntax do command Parameters command The EXEC level command to execute ...

Page 531: ... Ports Type 1 default fa1 24 gi1 2 po1 8 Default disable To leave the Privileged EXEC mode and return to the User EXEC mode use the disable Privileged EXEC mode command Syntax disable privilege level Parameters privilege level Optional The privilege level to be reduced to If the privilege level is left blank the level is reduced to 1 Default Configuration The default privilege level is 1 Command M...

Page 532: ...meters N A Default Configuration N A Command Mode N A Example The following example ends the Global Configuration mode session and returns to the Privileged EXEC mode switchxxxxxx config end switchxxxxxx enable To enter the Privileged EXEC mode use the enable Privileged EXEC mode command Syntax enable privilege level Parameters privilege level Optional The privilege level 1 or 15 to enter Default ...

Page 533: ...he privilege level 15 switchxxxxxx enable 15 Password switchxxxxxx exit Configuration To exit any mode and bring the user to the next higher mode use the exit command Syntax exit Parameters N A Default Configuration N A Command Mode N A Example The following example changes the configuration mode from the Interface Configuration mode to the Global Configuration mode switchxxxxxx config if exit swi...

Page 534: ...iguration N A Command Mode Privileged EXEC mode Example The following example closes an active terminal session switchxxxxxx exit history To enable the history buffer and set the maximum number of user commands that are saved in the history buffer for a particular line use the history Line Configuration mode command To disable the history buffer and restore the history buffer size to its default s...

Page 535: ...ommand history buffer size for a particular line It is effective from the next time that the user logs in using the console Telnet or SSH The allocated command history buffer is per terminal user and is taken from a shared buffer If there is not enough space available in the shared buffer the command history buffer size cannot be increased above the default size Example The following example chang...

Page 536: ...how banner login System Banner Login Line SSH Enable Line Telnet Enable Line Console Enable WELCOME Host Name hostname Bold Text bold Bold Text bold Inverse inverse Inverse Test inverse Contact contact Location location Mac Addr mac address show history To show the commands entered in the current session use the show history Privileged EXEC mode command Syntax show history Parameters N A Default C...

Page 537: ...t command The buffer remains unchanged when entering into and returning from the configuration modes Example switchxxxxxx show history Maximun History Count 128 1 enable 2 config 3 vlan 2 10 4 exit 5 show history show privilege To show the privilege level of the current user use the show privilege Privileged EXEC mode command Syntax show privilege Parameters N A Default Configuration N A Command M...

Page 538: ... limit Default Configuration The default terminal length is 20 Command Mode Privileged EXEC mode Example The following example changes the terminal length to 5 switchxxxxxxx terminal length 5 switchxxxxxxx show version Cisco Sx220 Series Switch Software Version 1 0 0 16 RELEASE SOFTWARE Copyright c 2014 by Cisco Systems Inc Compiled Wed Feb 26 16 02 49 UTC 2014 ROM Bootstrap program is Sx220 boot ...

Page 539: ... Series Smart Plus Switches Command Line Interface Reference Guide Release 1 0 0 x 489 39 32M bytes of flash memory Base MAC Address 00 E0 4C 86 70 01 IP Address 192 168 1 254 Subnet Mask 255 255 255 0 Model Number SG220 28MP Serial Number PID VID V01 ...

Page 540: ...ice VLAN parameters interface interface id Optional Specifies an Ethernet interface ID or a list of Ethernet interface IDs Relevant only for the OUI type Default Configuration If the type keyword is not specified the current voice VLAN type is used If the interface id parameter is not specified the information for all interfaces is displayed Command Mode Privileged EXEC mode User Guidelines Using ...

Page 541: ...Administrate Voice VLAN state auto enabled Voice VLAN ID 1 Voice VLAN VPT 5 Voice VLAN DSCP 46 Example 3 The following example displays the voice VLAN parameters when both Auto voice VLAN and OUI are disabled switchxxxxxx show voice vlan Administrate Voice VLAN state disable Voice VLAN ID 1 Voice VLAN VPT 5 Voice VLAN DSCP 46 Voice VLAN Aging 1440 minutes Voice VLAN CoS 6 Voice VLAN 1p Remark disa...

Page 542: ...ax voice vlan enable no voice vlan enable Default Configuration Disabled Command Mode Interface Configuration mode Example switchxxxxxx config interface gi1 switchxxxxxx config if voice vlan enable voice vlan aging timeout To set the aging timeout of the OUI voice VLAN use the voice vlan aging timeout Global Configuration mode command Syntax vocie vlan aging timeout minutes Parameters minutes The ...

Page 543: ...oice vlan cos To set the CoS value of the OUI voice VLAN use the voice vlan cos Global Configuration mode command To revert to its default setting use the no form of this command Syntax voice vlan cos cos remark no voice vlan cos Parameters cos The voice VLAN CoS value Range 0 to 7 remark Optional The Layer 2 user priority is remarked with the CoS value Default Configuration The default CoS value ...

Page 544: ... command To revert to its default setting use the no form of this command Syntax voice vlan cos mode src all no voice vlan cos mode Parameters src QoS attributes are applied to packets with OUIs in the source MAC address See the voice vlan oui table command for more information all QoS attributes are applied to packets that are classified to the voice VLAN Default Configuration The default mode is...

Page 545: ...se the no form of this command Syntax voice vlan dscp dscp value no voice vlan dscp Parameters dscp value The DSCP value to packets received on the voice VLAN Range 0 to 63 Default Configuration 46 Command Mode Global Configuration mode Example switchxxxxxx config voice vlan dscp 63 voice vlan mode To configure the voice VLAN mode on an interface use the voice vlan mode Interface Configuration mod...

Page 546: ...ice VLAN manual Specifies that the port is manually assigned to the voice VLAN Default Configuration The default mode is auto Command Mode Interface Configuration mode Example switchxxxxxx config interface gi1 switchxxxxxx config if voice vlan mode manual voice vlan oui table To configure the voice VLAN OUI table use the voice vlan oui table Global Configuration mode command To revert to its defau...

Page 547: ...Is are globally assigned administered by the IEEE In MAC addresses the first three bytes contain a manufacturer ID Organizationally Unique Identifiers OUI and the last three bytes contain a unique station ID Because the number of IP phone manufacturers that dominate the market is limited and well known the known OUI values are configured by default and OUIs can be added or removed by the user when...

Page 548: ...d disabled oui enabled Parameters auto enabled Sets the voice VLAN type to Auto disabled Disables the voice VLAN oui enabled Sets the voice VLAN type to OUI Default Configuration The voice VLAN type is set to Auto Command Mode Global Configuration mode User Guidelines By default CDP LLDP and LLDP MED are enabled on the switch All ports are members of the default VLAN VLAN 1 which is also the defau...

Page 549: ...ers VLAN id Identifier of the VLAN as the voice VLAN Range 1 to 4094 Default Configuration The default voice VLAN is VLAN 1 Command Mode Global Configuration mode Example switchxxxxxx config vlan 104 switchxxxxxx config vlan exit switchxxxxxx config voice vlan id 104 voice vlan vpt To define the voice VLAN priority tag VPT that will be advertised by LLDP in the network policy TLV use the voice vla...

Page 550: ...d Line Interface Reference Guide Release 1 0 0 x 500 40 Parameters vpt value The VPT value to be advertised Range 0 to 7 Default Configuration 5 Command Mode Global Configuration mode Example The following example sets 7 as the voice VLAN VPT switchxxxxxx config voice vlan vpt 7 ...

Page 551: ...ove the name for a VLAN use the no form of this command Syntax name string no name Parameters string Specifies a unique name associated with this VLAN Length 1 to 32 characters Default Configuration N A Command Mode VLAN Configuration mode It cannot be configured for a range of VLANs User Guidelines The VLAN name must be unique Example switchxxxxxx config vlan 19 switchxxxxxx config if name Market...

Page 552: ...gement VLAN Default Configuration The default management VLAN is VLAN 1 Command Mode Global Configuration mode Example witchxxxxxx config management vlan vlan 2 show interfaces protected ports To show information for the protected ports use the show interfaces protected ports Privileged EXEC mode command Syntax show interfaces protected ports interface id Parameters interface id Specifies an inter...

Page 553: ...w interfaces switchport Privileged EXEC command Syntax show interfaces switchport interface list Parameters interface list Specifies an interface ID or a list of interface IDs The interface can be one of these types Ethernet port or port channel Default Configuration N A Command Mode Privileged EXEC mode Examples Example 1 The following example displays the command output for a trunk port switchxx...

Page 554: ... port switchxxxxxx show interface switchport gi1 Port gi1 Port Mode General Gvrp Status disabled Ingress Filtering enabled Acceptable Frame Type all Ingress UnTagged VLAN NATIVE 10 Trunking VLANs Enabled 1 3 4 6 7 10 Port is member in Vlan Name Egress rule 1 default Untagged 3 VLAN0003 Untagged 5 VLAN0005 Untagged 7 VLAN0007 Tagged 9 VLAN0009 Tagged 10 VLAN0010 Tagged Forbidden VLANs Vlan Name Exa...

Page 555: ...AN NATIVE 5 Trunking VLANs Enabled 1 3 4 6 7 10 Port is member in Vlan Name Egress rule 5 VLAN0005 Untagged Forbidden VLANs Vlan Name show management vlan To show the management VLAN status use the show management vlan Privileged EXEC command Syntax show management vlan Parameters N A Command Mode Privileged EXEC mode Example switchxxxxxx show management vlan Management VLAN ID default 2 ...

Page 556: ...ID or a list of VLAN IDs dynamic Optional Displays information for the dynamic created VLAN static Optional Displays information for the static VLAN interfaces interface id Optional Specifies an interface ID or a list of interface IDs The interface ID can be one of these types Ethernet port or port channel Default Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show vlan 2...

Page 557: ...t Configuration N A Command Mode Privileged EXEC mode Example switchxxxxxx show vlan default vlan Default VLAN ID 1 switchport access vlan An access interface can belong to only one VLAN To reassign an interface to a different VLAN use the switchport access vlan Interface Configuration mode command To revert to its default setting use the no form of this command Syntax switchport access vlan vlan ...

Page 558: ... port and assigns it to VLAN 2 and removes it from its previous VLAN switchxxxxxx config interface gi2 switchxxxxxx config if switchport mode access switchxxxxxx config if switchport access vlan 2 switchport default vlan tagged To configure the port as a tagged port in the default VLAN use the switchport default vlan tagged Interface Configuration mode command To return the port to an untagged por...

Page 559: ...LAN as a tagged port then The PVID can be the default VLAN The default PVID is the default VLAN NOTE The PVID is not changed when the port is added to the default VLAN as a tagged When executing the switchport default vlan tagged command the port is added automatically by the system to the default VLAN when the following conditions no longer exist The port is a member in a LAG The port is 802 1X u...

Page 560: ... switchport default vlan tagged switchport dot1q tunnel vlan To set the VLAN for a port when it is in the 802 1q tunnel mode set by the switchport mode command use the switchport dot1q tunnel vlan Interface Configuration mode command To remove 802 1q tunnel VLAN use the no form of this command Syntax switchport dot1q tunnel vlan vlan id no switchport dot1q tunnel vlan Parameters vlan id Specifies ...

Page 561: ...no switchport forbidden default vlan Parameters N A Default Configuration Membership in the default VLAN is allowed Command Mode Interface and Interface Range Configuration Ethernet port channel modes User Guidelines The command may be used at any time regardless of whether the port belongs to the default VLAN The no command does not add the port to the default VLAN It only defines an interface as...

Page 562: ...moves a list of VLANs Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of VLAN IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet port channel mode Example The following example forbids adding VLANs 234 to 256 to gi7 switchxxxxxx config interface gi7 switchxxxxxx config if switchport mode trunk switchxxxxxx con...

Page 563: ...rame types are accepted at ingress all Command Mode Interface Configuration Ethernet port channel mode Example The following example configures gi3 as a general port and discards the untagged frames at ingress switchxxxxxx config interface gi3 switchxxxxxx config if switchport mode general switchxxxxxx config if switchport general acceptable frame type tagged only switchport general allowed vlan G...

Page 564: ...ist of VLANs Separate nonconsecutive VLAN IDs with a comma and no space Use a hyphen to designate a range of VLAN IDs Default Configuration The port is an untagged member in the default VLAN Packets are transmitted as untagged Command Mode Interface Configuration Ethernet port channel mode User Guidelines You can change the egress rule for example from tagged to untagged without first removing the...

Page 565: ... ingress filtering disable Parameters N A Default Configuration Ingress filtering is enabled Command Mode Interface Configuration Ethernet port channel mode Example The following example disables port ingress filtering on gi11 switchxxxxxx config interface gi11 switchxxxxxx config if switchport mode general switchxxxxxx config if switchport general ingress filtering disable switchport general pvid...

Page 566: ...if switchport general pvid 234 Example 2 The following example adds VLAN 2 as tagged and VLAN 100 as untagged to the general port gi14 defines VID 100 as the PVID and then reverts to the default PVID VID 1 switchxxxxxx config interface gi14 switchxxxxxx config if switchport mode general switchxxxxxx config if switchport general allowed vlan add 2 tagged switchxxxxxx config if switchport general al...

Page 567: ...t and tagged on output switchxxxxxx config interface gi11 switchxxxxxx config if switchport mode general switchxxxxxx config if switchport general allowed vlan add 2 tagged switchxxxxxx config if Example 6 The following example configures VLAN on gi23 as tagged on input and untagged on output switchxxxxxx config interface gi23 switchxxxxxx config if switchport mode general switchxxxxxx config if s...

Page 568: ... configuration corresponding to the mode If the port mode is changed to access mode and the access VLAN does not exist then the port does not belong to any VLAN Trunk and general ports can be changed to access mode only if all VLANs except for an untagged PVID are first removed Example The following example configures gi1 as an access port and assigns it to VLAN 2 switchxxxxxx config interface gi1...

Page 569: ...de only Example switchxxxxxx config interface gi11 switchxxxxxx config if switchport mode trunk switchxxxxxx config if switchport mode trunk uplink switchport protected To isolate unicast multicast and broadcastbroadcast traffic at Layer 2 from other protected ports on the same switch use the switchport protected Interface Configuration mode command To disable protection on the port use the no for...

Page 570: ...or remove VLANs to or from a trunk port use the switchport trunk allowed vlan Interface Configuration mode command Syntax switchport trunk allowed vlan add vlan list remove vlan list all Parameters add vlan list Adds a list of VLANs to a port Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of VLAN IDs remove vlan list Removes a list of VLANs from a por...

Page 571: ...To define the native VLAN for a trunk port use the switchport trunk native vlan Interface Configuration mode command To revert to its default setting use the no form of this command Syntax switchport trunk native vlan vlan id no switchport trunk native vlan Parameters vlan id The native VLAN ID Default Configuration The default VLAN is the native VLAN Command Mode Interface Configuration Ethernet ...

Page 572: ... to its default setting use the no form of this command Syntax switchport vlan tpid 0x8100 0x88A8 0x9100 0x9200 Parameters 0x8100 The TPID is 0x8100 0x88A8 The TPID is 0x88A8 0x9100 The TPID is 0x9100 0x9200 The TPID is 0x9200 Default Configuration The default TPID is 0x8100 Command Mode Interface Configuration mode Example switchxxxxxx config interface gi11 switchxxxxxx config if switchport vlan ...

Page 573: ...ge of VLAN IDs range 1 to 4094 Default Configuration VLAN 1 exists by default Command Mode Global Configuration mode Example The following example creates a new VLAN VLAN 100 switchxxxxxx config vlan 100 switchxxxxxx config vlan vlan default vlan To define the default VLAN use the vlan default vlan VLAN Configuration mode command To set the VLAN 1 as the default VLAN use the no form of this comman...

Page 574: ... Guide Release 1 0 0 x 524 41 Default Configuration The default VLAN is VLAN 1 by default Command Mode VLAN Configuration mode User Guidelines This command becomes effective after the switch reboots Example The following example defines the default VLAN as VLAN 2 switchxxxxxx config vlan default vlan 2 ...

Page 575: ...n the switch use the ip http secure server Global Configuration mode command To disable the HTTPS service on the switch use the no form of this command Syntax ip http secure server no ip http secure server Parameters N A Default Configuration The HTTPS service is enabled by default Command Mode Global Configuration mode Example switchxxxxxx config ip http secure server ...

Page 576: ... no ip http server Parameters N A Default Configuration The HTTP service is enabled by default Command Mode Global Configuration mode Example switchxxxxxx config ip http server ip http timeout policy To set the interval that the switch waits for user inputs for HTTP or HTTPS sessions before automatic logoff use the ip http timeout policy Global Configuration mode command To revert to its default s...

Page 577: ...ly https only Optional Specifies the timeout for HTTPS sessions only Default Configuration The default timeout for HTTP and HTTPS sessions is 10 seconds Command Mode Global Configuration mode User Guidelines To specify no timeout enter the ip http timeout policy 0 command Example The following example configures the HTTP timeout to 1000 seconds switchxxxxxx config ip http timeout policy 1000 show ...

Page 578: ...vileged EXEC mode command Syntax show ip https Command Mode Privileged EXEC mode Example switchxxxxxx show ip https HTTPS daemon enabled Session Timeout 10 minutes The following table describes the significant fields shown in the example Field Description HTTP daemon Shows that the HTTP daemon is enabled or disabled on the switch Session Timeout Timeout in minutes for HTTP sessions Field Descripti...

Page 579: ...Example switchxxxxxx show services tcp udp Type Local IP address Remote IP address Service State tcp 80 http LISTE N tcp6 80 http LISTE N tcp 22 ssh LISTE N tcp6 22 ssh LISTE N tcp 23 telnet LISTE N tcp6 23 telnet LISTE N tcp 443 https LISTE N tcp6 443 https LISTE N tcp 192 168 1 254 23 192 168 1 107 57739 telnet ESTAB LISHED tcp 192 168 1 254 80 192 168 1 107 52333 http TIME_ WAIT tcp 192 168 1 2...

Page 580: ...IT tcp 192 168 1 254 80 192 168 1 107 52382 http TIME_ WAIT tcp 192 168 1 254 80 192 168 1 107 52389 http TIME_ WAIT tcp 192 168 1 254 80 192 168 1 107 52388 http TIME_ WAIT tcp 192 168 1 254 23 192 168 1 107 52381 telnet ESTAB LISHED udp 161 snmp udp6 161 snmp The following table describes the significant fields shown in the example Field Description Type Protocol type of the service Local IP Add...

Page 581: ...cket is closed and the connection is shutting down FIN_WAIT2 The connection is closed and the socket is waiting for a shutdown from the remote end TIME_WAIT The socket is waiting after close to handle packets still in the network CLOSED The socket is not being used CLOSE_WAIT The remote end has shut down waiting for the socket to close LAST_ACK The remote end has shut down and the socket is closed...

Page 582: ...mall_business _support_center_contacts html Cisco Firmware Downloads www cisco com go smallbizfirmware Select a link to download firmware for Cisco products No login is required Cisco Open Source Requests www cisco com go smallbiz_opensource_request Cisco Partner Central Partner Login Required www cisco com web partners sell smb Product Documentation Cisco 220 Series www cisco com c en us products...

Reviews:

No comments

Related manuals for 220 Series Smart Plus

D-Link DSL-2740B Installation Manual preview
DSL-2740B
Brand: D-Link Pages: 10
Paradyne 3163 Quick Reference preview
3163
Brand: Paradyne Pages: 16
H3C SR8800 IM-FW-II Command Reference Manual preview
SR8800 IM-FW-II
Brand: H3C Pages: 107
3Com MSR 50 Series Safety Information Manual preview
MSR 50 Series
Brand: 3Com Pages: 12
H3C S9500 Series Operating Manual preview
S9500 Series
Brand: H3C Pages: 16
H3C H3C S3600 Series Datasheet preview
H3C S3600 Series
Brand: H3C Pages: 10
H3C MSR 930 Installation Manual preview
MSR 930
Brand: H3C Pages: 42
H3C MSR 800 Installation, Quick Start preview
MSR 800
Brand: H3C Pages: 2
H3C H3C S7500E Series Instruction Manual preview
H3C S7500E Series
Brand: H3C Pages: 34
H3C MSR Series Manual preview
MSR Series
Brand: H3C Pages: 33
H3C CR16000-F Configuration Manual preview
CR16000-F
Brand: H3C Pages: 14
H3C MSR 3600 Hardware Information And Specifications preview
MSR 3600
Brand: H3C Pages: 56
H3C H3C S7500E Series Configuration Manual preview
H3C S7500E Series
Brand: H3C Pages: 112
H3C S3100-52P Command Manual preview
S3100-52P
Brand: H3C Pages: 15
H3C SR8800 IM-FW-II Manual preview
SR8800 IM-FW-II
Brand: H3C Pages: 5
H3C H3C S7500E Series Installation Manual preview
H3C S7500E Series
Brand: H3C Pages: 50
H3C MSR810 Manual preview
MSR810
Brand: H3C Pages: 37
H3C CR16000-F Installation, Quick Start preview
CR16000-F
Brand: H3C Pages: 4

Brands by name

Popular brands

Load more brands