manualshive.com logo in svg

Cisco 3560G-24PS - Catalyst Switch, Command Reference Manual

The Cisco 3560G-24PS Catalyst Switch is a highly efficient network device designed for small to medium-sized businesses. Ensure maximum performance with the comprehensive Command Reference Manual, available for free download from our manualshive.com. This manual provides detailed instructions for setup and configuration, allowing you to optimize your network infrastructure effortlessly.

Share
Download
background image

 

B-71

Catalyst 3560 Switch Command Reference

78-16405-05

Appendix B      Catalyst 3560 Switch Debug Commands

debug pm

Usage Guidelines

The 

undebug pm

 command is the same as the 

no debug pm

 command.

Related Commands

Command

Description

show debugging

Displays information about the types of debugging that are enabled. For 
syntax information, select 

Cisco IOS Release 12.2 Configuration Guides 

and Command References 

>

 Cisco IOS Configuration Fundamentals 

Configuration Guide, Release 12.2 

>

 System Management

 > 

Troubleshooting and Fault Management

.

Summary of Contents for 3560G-24PS - Catalyst Switch

Page 1: ...sman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 526 4100 Catalyst 3560 Switch Command Reference Cisco IOS Release 12 2 25 SED October 2005 Customer Order Number DOC 7816405 Text Part Number 78 16405 05 ...

Page 2: ...TIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES CCSP CCVP the Cisco Square Bridge logo Follow Me Browsing and StackWise are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn and iQuick St...

Page 3: ...n Cisco Products xxiii Obtaining Technical Assistance xxiv Cisco Technical Support Documentation Website xxiv Submitting a Service Request xxiv Definitions of Service Request Severity xxv Obtaining Additional Publications and Information xxv C H A P T E R 1 Using the Command Line Interface 1 1 CLI Command Modes 1 1 User EXEC Mode 1 3 Privileged EXEC Mode 1 3 Global Configuration Mode 1 3 Interface...

Page 4: ...ot helper config file 2 26 boot manual 2 27 boot private config file 2 28 boot system 2 29 channel group 2 30 channel protocol 2 33 class 2 34 class map 2 36 clear ip arp inspection log 2 38 clear ip arp inspection statistics 2 39 clear ip dhcp snooping database 2 40 clear ipc 2 41 clear l2protocol tunnel counters 2 42 clear lacp 2 43 clear mac address table 2 44 clear mac address table move updat...

Page 5: ... access list configuration 2 72 deny MAC access list configuration 2 77 dot1x 2 80 dot1x auth fail max attempts 2 82 dot1x auth fail vlan 2 84 dot1x control direction 2 86 dot1x critical 2 88 dot1x default 2 90 dot1x guest vlan 2 91 dot1x host mode 2 93 dot1x initialize 2 95 dot1x max reauth req 2 96 dot1x max req 2 97 dot1x multiple hosts 2 98 dot1x port control 2 99 dot1x re authenticate 2 101 d...

Page 6: ...2 141 ip dhcp snooping database 2 143 ip dhcp snooping information option 2 145 ip dhcp snooping information option allow untrusted 2 147 ip dhcp snooping limit rate 2 149 ip dhcp snooping trust 2 151 ip dhcp snooping verify 2 152 ip dhcp snooping vlan 2 153 ip igmp filter 2 154 ip igmp max groups 2 155 ip igmp profile 2 157 ip igmp snooping 2 159 ip igmp snooping last member query interval 2 161 ...

Page 7: ...tunnel 2 199 l2protocol tunnel cos 2 202 lacp port priority 2 203 lacp system priority 2 205 logging event power inline status 2 207 logging file 2 208 mac access group 2 210 mac access list extended 2 212 mac address table aging time 2 214 mac address table move update 2 215 mac address table notification 2 217 mac address table static 2 219 mac address table static drop 2 220 macro apply 2 222 m...

Page 8: ...hold 2 266 mls qos srr queue output cos map 2 268 mls qos srr queue output dscp map 2 270 mls qos trust 2 272 mls qos vlan based 2 274 monitor session 2 275 mvr global configuration 2 280 mvr interface configuration 2 283 pagp learn method 2 286 pagp port priority 2 288 permit ARP access list configuration 2 290 permit IPv6 access list configuration 2 292 permit MAC access list configuration 2 298...

Page 9: ...ics tdr 2 356 show class map 2 359 show cluster 2 360 show cluster candidates 2 362 show cluster members 2 364 show controllers cpu interface 2 366 show controllers ethernet controller 2 368 show controllers power inline 2 375 show controllers tcam 2 377 show controllers utilization 2 379 show dot1q tunnel 2 381 show dot1x 2 382 show dtp 2 386 show env 2 388 show errdisable detect 2 390 show errdi...

Page 10: ... ipv6 mld snooping address 2 444 show ipv6 mld snooping mrouter 2 446 show ipv6 mld snooping querier 2 448 show l2protocol tunnel 2 450 show lacp 2 453 show mac access group 2 457 show mac address table 2 459 show mac address table address 2 461 show mac address table aging time 2 463 show mac address table count 2 465 show mac address table dynamic 2 467 show mac address table interface 2 469 sho...

Page 11: ... show spanning tree 2 519 show storm control 2 526 show system mtu 2 528 show udld 2 529 show version 2 532 show vlan 2 534 show vlan access map 2 539 show vlan filter 2 540 show vmps 2 541 show vtp 2 544 shutdown 2 549 shutdown vlan 2 550 snmp server enable traps 2 551 snmp server host 2 555 snmp trap mac notification 2 559 spanning tree backbonefast 2 561 spanning tree bpdufilter 2 562 spanning ...

Page 12: ... mst root 2 593 spanning tree port priority 2 595 spanning tree portfast global configuration 2 597 spanning tree portfast interface configuration 2 599 spanning tree transmit hold count 2 601 spanning tree uplinkfast 2 602 spanning tree vlan 2 604 speed 2 607 srr queue bandwidth limit 2 609 srr queue bandwidth shape 2 611 srr queue bandwidth share 2 613 storm control 2 615 switchport 2 618 switch...

Page 13: ...1 udld 2 663 udld port 2 665 udld reset 2 667 vlan global configuration 2 668 vlan VLAN configuration 2 674 vlan access map 2 680 vlan database 2 682 vlan dot1q tag native 2 685 vlan filter 2 687 vmps reconfirm privileged EXEC 2 689 vmps reconfirm global configuration 2 690 vmps retry 2 691 vmps server 2 692 vtp global configuration 2 694 vtp VLAN configuration 2 698 A P P E N D I X A Catalyst 356...

Page 14: ... B 4 debug cluster B 5 debug dot1x B 7 debug dtp B 9 debug etherchannel B 10 debug ilpower B 12 debug ip dhcp snooping B 13 debug ip verify source packet B 14 debug interface B 15 debug ip igmp filter B 17 debug ip igmp max groups B 18 debug ip igmp snooping B 19 debug lacp B 20 debug mac notification B 21 debug matm B 22 debug matm move update B 23 debug monitor B 24 debug mvrdbg B 26 debug nvram...

Page 15: ... B 46 debug platform led B 48 debug platform matm B 49 debug platform messaging application B 51 debug platform phy B 52 debug platform pm B 54 debug platform port asic B 56 debug platform port security B 57 debug platform qos acl tcam B 58 debug platform remote commands B 59 debug platform resource manager B 60 debug platform snmp B 61 debug platform span B 62 debug platform supervisor asic B 63 ...

Page 16: ... C 4 show platform etherchannel C 5 show platform forward C 6 show platform frontend controller C 8 show platform ip igmp snooping C 9 show platform ip multicast C 11 show platform ip unicast C 12 show platform ip unicast vrf compaction C 14 show platform ip unicast vrf tcam label C 15 show platform ipv6 unicast C 16 show platform layer4op C 18 show platform mac address table C 19 show platform me...

Page 17: ...Contents xvii Catalyst 3560 Switch Command Reference 78 16405 05 show platform stp instance C 35 show platform tcam C 36 show platform vlan C 39 I N D E X ...

Page 18: ...Contents xviii Catalyst 3560 Switch Command Reference 78 16405 05 ...

Page 19: ...richer set of enterprise class features It includes Layer 2 features and full Layer 3 routing IP unicast routing IP multicast routing and fallback bridging To distinguish it from the Layer 2 static routing and RIP the IP services image includes protocols such as the Enhanced Interior Gateway Routing Protocol EIGRP and Open Shortest Path First OSPF Protocol This guide provides the information that ...

Page 20: ...d symbols Note Means reader take note Notes contain helpful suggestions or references to materials not contained in this manual Caution Means reader be careful In this situation you might do something that could result in equipment damage or loss of data Related Publications These documents provide complete information about the switch and are available from this Cisco com site http www cisco com ...

Page 21: ...16660 Regulatory Compliance and Safety Information for the Catalyst 3560 Switch order number DOC 7816665 Getting Started with Cisco Network Assistant not orderable but available on Cisco com Release Notes for Cisco Network Assistant not orderable but available on Cisco com Cisco Small Form Factor Pluggable Modules Installation Notes order number DOC 7815160 Cisco CWDM GBIC and CWDM SFP Modules Ins...

Page 22: ...tation DVD product number DOC DOCDVD from Cisco Marketplace at this URL http www cisco com go marketplace Ordering Documentation Beginning June 30 2005 registered Cisco com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL http www cisco com go marketplace Nonregistered Cisco com users can order technical documentation from 8 00 a m to 5 00...

Page 23: ...re products We test our products internally before we release them and we strive to correct all vulnerabilities quickly If you think that you might have identified a vulnerability in a Cisco product contact PSIRT Emergencies security alert cisco com An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should...

Page 24: ...n Tools Choose Cisco Product Identification Tool from the Alphabetical Index drop down list or click the Cisco Product Identification Tool link under Alerts RMAs The CPI tool offers three search options by product ID or model name by tree view or for certain products by copying and pasting show command output Search results show an illustration of your product with the serial number label location...

Page 25: ...rom various online and printed sources Cisco Marketplace provides a variety of Cisco books reference guides documentation and logo merchandise Visit Cisco Marketplace the company store at this URL http www cisco com go marketplace Cisco Press publishes a wide range of general networking training and certification titles Both new and experienced users will benefit from these publications For curren...

Page 26: ... Cisco Systems as well as customer support services can be obtained at this URL http www cisco com en US products index html Networking Professionals Connection is an interactive website for networking professionals to share questions suggestions and information about networking products and technologies with Cisco experts and other networking professionals Join a discussion at this URL http www c...

Page 27: ...r information on the show platform commands see Appendix C Catalyst 3560 Switch Show Platform Commands For more information on Cisco IOS Release 12 2 see the Cisco IOS Release 12 2 Command Summary For task oriented configuration steps see the software configuration guide for this release In this document IP refers to IP version 4 IPv4 unless there is a specific reference to IP version 6 IPv6 CLI C...

Page 28: ... To exit to privileged EXEC mode enter the exit or end command or press Ctrl Z To enter interface configuration mode enter the interface configuration command Interface configuration From global configuration mode specify an interface by entering the interface command followed by an interface identification Switch config if To exit to privileged EXEC mode enter the end command or press Ctrl Z To e...

Page 29: ...d you are prompted to enter it before being granted access to privileged EXEC mode The password does not appear on the screen and is case sensitive The privileged EXEC mode prompt is the device name followed by the pound sign Switch Enter the enable command to access privileged EXEC mode Switch enable Switch The supported commands can vary depending on the version of software in use To display a c...

Page 30: ...ration mode and to return to privileged EXEC mode enter the end command or press Ctrl Z config vlan Mode Use this mode to configure normal range VLANs VLAN IDs 1 to 1005 or when VTP mode is transparent to configure extended range VLANs VLAN IDs 1006 to 4094 When VTP mode is transparent the VLAN and VTP configuration is saved in the running configuration file and you can save it to the switch start...

Page 31: ...N database configuration from VLAN configuration mode cannot be saved in the switch configuration file Line Configuration Mode Line configuration commands modify the operation of a terminal line Line configuration commands always follow a line command which defines a line number Use these commands to change terminal parameter settings line by line or for a range of lines Use the line vty line_numb...

Page 32: ...in software releases before Cisco IOS Release 12 2 20 SE Table 1 2 Commands Changed Releases earlier than Cisco IOS Release 12 2 20 SE Cisco IOS Release 12 2 20 SE or later Description show ip igmp snooping multicast show ip igmp snooping groups Displays the IGMP1 snooping multicast table for the switch or multicast information 1 IGMP Internet Group Management Protocol debug autoqos debug auto qos...

Page 33: ...llow as the default list for accounting services start stop Send a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process The start accounting record is sent in the background The requested user process begins regardless of whether or not the start accounting notice was received by the accounting server broadcast Enable accounting records to be s...

Page 34: ... aaa accounting dot1x default start stop group radius Note The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client Related Commands Release Modification 12 2 20 SE This command was introduced Command Description aaa authentication dot1x Specifies one or more AAA methods for use on interfaces running IEEE 802 1x aaa new model Ena...

Page 35: ...y method that is truly IEEE 802 1x compliant is the group radius method in which the client data is validated against a RADIUS authentication server If you specify group radius you must configure the RADIUS server by entering the radius server host global configuration command Use the show running config privileged EXEC command to display the configured lists of authentication methods Examples Thi...

Page 36: ... access control model For syntax information see the Cisco IOS Security Command Reference Release 12 2 Authentication Authorization and Accounting Authentication Commands show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 37: ...onfiguration mode use the match access map configuration command to define the match conditions for a VLAN map Use the action command to set the action that occurs when a packet matches the conditions The drop and forward parameters are not used in the no form of the command Examples This example shows how to identify and apply a VLAN access map vmap4 to VLANs 5 and 6 that causes the VLAN to forwa...

Page 38: ...dressing and Services Release 12 2 IP Services Commands ip access list Creates a named access list For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands mac access list extended Creates a named MAC address access list match access map configuration Defines the match conditions for a VLAN map show vlan access map Display...

Page 39: ... the new software image after it is successfully downloaded overwrite Overwrite the software image in flash memory with the downloaded one reload Reload the system after successfully downloading the image unless the configuration has been changed and not been saved safe Keep the current software image do not delete it to make room for the new software image before the new image is downloaded The c...

Page 40: ...g the delete privileged EXEC command For more information see the delete section on page 2 69 Use the overwrite option to overwrite the image on the flash device with the downloaded one If you specify the command without the overwrite option the download algorithm verifies that the new image is not the same as the one on the switch flash device If the images are the same the download does not occu...

Page 41: ... Commands archive download sw Related Commands Command Description archive tar Creates a tar file lists the files in a tar file or extracts the files from a tar file archive upload sw Uploads an existing image on the switch to a server delete Deletes a file or directory on the flash memory device ...

Page 42: ...r the local flash filesystem flash The syntax for the FTP ftp username password location directory tar filename tar The syntax for an HTTP server http username password hostname host ip directory image name tar The syntax for a secure HTTP server https username password hostname host ip directory image name tar The syntax for the Remote Copy Protocol RCP is rcp username location directory tar file...

Page 43: ...to display xtract source url flash file url dir file Extract files from a tar file to the local file system For source url specify the source URL alias for the local file system These options are supported The syntax for the local flash file system flash The syntax for the FTP ftp username password location directory tar filename tar The syntax for an HTTP server http username password hostname ho...

Page 44: ...s c3560 ipservices mz 12 25 SEB info 219 bytes info ver 219 bytes This example shows how to display only the c3560 ipservices 12 25 SEB html directory and its contents Switch archive tar table flash c3560 ipservices 12 25 SEB tar c3560 ipservices 12 25 html c3560 ipservices mz 12 25 SEB html directory c3560 ipservices mz 12 25 SEB html const htm 556 bytes c3560 ipservices mz 12 25 SEB html xhome h...

Page 45: ... uploaded the software creates the tar file Image names are case sensitive version version_string Optional Specify the specific version string of the image to be uploaded destination url The destination URL alias for a local or network file system These options are supported The syntax for the local flash file system flash The syntax for the FTP ftp username password location directory image name ...

Page 46: ... example shows how to upload the currently running image to a TFTP server at 172 20 140 2 Switch archive upload sw tftp 172 20 140 2 test image tar Related Commands Command Description archive download sw Downloads a new image to the switch archive tar Creates a tar file lists the files in a tar file or extracts the files from a tar file ...

Page 47: ...see the deny ARP access list configuration section on page 2 70 exit exits ARP access list configuration mode no negates a command or returns to default settings permit specifies packets to forward For more information see the permit ARP access list configuration section on page 2 290 Use the permit and deny access list configuration commands to forward and to drop ARP packets based on the specifi...

Page 48: ... 1 1 1 1 mac host 00001 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Command Description deny ARP access list configuration Denies an ARP packet based on matches compared against the DHCP bindings ip arp inspection filter vlan Permits ARP requests and responses from a host configured with a static IP...

Page 49: ...oIP The QoS labels of incoming packets are trusted only when the telephone is detected cisco softphone Identify this port as connected to a device running the Cisco SoftPhone and automatically configure QoS for VoIP trust Identify this port as connected to a trusted switch or router and automatically configure QoS for VoIP The QoS labels of incoming packets are trusted For nonrouted ports the CoS ...

Page 50: ... Version 1 3 3 or later Connected devices must use Cisco Call Manager Version 4 or later To take advantage of the auto QoS defaults you should enable auto QoS before you configure other QoS commands You can fine tune the auto QoS configuration after you enable auto QoS Table 2 2 Auto QoS Configuration for the Ingress Queues Ingress Queue Queue Number CoS to Queue Map Queue Weight Bandwidth Queue B...

Page 51: ... The switch configures ingress and egress queues on the port according to the settings in Table 2 2 and Table 2 3 When you enter the auto qos voip cisco softphone interface configuration command on a port at the edge of the network that is connected to a device running the Cisco SoftPhone the switch uses policing to decide whether a packet is in or out of profile and to specify the action on the p...

Page 52: ... trust You can verify your settings by entering the show auto qos interface interface id privileged EXEC command Related Commands Command Description debug auto qos Enables debugging of the auto QoS feature mls qos cos Defines the default CoS value of a port or assigns the default CoS to all incoming packets on the port mls qos map cos dscp dscp1 dscp8 dscp cos dscp list to cos Defines the CoS to ...

Page 53: ...S Commands auto qos voip srr queue bandwidth shape Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a port srr queue bandwidth share Assigns the shared weights and enables bandwidth sharing on the four egress queues mapped to a port Command Description ...

Page 54: ...tem file url no boot boothlpr Syntax Description Defaults No helper image is loaded Command Modes Global configuration Command History Usage Guidelines Filenames and directory names are case sensitive This command changes the setting of the BOOTHLPR environment variable For more information see Appendix A Catalyst 3560 Switch Boot Loader Commands Related Commands filesystem Alias for a flash file ...

Page 55: ... no boot config file Syntax Description Defaults The default configuration file is flash config text Command Modes Global configuration Command History Usage Guidelines Filenames and directory names are case sensitive This command changes the setting of the CONFIG_FILE environment variable For more information see Appendix A Catalyst 3560 Switch Boot Loader Commands Related Commands flash file url...

Page 56: ...on the console Command Modes Global configuration Command History Usage Guidelines When you enter this command you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized Note Despite the setting of this command you can interrupt the automatic boot process at any time by pressing the MODE button on the switch front panel This com...

Page 57: ... Command History Usage Guidelines This variable is used only for internal development and testing Filenames and directory names are case sensitive This command changes the setting of the HELPER environment variable For more information see Appendix A Catalyst 3560 Switch Boot Loader Commands Related Commands filesystem Alias for a flash file system Use flash for the system board flash device file ...

Page 58: ...boot helper config file Syntax Description Defaults No helper configuration file is specified Command Modes Global configuration Command History Usage Guidelines This variable is used only for internal development and testing Filenames and directory names are case sensitive This command changes the setting of the HELPER_CONFIG_FILE environment variable For more information see Appendix A Catalyst ...

Page 59: ...anual booting is disabled Command Modes Global configuration Command History Usage Guidelines The next time you reboot the system the switch is in boot loader mode which is shown by the switch prompt To boot the system use the boot boot loader command and specify the name of the bootable image This command changes the setting of the MANUAL_BOOT environment variable For more information see Appendi...

Page 60: ...ot private config file filename no boot private config file Syntax Description Defaults The default configuration file is private config Command Modes Global configuration Command History Usage Guidelines Filenames are case sensitive Examples This example shows how to specify the name of the private configuration file to be pconfig Switch config boot private config file pconfig Related Commands fi...

Page 61: ...untered subdirectory is completely searched before continuing the search in the original directory Command Modes Global configuration Command History Usage Guidelines Filenames and directory names are case sensitive If you are using the archive download sw privileged EXEC command to maintain system images you never need to use the boot system command The boot system command is automatically manipu...

Page 62: ... another port group in either the active or passive mode auto Enable the Port Aggregation Protocol PAgP only if a PAgP device is detected Auto mode places a port into a passive negotiating state in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation A channel is formed only with another port group in desirable mode When auto is enabled silent operation is...

Page 63: ...l ports assigned to the port channel interface Configuration changes applied to the physical port affect only the port where you apply the configuration To change the parameters of all ports in an EtherChannel apply configuration commands to the port channel interface for example spanning tree commands or commands to configure a Layer 2 EtherChannel as a trunk If you do not specify non silent with...

Page 64: ...wo static access ports in VLAN 10 to channel 5 with the PAgP mode desirable Switch configure terminal Switch config interface range gigabitethernet0 1 2 Switch config if range switchport mode access Switch config if range switchport access vlan 10 Switch config if range channel group 5 mode desirable Switch config if range end This example shows how to configure an EtherChannel It assigns two stat...

Page 65: ...he channel group interface configuration command to configure the EtherChannel parameters The channel group command also can set the mode for the EtherChannel You cannot enable both the PAgP and LACP modes on an EtherChannel group PAgP and LACP are not compatible both ends of a channel must use the same protocol Examples This example shows how to specify LACP as the protocol that manages the Ether...

Page 66: ...ou enter policy map class configuration mode and these configuration commands are available exit exits policy map class configuration mode and returns to policy map configuration mode no returns a command to its default setting police defines a policer or aggregate policer for the classified traffic The policer specifies the bandwidth limitations and the action to take when the limits are exceeded...

Page 67: ...pmap c set dscp 10 Switch config pmap c police 1000000 20000 exceed action policed dscp transmit Switch config pmap c exit You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description class map Creates a class map to be used for matching packets to the class whose name you specify police Defines a policer for classified traffic policy ma...

Page 68: ...ed service policy applied on a per port basis After you are in quality of service QoS class map configuration mode these configuration commands are available description describes the class map up to 200 characters The show class map privileged EXEC command displays the description and the name of the class map exit exits from QoS class map configuration mode match configures classification criter...

Page 69: ...tch config cmap match access group 103 Switch config cmap exit This example shows how to delete the class map class1 Switch config no class map class1 You can verify your settings by entering the show class map privileged EXEC command Related Commands Command Description class Defines a traffic classification match criteria through the police set and trust policy map class configuration commands f...

Page 70: ...EC Command History Examples This example shows how to clear the contents of the log buffer Switch clear ip arp inspection log You can verify that the log was cleared by entering the show ip arp inspection log privileged command Related Commands Release Modification 12 2 20 SE This command was introduced Command Description arp access list Defines an ARP access control list ACL ip arp inspection lo...

Page 71: ...lear the statistics for VLAN 1 Switch clear ip arp inspection statistics vlan 1 You can verify that the statistics were deleted by entering the show ip arp inspection statistics vlan 1 privileged EXEC command Related Commands vlan vlan range Optional Clear statistics for the specified VLAN or VLANs You can specify a single VLAN identified by VLAN ID number a range of VLANs separated by a hyphen or...

Page 72: ...ooping database statistics command the switch does not update the entries in the binding database and in the binding file before clearing the statistics Examples This example shows how to clear the DHCP snooping binding database agent statistics Switch clear ip dhcp snooping database statistics You can verify that the statistics were cleared by entering the show ip dhcp snooping database privilege...

Page 73: ... clear ipc statistics command or you can clear only the queue statistics by using the clear ipc queue statistics command Examples This example shows how to clear all statistics Switch clear ipc statistics This example shows how to clear only the queue statistics Switch clear ipc queue statistics You can verify that the statistics were deleted by entering the show ipc rpc or the show ipc session pr...

Page 74: ...ivileged EXEC Command History Usage Guidelines Use this command to clear protocol tunnel counters on the switch or on the specified interface Examples This example shows how to clear Layer 2 protocol tunnel counters on an interface Switch clear l2protocol tunnel counters gigabitethernet0 3 Related Commands interface id Optional Specify interface physical interface or port channel for which protoco...

Page 75: ...nnel group by using the clear lacp channel group number counters command Examples This example shows how to clear all channel group information Switch clear lacp counters This example shows how to clear LACP traffic counters for group 4 Switch clear lacp 4 counters You can verify that the information was deleted by entering the show lacp counters or the show lacp 4 counters privileged EXEC command...

Page 76: ... Modes Privileged EXEC Command History Examples This example shows how to remove a specific MAC address from the dynamic address table Switch clear mac address table dynamic address 0008 0070 0007 You can verify that the information was deleted by entering the show mac address table privileged EXEC command dynamic Delete all dynamic MAC addresses dynamic address mac addr Optional Delete the specif...

Page 77: ...ation Enables the MAC address notification feature show mac address table Displays the MAC address table static and dynamic entries show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface snmp trap mac notification Enables the Simple Network Management Protocol SNMP MAC address notification trap on a specific interface ...

Page 78: ...lt is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear the mac address table move update related counters Switch clear mac address table move update You can verify that the information was cleared by entering the show mac address table move update privileged EXEC command Related Commands Release Modification 12 2 25 SED This command was introduced Comm...

Page 79: ...the specified channel group by using the clear pagp channel group number counters command Examples This example shows how to clear all channel group information Switch clear pagp counters This example shows how to clear PAgP traffic counters for group 10 Switch clear pagp 10 counters You can verify that information was deleted by entering the show pagp privileged EXEC command Related Commands chan...

Page 80: ...070 0007 all Delete all secure MAC addresses configured Delete configured secure MAC addresses dynamic Delete secure MAC addresses auto learned by hardware sticky Delete secure MAC addresses either auto learned or configured address mac addr Optional Delete the specified dynamic secure MAC address interface interface id Optional Delete all the dynamic secure MAC addresses on the specified physical...

Page 81: ...from the address table Switch clear port security dynamic You can verify that the information was deleted by entering the show port security privileged EXEC command Related Commands Command Description switchport port security Enables port security on an interface switchport port security mac address mac address Configures secure MAC addresses switchport port security maximum value Configures a ma...

Page 82: ...ory Usage Guidelines If the interface id is not specified spanning tree counters are cleared for all interfaces Examples This example shows how to clear spanning tree counters for all interfaces Switch clear spanning tree counters Related Commands interface interface id Optional Clear all spanning tree counters on the specified interface Valid interfaces include physical ports VLANs and port chann...

Page 83: ...anning tree MST switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU an MST BPDU Version 3 associated with a different region or a rapid spanning tree RST BPDU Version 2 However the switch does not automatically revert to the rapid PVST or the MSTP mode if it no longer receives IEEE 802 1D BPDUs because it cannot learn whether the legacy switch has been ...

Page 84: ...rguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear VLAN Membership Policy Server VMPS statistics Switch clear vmps statistics You can verify that information was deleted by entering the show vmps statistics privileged EXEC command Related Commands Release Modification 12 1 19 EA1 This command was introduced Com...

Page 85: ...n This command has no arguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear the VTP counters Switch clear vtp counters You can verify that information was deleted by entering the show vtp counters privileged EXEC command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Descrip...

Page 86: ...nd switch A cluster member can have only one cluster command switch The cluster member switch retains the identity of the cluster command switch during a system reload by using the mac address parameter You can enter the no form on a cluster member switch to remove it from the cluster during debugging or recovery procedures You would normally use this command from the cluster member switch console...

Page 87: ...dress 00e0 9bc0 a500 member 4 name my_cluster output truncated This example shows how to remove a member from the cluster by using the cluster member console Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config no cluster commander address You can verify your settings by entering the show cluster privileged EXEC command Related Commands Command Descript...

Page 88: ...hop count is set to 1 it disables extended discovery The cluster command switch discovers only candidates that are one hop from the edge of the cluster The edge of the cluster is the point between the last discovered cluster member switch and the first discovered candidate switch Examples This example shows how to set hop count limit to 4 This command is executed on the cluster command switch Swit...

Page 89: ...n any command capable switch that is not part of any cluster This command fails if a device is already configured as a member of the cluster You must name the cluster when you enable the cluster command switch If the switch is already configured as the cluster command switch this command changes the cluster name if it is different from the previous cluster name Examples This example shows how to e...

Page 90: ...ommand Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands cluster enable Related Commands Command Description show cluster Displays the cluster status and a summary of the cluster to which the switch belongs ...

Page 91: ...propagates the values to all its cluster members so that the setting is consistent among all switches in the cluster The holdtime is typically set as a multiple of the interval timer cluster timer For example it takes holdtime in secs divided by the interval in secs number of heartbeat messages to be missed in a row to declare a switch down Examples This example shows how to change the interval ti...

Page 92: ...switch selects the next available member number and assigns it to the switch that is joining the cluster You must enter the enable password of the candidate switch for authentication when it joins the cluster The password is not saved in the running or startup configuration After a candidate switch becomes a member of the cluster its password becomes the same as the cluster command switch password...

Page 93: ... MAC address 00E0 1E00 3333 to the cluster This switch does not have a password The cluster command switch selects the next available member number and assigns it to the switch that is joining the cluster Switch config cluster member mac address 00E0 1E00 3333 You can verify your settings by entering the show cluster members privileged EXEC command on the cluster command switch Related Commands Co...

Page 94: ... History Usage Guidelines Enter this command only on the cluster command switch If you enter this command on a cluster member switch an error message appears Examples This example shows how to set the outside interface to VLAN 1 Switch config cluster outside interface vlan 1 You can verify your setting by entering the show running config privileged EXEC command Related Commands interface id Interf...

Page 95: ...ring is disabled and the switch cannot become a candidate switch When you enter the no cluster run command on a cluster member switch it is removed from the cluster Clustering is disabled and the switch cannot become a candidate switch When you enter the no cluster run command on a switch that is not part of a cluster clustering is disabled on this switch This switch cannot then become a candidate...

Page 96: ...members Each cluster member switch stores the binding information in its NVRAM The HSRP group name must be a valid standby group otherwise the command exits with an error The same group name should be used on all members of the HSRP standby group that is to be bound to the cluster The same HSRP group name should also be used on all cluster HSRP capable members for the HSRP group that is to be boun...

Page 97: ...outing redundancy ERROR This command runs on a cluster command switch You can verify your settings by entering the show cluster privileged EXEC command The output shows whether redundancy is enabled in the cluster Related Commands Command Description standby ip Enables HSRP on the interface For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 1...

Page 98: ...members so that the setting is consistent among all switches in the cluster The holdtime is typically set as a multiple of the heartbeat interval timer cluster timer For example it takes holdtime in secs divided by the interval in secs number of heartbeat messages to be missed in a row to declare a switch down Examples This example shows how to change the heartbeat interval timer and the duration ...

Page 99: ...es in a macro When entering the interface range use this format type first interface last interface You must add a space between the first interface number and the hyphen when entering an interface range For example gigabitethernet 0 1 2 is a valid range gigabitethernet 0 1 2 is not a valid range Valid values for type and interface vlan vlan id vlan ID where the VLAN ID is 1 to 4094 VLAN interface...

Page 100: ...efore the comma The space after the comma is optional for example fastethernet0 3 gigabitethernet0 1 2 fastethernet0 3 4 gigabitethernet0 1 2 Examples This example shows how to create a multiple interface macro Switch config define interface range macro1 fastethernet0 1 2 gigabitethernet0 1 2 Related Commands Command Description interface range Executes a command on multiple ports at the same time...

Page 101: ...ion on destructive file operations For more information about this command see the Cisco IOS Command Reference for Release 12 1 Examples This example shows how to remove the directory that contains the old software image after a successful download of a new image Switch delete force recursive flash old image You can verify that the directory was removed by entering the dir filesystem privileged EX...

Page 102: ...et mac mask log This command is available only if your switch is running the IP services image formerly known as the enhanced multilayer image EMI Syntax Description Defaults There are no default settings However at the end of the ARP access list there is an implicit deny ip any mac any command Command Modes ARP access list configuration request Optional Define a match for the ARP request When req...

Page 103: ... access list static hosts Switch config arp nacl deny ip host 1 1 1 1 mac host 0000 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Release Modification 12 2 20 SE This command was introduced Command Description arp access list Defines an ARP access control list ACL ip arp inspection filter vlan Permits...

Page 104: ...mp source ipv6 prefix prefix length any host source ipv6 address operator port number destination ipv6 prefix prefix length any host destination ipv6 address operator port number icmp type icmp code icmp message dscp value log log input sequence value time range name Transmission Control Protocol deny tcp source ipv6 prefix prefix length any host source ipv6 address operator port number destinatio...

Page 105: ...not equal and range inclusive range If the operator is positioned after the source ipv6 prefix prefix length argument it must match the source port If the operator is positioned after the destination ipv6 prefix prefix length argument it must match the destination port The range operator requires two port numbers All other operators require one port number The optional port number argument is a de...

Page 106: ...e range that applies to the deny statement The name of the time range and its restrictions are specified by the time range and absolute or periodic commands respectively icmp type Optional Specify an ICMP message type for filtering ICMP packets ICMP packets can be filtered by an ICMP message type The type is a number from 0 to 255 icmp code Optional Specify an ICMP message code for filtering ICMP ...

Page 107: ...v6 ACL has implicit permit icmp any any nd na permit icmp any any nd ns and deny ipv6 any any statements as its last match conditions The two permit conditions allow ICMPv6 neighbor discovery To disallow ICMPv6 neighbor discovery and to deny icmp any any nd na or icmp any any nd ns there must be an explicit deny entry in the ACL For the implicit deny ipv6 any any statement to take effect an IPv6 A...

Page 108: ...nfig ipv6 access list CISCO Switch config ipv6 acl deny tcp any any gt 5000 Switch config ipv6 acl deny 0 lt 5000 0 log Switch config ipv6 acl permit icmp any any Switch config ipv6 acl permit any any Switch config ipv6 acl exit Switch config interface gigabitethernet0 3 Switch config if no switchport Switch config if ipv6 address 2001 64 eui 64 Switch config if ipv6 traffic filter CISCO out Relat...

Page 109: ...e address for a packet matches the defined address non IP traffic from that address is denied host dst MAC addr dst MAC addr mask Define a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied type mask Optional Use the Ethertype number of a packet with Ethernet II or SNAP encapsulation to ident...

Page 110: ...protocol of the packet mask is a mask of don t care bits applied to the LSAP number before testing for a match mop console Optional Select EtherType DEC MOP Remote Console mop dump Optional Select EtherType DEC MOP Dump msdos Optional Select EtherType DEC MSDOS mumps Optional Select EtherType DEC MUMPS netbios Optional Select EtherType DEC Network Basic Input Output System NETBIOS vines echo Optio...

Page 111: ...onfiguration guide for this release Examples This example shows how to define the named MAC extended access list to deny NETBIOS traffic from any source to MAC address 00c0 00a0 03fa Traffic matching this list is denied Switch config ext macl deny any host 00c0 00a0 03fa netbios This example shows how to remove the deny condition from the named MAC extended access list Switch config ext macl no de...

Page 112: ...s on which IEEE 802 1x and EtherChannel are configured If you are using a device running the Cisco Access Control Server ACS application for IEEE 802 1x authentication with EAP Transparent LAN Services TLS and with EAP MD5 make sure that the device is running ACS Version 3 2 1 or later You can use the guest vlan supplicant keywords to enable the optional IEEE 802 1x guest VLAN behavior globally on...

Page 113: ...ommands dot1x Related Commands Command Description dot1x guest vlan Enables and specifies an active VLAN as an IEEE 802 1x guest VLAN dot1x port control Enables manual control of the authorization state of the port show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 114: ... maximum number of authentication attempts allowed by the VLAN the change takes effect after the re authentication timer expires Examples This example shows how to set 2 as the maximum number of authentication attempts allowed before the port is moved to the restricted VLAN on port 3 Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gigabit...

Page 115: ...ommands Command Description dot1x auth fail vlan vlan id Enables the optional restricted VLAN feature dot1x max reauth req count Sets the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 116: ... not detect any new hosts until the next re authentication attempt occurs If the supplicant fails authentication the port is moved to a restricted VLAN and an EAP success message is sent to the supplicant Because the supplicant is not notified of the actual authentication failure there might be confusion about this restricted network access An EAP success message is sent for these reasons If the E...

Page 117: ...stricted VLAN is inactive all authentication attempts are counted so that when the restricted VLAN becomes active the port is immediately placed in the restricted VLAN The restricted VLAN is supported only in single host mode the default port mode For this reason when a port is placed in a restricted VLAN the supplicant s MAC address is added to the MAC address table and any other MAC address that...

Page 118: ...shows how to enable unidirectional control Switch config if dot1x control direction in These examples show how to enable bidirectional control Switch config if dot1x control direction both Switch config if no dot1x control direction You can verify your settings by entering the show dot1x all privileged EXEC command The show dot1x all privileged EXEC command output is the same for all switches exce...

Page 119: ...irection in interface configuration command and the port cannot support this mode due to a configuration conflict this appears in the show dot1x all command output ControlDirection In Disabled due to port settings Related Commands Command Description show dot1x all interface interface id Displays control direction port setting status for the specified interface ...

Page 120: ...rejected Critical ports are only allowed in single host mode If the client is running Windows XP and the critical port to which the client is connected is in the critical authentication state Windows XP might report that the interface is not authenticated If the Windows XP client is configured for DHCP and has an IP address from the DHCP server receiving an EAP Success message on a critical port m...

Page 121: ... configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gigabitethernet0 1 Switch config if dot1x critical Switch config if end Switch config end Switch You can verify your configuration by entering the show dot1x interface interface id privileged EXEC command Related Commands Command Description show dot1x interface interface id Displays IEEE 802 1x s...

Page 122: ...dic re authentication is disabled The quiet period is 60 seconds The retransmission time is 30 seconds The maximum retransmission number is 2 times The host mode is single host The client timeout period is 30 seconds The authentication server timeout period is 30 seconds Command Modes Interface configuration Command History Examples This example shows how to reset the IEEE 802 1x parameters on a p...

Page 123: ...an configure a guest VLAN to provide limited services to clients a device or workstation connected to the switch not currently running IEEE 802 1x These users might be upgrading their systems for IEEE 802 1x authentication and some hosts such as Windows 98 systems might not be IEEE 802 1x capable When you enable a guest VLAN on an IEEE 802 1x port the switch assigns clients to a guest VLAN when it...

Page 124: ...might need to get a host IP address from a DHCP server You can change the settings for restarting the IEEE 802 1x authentication process on the switch before the DHCP process on the client times out and tries to get a host IP address from the DHCP server Decrease the settings for the IEEE 802 1x authentication process dot1x timeout quiet period and dot1x timeout tx period interface configuration c...

Page 125: ... of the attached hosts needs to be successfully authorized for all hosts to be granted network access If the port becomes unauthorized re authentication fails or an Extensible Authentication Protocol over LAN EAPOL logoff message is received all attached clients are denied access to the network Before entering this command make sure that the dot1x port control interface configuration command is se...

Page 126: ...itch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x host mode Related Commands Command Description show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 127: ...ines Use this command to initialize the IEEE 802 1x state machines and to set up a fresh environment for authentication After you enter this command the port status becomes unauthorized There is not a no form of this command Examples This example shows how to manually initialize a port Switch dot1x initialize interface gigabitethernet0 2 You can verify the unauthorized port status by entering the ...

Page 128: ...how to set 4 as the number of times that the switch restarts the authentication process before the port changes to the unauthorized state Switch config if dot1x max reauth req 4 You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands count Number of times that the switch restarts the authentication process before the port changes to t...

Page 129: ...es such as unreliable links or specific behavioral problems with certain clients and authentication servers Examples This example shows how to set 5 as the number of times that the switch sends an EAP frame from the authentication server to the client before restarting the authentication process Switch config if dot1x max req 5 You can verify your settings by entering the show dot1x interface inte...

Page 130: ... hosts interface configuration command was used to allow multiple hosts clients on an IEEE 802 1x authorized port Command History Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description dot1x host mode Sets the IEEE 802 1x host mode on a port show dot1x Displays IEEE 802 1x statistics administrative status and operational status for the switch or for the s...

Page 131: ...in dynamic mode can negotiate with its neighbor to become a trunk port If you try to enable IEEE 802 1x on a dynamic port an error message appears and IEEE 802 1x is not enabled If you try to change the mode of an IEEE 802 1x enabled port to dynamic an error message appears and the port mode is not changed Dynamic access ports If you try to enable IEEE 802 1x on a dynamic access VLAN Query Protoco...

Page 132: ... You can enable IEEE 802 1x on a port that is a SPAN or RSPAN destination port However IEEE 802 1x is disabled until the port is removed as a SPAN or RSPAN destination You can enable IEEE 802 1x on a SPAN or RSPAN source port To globally disable IEEE 802 1x on the switch use the no dot1x system auth control global configuration command To disable IEEE 802 1x on a specific port use the no dot1x por...

Page 133: ...this command to re authenticate a client without waiting for the configured number of seconds between re authentication attempts re authperiod and automatic re authentication Examples This example shows how to manually re authenticate the device connected to a port Switch dot1x re authenticate interface gigabitethernet0 1 Related Commands interface interface id Module and port number of the interf...

Page 134: ...bal configuration command was used to set the amount of time between periodic re authentication attempts Command History Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description dot1x reauthentication Sets the number of seconds between re authentication attempts show dot1x Displays IEEE 802 1x statistics administrative status and operational status for the ...

Page 135: ...h period interface configuration command Examples This example shows how to disable periodic re authentication of the client Switch config if no dot1x reauthentication This example shows how to enable periodic re authentication and to set the number of seconds between re authentication attempts to 4000 seconds Switch config if dot1x reauthentication Switch config if dot1x timeout reauth period 400...

Page 136: ...ange is 1 to 65535 reauth period seconds server Set the number of seconds between re authentication attempts The keywords have these meanings seconds Sets the number of seconds from 1 to 65535 the default is 3600 seconds server Sets the number of seconds as the value of the Session Timeout RADIUS attribute Attribute 27 server timeout seconds Number of seconds that the switch waits for the retransm...

Page 137: ...on and to specify the value of the Session Timeout RADIUS attribute as the number of seconds between re authentication attempts Switch config if dot1x reauthentication Switch config if dot1x timeout reauth period server This example shows how to set 30 seconds as the quiet time on the switch Switch config if dot1x timeout quiet period 30 This example shows how to set 45 seconds as the switch to au...

Page 138: ...e port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter For Gigabit Ethernet ports setting the port to auto has the same effect as specifying full if the attached device does not autonegotiate the duplex parameter Note Half duplex mode is supported on Gigabit Ethernet interfaces if the duplex mode is auto and the connected device is ...

Page 139: ...ex setting remains as configured on each end of the link which could result in a duplex setting mismatch Beginning with Cisco IOS Release 12 2 20 SE1 you can configure the duplex setting when the speed is set to auto Caution Changing the interface speed and duplex mode configuration might shut down and re enable the interface during the reconfiguration For guidelines on setting the switch speed an...

Page 140: ...ll Enable error detection for all error disabled causes arp inspection Enable error detection for dynamic Address Resolution Protocol ARP inspection dhcp rate limit Enable error detection for DHCP snooping dtp flap Enable error detection for the Dynamic Trunking Protocol DTP flapping gbic invalid Enable error detection for an invalid Gigabit Interface Converter GBIC module Note On the Catalyst 356...

Page 141: ...brought out of the error disabled state and allowed to retry the operation when all causes have timed out If you do not set a recovery mechanism you must enter the shutdown and then the no shutdown commands to manually recover an interface from the error disabled state Examples This example shows how to enable error disabled detection for the link flap error disabled cause Switch config errdisable...

Page 142: ...to recover from the Address Resolution Protocol ARP inspection error disabled state channel misconfig Enable the timer to recover from the EtherChannel misconfiguration error disabled state dhcp rate limit Enable the timer to recover from the DHCP snooping error disabled state dtp flap Enable the timer to recover from the Dynamic Trunking Protocol DTP flap error disabled state gbic invalid Enable ...

Page 143: ... to manually recover an interface from the error disabled state Examples This example shows how to enable the recovery timer for the BPDU guard error disabled cause Switch config errdisable recovery cause bpduguard This example shows how to set the timer to 500 seconds Switch config errdisable recovery interval 500 You can verify your settings by entering the show errdisable recovery privileged EX...

Page 144: ...t 3560 Switch Cisco IOS Commands errdisable recovery Related Commands Command Description show errdisable recovery Displays error disabled recovery timer information show interfaces status err disabled Displays interface status or a list of interfaces in error disabled state ...

Page 145: ...information that can help determine the cause of the switch failure If you enter the exception crashinfo global configuration command on a stack master it configures all the stack members to create the extended crashinfo file if the Cisco IOS image on the stack members fail Use the no exception crashinfo global configuration command to configure the switch to not create the extended crashinfo file...

Page 146: ...sired keywords have the same result When you use the flowcontrol command to set a port to control traffic rates during congestion you are setting flow control on a port to one of these conditions receive on or desired The port cannot send pause frames but can operate with an attached device that is required to or is able to send pause frames The port can receive pause frames receive off Flow contr...

Page 147: ...e Device Local Device Remote Device send off receive on send on receive on send on receive off send desired receive on send desired receive off send off receive on send off receive off Receives only Receives only Receives only Receives only Receives only Does not send or receive Sends and receives Sends only Sends and receives Sends only Receives only Does not send or receive send off receive off ...

Page 148: ...f you create the port channel interface first the channel group number can be the same as the port channel number or you can use a new number If you use a new number the channel group command dynamically creates a new port channel You create Layer 3 port channels by using the interface port channel command followed by the no switchport interface configuration command You should manually configure ...

Page 149: ...lines see the Configuring EtherChannels chapter in the software configuration guide for this release Examples This example shows how to create a port channel interface with a port channel number of 5 Switch config interface port channel 5 You can verify your setting by entering the show running config privileged EXEC or show etherchannel channel group number detail privileged EXEC command Related ...

Page 150: ...eged EXEC command VLANs not displayed cannot be used in the interface range command The commands entered under interface range command are applied to all existing VLAN SVIs in the range All configuration changes made to an interface range are saved to NVRAM but the interface range itself is not saved to NVRAM You can enter the interface range in two ways Specifying up to five interface ranges Spec...

Page 151: ... command You can also specify a single interface in port range The command is then similar to the interface interface id global configuration command For more information about configuring interface ranges see the software configuration guide for this release Examples This example shows how to use the interface range command to enter interface range configuration mode to apply commands to two port...

Page 152: ...ss port Note When you create an SVI it does not become active until it is associated with a physical port If you delete an SVI by entering the no interface vlan vlan id command the deleted interface is no longer visible in the output from the show interfaces privileged EXEC command Note You cannot delete the VLAN 1 interface You can re instate a deleted SVI by entering the interface vlan vlan id c...

Page 153: ...h VLAN ID 23 and to enter interface configuration mode Switch config interface vlan 23 Switch config if You can verify your setting by entering the show interfaces and show interfaces vlan vlan id privileged EXEC commands Related Commands Command Description show interfaces vlan vlan id Displays the administrative and operational status of all interfaces or the specified VLAN ...

Page 154: ...ccess lists ranging from 1 to 99 and 1300 to 1999 or extended access lists ranging from 100 to 199 and 2000 to 2699 You can use this command to apply an access list to a Layer 2 or Layer 3 interface However note these limitations for Layer 2 interfaces port ACLs You can only apply ACLs in the inbound direction the out keyword is not supported for Layer 2 interfaces You can only apply one IP ACL an...

Page 155: ...ted IP packets are filtered by both the VLAN map and the router ACL Other packets are filtered only by the VLAN map You can apply IP ACLs to both outbound or inbound Layer 3 interfaces A Layer 3 interface can have one IP ACL applied in each direction You can configure only one VLAN map and one router ACL in each direction input output on a VLAN interface For standard inbound access lists after the...

Page 156: ...ormation select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands show access lists Displays ACLs configured on the switch show ip access lists Displays IP ACLs configured on the switch For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands show ip interface Displays i...

Page 157: ...s command If the switch detects another host using one of its IP addresses it will send an error message to the console You can use the optional keyword secondary to specify an unlimited number of secondary addresses Secondary addresses are treated like primary addresses except the system never generates datagrams other than routing updates with secondary source addresses IP broadcasts and ARP req...

Page 158: ...uration command to reallocate system hardware resources based on templates and feature tables For more information see the sdm prefer command Examples This example shows how to configure the IP address for the Layer 2 switch on a subnetted network Switch config interface vlan 1 Switch config if ip address 172 20 128 2 255 255 255 0 This example shows how to configure the IP address for a port on t...

Page 159: ...ut validation If the switch denies a packet because of an explicit deny statement in the ACL the packet is dropped If the switch denies a packet because of an implicit deny statement the packet is then compared against the list of DHCP bindings unless the ACL is static which means that packets are not compared against the bindings Use the arp access list acl name global configuration command to de...

Page 160: ...ng the show ip arp inspection vlan 1 privileged EXEC command Related Commands Command Description arp access list Defines an ARP ACL deny ARP access list configuration Denies an ARP packet based on matches against the DHCP bindings permit ARP access list configuration Permits an ARP packet based on matches against the DHCP bindings show arp access list Displays detailed information about ARP acces...

Page 161: ...ves more than the configured rate of packets every second consecutively over a number of burst seconds the interface is placed into an error disabled state Unless you explicitly configure a rate limit on an interface changing the trust state of the interface also changes its rate limit to the default value for that trust state After you configure the rate limit the interface retains the rate limit...

Page 162: ...the channel members Examples This example shows how to limit the rate of incoming ARP requests on a port to 25 pps and to set the interface monitoring interval to 5 consecutive seconds Switch config interface gigabitethernet0 1 Switch config if ip arp inspection limit rate 25 burst interval 5 You can verify your settings by entering the show ip arp inspection interfaces interface id privileged EXE...

Page 163: ...nds is 4 the switch generates system messages for five entries every second while there are entries in the log buffer A log buffer entry can represent more than one packet For example if an interface receives many packets on the same VLAN with the same ARP parameters the switch combines the packets as one entry in the log buffer and generates a system message as a single entry If the log buffer ov...

Page 164: ...nerates system messages for five entries every second while there are entries in the log buffer Switch config ip arp inspection log buffer logs 20 interval 4 You can verify your settings by entering the show ip arp inspection log privileged EXEC command Related Commands Command Description arp access list Defines an ARP access control list ACL clear ip arp inspection log Clears the dynamic ARP ins...

Page 165: ...figuration Command History Usage Guidelines The switch does not check ARP packets that it receives on the trusted interface it simply forwards the packets For untrusted interfaces the switch intercepts all ARP requests and responses It verifies that the intercepted packets have valid IP to MAC address bindings before updating the local cache and before forwarding the packet to the appropriate dest...

Page 166: ...Commands Command Description ip arp inspection log buffer Configures the dynamic ARP inspection logging buffer show inventory interfaces Displays the trust state and the rate limit of ARP packets for the specified interface or all interfaces show inventory log Displays the configuration and contents of the dynamic ARP inspection log buffer ...

Page 167: ... validations are disabled as a result of the second command If you first specify the src mac keyword you also can specify the dst mac and ip keywords If you first specify the ip keyword no other keywords can be specified The no form of the command disables only the specified checks If none of the options are enabled all checks are disabled src mac Compare the source MAC address in the Ethernet hea...

Page 168: ...w how to enable source MAC validation Switch config ip arp inspection validate src mac You can verify your setting by entering the show ip arp inspection vlan vlan range privileged EXEC command Related Commands Command Description show inventory vlan vlan range Displays the configuration and the operating state of dynamic ARP inspection for the specified VLAN ...

Page 169: ...e Guidelines You must specify the VLANs on which to enable dynamic ARP inspection Dynamic ARP inspection is supported on access ports trunk ports EtherChannel ports or private VLAN ports Examples This example shows how to enable dynamic ARP inspection on VLAN 1 Switch config ip arp inspection vlan 1 You can verify your setting by entering the show ip arp inspection vlan vlan range privileged EXEC ...

Page 170: ... logging You can specify a single VLAN identified by VLAN ID number a range of VLANs separated by a hyphen or a series of VLANs separated by a comma The range is 1 to 4094 acl match matchlog none Specify that the logging of packets is based on access control list ACL matches The keywords have these meanings matchlog Log packets based on the logging configuration specified in the access control ent...

Page 171: ... arp inspection filter vlan global configuration command the ACL overrides the DHCP bindings Some denied packets might not be logged unless you explicitly specify the deny ip any mac any log ACE at the end of the ARP ACL Examples This example shows how to configure ARP inspection on VLAN 1 to log packets that match the permit commands in the ACL Switch config arp access list test1 Switch config ar...

Page 172: ...For any DHCP snooping configuration to take effect you must globally enable DHCP snooping DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan vlan id global configuration command Examples This example shows how to enable DHCP snooping Switch config ip dhcp snooping You can verify your settings by entering the show ip dhcp snooping privileged EXEC comm...

Page 173: ...History Usage Guidelines Use this command when you are testing or debugging the switch In the DHCP snooping binding database each database entry also referred to a binding has an IP address an associated MAC address the lease time in hexadecimal format the interface to which the binding applies and the VLAN to which the interface belongs The database can have up to 8192 bindings Use the show ip dh...

Page 174: ...5 interface gigabitethernet0 1 expiry 1000 You can verify your settings by entering the show ip dhcp snooping binding or the show ip dhcp source binding privileged EXEC command Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN show ip dhcp snooping binding Displays the dynamically configured bindings in the DHCP snooping binding database and the configuration in...

Page 175: ...te delay value is 300 seconds 5 minutes Command Modes Global configuration Command History flash filename Specify that the database agent or the binding file is in the flash memory ftp user password host filename Specify that the database agent or the binding file is on an FTP server http username password hostname host ip directory image name tar Specify that the database agent or the binding fil...

Page 176: ... timeout command to 0 seconds and the database is being written to a TFTP file if the TFTP server goes down the database agent continues to try the transfer indefinitely No other transfer can be initiated while this one is in progress This might be inconsequential because if the server is down no file can be written to it Use the no ip dhcp snooping database command to disable the agent Use the no...

Page 177: ...fier vlan mod port from which the packet is received circuit ID suboption The switch forwards the DHCP request that includes the option 82 field to the DHCP server When the DHCP server receives the packet it can use the remote ID the circuit ID or both to assign IP addresses and implement policies such as restricting the number of IP addresses that can be assigned to a single remote ID or a circui...

Page 178: ...apter 2 Catalyst 3560 Switch Cisco IOS Commands ip dhcp snooping information option Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration show ip dhcp snooping binding Displays the DHCP snooping binding information ...

Page 179: ... also want to enable DHCP security features such as DHCP snooping IP source guard or dynamic Address Resolution Protocol ARP inspection on an aggregation switch However if DHCP snooping is enabled on the aggregation switch the switch drops packets with option 82 information that are received on an untrusted port and does not learn DHCP snooping bindings for connected devices on a trusted interface...

Page 180: ...heck the option 82 information in untrusted packets from an edge switch and to accept the packets Switch config ip dhcp snooping information option allow untrusted You can verify your settings by entering the show ip dhcp snooping privileged EXEC command Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration show ip dhcp snooping binding Displays the DH...

Page 181: ...ome of which might not be snooped in the switch and you will need to adjust the interface rate limits to a higher value If the rate limit is exceeded the interface is error disabled If you enabled error recovery by entering the errdisable recovery dhcp rate limit global configuration command the interface retries the operation again when all the causes have timed out If the error recovery mechanis...

Page 182: ...Switch Cisco IOS Commands ip dhcp snooping limit rate Related Commands Command Description errdisable recovery Configures the recover mechanism show ip dhcp snooping Displays the DHCP snooping configuration show ip dhcp snooping binding Displays the DHCP snooping binding information ...

Page 183: ...bled Command Modes Interface configuration Command History Usage Guidelines Configure as trusted ports those that are connected to a DHCP server or to other switches or routers Configure as untrusted ports those that are connected to DHCP clients Examples This example shows how to enable DHCP snooping trust on a port Switch config if ip dhcp snooping trust You can verify your settings by entering ...

Page 184: ...et that is received on untrusted ports matches the client hardware address in the packet Command Modes Global configuration Command History Usage Guidelines In a service provider network when a switch receives a packet from a DHCP client on an untrusted port it automatically verifies that the source MAC address and the DHCP client hardware address match If the addresses match the switch forwards t...

Page 185: ...a VLAN Examples This example shows how to enable DHCP snooping on VLAN 10 Switch config ip dhcp snooping vlan 10 You can verify your settings by entering the show ip dhcp snooping privileged EXEC command Related Commands vlan vlan range Specify a VLAN ID or a range of VLANs on which to enable DHCP snooping The range is 1 to 4094 You can enter a single VLAN ID identified by VLAN ID number a series ...

Page 186: ...profile can be applied to one or more switch port interfaces but one port can have only one profile applied to it Examples This example shows how to apply IGMP profile 22 to a port Switch config interface gigabitethernet0 2 Switch config if ip igmp filter 22 You can verify your setting by using the show running config privileged EXEC command and by specifying an interface Related Commands profile ...

Page 187: ... action Syntax Description Defaults The default maximum number of groups is no limit After the switch learns the maximum number of IGMP group entries on an interface the default throttling action is to drop the next IGMP report that the interface receives and to not add an entry for the IGMP group to the interface Command Modes Interface configuration Command History number The maximum number of I...

Page 188: ...switch replaces a randomly selected multicast entry with the received IGMP report When the maximum group limitation is set to the default no maximum entering the ip igmp max groups deny replace command has no effect Examples This example shows how to limit to 25 the number of IGMP groups that a port can join Switch config interface gigabitethernet0 2 Switch config if ip igmp max groups 25 This exa...

Page 189: ...mmands deny specifies that matching addresses are denied this is the default condition exit exits from igmp profile configuration mode no negates a command or resets to its defaults permit specifies that matching addresses are permitted range specifies a range of IP addresses for the profile This can be a single IP address or a range with a start and an end address When entering a range enter the ...

Page 190: ... Catalyst 3560 Switch Cisco IOS Commands ip igmp profile Related Commands Command Description ip igmp filter Applies the IGMP profile to the specified interface show ip igmp profile Displays the characteristics of all IGMP profiles or the specified IGMP profile number ...

Page 191: ...bal configuration Command History Usage Guidelines When IGMP snooping is enabled globally it is enabled in all the existing VLAN interfaces When IGMP snooping is globally disabled it is disabled on all the existing VLAN interfaces VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Examples This example shows how to globally enable IGMP snooping Swi...

Page 192: ...report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snooping mrouter Displays the IGMP snooping router ports show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch ...

Page 193: ...g is globally disabled IGMP snooping is disabled on all the existing VLAN interfaces VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Configuring the leave timer on a VLAN overrides the global setting The IGMP configurable leave time is only supported on devices running IGMP Version 2 The configuration is saved in NVRAM Examples This example show...

Page 194: ...escription ip igmp snooping Enables IGMP snooping on the switch or on a VLAN ip igmp snooping vlan immediate leave Enables IGMP Immediate Leave processing ip igmp snooping vlan mrouter Configures a Layer 2 port as a multicast router port ip igmp snooping vlan static Configures a Layer 2 port as a member of a group show ip igmp snooping Displays the IGMP snooping configuration ...

Page 195: ...lticast enabled device Command Modes Global configuration Command History vlan vlan id Optional Enable IGMP snooping and the IGMP querier function on the specified VLAN The range is 1 to 1001 and 1006 to 4094 address ip address Optional Specify a source IP address If you do not specify an IP address the querier tries to use the global IP address configured for the IGMP querier max response time re...

Page 196: ...nooping Examples This example shows how to globally enable the IGMP snooping querier feature Switch config ip igmp snooping querier This example shows how to set the IGMP snooping querier maximum response time to 25 seconds Switch config ip igmp snooping querier max response time 25 This example shows how to set the IGMP snooping querier interval time to 60 seconds Switch config ip igmp snooping q...

Page 197: ...outer query to multicast devices When IGMP router suppression is enabled the default the switch sends the first IGMP report from all hosts for a group to all the multicast routers The switch does not send the remaining IGMP reports for the group to the multicast routers This feature prevents duplicate reports from being sent to the multicast devices If the multicast router query includes requests ...

Page 198: ... Catalyst 3560 Switch Cisco IOS Commands ip igmp snooping report suppression Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN ...

Page 199: ...g stops after receiving 1 general query If you set the count to 7 the flooding of multicast traffic due to the TCN event lasts until 7 general queries are received Groups are relearned based on the general queries received during the TCN event Use the ip igmp snooping tcn query solicit global configuration command to enable the switch to send the global leave message whether or not it is the spann...

Page 200: ... snooping tcn Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN ip igmp snooping tcn flood Specifies flooding on an interface as the IGMP snooping spanning tree TCN behavior show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN ...

Page 201: ...raffic is flooded to all the ports until two general queries are received If the switch has many ports with attached hosts that are subscribed to different multicast groups the flooding might exceed the capacity of the link and cause packet loss You can change the flooding query count by using the ip igmp snooping tcn flood query count count global configuration command Examples This example shows...

Page 202: ...en there is a maximum of one receiver on every port in the VLAN The configuration is saved in NVRAM The Immediate Leave feature is supported only with IGMP Version 2 hosts Examples This example shows how to enable IGMP immediate leave processing on VLAN 1 Switch config ip igmp snooping vlan 1 immediate leave You can verify your settings by entering the show ip igmp snooping privileged EXEC command...

Page 203: ...nnot be used in IGMP snooping The CGMP learn method is useful for reducing control traffic The configuration is saved in NVRAM vlan id Enable IGMP snooping and add the port in the specified VLAN as the multicast router port The range is 1 to 1001 and 1006 to 4094 interface interface id Specify the next hop interface to the multicast router The keywords have these meanings fastethernet interface nu...

Page 204: ...h config ip igmp snooping vlan 1 mrouter learn cgmp You can verify your settings by entering the show ip igmp snooping privileged EXEC command Related Commands Command Description ip igmp snooping report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snoopin...

Page 205: ...005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping The configuration is saved in NVRAM Examples This example shows how to statically configure a host on an interface Switch config ip igmp snooping vlan 1 static 0100 5e02 0203 interface gigabitethernet0 1 Configuring port gigabitethernet0 1 on group 0100 5e02 0203 You can verify your settings by entering the show ip ...

Page 206: ...oping report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snooping mrouter Displays the IGMP snooping router ports show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch ...

Page 207: ...d its associated VLAN number The entry is based on the MAC address and the VLAN number If you modify an entry by changing only the IP address the switch updates the entry instead creating a new one Examples This example shows how to add a static IP source binding Switch config ip source binding 0001 1234 1234 vlan 1 172 20 50 5 interface gigabitethernet0 1 This example shows how to add a static bi...

Page 208: ...S Commands ip source binding Related Commands Command Description ip verify source Enables IP source guard on an interface show ip source binding Displays the IP source bindings on the switch show ip verify source Displays the IP source guard configuration on the switch or on a specific interface ...

Page 209: ... specify a keyword the SSH server selects the latest SSH version supported by the SSH client For example if the SSH client supports SSHv1 and SSHv2 the SSH server selects SSHv2 The switch supports an SSHv1 or an SSHv2 server It also supports an SSHv1 client For more information about the SSH server and the SSH client see the software configuration guide for this release A Rivest Shamir and Adelman...

Page 210: ...on for the SSH server For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Security Command Reference Release 12 2 Other Security Features Secure Shell Commands show ssh Displays the status of the SSH server For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Security Command Reference Rele...

Page 211: ...ion command To enable IP source guard with source IP and MAC address filtering you must enable port security on the interface Examples This example shows how to enable IP source guard with source IP address filtering Switch config if ip verify source This example shows how to enable IP source guard with source IP and MAC address filtering Switch config if ip verify source port security You can ver...

Page 212: ...onfiguration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch The ipv6 access list command is similar to the ip access list command except that it is IPv6 specific Note IPv6 ACLs are defined by a unique name IPv6 does not support numbered ACLs An IPv4 ACL and an IPv6...

Page 213: ...ed ACLs but only inbound IPv6 ACLs to Layer 2 interfaces for port ACLs Note An IPv6 ACL applied to an interface with the ipv6 traffic filter command filters traffic that is forwarded by the switch and does not filter traffic generated by the switch Examples This example puts the switch in IPv6 access list configuration mode and configures the IPv6 ACL named list2 and applies the ACL to outbound tr...

Page 214: ... Command Description deny IPv6 access list configuration Sets deny conditions for an IPv6 access list ipv6 traffic filter Filters incoming or outgoing IPv6 traffic on an interface permit IPv6 access list configuration Sets permit conditions for an IPv6 access list show ipv6 access list Displays the contents of all current IPv6 access lists ...

Page 215: ... vlan global configuration command and reload the switch When MLD snooping is globally disabled it is disabled on all the existing VLAN interfaces When you globally enable MLD snooping it is enabled on all VLAN interfaces that are in the default state enabled VLAN configuration will override global configuration on interfaces on which MLD snooping has been disabled If MLD snooping is globally disa...

Page 216: ...ipv6 mld snooping This example shows how to disable MLD snooping on a VLAN Switch config no ipv6 mld snooping vlan 11 You can verify your settings by entering the show ipv6 mld snooping user EXEC command Related Commands Command Description sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configura...

Page 217: ...Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch In MLD snooping the IPv6 multicast router periodically sends out queries to hosts belonging to the multicast group If a host wants to leave a multicast group it can silently leave or it can respond to the query with a Multicast Listener Don...

Page 218: ...t the last listener query count for VLAN 10 Switch config ipv6 mld snooping vlan 10 last listener query count 3 You can verify your settings by entering the show ipv6 mld snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query interval Sets IPv6 MLD snooping last listener query interval sdm prefer Configures an SDM template to optimize sys...

Page 219: ... response time is 0 the global count is used Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch In MLD snooping when the IPv6 multicast router receives an MLD leave message it sends out queries to hosts belonging to the multicast grou...

Page 220: ...he last listener query interval for VLAN 1 to 5 5 seconds Switch config ipv6 mld snooping vlan 1 last listener query interval 5500 You can verify your settings by entering the show ipv6 MLD snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query count Sets IPv6 MLD snooping last listener query count sdm prefer Configures an SDM template to...

Page 221: ...for MLD snooping listener message suppression to be disabled Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch MLD snooping listener message suppression is equivalent to IGMP snooping report suppression When enabled received MLDv1 re...

Page 222: ...Commands ipv6 mld snooping listener message suppression Related Commands Command Description ipv6 mld snooping Enables IPv6 MLD snooping sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configuration ...

Page 223: ...before aging out a multicast address is 0 which means that the system uses the global robustness variable for aging out the listener Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Robustness is measured in terms of the number of M...

Page 224: ... example shows how to configure the robustness variable for VLAN 1 This value overrides the global configuration for the VLAN Switch config ipv6 mld snooping vlan 1 robustness variable 1 You can verify your settings by entering the show ipv6 MLD snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query count Sets IPv6 MLD snooping last liste...

Page 225: ...lt TCN query soliciting is disabled When enabled the default flood query count is 2 Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Examples This example shows how to enable TCN query soliciting Switch config ipv6 mld snooping tcn ...

Page 226: ... 2 Catalyst 3560 Switch Cisco IOS Commands ipv6 mld snooping tcn Related Commands Command Description sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configuration ...

Page 227: ...ups By default there are no multicast router ports Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch You should only configure the Immediate Leave feature when there is only one receiver on every port in the VLAN The configuration is...

Page 228: ... to enable MLD Immediate Leave processing on VLAN 1 Switch config ipv6 mld snooping vlan 1 immediate leave This example shows how to disable MLD Immediate Leave processing on VLAN 1 Switch config no ipv6 mld snooping vlan 1 immediate leave This example shows how to configure a port as a multicast router port Switch config ipv6 mld snooping vlan 1 mrouter interface gigabitethernet1 0 2 This example...

Page 229: ...tion Defaults Filtering of IPv6 traffic on an interface is not configured Command Modes Interface configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch You can use the ipv6 traffic filter command on physical interfaces Layer 2 or Layer 3 ports Layer 3 port c...

Page 230: ...onfig interface gigabitethernet0 1 Switch config if no switchport Switch config if ipv6 address 2001 64 eui 64 Switch config if ipv6 traffic filter cisco in Related Commands Command Description ipv6 access list Defines an IPv6 access list and sets deny or permit conditions for the defined access list show ipv6 access list Displays the contents of all current IPv6 access lists show ipv6 interface D...

Page 231: ...packets Command Modes Interface configuration l2protocol tunnel Enable point to multipoint tunneling of CDP STP and VTP packets cdp Optional Enable tunneling of CDP specify a shutdown threshold for CDP or specify a drop threshold for CDP stp Optional Enable tunneling of STP specify a shutdown threshold for STP or specify a drop threshold for STP vtp Optional Enable tunneling or VTP specify a shutd...

Page 232: ...ntended to emulate a point to point topology An erroneous configuration that sends tunneled packets to many ports could lead to a network failure Enter the shutdown threshold keyword to control the number of protocol packets per second that are received on an interface before it shuts down When no protocol option is specified with the keyword the threshold is applied to each of the tunneled Layer ...

Page 233: ...rotocol tunnel drop threshold stp 400 This example shows how to enable point to point protocol tunneling for PAgP and UDLD packets and to configure the PAgP drop threshold as 1000 packets per second Switch config if l2protocol tunnel point to point pagp Switch config if l2protocol tunnel point to point udld Switch config if l2protocol tunnel drop threshold point to point pagp 1000 Related Commands...

Page 234: ...ckets Command Modes Global configuration Command History Usage Guidelines When enabled the tunneled Layer 2 protocol packets use this CoS value The value is saved in NVRAM Examples This example shows how to configure a Layer 2 protocol tunnel CoS value of 7 Switch config l2protocol tunnel cos 7 Related Commands value Specify CoS priority value for tunneled Layer 2 protocol packets If a CoS value i...

Page 235: ...risons a numerically lower value has a higher priority When there are more than eight ports in an LACP channel group the eight ports with the numerically lowest values highest priority values for LACP port priority are bundled into the channel group and the lower priority ports are put in hot standby mode If two or more ports have the same LACP port priority for example they are configured with th...

Page 236: ...net0 1 Switch config if lacp port priority 1000 You can verify your settings by entering the show lacp channel group number internal privileged EXEC command Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group lacp system priority Configures the LACP system priority show lacp channel group number internal Displays internal information for all channel...

Page 237: ... Port priorities on the other switch the noncontrolling end of the link are ignored In priority comparisons numerically lower values have higher priority Therefore the system with the numerically lower value higher priority value for LACP system priority becomes the controlling system If both switches have the same LACP system priority for example they are both configured with the default setting ...

Page 238: ...560 Switch Cisco IOS Commands lacp system priority Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group lacp port priority Configures the LACP port priority show lacp sys id Displays the system identifier that is being used by LACP ...

Page 239: ...x Description Defaults Logging of PoE events is enabled Command Modes Interface configuration Command History Usage Guidelines The power inline status keyword is available only on PoE interfaces Examples This example shows how to enable logging of PoE events on a port Switch config if interface fastethernet0 1 Switch config if logging event power inline status Switch config if Related Commands pow...

Page 240: ...ame of the file that contains the log messages The syntax for the local flash file system flash max file size Optional Specify the maximum logging file size The range is 4096 to 2147483647 nomax Optional Specify the maximum file size of 2147483647 min file size Optional Specify the minimum logging file size The range is 1024 to 2147483647 severity level number Optional Specify the logging severity...

Page 241: ... the more flash filename privileged EXEC command to display its contents The command rejects the minimum file size if it is greater than the maximum file size minus 1024 the minimum file size then becomes the maximum file size minus 1024 Specifying a level causes messages at that level and numerically lower levels to be displayed Examples This example shows how to save informational log messages t...

Page 242: ... an IP ACL and a MAC ACL to the interface You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface If a MAC ACL is already configured on a Layer 2 interface and you apply a new MAC ACL to the interface the new ACL replaces the previously configured one If you apply an ACL to a Layer 2 interface on a switch and the switch has an input Layer 3 ACL or a VLAN...

Page 243: ...he show mac access group privileged EXEC command You can see configured ACLs on the switch by entering the show access lists privileged EXEC command Related Commands Command Description show access lists Displays the ACLs configured on the switch show mac access group Displays the MAC ACLs configured on the switch show running config Displays the running configuration on the switch For syntax info...

Page 244: ...s and class maps You can apply named MAC extended ACLs to VLAN maps or to Layer 2 interfaces you cannot apply named MAC extended ACLs to Layer 3 interfaces Entering the mac access list extended command enables the MAC access list configuration mode These configuration commands are available default sets a command to its default deny specifies packets to reject For more information see the deny MAC...

Page 245: ... delete MAC named extended access list mac1 Switch config no mac access list extended mac1 You can verify your settings by entering the show access lists privileged EXEC command Related Commands Command Description deny MAC access list configuration permit MAC access list configuration Configures the MAC ACL in extended MAC access list configuration mode show access lists Displays the access lists...

Page 246: ...ncrease the aging time to record the dynamic entries for a longer time Increasing the time can reduce the possibility of flooding when the hosts send again If you do not specify a specific VLAN this command sets the aging time for all VLANs Examples This example shows how to set the aging time to 200 seconds for all VLANs Switch config mac address table aging time 200 You can verify your setting b...

Page 247: ...to send the MAC address table move update messages if the primary link goes down and the standby link comes up You can configure the uplink switches to receive and process the MAC address table move update messages Examples This example shows how to configure an access switch to send MAC address table move update messages Switch configure terminal Switch conf mac address table move update transmit...

Page 248: ...ove update Related Commands Command Description clear mac address table move update Clears the MAC address table move update global counters debug matm move update Debugs the MAC address table move update message processing show mac address table move update Displays the MAC address table move update information on the switch ...

Page 249: ...ded or an old address is deleted from the forwarding tables MAC notifications are generated only for dynamic and secure MAC addresses Events are not generated for self addresses multicast addresses or other static addresses When you configure the history size option the existing MAC address history table is deleted and a new table is created You enable the MAC address notification feature by using...

Page 250: ...fig mac address table notification history size 100 You can verify your settings by entering the show mac address table notification privileged EXEC command Related Commands Command Description clear mac address table notification Clears the MAC address notification global counters show mac address table notification Displays the MAC address notification settings on all interfaces or on the specif...

Page 251: ...is received in VLAN 4 with this MAC address as its destination the packet is forwarded to the specified interface Switch config mac address table static c2f3 220a 12f4 vlan 4 interface gigabitethernet0 1 You can verify your setting by entering the show mac address table privileged EXEC command Related Commands mac addr Destination MAC address unicast or multicast to add to the address table Packet...

Page 252: ...are also not supported If you add a unicast MAC address as a static address and configure unicast MAC address filtering the switch either adds the MAC address as a static address or drops packets with that MAC address depending on which command was entered last The second command that you entered overrides the first command For example if you enter the mac address table static mac addr vlan vlan i...

Page 253: ...When a packet is received in VLAN 4 with this MAC address as its source or destination the packet is dropped Switch config mac address table static c2f3 220a 12f4 vlan 4 drop This example shows how to disable unicast MAC address filtering Switch config no mac address table static c2f3 220a 12f4 vlan 4 You can verify your setting by entering the show mac address table static privileged EXEC command...

Page 254: ...tive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a larger string is considered a match and is replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro apply macro name command to display a list of any required values in the macro If you apply a ...

Page 255: ...elete a macro applied configuration on an interface by entering the default interface interface id interface configuration command Examples After you have created a macro by using the macro name global configuration command you can apply it to an interface This example shows how to apply a user created macro called duplex to an interface Switch config if macro apply duplex To debug a macro use the...

Page 256: ...ethernet0 4 Switch config if macro apply cisco desktop AVID 25 Related Commands Command Description macro description Adds a description about the macros that are applied to an interface macro global Applies a macro on a switch or applies and traces a macro on a switch macro global description Adds a description about the macros that are applied to the switch macro name Creates a macro show parser...

Page 257: ...terface the description text will be from the last applied macro This example shows how to add a description to an interface Switch config if macro description duplex settings You can verify your settings by entering the show parser macro description privileged EXEC command Related Commands description text Enter a description about the macros that are applied to the specified interface Release Mo...

Page 258: ... switch Keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a larger string is considered a match and is replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro global apply macro name command to display a list of any...

Page 259: ...ave created a new macro by using the macro name global configuration command you can apply it to a switch This example shows how see the snmp macro and how to apply the macro and set the hostname to test server and set the IP precedence value to 7 Switch show parser macro name snmp Macro name snmp Macro type customizable enable port security linkup and linkdown traps snmp server enable traps port ...

Page 260: ...pplies a macro on an interface or applies and traces a macro on an interface macro description Adds a description about the macros that are applied to an interface macro global description Adds a description about the macros that are applied to the switch macro name Creates a macro show parser macro Displays the macro definition for all macros or for the specified macro ...

Page 261: ...pplied on a switch the description text will be from the last applied macro This example shows how to add a description to a switch Switch config macro global description udld aggressive mode enabled You can verify your settings by entering the show parser macro description privileged EXEC command Related Commands description text Enter a description about the macros that are applied to the switch...

Page 262: ...or example the commands macro name Sample Macro and macro name sample macro will result in two separate macros When creating a macro do not use the exit or end commands or change the command mode by using interface interface id This could cause commands that follow exit end or interface interface id to execute in a different command mode The no form of this command only deletes the macro definitio...

Page 263: ...ernet0 1 Switch config if macro apply test WORD keyword to replace with a value e g VLANID MAX cr Switch config if macro apply test VLANID WORD Value of first keyword to replace Switch config if macro apply test VLANID 2 WORD keyword to replace with a value e g VLANID MAX cr Switch config if macro apply test VLANID 2 MAX WORD Value of second keyword to replace Related Commands Command Description ...

Page 264: ...one access list name or number others are optional You can match packets against one or more access lists Matching any of the lists counts as a match of the entry In access map configuration mode use the match command to define the match conditions for a VLAN map applied to a VLAN Use the action command to set the action that occurs when the packet matches the conditions Packets are matched only a...

Page 265: ...rify your settings by entering the show vlan access map privileged EXEC command Related Commands Command Description access list Configures a standard numbered ACL For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands action Specifies the action to be taken if the packet matches an entry in an access control list ACL ip...

Page 266: ... all and match any keywords are equivalent access group acl index or name Number or name of an IP standard or extended access control list ACL or MAC ACL For an IP standard ACL the ACL index range is 1 to 99 and 1300 to 1999 For an IP extended ACL the ACL index range is 100 to 199 and 2000 to 2699 input interface interface id list Specify the physical ports to which the interface level class map i...

Page 267: ... map called class3 which matches all the incoming traffic with IP precedence values of 5 6 and 7 Switch config class map class3 Switch config cmap match ip precedence 5 6 7 Switch config cmap exit This example shows how to delete the IP precedence match criteria and to classify traffic using acl1 Switch config class map class2 Switch config cmap match ip precedence 5 6 7 Switch config cmap no matc...

Page 268: ...uplex to auto so that the feature operates correctly When auto MDIX and autonegotiation of speed and duplex is enabled on one or both of connected interfaces link up occurs even if the cable type straight through or crossover is incorrect Auto MDIX is supported on all 10 100 and 10 100 1000 Mbps interfaces and on 10 100 1000BASE TX small form factor pluggable SFP module interfaces It is not suppor...

Page 269: ...pter 2 Catalyst 3560 Switch Cisco IOS Commands mdix auto Related Commands Command Description show controllers ethernet controller interface id phy Displays general information about internal registers of an interface including the operational state of auto MDIX ...

Page 270: ...licy maps are configured The default port trust state on all ports is untrusted The default ingress and egress queue settings are in effect Command Modes Global configuration Command History Usage Guidelines QoS must be globally enabled to use QoS classification policing mark down or drop queueing and traffic shaping features You can create a policy map and attach it to a port before entering the ...

Page 271: ...2 239 Catalyst 3560 Switch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands mls qos Related Commands Command Description show mls qos Displays QoS information ...

Page 272: ... for policing purposes The port ASIC device which controls more than one physical port supports 256 policers 255 policers plus 1 no policer The maximum number of policers supported per port is 64 Policers are allocated on demand by the software and are constrained by the hardware and ASIC boundaries You cannot reserve policers per port there is no guarantee that a port will be assigned to any poli...

Page 273: ...the mls qos aggregate policer global configuration command For more information see the software configuration guide for this release Examples This example shows how to define the aggregate policer parameters and how to apply the policer to multiple classes in a policy map Switch config mls qos aggregate policer agg_policer1 1000000 1000000 exceed action drop Switch config policy map policy2 Switc...

Page 274: ...cket does not have a CoS value You also can assign a default CoS and DSCP value to all incoming packets by using the override keyword Use the override keyword when all incoming packets on certain ports deserve higher or lower priority than packets entering from other ports Even if a port is previously set to trust DSCP CoS or IP precedence this command overrides the previously configured trust sta...

Page 275: ...s qos trust cos Switch config if mls qos cos 4 This example shows how to assign all the packets entering a port to the default port CoS value of 4 on a port Switch config interface gigabitethernet0 1 Switch config if mls qos cos 4 Switch config if mls qos cos override You can verify your settings by entering the show mls qos interface privileged EXEC command Related Commands Command Description sh...

Page 276: ...eiving port ingress mutation at the boundary of a quality of service QoS administrative domain With ingress mutation the new DSCP value overwrites the one in the packet and QoS handles the packet with this new value The switch sends the packet out the port with the new DSCP value You can configure multiple DSCP to DSCP mutation maps on ingress ports You apply the map only to DSCP trusted ports If ...

Page 277: ...pmutation1 from the port and to reset the map to the default Switch config if no mls qos dscp mutation dscpmutation1 You can verify your settings by entering the show mls qos maps privileged EXEC command Related Commands Command Description mls qos map dscp mutation Defines the DSCP to DSCP mutation map mls qos trust Configures the port trust state show mls qos maps Displays QoS mapping informatio...

Page 278: ...he range is 0 to 63 dscp cos dscp list to cos Define the DSCP to CoS map For dscp list enter up to eight DSCP values with each value separated by a space The range is 0 to 63 Then enter the to keyword For cos enter a single CoS value to which the DSCP values correspond The range is 0 to 7 dscp mutation dscp mutation name in dscp to out dscp Define the DSCP to DSCP mutation map For dscp mutation na...

Page 279: ...ault DSCP to CoS map Table 2 8 shows the default IP precedence to DSCP map Table 2 6 Default CoS to DSCP Map CoS Value DSCP Value 0 0 1 8 2 16 3 24 4 32 5 40 6 48 7 56 Table 2 7 Default DSCP to CoS Map DSCP Value CoS Value 0 7 0 8 15 1 16 23 2 24 31 3 32 39 4 40 47 5 48 55 6 56 63 7 Table 2 8 Default IP Precedence to DSCP Map IP Precedence Value DSCP Value 0 0 1 8 2 16 3 24 4 32 5 40 6 48 7 56 ...

Page 280: ...igure terminal Switch config mls qos map policed dscp 1 2 3 4 5 6 to 0 This example shows how to define the DSCP to CoS map DSCP values 20 21 22 23 and 24 are mapped to CoS 1 DSCP values 10 11 12 13 14 15 16 and 17 are mapped to CoS 0 Switch configure terminal Switch config mls qos map dscp cos 20 21 22 23 24 to 1 Switch config mls qos map dscp cos 10 11 12 13 14 15 16 17 to 0 This example shows h...

Page 281: ...5 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands mls qos map Related Commands Command Description mls qos dscp mutation Applies a DSCP to DSCP mutation map to a DSCP trusted port show mls qos maps Displays quality of service QoS mapping information ...

Page 282: ... the queue with the highest priority traffic To configure different classes of traffic with different characteristics use this command with the mls qos queue set output qset id threshold global configuration command Note The egress queue default settings are suitable for most situations You should change them only when you have a thorough understanding of the egress queues and if these settings do...

Page 283: ...igabitethernet0 1 Switch config if queue set 2 You can verify your settings by entering the show mls qos interface interface id buffers or the show mls qos queue set privileged EXEC command Related Commands Command Description mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation to a ...

Page 284: ... which defines all the characteristics of the four egress queues per port The range is 1 to 2 queue id Specific queue in the queue set on which the command is performed The range is 1 to 4 drop threshold1 drop threshold2 Two WTD thresholds expressed as a percentage of the queue s allocated memory The range is 1 to 400 percent reserved threshold Amount of memory to be guaranteed reserved for the qu...

Page 285: ... it has consumed all of its maximum buffers over limit and whether the common pool is empty no free buffers or not empty free buffers If the queue is not over limit the switch can allocate buffer space from the reserved pool or from the common pool if it is not empty If there are no free buffers in the common pool or if the queue is over limit the switch drops the frame Examples This example shows...

Page 286: ...tgoing packet is the same as that in the incoming packet Note Enabling DSCP transparency does not affect the port trust settings on IEEE 802 1Q tunneling ports By default DSCP transparency is disabled The switch modifies the DSCP field in an incoming packet and the DSCP field in the outgoing packet is based on the quality of service QoS configuration including the port trust setting policing and m...

Page 287: ...h to change the DSCP value of the incoming IP packet Switch config mls qos Switch config mls qos rewrite ip dscp You can verify your settings by entering the show running config include rewrite privileged EXEC command Related Commands Command Description mls qos Enables QoS globally show mls qos Displays QoS information show running config include rewrite Displays the DSCP transparency setting For...

Page 288: ...ue id bandwidth weight global configuration command Then SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr queue input bandwidth weight1 weight2 global configuration command You specify which ingress queue is the priority queue by using the mls qos srr queue input priority queue global configuration command Exa...

Page 289: ...verify your settings by entering the show mls qos interface interface id queueing or the show mls qos input queue privileged EXEC command Related Commands Command Description mls qos srr queue input buffers Allocates the buffers between the ingress queues mls qos srr queue input cos map Maps class of service CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos...

Page 290: ...uffer space to ingress queue 2 Switch config mls qos srr queue input buffers 60 40 You can verify your settings by entering the show mls qos interface interface id buffers or the show mls qos input queue privileged EXEC command Related Commands percentage1 percentage2 Percentage of buffers allocated to ingress queues 1 and 2 The range is 0 to 100 Separate each value with a space Release Modificati...

Page 291: ... 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands mls qos srr queue input buffers show mls qos input queue Displays ingress queue settings show mls qos interface buffers Displays quality of service QoS information Command Description ...

Page 292: ...ut cos map Syntax Description Defaults Table 2 10 shows the default CoS input queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 2 cos1 cos8 Map CoS values to an ingress queue For cos1 cos8 enter up to eight values and separate each value with a space The range is 0 to 7 threshold threshold id cos1 cos8 Map Co...

Page 293: ...d 5 to ingress queue 1 and to threshold ID 2 with a drop threshold of 70 percent Switch config mls qos srr queue input cos map queue 1 threshold 1 0 1 2 3 Switch config mls qos srr queue input cos map queue 1 threshold 2 4 5 Switch config mls qos srr queue input threshold 1 50 70 You can verify your settings by entering the show mls qos maps privileged EXEC command Related Commands Command Descrip...

Page 294: ...input dscp map Syntax Description Defaults Table 2 11 shows the default DSCP input queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 2 dscp1 dscp8 Map DSCP values to an ingress queue For dscp1 dscp8 enter up to eight values and separate each value with a space The range is 0 to 63 threshold threshold id dscp1...

Page 295: ... It maps DSCP values 20 to 26 to ingress queue 1 and to threshold 2 with a drop threshold of 70 percent Switch config mls qos srr queue input dscp map queue 1 threshold 1 0 1 2 3 4 5 6 Switch config mls qos srr queue input dscp map queue 1 threshold 2 20 21 22 23 24 25 26 Switch config mls qos srr queue input threshold 1 50 70 You can verify your settings by entering the show mls qos maps privileg...

Page 296: ...h needs minimum delay and jitter The priority queue is guaranteed part of the bandwidth on the internal ring which reduces the delay and jitter under heavy network traffic on an oversubscribed ring when there is more traffic than the backplane can carry and the queues are full and dropping frames Shaped round robin SRR services the priority queue for its configured weight as specified by the bandw...

Page 297: ... 4 You can verify your settings by entering the show mls qos interface interface id queueing or the show mls qos input queue privileged EXEC command Related Commands Command Description mls qos srr queue input bandwidth Assigns shaped round robin SRR weights to an ingress queue mls qos srr queue input buffers Allocates the buffers between the ingress queues mls qos srr queue input cos map Maps cla...

Page 298: ...er packets assigned to threshold 2 continue to be queued and sent as long as the second threshold is not exceeded Each queue has two configurable explicit drop threshold and one preset implicit drop threshold full You configure the CoS to threshold map by using the mls qos srr queue input cos map global configuration command You configure the DSCP to threshold map by using the mls qos srr queue in...

Page 299: ...gress queues mls qos srr queue input cos map Maps class of service CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps Differentiated Services Code Point DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures the ingress priority queue and guarantees ...

Page 300: ...s map Syntax Description Defaults Table 2 12 shows the default CoS output queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 4 cos1 cos8 Map CoS values to an egress queue For cos1 cos8 enter up to eight values and separate each value with a space The range is 0 to 7 threshold threshold id cos1 cos8 Map CoS val...

Page 301: ...0 and 70 percent of the allocated memory guarantees reserves 100 percent of the allocated memory and configures 200 percent as the maximum memory that this queue can have before packets are dropped Switch config mls qos srr queue output cos map queue 1 threshold 1 0 1 2 3 Switch config mls qos queue set output 1 threshold 1 50 70 100 200 Switch config interface gigabitethernet0 1 Switch config if ...

Page 302: ...ap Syntax Description Defaults Table 2 13 shows the default DSCP output queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 4 dscp1 dscp8 Map DSCP values to an egress queue For dscp1 dscp8 enter up to eight values and separate each value with a space The range is 0 to 63 threshold threshold id dscp1 dscp8 Map D...

Page 303: ...for queue 1 to 50 and 70 percent of the allocated memory guarantees reserves 100 percent of the allocated memory and configures 200 percent as the maximum memory that this queue can have before packets are dropped Switch config mls qos srr queue output dscp map queue 1 threshold 1 0 1 2 3 Switch config mls qos queue set output 1 threshold 1 50 70 100 200 Switch config interface gigabitethernet0 1 ...

Page 304: ...ust IP precedence and the incoming packet is a non IP packet the CoS to DSCP map is used to derive the corresponding DSCP value from the CoS value The CoS can be the packet CoS for trunk ports or the port default CoS for nontrunk ports If the DSCP is trusted the DSCP field of the IP packet is not modified However it is still possible that the CoS value of the packet is modified according to DSCP t...

Page 305: ...ter QoS domain boundary you can configure the port to the DSCP trusted state and apply the DSCP to DSCP mutation map if the DSCP values are different between the QoS domains Classification using a port trust state for example mls qos trust cos dscp ip precedence and a policy map for example service policy input policy map name are mutually exclusive The last one configured overwrites the previous ...

Page 306: ... interface level of the hierarchical policy map When you configure hierarchical policing the hierarchical policy map is attached to the SVI and affects all traffic belonging to the VLAN The individual policer in the interface level traffic classification only affects the physical ports specified for that classification For detailed instructions about configuring hierarchical policy maps see the Cl...

Page 307: ...mote no monitor session session_number destination interface interface id encapsulation replicate ingress dot1q vlan vlan id isl untagged vlan vlan id vlan vlan id remote vlan vlan id no monitor session session_number filter vlan vlan id no monitor session session_number source interface interface id both rx tx vlan vlan id both rx tx remote vlan vlan id Syntax Description session_number Specify t...

Page 308: ...6 to 4094 The RSPAN VLAN cannot be VLAN 1 the default VLAN or VLAN IDs 1002 to 1005 reserved for Token Ring and FDDI VLANs Optional Specify a series of interfaces or VLANs or separate a range of interfaces or VLANs from a previous range Enter a space before and after the comma Optional Specify a range of interfaces or VLANs Enter a space before and after the hyphen filter vlan vlan id Specify a li...

Page 309: ...rChannel group while it is as a SPAN destination A private VLAN port cannot be configured as a SPAN destination port You can monitor individual ports while they participate in an EtherChannel or you can monitor the entire EtherChannel bundle by specifying the port channel number as the RSPAN source interface A port used as a destination port cannot be a SPAN or RSPAN source nor can a port be a des...

Page 310: ...4 This example shows how to configure RSPAN source session 1 to monitor multiple source interfaces and to configure the destination RSPAN VLAN 900 Switch config monitor session 1 source interface gigabitethernet0 1 Switch config monitor session 1 source interface port channel 2 tx Switch config monitor session 1 destination remote vlan 900 Switch config end This example shows how to configure an R...

Page 311: ...iption remote span Configures an RSPAN VLAN in vlan configuration mode show monitor Displays SPAN and RSPAN session information show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 312: ... this command to remove a statically configured IP multicast address or contiguous addresses or when no IP address is entered to remove all statically configured MVR IP multicast addresses count Optional Configure multiple contiguous MVR group addresses The range is 1 to 256 the default is 1 mode Optional Specify the MVR mode of operation The default is compatible mode compatible Set MVR mode to p...

Page 313: ...s on MVR source ports MVR can coexist with IGMP snooping on a switch Multicast routing and MVR cannot coexist on a switch If you enable multicast routing and a multicast routing protocol while MVR is enabled MVR is disabled and a warning message appears If you try to enable MVR while multicast routing and a multicast routing protocol are enabled the operation to enable MVR is cancelled with an Err...

Page 314: ... Configures MVR ports show mvr Displays MVR global parameters or port parameters show mvr interface Displays the configured MVR interfaces with their type status and Immediate Leave configuration Also displays all MVR groups of which the interface is a member show mvr members Displays all ports that are members of an MVR multicast group if the group has no members its status is shown as Inactive ...

Page 315: ...ve feature of MVR on a port Use the no mvr immediate command to disable the feature type Optional Configure the port as an MVR receiver port or a source port The default port type is neither an MVR source nor a receiver port The no mvr type command resets the port as neither a source or a receiver port receiver Configure the port as a subscriber port that can only receive multicast data Receiver p...

Page 316: ...message is received the receiver port is removed from multicast group membership which speeds up leave latency The Immediate Leave feature should be enabled only on receiver ports to which a single receiver device is connected The mvr vlan group command statically configures ports to receive multicast traffic sent to the IP multicast address A port statically configured as a member of group remain...

Page 317: ...Enables and configures multicast VLAN registration on the switch show mvr Displays MVR global parameters or port parameters show mvr interface Displays the configured MVR interfaces or displays the multicast groups to which a receiver port belongs Also displays all MVR groups of which the interface is a member show mvr members Displays all receiver ports that are members of an MVR multicast group ...

Page 318: ...ces that only support address learning by physical ports such as the Catalyst 1900 switch When the link partner to the Catalyst 3560 switch is a physical learner we recommend that you configure the switch as a physical port learner by using the pagp learn method physical port interface configuration command and to set the load distribution method based on the source MAC address by using the port c...

Page 319: ...Switch config if pagp learn method aggregation port You can verify your settings by entering the show running config privileged EXEC command or the show pagp channel group number internal privileged EXEC command Related Commands Command Description pagp port priority Selects a port over which all traffic through the EtherChannel is sent show pagp Displays PAgP channel group information show runnin...

Page 320: ...rt keyword is provided in the command line interface CLI The pagp learn method and the pagp port priority interface configuration commands have no effect on the switch hardware but they are required for PAgP interoperability with devices that only support address learning by physical ports such as the Catalyst 1900 switch When the link partner to the Catalyst 3560 switch is a physical learner we r...

Page 321: ... pagp learn method Provides the ability to learn the source address of incoming packets show pagp Displays PAgP channel group information show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 322: ...t mac mask log This command is available only if your switch is running the IP services image formerly known as the enhanced multilayer image EMI Syntax Description Defaults There are no default settings request Optional Requests a match for the ARP request When request is not specified matching is performed against all ARP packets ip Specify the sender IP address any Accept any IP or MAC address ...

Page 323: ...00 0000 abcd Switch config arp access list static hosts Switch config arp nacl permit ip host 1 1 1 1 mac host 0000 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Release Modification 12 2 20 SE This command was introduced Command Description arp access list Defines an ARP access control list ACL deny ...

Page 324: ...ocol permit icmp source ipv6 prefix prefix length any host source ipv6 address operator port number destination ipv6 prefix prefix length any host destination ipv6 address operator port number icmp type icmp code icmp message dscp value log log input sequence value time range name Transmission Control Protocol permit tcp source ipv6 prefix prefix length any host source ipv6 address operator port n...

Page 325: ... not equal and range inclusive range If the operator is positioned after the source ipv6 prefix prefix length argument it must match the source port If the operator is positioned after the destination ipv6 prefix prefix length argument it must match the destination port The range operator requires two port numbers All other operators require one port number The optional port number argument is a d...

Page 326: ...range is from 1 to 4294967295 time range name Optional Specify the time range that applies to the permit statement The name of the time range and its restrictions are specified by the time range and absolute or periodic commands respectively icmp type Optional Specify an ICMP message type for filtering ICMP packets ICMP packets can be filtered by the ICMP message type The type is a number from 0 t...

Page 327: ...cit permit icmp any any nd na permit icmp any any nd ns and deny ipv6 any any statements as its last match conditions The two permit conditions allow ICMPv6 neighbor discovery To disallow ICMPv6 neighbor discovery and to deny icmp any any nd na or icmp any any nd ns there must be an explicit deny entry in the ACL For the implicit deny ipv6 any any statement to take effect an IPv6 ACL must contain ...

Page 328: ...01 64 any Switch config ipv6 acl permit udp 2001 0DB8 0300 0201 64 any Switch config ipv6 acl deny FE80 0 0 0201 64 any Switch config ipv6 acl permit icmp any any Switch config ipv6 acl exit Switch config ipv6 access list INBOUND Switch config ipv6 acl permit icmp any any Switch config ipv6 acl exit Switch config interface gigabitethernet0 3 Switch config if no switchport Switch config if ipv6 add...

Page 329: ...ommands Command Description ipv6 access list Defines an IPv6 access list and enters IPv6 access list configuration mode ipv6 traffic filter Filters incoming or outgoing IPv6 traffic on an interface deny IPv6 access list configuration Sets deny conditions for an IPv6 access list show ipv6 access list Displays the contents of all current IPv6 access lists ...

Page 330: ... a host MAC address and optional subnet mask If the source address for a packet matches the defined address non IP traffic from that address is denied host dst MAC addr dst MAC addr mask Define a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied type mask Optional Use the Ethertype number of...

Page 331: ...et The mask is a mask of don t care bits applied to the LSAP number before testing for a match mop console Optional Select EtherType DEC MOP Remote Console mop dump Optional Select EtherType DEC MOP Dump msdos Optional Select EtherType DEC MSDOS mumps Optional Select EtherType DEC MUMPS netbios Optional Select EtherType DEC Network Basic Input Output System NETBIOS vines echo Optional Select Ether...

Page 332: ... configuration guide for this release Examples This example shows how to define the MAC named extended access list to allow NETBIOS traffic from any source to MAC address 00c0 00a0 03fa Traffic matching this list is allowed Switch config ext macl permit any host 00c0 00a0 03fa netbios This example shows how to remove the permit condition from the MAC named extended access list Switch config ext ma...

Page 333: ... There is no guarantee that a port will be assigned to any policer To return to policy map configuration mode use the exit command To return to privileged EXEC mode use the end command Policing uses a token bucket algorithm You configure the bucket depth the maximum burst that is tolerated before the bucket overflows by using the burst byte option of the police policy map class configuration comma...

Page 334: ...icy2 Switch config pmap class class2 Switch config pmap c police 1000000 20000 exceed action policed dscp transmit Switch config pmap c exit You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description class Defines a traffic classification match criteria through the police set and trust policy map class configuration commands for the sp...

Page 335: ... port ASIC device which controls more than one physical port supports 256 policers 255 policers plus 1 no policer The maximum number of policers supported per port is 64 Policers are allocated on demand by the software and are constrained by the hardware and ASIC boundaries You cannot reserve policers per port There is no guarantee that a port will be assigned to any policer You set aggregate poli...

Page 336: ...r1 Switch config pmap c exit Switch config pmap class class2 Switch config pmap c set dscp 10 Switch config pmap c police aggregate agg_policer1 Switch config pmap c exit Switch config pmap class class3 Switch config pmap c trust dscp Switch config pmap c police aggregate agg_policer2 Switch config pmap c exit You can verify your settings by entering the show mls qos aggregate policer privileged E...

Page 337: ...he specified class map For more information see the class section on page 2 34 description describes the policy map up to 200 characters exit exits policy map configuration mode and returns you to global configuration mode no removes a previously defined policy map rename renames the current policy map To return to global configuration mode use the exit command To return to privileged EXEC mode us...

Page 338: ... configure individual policers on physical ports that belong to the SVI After the hierarchical policy map is attached to an SVI an interface level policy map cannot be modified or removed from the hierarchical policy map A new interface level policy map also cannot be added to the hierarchical policy map If you want these changes to occur the hierarchical policy map must first be removed from the ...

Page 339: ...ap class cm non int Switch config pmap c set dscp 7 Switch config pmap c service policy pm test int Switch config pmap class cm non int 2 Switch config pmap c set dscp 15 Switch config pmap c service policy pm test int Switch config pmap c end Switch config cmap exit Switch config interface vlan 10 Switch config if service policy input pm test pm 2 This example shows how to delete policymap2 Switc...

Page 340: ...e load distribution method to dst mac Switch config port channel load balance dst mac You can verify your setting by entering the show running config privileged EXEC command or the show etherchannel load balance privileged EXEC command dst ip Load distribution is based on the destination host IP address dst mac Load distribution is based on the destination host MAC address Packets to the same dest...

Page 341: ...scription interface port channel Accesses or creates the port channel show etherchannel Displays EtherChannel information for a channel show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 342: ...r power powered devices With this configuration when the powered device sends Cisco Discovery Protocol CDP messages requesting more power than the maximum wattage the switch removes power from the port If the powered device IEEE class maximum is greater than the maximum wattage the switch does not power the device The power is reclaimed into the global power budget Note The switch never powers any...

Page 343: ...ports this message appears Command rejected power inline static pwr not available The port configuration remains unchanged When you configure a port by using the power inline auto or the power inline static interface configuration command the port autonegotiates by using the configured speed and duplex settings This is necessary to determine the power requirements of the connected device whether o...

Page 344: ... power inline Related Commands Command Description logging event power inline status Enables the logging of PoE events show controllers power inline Displays the values in the registers of the specified PoE controller show power inline Displays the PoE status for the specified PoE port or for all PoE ports ...

Page 345: ...status unknown or a Class 3 the switch budgets 15400 milliwatts for the device regardless of the actual amount of power needed If the powered device reports a higher class than its actual consumption or does not support power classification defaults to Class 0 the switch can power fewer devices because it uses the IEEE class information to track the global power budget By using the power inline co...

Page 346: ... global configuration command this example shows how to configure the switch to budget 5000 milliwatts to each PoE port Switch config power inline consumption default 5000 CAUTION Interface Gi0 1 Misconfiguring the power inline consumption allocation command may cause damage to the switch and void your warranty Take precaution not to oversubscribe the power supply Refer to documentation By using t...

Page 347: ... it is serviced until empty before the other queues are serviced Follow these guidelines when the expedite queue is enabled or the egress queues are serviced based on their SRR weights If the egress expedite queue is enabled it overrides the SRR shaped and shared weights for queue 1 If the egress expedite queue is disabled and the SRR shaped and shared weights are configured the shaped mode overri...

Page 348: ...25 Switch config if no priority queue out You can verify your settings by entering the show mls qos interface interface id queueing or the show running config privileged EXEC command Related Commands Command Description show mls qos interface queueing Displays the queueing strategy SRR priority queueing the weights corresponding to the queues and the CoS to egress queue map srr queue bandwidth sha...

Page 349: ... private VLAN you should not change the VTP mode to client or server VTP does not propagate private VLAN configuration You must manually configure private VLANs on all switches in the Layer 2 network to merge their Layer 2 databases and to prevent flooding of private VLAN traffic You cannot include VLAN 1 or VLANs 1002 to 1005 in the private VLAN configuration Extended VLANs VLAN IDs 1006 to 4094 ...

Page 350: ...primary VLAN is the VLAN that carries traffic from a gateway to customer end stations on private ports Configure Layer 3 VLAN interfaces SVIs only for primary VLANs You cannot configure Layer 3 VLAN interfaces for secondary VLANs SVIs for secondary VLANs are inactive while the VLAN is configured as a secondary VLAN The private vlan commands do not take effect until you exit from VLAN configuration...

Page 351: ...onfig vlan 502 Switch config vlan private vlan community Switch config vlan exit Switch config vlan 503 Switch config vlan private vlan community Switch config vlan exit Switch config vlan 20 Switch config vlan private vlan association 501 503 Switch config vlan end You can verify your setting by entering the show vlan private vlan or show interfaces status privileged EXEC command Related Commands...

Page 352: ...ure Layer 3 VLAN interfaces for secondary VLANs SVIs for secondary VLANs are inactive while the VLAN is configured as a secondary VLAN The secondary_vlan_list parameter cannot contain spaces It can contain multiple comma separated items Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs The list can contain one isolated VLAN and multiple community VLANs Traffic tha...

Page 353: ...itch config vlan end This example shows how to permit routing of secondary VLAN traffic from secondary VLANs 303 to 305 and 307 through VLAN 20 SVI Switch configure terminal Switch interface vlan 20 Switch config if private vlan mapping 303 305 307 Switch config vlan end You can verify your setting by entering the show interfaces private vlan mapping privileged EXEC command Related Commands Comman...

Page 354: ... Switch config if queue set 2 You can verify your settings by entering the show mls qos interface interface id buffers privileged EXEC command Related Commands qset id ID of the queue set Each port belongs to a queue set which defines all the characteristics of the four egress queues per port The range is 1 to 2 Release Modification 12 1 19 EA1 This command was introduced Command Description mls q...

Page 355: ...switch the cluster member switch is accessed at user level If you use this command on the cluster command switch at privileged level the command accesses the remote device at privileged level If you use an intermediate enable level lower than privileged access to the cluster member switch is at user level For Catalyst 1900 and 2820 switches running standard edition software the Telnet session acce...

Page 356: ...ter member switches inherited the password of the cluster command switch when they joined the cluster Examples This example shows how to start a session with member 3 All subsequent commands are directed to member 3 until you enter the exit command or close the session Switch rcommand 3 Switch 3 show version Cisco Internet Operating System Software Switch 3 exit Switch Related Commands Command Des...

Page 357: ...se privileged EXEC command If VLAN Trunking Protocol VTP is enabled the RSPAN feature is propagated by VTP for VLAN IDs that are lower than 1005 If the RSPAN VLAN ID is in the extended range you must manually configure intermediate switches those in the RSPAN VLAN between the source switch and the destination switch Before you configure the RSPAN remote span command use the vlan global configurati...

Page 358: ...hows how to remove the RSPAN feature from a VLAN Switch config vlan 901 Switch config vlan no remote span You can verify your settings by entering the show vlan remote span user EXEC command Related Commands Command Description monitor session Enables Switched Port Analyzer SPAN and RSPAN monitoring on a port and configures a port as a source or destination port vlan global configuration Changes t...

Page 359: ... how to renew the DHCP snooping binding database without checking CRC values in the file Switch renew ip dhcp snooping database validation none You can verify your settings by entering the show ip dhcp snooping database privileged EXEC command flash filename Optional Specify that the database agent or the binding file is in the flash memory ftp user password host filename Optional Specify that the...

Page 360: ...sco IOS Commands renew ip dhcp snooping database Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN ip dhcp snooping binding Configures the DHCP snooping binding database show ip dhcp snooping database Displays the status of the DHCP snooping database agent ...

Page 361: ...led Command Modes Interface configuration Command History Usage Guidelines The RMON statistics collection command is based on hardware counters Examples This example shows how to collect RMON statistics for the owner root Switch config interface gigabitethernet0 1 Switch config if rmon collection stats 2 owner root You can verify your setting by entering the show rmon statistics privileged EXEC co...

Page 362: ...w sdm prefer command before you enter the reload privileged EXEC command the show sdm prefer command shows the template currently in use and the template that will become active after a reload Use the no sdm prefer command to set the switch to the default desktop template access Provide maximum system usage for access control lists ACLs Use this template if you have a large number of ACLs default ...

Page 363: ...e 2 15 lists the approximate number of each resource supported in each of the IPv4 only templates for a switch The values in the template are based on eight routed interfaces and approximately one thousand VLANs and represent the approximate hardware boundaries set when a template is selected If a section of a hardware resource is full all processing overflow is sent to the CPU seriously impacting...

Page 364: ...to change a switch template to the default template Switch config no sdm prefer Switch config exit Switch reload You can verify your settings by entering the show sdm prefer privileged EXEC command Related Commands Total IPv6 unicast routes 3 K 0 Directly connected IPv6 addresses 2 K 0 Indirect IPv6 unicast routes 1 K 0 IPv4 policy based routing ACEs 0 0 IPv4 or MAC QoS ACEs total 512 512 IPv4 or ...

Page 365: ...unctionality of the password recovery feature by allowing an end user to reset a password only by agreeing to return to the default configuration To use the password recovery procedure a user with physical access to the switch holds down the Mode button while the unit powers up and for a second or two after the LED above port 1X turns off When the button is released the system continues with initi...

Page 366: ...ckup copy of the config file on the switch If the switch is operating in VTP transparent mode we recommend that you also save a copy of the vlan dat file in a location away from the switch You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command Examples This example shows how to disable password recovery on a switch so that a user can only re...

Page 367: ...quality of service QoS is disabled by using the no mls qos vlan based interface configuration command on a physical port you can configure a port based policy map on the port If VLAN based QoS is enabled by using the mls qos vlan based interface configuration command on a physical port the switch removes the previously configured port based policy map After a hierarchical policy map is configured ...

Page 368: ... overwrites the previous configuration Examples This example shows how to apply plcmap1 to an physical ingress port Switch config interface gigabitethernet0 1 Switch config if service policy input plcmap1 This example shows how to remove plcmap2 from a physical port Switch config interface gigabitethernet0 2 Switch config if no service policy input plcmap2 This example shows how to apply plcmap1 t...

Page 369: ... config pmap c set dscp 7 Switch config pmap c service policy port plcmap 1 Switch config pmap c exit Switch config pmap class map cm 2 Switch config pmap c match ip dscp 2 Switch config pmap c service policy port plcmap 1 Switch config pmap exit Switch config pmap class map cm 3 Switch config pmap c match ip dscp 3 Switch config pmap c service policy port plcmap 2 Switch config pmap exit Switch c...

Page 370: ...dence in the switch configuration The set command is mutually exclusive with the trust policy map class configuration command within the same policy map For the set dscp new dscp or the set ip precedence new precedence command you can enter a mnemonic name for a commonly used value For example you can enter the set dscp af11 command which is the same as entering the set dscp 10 command You can ent...

Page 371: ...pmap exit You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description class Defines a traffic classification match criteria through the police set and trust policy map class configuration commands for the specified class map name police Defines a policer for classified traffic policy map Creates or modifies a policy map that can be atta...

Page 372: ...and facility or the configure privileged EXEC command Help text is provided for each prompt To access help text press the question mark key at a prompt To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog press Ctrl C When you complete your changes the setup program shows you the configuration command script that was crea...

Page 373: ...ic Current interface summary Any interface listed with OK value NO does not have a valid configuration Interface IP Address OK Method Status Protocol Vlan1 172 20 135 202 YES NVRAM up up GigabitEthernet0 1 unassigned YES unset up up GigabitEthernet0 2 unassigned YES unset up down output truncated Port channel1 unassigned YES unset up down Enter interface name used to connect to the management netw...

Page 374: ...ck to the setup without saving this config 2 Save this configuration to nvram and exit Enter your selection 2 Related Commands Command Description show running config Displays the running configuration on the switch For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands show version Displays ...

Page 375: ...Mode button start blinking If you press the Mode button for a total of 10 seconds the switch configuration is deleted and the switch reboots The switch can then be configured like a new switch either through the web based Express Setup program or the CLI based setup program Note As soon as you make any change to the switch configuration including entering no at the beginning of the CLI based setup...

Page 376: ...igured switch the mode LEDs begin blinking after 2 seconds and turn solid green after 10 seconds Caution If you hold the Mode button down for a total of 10 seconds the configuration is deleted and the switch reboots This example shows how to disable Express Setup mode Switch config no setup express You can verify that Express Setup mode is disabled by pressing the Mode button The mode LEDs do not ...

Page 377: ...is command also displays the MAC ACLs that are configured Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed name Optional Name of the ACL number Optional ACL number The range is 1 to 2699 hardware counters Optional Display global hardware ACL statistics for switched and routed packe...

Page 378: ...any 70 permit ip host 10 99 75 128 any 80 permit ip host 10 38 49 0 any This is an example of output from the show access lists hardware counters command Switch show access lists hardware counters L2 ACL INPUT Statistics Drop All frame count 855 Drop All bytes count 94143 Drop And Log All frame count 0 Drop And Log All bytes count 0 Bridge Only All frame count 0 Bridge Only All bytes count 0 Bridg...

Page 379: ...rop And Log All bytes count 0 Bridge Only All frame count 0 Bridge Only All bytes count 0 Bridge Only And Log All frame count 0 Bridge Only And Log All bytes count 0 Forwarding To CPU All frame count 0 Forwarding To CPU All bytes count 0 Forwarded All frame count 514434 Forwarded All bytes count 39048748 Forwarded And Log All frame count 0 Forwarded And Log All bytes count 0 Related Commands Comma...

Page 380: ...of the download Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples These are examples of output from the show archive status command Switch show archive status IDLE No upgrade in progress Switch show archive status LOADING Upgrade in progress Switch show archive status EXTRA...

Page 381: ...put from the show arp access list command Switch show arp access list ARP access list rose permit ip 10 101 1 1 0 0 0 255 mac any permit ip 20 3 1 0 0 0 0 255 mac any Related Commands acl name Optional Name of the ACL begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that match the expression include Optional Display includes lines that...

Page 382: ...n each interface The show auto qos interface interface id command output shows the auto QoS command entered on a specific interface Use the show running config privileged EXEC command to display the auto QoS configuration and the user modifications To display information about the QoS configuration that might be affected by auto QoS use one of these commands show mls qos show mls qos maps cos dscp...

Page 383: ...srr queue input dscp map queue 1 threshold 2 9 10 11 12 13 14 15 mls qos srr queue input dscp map queue 1 threshold 3 0 1 2 3 4 5 6 7 mls qos srr queue input dscp map queue 1 threshold 3 32 mls qos srr queue input dscp map queue 2 threshold 1 16 17 18 19 20 21 22 23 mls qos srr queue input dscp map queue 2 threshold 2 33 34 35 36 37 38 39 48 mls qos srr queue input dscp map queue 2 threshold 2 49 ...

Page 384: ...000 8000 exceed action policed dscp transmit class AutoQoS VoIP Control Trust set dscp cs3 police 32000 8000 exceed action policed dscp transmit interface GigabitEthernet0 4 switchport mode access switchport port security maximum 400 service policy input AutoQoS Police SoftPhone speed 100 duplex half srr queue bandwidth share 10 10 60 20 srr queue bandwidth shape 10 0 0 0 auto qos voip cisco softp...

Page 385: ... auto qos voip cisco phone These are examples of output from the show auto qos command when auto QoS is disabled on the switch Switch show auto qos AutoQoS not enabled on any interface These are examples of output from the show auto qos interface interface id command when auto QoS is disabled on an interface Switch show auto qos interface gigabitethernet0 1 AutoQoS is disabled Related Commands Com...

Page 386: ...ayed Examples This is an example of output from the show boot command Table 2 17 describes each field in the display Switch show boot BOOT path list flash c3560 ipservices mz 122 25 SEB c3560 ipservices mz 122 25 SEB bin Config file flash config text Private Config file flash private config Enable Break no Manual Boot yes HELPER path list NVRAM Config file buffer size 32768 begin Optional Display ...

Page 387: ...ing is enabled or disabled If it is set to yes on or 1 you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized Manual Boot Displays whether the switch automatically or manually boots If it is set to no or 0 the boot loader attempts to automatically boot the system If it is set to anything else you must manually boot the switc...

Page 388: ...at contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show cable diagnostics tdr interface interface id command on a switch other than a Catalyst 3560G 24PS or 3560G 48PS switch Switch show cable diagnostics tdr interface gigabitethernet0 2 TDR test last run on March 01 20 15 40 Interface Speed Local pair Pair length Remote pair Pai...

Page 389: ... not running Switch show cable diagnostics tdr interface gigabitethernet0 2 TDR test was never issued on Gi0 2 If an interface does not support TDR this message appears TDR test is not supported on switch 1 Table 2 18 Fields Descriptions for the show cable diagnostics tdr Command Output Field Description Interface Interface on which TDR was run Speed Speed of connection Local pair Name of the pair...

Page 390: ...560 Switch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands show cable diagnostics tdr Related Commands Command Description test cable diagnostics tdr Enables and runs TDR on an interface ...

Page 391: ...command Switch show class map Class Map match all videowizard_10 10 10 10 id 2 Match access group name videowizard_10 10 10 10 Class Map match any class default id 0 Match any Class Map match all dscp5 id 3 Match ip dscp 5 Related Commands class map name Optional Display the contents of the specified class map begin Optional Display begins with the line that matches the expression exclude Optional...

Page 392: ...r status and time since the status changed If redundancy is enabled it displays the primary and secondary command switch information Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples This is an example of output when the show cluster command is entered on the active cluster...

Page 393: ...luster command is entered on the cluster command switch that has lost connectivity with member 1 Switch show cluster Command switch for cluster Ajang Total number of members 7 Status 1 members are unreachable Time since last status change 0 days 0 hours 5 minutes Redundancy Disabled Heartbeat interval 8 Heartbeat hold time 80 Extended discovery hop count 3 This is an example of output when the sho...

Page 394: ...ssions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples This is an example of output from the show cluster candidates command Switch show cluster candidates Upstream MAC Address Name Device Type PortIf FEC Hops SN PortIf FEC 00d0 7961 c4c0 StLouis 2 WS C3560 12T Gi0 1 2 1 Fa0 11 00d0 ...

Page 395: ...Fa2 1 FEC number Upstream port Fa0 24 FEC Number Hops from cluster edge 3 Hops from command device This is an example of output from the show cluster candidates detail command Switch show cluster candidates detail Device Tahiti 12 with mac address number 00d0 7961 c4c0 Device type cisco WS C3512 XL Upstream MAC address 00d0 796d 2f00 Cluster Member 1 Local port Fa0 3 FEC number Upstream port Fa0 1...

Page 396: ... PortIf FEC Hops SN PortIf FEC State 0 0002 4b29 2e00 StLouis1 0 Up Cmdr 1 0030 946c d740 tal switch 1 Fa0 13 1 0 Gi0 1 Up 2 0002 b922 7180 nms 2820 10 0 2 1 Fa0 18 Up 3 0002 4b29 4400 SanJuan2 Gi0 1 2 1 Fa0 11 Up 4 0002 4b28 c480 GenieTest Gi0 2 2 1 Fa0 9 Up This is an example of output from the show cluster members for cluster member 3 Switch show cluster members 3 Device SanJuan2 with member nu...

Page 397: ...40 Cluster member 1 Local port 10 FEC number 0 Upstream port Fa0 18 FEC Number Hops from command device 2 Device SanJuan2 with member number 3 Device type cisco WS C3560 MAC address 0002 4b29 4400 Upstream MAC address 0030 946c d740 Cluster member 1 Local port Gi0 1 FEC number Upstream port Fa0 11 FEC Number Hops from command device 2 Device GenieTest with member number 4 Device type cisco SeaHors...

Page 398: ...utput are not displayed but the lines that contain Output are displayed Examples This is a partial output example from the show controllers cpu interface command Switch show controllers cpu interface cpu queue frames retrieved dropped invalid hol block rpc 4523063 0 0 0 stp 1545035 0 0 0 ipc 1903047 0 0 0 routing protocol 96145 0 0 0 L2 protocol 79596 0 0 0 remote console 0 0 0 0 sw forwarding 575...

Page 399: ...0 ReadPtr 038C2C38 WritePtrs 038C2C38 Fifo_Flag 8A800800 Weights 001E001E Fifo1 StartPtr 03A9BC00 ReadPtr 03A9BC60 WritePtrs 03A9BC60 Fifo_Flag 89800400 writeHeaderPtr 03A9BC60 Fifo2 StartPtr 038C8800 ReadPtr 038C88E0 WritePtrs 038C88E0 Fifo_Flag 88800200 writeHeaderPtr 038C88E0 Fifo3 StartPtr 03C30400 ReadPtr 03C30638 WritePtrs 03C30638 Fifo_Flag 89800400 writeHeaderPtr 03C30638 Fifo4 StartPtr 03...

Page 400: ...ical support representatives troubleshooting the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed interface id The physical interface including type module and port number phy Optional Display the status of the internal registers on the switch physical layer device PHY for t...

Page 401: ...mes 0 Excessive collisions 0 Late collisions 0 Invalid frames too large 0 VLAN discard frames 0 Valid frames too large 0 Excess defer frames 0 Invalid frames too small 0 64 byte frames 0 Valid frames too small 0 127 byte frames 0 255 byte frames 0 Too old frames 0 511 byte frames 0 Valid oversize frames 0 1023 byte frames 0 System FCS error frames 0 1518 byte frames 0 RxPortFifoFull drop frame 0 T...

Page 402: ...ent VLAN discard frames The number of frames dropped on an interface because the CFI1 bit is set Excess defer frames The number of frames that are not sent after the time exceeds the maximum packet time 64 byte frames The total number of frames sent on an interface that are 64 bytes 127 byte frames The total number of frames sent on an interface that are from 65 to 127 bytes 255 byte frames The to...

Page 403: ... of frames that are from 128 to 255 bytes 256 to 511 byte frames The total number of frames that are from 256 to 511 bytes 512 to 1023 byte frames The total number of frames that are from 512 to 1023 bytes 1024 to 1518 byte frames The total number of frames that are from 1024 to 1518 bytes Overrun frames The total number of overrun frames received on an interface Pause frames The number of pause f...

Page 404: ...00 Reserved Register 1 0000 0000 0000 0000 Global Status 0000 0000 0000 0000 LED Control 0100 0001 0000 0000 Manual LED Override 0000 1000 0010 1010 Extended PHY Specific Control 0000 0000 0001 1010 Disable Receiver 1 0000 0000 0000 1011 Disable Receiver 2 1000 0000 0000 0100 Extended PHY Specific Status 1000 0100 1000 0000 Auto MDIX On AdminState 1 Flags 0x00052248 This is an example of output fr...

Page 405: ...trolStatus 18E418E0 stackControlStatusMask FFFFFFFF TransmitBufferFreeListInfo 00000854 00000800 00000FF8 00000000 0000088A 0000085D 00000FF8 00000000 TransmitRingFifoInfo 00000016 00000016 40000000 00000000 0000000C 0000000C 40000000 00000000 TransmitBufferInfo 00012000 00000FFF 00000000 00000030 TransmitBufferCommonCount 00000F7A TransmitBufferCommonCountPeak 0000001E TransmitBufferCommonCommonE...

Page 406: ...Bandwidth Drop Cou 0 Rx Invalid Too Large Frames 0 TxQueue Bandwidth Drop Coun 0 Rx Invalid Too Large Frames 0 TxQueue Missed Drop Statist 0 Rx Invalid Too Small Frames 74 RxBuffer Drop DestIndex Cou 0 Rx Too Old Frames 0 SneakQueue Drop Count 0 Tx Too Old Frames 0 Learning Queue Overflow Fra 0 System Fcs Error Frames 0 Learning Cam Skip Count 15 Sup Queue 0 Drop Frames 0 Sup Queue 8 Drop Frames 0...

Page 407: ...than 0 to 1 the switches provides no output Though visible on all switches this command is valid only for PoE switches It provides no information for switches that do not support PoE The output provides information that might be useful for Cisco technical support representatives troubleshooting the switch Expressions are case sensitive For example if you enter exclude output the lines that contain...

Page 408: ...s 0x42 output truncated This is an example of output from the show controllers power inline command on a Catalyst 3560G 24PS switch Switch show controllers power inline Alchemy instance 0 address 0 Pending event flag N N N N N N N N N N N N Current State 00 05 10 51 61 11 Current Event 00 01 00 10 40 00 Timers 00 C5 57 03 12 20 04 B2 05 06 07 07 Error State 00 00 00 00 10 00 Error Code 00 00 00 00...

Page 409: ...tput the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show controllers tcam command Switch show controllers tcam TCAM 0 Registers REV 00B30103 SIZE 00080040 ID 00000000 CCR 00000000_F0000020 RPID0 00000000_00000000 RPID1 00000000_00000000 RPID2 00000000_00000000 RPID3 00000000_00000000 asic Optional Display port ASI...

Page 410: ...3 FF_FFFFFFFF_FFFFFFFF TCAM related PortASIC 1 registers LookupType 89A1C67D_24E35F00 LastCamIndex 0000FFE0 LocalNoMatch 000069E0 ForwardingRamBaseAddress 00022A00 0002FE00 00040600 0002FE00 0000D400 00000000 003FBA00 00009000 00009000 00040600 00000000 00012800 00012900 Related Commands Command Description show controllers cpu interface Displays the state of the CPU network ASIC and send and rece...

Page 411: ...ive Utilization Transmit Utilization Fa0 1 0 0 Fa0 2 0 0 Fa0 3 0 0 Fa0 4 0 0 Fa0 5 0 0 Fa0 6 0 0 Fa0 7 0 0 output truncated output truncated Switch Receive Bandwidth Percentage Utilization 0 Switch Transmit Bandwidth Percentage Utilization 0 Switch Fabric Percentage Utilization 0 This is an example of output from the show controllers utilization command on a specific port Switch show controllers g...

Page 412: ... switch which is the sum of the received traffic on all the ports divided by the switch receive capacity Transmit Bandwidth Percentage Utilization Displays the transmitted bandwidth usage of the switch which is the sum of the transmitted traffic on all the ports divided it by the switch transmit capacity Fabric Percentage Utilization Displays the average of the transmitted and received bandwidth u...

Page 413: ...dot1q tunnel mode LAN Port s Gi0 1 Gi0 2 Gi0 3 Gi0 6 Po2 Switch show dot1q tunnel interface gigabitethernet0 1 dot1q tunnel mode LAN Port s Gi0 1 Related Commands interface interface id Optional Specify the interface for which to display IEEE 802 1Q tunneling information Valid interfaces include physical ports and port channels begin Optional Display begins with the line that matches the expressio...

Page 414: ...put from the show dot1x and the show dot1x all privileged EXEC commands Switch show dot1x Sysauthcontrol Disabled Supplicant Allowed In Guest Vlan Disabled Dot1x Protocol Version 1 802 1X AAA Server Status Alive all Optional Display the IEEE 802 1x status for all ports interface interface id Optional Display the IEEE 802 1x status for the specified port including type module and port number statis...

Page 415: ...hSM State AUTHENTICATED AUTH FAIL VLAN BendSM State IDLE Posture N A PortStatus AUTHORIZED AUTH FAIL VLAN MaxReq 2 MaxAuthReq 2 HostMode Single PortControl Auto ControlDirection Both QuietPeriod 10 Seconds Re authentication Disabled ReAuthPeriod 3600 Seconds ServerTimeout 30 Seconds SuppTimeout 30 Seconds TxPeriod 10 Seconds Guest Vlan 3 AuthFail Vlan 4 AuthFail Max Attempts 3 This is an example o...

Page 416: ...HostMode Single PortControl Auto ControlDirection Both QuietPeriod 60 Seconds Re authentication Enabled ReAuthPeriod 3600 Seconds ServerTimeout 30 Seconds SuppTimeout 30 Seconds TxPeriod 30 Seconds Guest Vlan 0 AuthFail Vlan 1001 AuthFail Max Attempts 3 Critical Port Enabled This is an example of output from the show dot1x interface interface id privileged EXEC command when a restricted VLAN is co...

Page 417: ...ther than request identity frames that have been sent TxTotal Number of Extensible Authentication Protocol over LAN EAPOL frames of any type that have been sent RxStart Number of valid EAPOL start frames that have been received RxLogoff Number of EAPOL logoff frames that have been received RxRespId Number of EAP response identity frames that have been received RxResp Number of valid EAP response f...

Page 418: ...m the show dtp interface command Switch show dtp interface gigabitethernet0 1 DTP information for GigabitEthernet0 1 TOS TAS TNS ACCESS AUTO ACCESS TOT TAT TNT NATIVE NEGOTIATE NATIVE Neighbor address 1 000943A7D081 Neighbor address 2 000000000000 Hello timer expiration sec state 1 RUNNING Access timer expiration sec state never STOPPED Negotiation timer expiration sec state never STOPPED Multidro...

Page 419: ...ckets dropped 0 nonegotiate 0 bad version 0 domain mismatches 0 bad TLVs 0 other 6320 packets output 6320 good 3160 native 3160 software encap isl 0 isl hardware native 0 output errors 0 trunk timeouts 1 link ups last link up on Mon Mar 01 1993 01 02 29 0 link downs Related Commands Command Description show interfaces trunk Displays interface trunking information ...

Page 420: ...show env all command on this switch the command output is the same as the show env temperature status command output For more information about the threshold levels see the software configuration guide for this release Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed all Display bo...

Page 421: ...the threshold values Table 2 23 describes the temperature states in the command output Switch show env temperature status Temperature Value 28 Degree Celsius Temperature State GREEN Yellow Threshold 70 Degree Celsius Red Threshold 75 Degree Celsius Table 2 23 States in the show env temperature status Command Output State Description Green The switch temperature is in the normal operating range Yel...

Page 422: ... from the show errdisable detect command Switch show errdisable detect ErrDisable Reason Detection status udld Enabled bpduguard Enabled security violatio Enabled channel misconfig Enabled psecure violation Enabled vmps Enabled loopback Enabled pagp flap Enabled dtp flap Enabled l2ptguard Enabled link flap Enabled gbic invalid Enabled dhcp rate limit Enabled unicast flood Enabled storm control Ena...

Page 423: ...d Description errdisable detect cause Enables error disabled detection for a specific cause or all causes show errdisable flap values Displays error condition recognition information show errdisable recovery Displays error disabled recovery timer information show interfaces status Displays interface status or a list of interfaces in error disabled state ...

Page 424: ...runk or Port Aggregation Protocol PAgP flap changes occur during a 30 second interval or if 5 link state link up down changes occur during a 10 second interval ErrDisable Reason Flaps Time sec pagp flap 3 30 dtp flap 3 30 link flap 5 10 Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displa...

Page 425: ...ds Command Description errdisable detect cause Enables error disabled detection for a specific cause or all causes show errdisable detect Displays error disabled detection status show errdisable recovery Displays error disabled recovery timer information show interfaces status Displays interface status or a list of interfaces in error disabled state ...

Page 426: ...ontain Output are displayed Examples This is an example of output from the show errdisable recovery command Switch show errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Disabled security violatio Disabled channel misconfig Disabled vmps Disabled pagp flap Disabled dtp flap Disabled link flap Enabled l2ptguard Disabled psecure violation Disabled gbic invalid Disabled dhcp ...

Page 427: ...ime left sec Gi0 2 link flap 279 Note Though visible in the output the unicast flood field is not valid Related Commands Command Description errdisable recovery Configures the recover mechanism variables show errdisable detect Displays error disabled detection status show errdisable flap values Displays error condition recognition information show interfaces status Displays interface status or a l...

Page 428: ...ions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed channel group number Optional Number of the channel group The range is 1 to 48 detail Display detailed EtherChannel information load balance Display the load balance or frame distribution scheme among ports in the port channel port Display ...

Page 429: ...Protocol LACP Flags S Device is sending Slow LACPDUs F Device is sending fast LACPDU A Device is in active mode P Device is in passive mode Local information LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi0 1 SA bndl 32768 0x0 0x1 0x0 0x3D Age of the port in the current state 01d 20h 06m 04s Port channels in the group Port channel Po1 Primary Aggregator Age of the ...

Page 430: ...and Switch show etherchannel 1 port channel Port channels in the group Port channel Po1 Primary Aggregator Age of the Port channel 01d 20h 24m 50s Logical slot port 10 1 Number of ports 2 HotStandBy port null Port state Port channel Ag Inuse Protocol LACP Ports in the Port channel Index Load Port EC state No of bits 0 00 Gi0 1 Active 0 0 00 Gi0 2 Active 0 Time since last port bundled 01d 20h 24m 4...

Page 431: ...exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show flowcontrol command Switch show flowcontrol Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper Gi0 1 Unsupp Unsupp off off 0 0 Gi0 2 desired off off off 0 0 Gi0 3 desired off off off 0 0 output truncated interface inter...

Page 432: ... an example of output from the show flowcontrol interface interface id command Switch show flowcontrol gigabitethernet0 2 Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper Gi0 2 desired off off off 0 0 Related Commands Command Description flowcontrol Sets the receive flow control state for an interface ...

Page 433: ...vailable if you entered a specific interface ID counters Optional See the show interfaces counters command description Optional Display the administrative status and description set for an interface etherchannel Optional Display interface EtherChannel information flowcontrol Optional Display interface flowcontrol information private vlan mapping Optional Display private VLAN mapping information fo...

Page 434: ...he show interface switchport module 1 to display the switch port characteristics of all interfaces on the switch Entering any other number is invalid Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed trunk Display interface trunk information If you do not specify an interface only i...

Page 435: ...1040 bytes 0 no buffer Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 watchdog 0 multicast 0 pause input 0 input packets with dribble condition detected 4 packets output 1040 bytes 0 underruns 0 output errors 0 collisions 3 interface resets 0 babbles 0 late collision 0 deferred 0 lost carrier 0 no carrier 0 PAUSE output 0 output buffer failure...

Page 436: ...how interfaces interface description command when the interface has been described as Connects to Marketing by using the description interface configuration command Switch show interfaces gigabitethernet0 2 description Interface Status Protocol Description Gi0 2 up down Connects to Marketing This is an example of output from the show interfaces etherchannel command when port channels are configure...

Page 437: ...ch show interfaces status Port Name Status Vlan Duplex Speed Type Fa0 1 connected routed a half a 100 10 100BaseTX Fa0 2 notconnect 121 40 auto auto 10 100BaseTX Fa0 3 notconnect 1 auto auto 10 100BaseTX Fa0 4 notconnect 18 auto auto Not Present Fa0 5 connected 121 a full a 1000 10 100BaseTX Fa0 6 connected 122 11 a full a 1000 10 100BaseTX output truncated Gi0 1 notconnect 1 auto auto 10 100 1000...

Page 438: ... vlan trunk normal VLANs none Administrative private vlan trunk private VLANs none Operational private vlan none Trunking VLANs Enabled ALL Pruning VLANs Enabled 2 1001 Capture Mode Disabled Capture VLANs Allowed ALL Protected false Unknown unicast blocked disabled Unknown multicast blocked disabled Voice VLAN none Inactive Appliance trust none Table 2 24 show interfaces switchport Field Descripti...

Page 439: ...strative private vlan trunk private VLANs none Operational private vlan 20 VLAN0020 25 VLAN0025 30 VLAN0030 35 VLAN0035 output truncated This is an example of output from the show interfaces switchport backup command Switch show interfaces switchport backup Switch Backup Interface Pairs Active Interface Backup Interface State Fa0 1 Fa0 2 Active Up Backup Standby Fa0 3 Fa0 5 Active Down Backup Up P...

Page 440: ...interfaces gigabitethernet0 1 trunk Port Mode Encapsulation Status Native vlan Gi0 1 auto negotiate trunking 1 Port Vlans allowed on trunk Gi0 1 1 4094 Port Vlans allowed and active in management domain Gi0 1 1 4 Port Vlans in spanning tree forwarding state and not pruned Gi0 1 1 4 This is an example of output from the show interfaces interface id transceiver properties command Switch show interfa...

Page 441: ...m High Warn Low Warn Low Alarm Temperature Threshold Threshold Threshold Threshold Port Celsius Celsius Celsius Celsius Celsius Gi0 3 41 5 110 0 103 0 8 0 12 0 High Alarm High Warn Low Warn Low Alarm Voltage Threshold Threshold Threshold Threshold Port Volts Volts Volts Volts Volts Gi0 3 3 20 4 00 3 70 3 00 2 95 High Alarm High Warn Low Warn Low Alarm Current Threshold Threshold Threshold Threshol...

Page 442: ...ex Links a pair of Layer 2 interfaces that provide mutual backup switchport mode Configures the VLAN membership mode of a port switchport mode private vlan Configures a port as a private VLAN host or a promiscuous port switchport private vlan Defines private VLAN association for a host port or private VLAN mapping for a promiscuous port switchport protected Isolates unicast multicast and broadcast...

Page 443: ... lines that contain output are not displayed but the lines that contain Output are displayed interface id Optional ID of the physical interface including type module and port number errors Optional Display error counters etherchannel Optional Display EtherChannel counters including octets broadcast packets multicast packets and unicast packets received and sent protocol status Optional Display sta...

Page 444: ... IP ARP Vlan50 Other IP ARP Vlan60 Other IP ARP Vlan70 Other IP ARP Vlan80 Other IP ARP Vlan90 Other IP ARP Vlan900 Other IP ARP Vlan3000 Other IP Vlan3500 Other IP FastEthernet0 1 Other IP ARP CDP FastEthernet0 2 Other IP FastEthernet0 3 Other IP FastEthernet0 4 Other IP FastEthernet0 5 Other IP FastEthernet0 6 Other IP FastEthernet0 7 Other IP FastEthernet0 8 Other IP FastEthernet0 9 Other IP Fa...

Page 445: ...ars when you enter the show inventory command Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples This is example output from the show inventory command Switch show inventory NAME 1 DESCR WS C3560G 48PS PID WS C3560G 48PS S VID 01 SN FOC0916U0BT entity name Optional Display t...

Page 446: ...al Display statistics for forwarded dropped MAC validation failure IP validation failure access control list ACL permitted and denied and DHCP permitted and denied packets for the specified VLAN If no VLANs are specified or if a range is specified display information only for VLANs with dynamic ARP inspection enabled active You can specify a single VLAN identified by VLAN ID number a range of VLAN...

Page 447: ...00 d673 192 2 10 4 5 DHCP Deny 19 39 01 UTC Mon Mar 1 1993 Gi0 1 5 0001 0000 d774 128 1 9 25 6 DHCP Deny 19 39 02 UTC Mon Mar 1 1993 Gi0 1 5 0001 c940 1111 10 10 10 1 7 DHCP Deny 19 39 03 UTC Mon Mar 1 1993 Gi0 1 5 0001 c940 1112 10 10 10 2 8 DHCP Deny 19 39 04 UTC Mon Mar 1 1993 Gi0 1 5 0001 c940 1114 173 1 1 1 10 DHCP Deny 19 39 06 UTC Mon Mar 1 1993 Gi0 1 5 0001 c940 1115 173 1 1 2 11 DHCP Deny...

Page 448: ...n Forwarded Dropped DHCP Drops ACL Drops 5 3 4618 4605 4 Vlan DHCP Permits ACL Permits Source MAC Failures 5 0 12 0 Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data 5 0 9 3 This is an example of output from the show ip arp inspection vlan 5 command It shows the configuration and the operating state of dynamic ARP inspection for VLAN 5 Switch show ip arp inspection vlan 5 Source ...

Page 449: ...ooping command Switch show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs 40 42 Insertion of option 82 is enabled Option 82 on untrusted port is allowed Verification of hwaddr field is enabled Interface Trusted Rate limit pps GigabitEthernet0 1 yes unlimited GigabitEthernet0 2 yes unlimited Related Commands begin Optional Display begins with the lin...

Page 450: ...ings Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This example shows how to display the DHCP snooping binding entries for a switch Switch show ip dhcp snooping binding MacAddress IpAddress Lease sec Type VLAN Interface 01 02 03 04 05 06 10 1 2 150 9837 dhcp snooping 20 GigabitEth...

Page 451: ...s example shows how to display the DHCP snooping binding entries on VLAN 20 Switch show ip dhcp snooping binding vlan 20 MacAddress IpAddress Lease sec Type VLAN Interface 01 02 03 04 05 06 10 1 2 150 9747 dhcp snooping 20 GigabitEthernet0 1 00 00 00 00 00 02 10 1 2 151 65 dhcp snooping 20 GigabitEthernet0 2 Total number of bindings 2 Table 2 25 describes the fields in the show ip dhcp snooping bi...

Page 452: ...nd Switch show ip dhcp snooping database Agent URL Write delay Timer 300 seconds Abort Timer 300 seconds Agent Running No Delay Timer Expiry Not Running Abort Timer Expiry Not Running Last Succeded Time None Last Failed Time None Last Failed Reason No failure recorded Total Attempts 0 Startup Failures 0 Successful Transfers 0 Failed Transfers 0 Successful Reads 0 Failed Reads 0 Successful Writes 0...

Page 453: ...le to access URL Total Attempts 21 Startup Failures 0 Successful Transfers 0 Failed Transfers 21 Successful Reads 0 Failed Reads 0 Successful Writes 0 Failed Writes 21 Media Failures 0 First successful access Read Last ignored bindings counters Binding Collisions 0 Expired leases 0 Invalid interfaces 0 Unsupported vlans 0 Parse failures 0 Last Ignored Time None Total ignored bindings counters Bind...

Page 454: ...thout specifying a profile number If no profile number is entered the display includes all profiles configured on the switch Switch show ip igmp profile 40 IGMP Profile 40 permit range 233 1 1 1 233 255 255 255 Switch show ip igmp profile IGMP Profile 3 range 230 9 9 0 230 9 9 0 IGMP Profile 4 permit range 229 9 9 0 229 255 255 255 Related Commands profile number Optional The IGMP profile number t...

Page 455: ...example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear groups Optional See the show ip igmp snooping groups command mrouter Optional See the show ip igmp snooping mrouter command querier Optional See the show ip igmp snooping querier command vlan vlan id Optional Specify a VLAN the range is 1 to 1001 and 1006 to 4094 available only ...

Page 456: ...P interoperability mode IGMP_ONLY Last member query interval 100 This is an example of output from the show ip igmp snooping command It displays snooping characteristics for all VLANs on the switch Switch show ip igmp snooping Global IGMP Snooping configuration IGMP snooping Enabled IGMPv3 snooping minimal Enabled Report suppression Enabled TCN solicit query Disabled TCN flood query count 2 Last m...

Page 457: ... ip igmp snooping tcn flood Specifies multicast flooding as the IGMP spanning tree topology change notification behavior ip igmp snooping vlan immediate leave Enables IGMP snooping immediate leave processing on a VLAN ip igmp snooping vlan mrouter Adds a multicast router port or configures the multicast learning method ip igmp snooping vlan static Statically adds a Layer 2 port as a member of a mu...

Page 458: ...o 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear count Optional Display the total number of entries for the specified command options instead of the actual entries dynamic Optional Display entries learned by...

Page 459: ...ntries learned by IGMP snooping Switch show ip igmp snooping groups vlan 1 dynamic Vlan Group Type Version Port List 104 224 1 4 2 igmp v2 Gi0 1 Fa0 15 104 224 1 4 3 igmp v2 Gi0 1 Fa0 15 This is an example of output from the show ip igmp snooping groups vlan vlan id ip address command It shows the entries for the group with the specified IP address Switch show ip igmp snooping groups vlan 104 224 ...

Page 460: ...nooping When multicast VLAN registration MVR is enabled the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show ip igmp snooping mrout...

Page 461: ...IGMP snooping on the switch or on a VLAN ip igmp snooping vlan mrouter Adds a multicast router port ip igmp snooping vlan static Statically adds a Layer 2 port as a member of a multicast group show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN show ip igmp snooping groups Displays IGMP snooping multicast information for the switch or for the specified paramete...

Page 462: ...erier is learned in the Port field The show ip igmp snooping querier detail user EXEC command is similar to the show ip igmp snooping querier command However the show ip igmp snooping querier command displays only the device IP address most recently detected by the switch querier The show ip igmp snooping querier detail command displays the device IP address most recently detected by the switch qu...

Page 463: ...version 2 source IP address 0 0 0 0 query interval sec 60 max response time sec 10 querier timeout sec 120 tcn query count 2 tcn query interval sec 10 Vlan 1 IGMP switch querier status elected querier is 1 1 1 1 on port Fa0 1 admin state Enabled admin version 2 source IP address 10 1 1 65 query interval sec 60 max response time sec 10 querier timeout sec 120 tcn query count 2 tcn query interval se...

Page 464: ...ontain output do not appear but the lines that contain Output appear Examples This is an example of output from the show ip source binding command Switch show ip source binding MacAddress IpAddress Lease sec Type VLAN Interface 00 00 00 0A 00 0B 11 0 0 1 infinite static 10 GigabitEthernet0 1 00 00 00 0A 00 0A 11 0 0 2 10000 dhcp snooping 10 GigabitEthernet0 1 ip address Optional Display IP source ...

Page 465: ...5 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands show ip source binding Related Commands Command Description ip dhcp snooping binding Configures the DHCP snooping binding database ip source binding Configures static IP source bindings on the switch ...

Page 466: ...cd 11 gi0 4 ip mac active deny all deny all 12 20 gi0 5 ip mac active 10 0 0 3 permit all 10 gi0 5 ip mac active deny all permit all 11 20 In the previous example this is the IP source guard configuration On the Gigabit Ethernet 0 1 interface DHCP snooping is enabled on VLANs 10 to 20 For VLAN 10 IP source guard with IP address filtering is configured on the interface and a binding exists on the i...

Page 467: ...face for the VLANs on which IP source guard is not configured On the Gigabit Ethernet 0 5 interface IP source guard with source IP and MAC address filtering is enabled and configured with a static IP binding but port security is disabled The switch cannot filter source MAC addresses This is an example of output on an interface on which IP source guard is disabled Switch show ip verify source gigab...

Page 468: ... Display the IPC remote procedure statistics session all rx tx Display the IPC session statistics available only in privileged EXEC mode The keywords have these meanings all Display all the session statistics rx Display the sessions statistics for traffic that the switch receives tx Display the sessions statistics for traffic that the switch forwards verbose Optional Display detailed statistics av...

Page 469: ...0 Total Timeouts 0 Total OOB Retries 0 Total OOB Timeouts 0 Total flushes 0 Total No ports 0 This example shows how to display the participating nodes Switch show ipc nodes There is 1 node in this IPC realm ID Type Name Last Last Sent Heard 10000 Local IPC Master 0 0 This example shows how to display the local IPC ports Switch show ipc ports There are 8 ports defined Port ID Type Name current peak...

Page 470: ...ently in use 0 There are 2 messages currently reserved for reply msg Inbound message queue depth 0 Zone inbound message queue depth 0 This example shows how to display all the IPC session statistics Switch show ipc session all Tx Sessions Port ID Type Name 10000 7 Unicast MDFS RP Statistics port_index 0 type Unreliable last sent 0 last heard 0 Msgs requested 180 Msgs returned 180 10000 8 Unicast S...

Page 471: ...er Do not drop output of IPC frames for test purposes 1000 IPC Message Headers Cached Rx Side Tx Side Total Frames 12916 608 0 0 Total from Local Ports 13080 574 Total Protocol Control Frames 116 17 Total Frames Dropped 0 0 Service Usage Total via Unreliable Connection Less Service 12783 171 Total via Unreliable Sequenced Connection Less Svc 0 0 Total via Reliable Connection Oriented Service 17 11...

Page 472: ...IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Examples The following output from the show ipv6 access list command shows IPv6 access lists named inbound and outbound Router show ipv6 access list IPv6 access list inbound permit tcp any any eq bgp 8 matches sequence 10 permit tcp any any eq telnet 15 matches sequence 20 permit u...

Page 473: ... which an incoming packet is compared to lines in an access list Access list lines are ordered from first priority lowest number for example 10 to last priority highest number for example 80 Table 2 26 show ipv6 access list Field Descriptions continued Field Description Command Description clear ipv6 access list Resets the IPv6 access list match counters ipv6 access list Defines an IPv6 access lis...

Page 474: ...the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show ipv6 mld snooping vlan command It shows snooping characteristics for a specific VLAN Switch sh...

Page 475: ...ssion Enabled TCN solicit query Disabled TCN flood query count 2 Robustness variable 3 Last listener query count 2 Last listener query interval 1000 Vlan 1 MLD snooping Disabled MLDv1 immediate leave Disabled Explicit host tracking Enabled Multicast router learning mode pim dvmrp Robustness variable 1 Last listener query count 2 Last listener query interval 1000 output truncated Vlan 951 MLD snoop...

Page 476: ...learned Use the user keyword to display information only about groups that have been configured To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear...

Page 477: ...ple of output from the show snooping address count user EXEC command Switch show ipv6 mld snooping address count Total number of multicast groups 2 This is an example of output from the show snooping address user user EXEC command Switch show ipv6 mld snooping address user Vlan Group Type Version Port List 2 FF12 3 user v2 Fa0 2 Gi0 2 Gi0 1 Gi0 3 Related Commands Command Description ipv6 mld snoop...

Page 478: ...g and FDDI VLANs and cannot be used in MLD snooping To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from ...

Page 479: ...ecific VLAN Switch show ipv6 mld snooping mrouter vlan 100 Vlan ports 2 Gi0 11 dynamic Related Commands Command Description ipv6 mld snooping Enables and configures MLD snooping on the switch or on a VLAN ipv6 mld snooping vlan mrouter interface interface id static ipv6 multicast address interface interface id Configures multicast router ports for a VLAN sdm prefer Configures an SDM template to op...

Page 480: ...d as Router If the querier is a router the output shows the port number on which the querier is learned in the Port field The output of the show ipv6 mld snoop querier vlan command displays the information received in response to a query message from an external or internal querier It does not display user configured VLAN values such as the snooping robustness variable on the particular VLAN This ...

Page 481: ... of output from the show ipv6 mld snooping querier vlan command Switch show ipv6 mld snooping querier vlan 2 IP address FE80 201 C9FF FE40 6000 MLD version v1 Port Gi0 1 Max response time 1000s RelatedCommands2 Command Description ipv6 mld snooping Enables and configures IPv6 MLD snooping on the switch or on a VLAN ipv6 mld snooping last listener query count Configures the maximum number of querie...

Page 482: ...id command only information about the active ports on which all the parameters are configured appears If you enter the show l2protocol tunnel summary command only information about the active ports on which some or all of the parameters are configured appears Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contai...

Page 483: ...a0 4 pagp 1000 24249 242700 lacp 24256 242660 udld 0 897960 Gi0 1 cdp 134482 1344820 pagp 1000 0 242500 lacp 500 0 485320 udld 300 44899 448980 Gi0 2 cdp 134482 1344820 pagp 1000 0 242700 lacp 0 485220 udld 300 44899 448980 This is an example of output from the show l2protocol tunnel summary command Switch show l2protocol tunnel summary COS for Encapsulated Packets 5 Drop Threshold for Encapsulate...

Page 484: ...col tunnel Related Commands Command Description clear l2protocol tunnel counters Clears counters for protocol tunneling ports l2protocol tunnel Enables Layer 2 protocol tunneling for CDP STP or VTP packets on an interface l2protocol tunnel cos Configures a class of service CoS value for tunneled Layer 2 protocol packets ...

Page 485: ... for all keywords except sys id Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear channel group number Optional Number of the channel group The range is 1 to 48 counters Display traffic information internal Display internal information neighbor Display neighbor information sys id Display the s...

Page 486: ...s S Device is requesting Slow LACPDUs F Device is requesting Fast LACPDUs A Device is in Active mode P Device is in Passive mode Channel group 1 LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi0 1 SA bndl 32768 0x3 0x3 0x4 0x3D Gi0 2 SA bndl 32768 0x3 0x3 0x5 0x3D Table 2 27 show lacp counters Field Descriptions Field Description LACPDUs Sent and Recv The number of ...

Page 487: ... put ports s in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating Admin Key Administrative key assigned to this port LACP automatically generates an administrative key value as a hexadecimal number The administrative key defines the ability of a port to aggregate with other ports A port s ability to aggregate with other ports is determined by the ...

Page 488: ...68 0x3 0x3C Partner s information Partner Partner Partner Port System ID Port Number Age Flags Gi0 2 32768 0007 eb49 5e80 0xD 15s SP LACP Partner Partner Partner Port Priority Oper Key Port State 32768 0x3 0x3C This is an example of output from the show lacp sys id command Switch show lacp sys id 32765 0002 4b29 3a00 The system identification is made up of the system priority and the system MAC ad...

Page 489: ...erface GigabitEthernet0 1 Inbound access list is not set Interface GigabitEthernet0 2 Inbound access list is macl_e1 Interface GigabitEthernet0 3 Inbound access list is not set Interface GigabitEthernet0 4 Inbound access list is not set output truncated This is an example of output from the show mac access group interface gigabitethernet0 1 command Switch show mac access group interface gigabiteth...

Page 490: ...st 3560 Switch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands show mac access group Related Commands Command Description mac access group Applies a MAC access group to an interface ...

Page 491: ... of output from the show mac address table command Switch show mac address table Mac Address Table Vlan Mac Address Type Ports All 0000 0000 0001 STATIC CPU All 0000 0000 0002 STATIC CPU All 0000 0000 0003 STATIC CPU All 0000 0000 0009 STATIC CPU All 0000 0000 0012 STATIC CPU All 0180 c200 000b STATIC CPU All 0180 c200 000c STATIC CPU All 0180 c200 000d STATIC CPU All 0180 c200 000e STATIC CPU All...

Page 492: ...ll VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification setting...

Page 493: ...ample of output from the show mac address table address command Switch show mac address table address 0002 4b28 c482 Mac Address Table Vlan Mac Address Type Ports All 0002 4b28 c482 STATIC CPU Total Mac Addresses for this criterion 1 mac address Specify the 48 bit MAC address the valid format is H H H interface interface id Optional Display information for a specific interface Valid interfaces inc...

Page 494: ...es present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface show mac address table static Displays sta...

Page 495: ...ple if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mac address table aging time command Switch show mac address table aging time Vlan Aging Time 1 300 This is an example of output from the show mac address table aging time vlan 10 command Switch show mac address table aging time vl...

Page 496: ...fied MAC address show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification settings for all inte...

Page 497: ...e if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mac address table count command Switch show mac address table count Mac Entries for Vlan 1 Dynamic Address Count 2 Static Address Count 0 Total Mac Addresses 2 vlan vlan id Optional Display the number of addresses for a specific VLAN...

Page 498: ...ng time in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface show mac address table static Displays static...

Page 499: ...ac address table dynamic command Switch show mac address table dynamic Mac Address Table Vlan Mac Address Type Ports 1 0030 b635 7862 DYNAMIC Gi0 2 1 00b0 6496 2741 DYNAMIC Gi0 2 Total Mac Addresses for this criterion 2 address mac address Optional Specify a 48 bit MAC address the valid format is H H H available in privileged EXEC mode only interface interface id Optional Specify an interface to m...

Page 500: ... mac address table address Displays MAC address table information for the specified MAC address show mac address table aging time Displays the aging time in all VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table interface Displays the MAC address table information for the specified interface sh...

Page 501: ...ain Output appear Examples This is an example of output from the show mac address table interface command Switch show mac address table interface gigabitethernet0 2 Mac Address Table Vlan Mac Address Type Ports 1 0030 b635 7862 DYNAMIC Gi0 2 1 00b0 6496 2741 DYNAMIC Gi0 2 Total Mac Addresses for this criterion 2 interface id Specify an interface type valid interfaces include physical ports and por...

Page 502: ...ing time in all VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface show mac address table static Displays stat...

Page 503: ...ess table move update Switch ID 010b 4630 1780 Dst mac address 0180 c200 0010 Vlans Macs supported 1023 8320 Default Current settings Rcv Off On Xmt Off On Max packets per min Rcv 40 Xmt 60 Rcv packet count 10 Rcv conforming packet count 5 Rcv invalid packet count 0 Rcv packet count this min 0 Rcv threshold exceed count 0 Rcv last sequence this min 0 Rcv last interface Po2 Rcv last src mac address...

Page 504: ...witch Cisco IOS Commands show mac address table move update Related Commands Command Description clear mac address table move update Clears the MAC address table move update counters mac address table move update receive transmit Configures MAC address table move update on the switch ...

Page 505: ... table and the history table contents Use the interface keyword to display the flags for all interfaces If the interface id is included only the flags for that interface appear Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear interface Optional Display information for all interfaces Valid int...

Page 506: ...Operation Added Vlan 2 MAC Addr 0000 0000 0003 Module 0 Port 1 History Index 2 Entry Timestamp 1074254 Despatch Timestamp 1074254 MAC Changed Message Operation Deleted Vlan 2 MAC Addr 0000 0000 0000 Module 0 Port 1 Operation Deleted Vlan 2 MAC Addr 0000 0000 0001 Module 0 Port 1 Operation Deleted Vlan 2 MAC Addr 0000 0000 0002 Module 0 Port 1 Operation Deleted Vlan 2 MAC Addr 0000 0000 0003 Module...

Page 507: ...ines that contain output do not appear but the lines that contain Output appear address mac address Optional Specify a 48 bit MAC address the valid format is H H H available in privileged EXEC mode only interface interface id Optional Specify an interface to match valid interfaces include physical ports and port channels vlan vlan id Optional Display addresses for a specific VLAN The range is 1 to...

Page 508: ...C address table mac address table static drop Enables unicast MAC address filtering and configures the switch to drop traffic with a specific source or destination MAC address show mac address table address Displays MAC address table information for the specified MAC address show mac address table aging time Displays the aging time in all VLANs or the specified VLAN show mac address table count Di...

Page 509: ...e show mac address table vlan 1 command Switch show mac address table vlan 1 Mac Address Table Vlan Mac Address Type Ports 1 0100 0ccc cccc STATIC CPU 1 0180 c200 0000 STATIC CPU 1 0100 0ccc cccd STATIC CPU 1 0180 c200 0001 STATIC CPU 1 0180 c200 0002 STATIC CPU 1 0180 c200 0003 STATIC CPU 1 0180 c200 0005 STATIC CPU 1 0180 c200 0006 STATIC CPU 1 0180 c200 0007 STATIC CPU Total Mac Addresses for t...

Page 510: ...e in all VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification s...

Page 511: ...os command when QoS is enabled and Differentiated Services Code Point DSCP transparency is disabled Switch show mls qos QoS is enabled QoS ip packet dscp rewrite is disabled This is an example of output from the show mls qos command when QoS is enabled and DSCP transparency is enabled Switch show mls qos QoS is enabled QoS ip packet dscp rewrite is enabled Related Commands begin Optional Display b...

Page 512: ...the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mls qos aggregate policer command Switch show mls qos aggregate policer policer1 aggregate policer policer1 1000000 2000000 exceed action drop Not used by any policy map Related Commands aggregate policer name Optional Display the policer configuration for the sp...

Page 513: ...if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mls qos input queue command Switch show mls qos input queue Queue 1 2 buffers 90 10 bandwidth 4 4 priority 0 10 threshold1 100 100 threshold2 100 100 begin Optional Display begins with the line that matches the expression exclude Optio...

Page 514: ... queues mls qos srr queue input cos map Maps assigned class of service CoS values to an ingress queue and assigns CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps assigned Differentiated Services Code Point DSCP values to an ingress queue and assigns DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures the ingress priority ...

Page 515: ...interface id Optional Display QoS information for the specified port Valid interfaces include physical ports buffers Optional Display the buffer allocation among the queues queueing Optional Display the queueing strategy shared or shaped and the weights corresponding to the queues statistics Optional Display statistics for sent and received Differentiated Services Code Points DSCPs and class of se...

Page 516: ... GigabitEthernet0 2 trust state not trusted trust mode not trusted trust enabled flag ena COS override dis default COS 0 DSCP Mutation Map Default DSCP Mutation Map Trust device none qos mode port based This is an example of output from the show mls qos interface interface id buffers command Switch show mls qos interface gigabitethernet0 2 buffers GigabitEthernet0 2 The port is mapped to qset 1 Th...

Page 517: ... incoming 0 4 4213 0 0 0 0 5 9 0 0 0 0 0 10 14 0 0 0 0 0 15 19 0 0 0 0 0 20 24 0 0 0 0 0 25 29 0 0 0 0 0 30 34 0 0 0 0 0 35 39 0 0 0 0 0 40 44 0 0 0 0 0 45 49 0 0 0 6 0 50 54 0 0 0 0 0 55 59 0 0 0 0 0 60 64 0 0 0 0 dscp outgoing 0 4 363949 0 0 0 0 5 9 0 0 0 0 0 10 14 0 0 0 0 0 15 19 0 0 0 0 0 20 24 0 0 0 0 0 25 29 0 0 0 0 0 30 34 0 0 0 0 0 35 39 0 0 0 0 0 40 44 0 0 0 0 0 45 49 0 0 0 0 0 50 54 0 0 ...

Page 518: ...he buffers between the ingress queues mls qos srr queue input cos map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures the ingress priority queue and guarantees bandwidth mls qos srr queue...

Page 519: ...ecifies the most significant digit in the DSCP The d2 row specifies the least significant digit in the DSCP The intersection of the d1 and d2 values provides the policed DSCP the CoS or the mutated DSCP value For example in the DSCP to CoS map a DSCP value of 43 corresponds to a CoS value of 5 cos dscp Optional Display class of service CoS to DSCP map cos input q Optional Display the CoS input que...

Page 520: ...d Switch show mls qos maps Policed dscp map d1 d2 0 1 2 3 4 5 6 7 8 9 0 00 01 02 03 04 05 06 07 08 09 1 10 11 12 13 14 15 16 17 18 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 Dscp cos map d1 d2 0 1 2 3 4 5 6 7 8 9 0 00 00 00 00 00 00 00 00 01 01 1 01 01 01 01 01 01 02 02 02 02 2 02 02 02 02 03 03 0...

Page 521: ...1 2 1 1 1 1 1 Dscp dscp mutation map Default DSCP Mutation Map d1 d2 0 1 2 3 4 5 6 7 8 9 0 00 01 02 03 04 05 06 07 08 09 1 10 11 12 13 14 15 16 17 18 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 Related Commands Command Description mls qos map Defines the CoS to DSCP map DSCP to CoS map DSCP to DSCP...

Page 522: ...e set command Switch show mls qos queue set Queueset 1 Queue 1 2 3 4 buffers 25 25 25 25 threshold1 100 200 100 100 threshold2 100 200 100 100 reserved 50 50 50 50 maximum 400 400 400 400 Queueset 2 Queue 1 2 3 4 buffers 25 25 25 25 threshold1 100 200 100 100 threshold2 100 200 100 100 reserved 50 50 50 50 maximum 400 400 400 400 qset id Optional ID of the queue set Each port belongs to a queue se...

Page 523: ...ow mls qos queue set Related Commands Command Description mls qos queue set output buffers Allocates buffers to the queue set mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation of the queue set ...

Page 524: ...t the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mls qos vlan command Switch show mls qos vlan 10 Vlan10 Attached policy map for Ingress pm test pm 2 Related Commands vlan id Specify the VLAN ID of the SVI to display the policy maps The range is 1 to 4094 begin Optional Display begins with the line that match...

Page 525: ... all command session Optional Display information about specified SPAN sessions session_number Specify the number of the SPAN or RSPAN session The range is 1 to 66 all Display all SPAN sessions local Display only local SPAN sessions range list Display a range of SPAN sessions where list is the range of valid sessions either a single session or a range of sessions described by two numbers the lower...

Page 526: ...w monitor user EXEC command for local SPAN source session 1 Switch show monitor session 1 Session 1 Type Local Session Source Ports RX Only Fa0 1 Both Fa0 2 3 Fa0 5 6 Destination Ports Fa0 20 Encapsulation Replicate Ingress Disabled This is an example of output for the show monitor session all user EXEC command when ingress traffic forwarding is enabled Switch show monitor session all Session 1 Ty...

Page 527: ...atalyst 3560 Switch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands show monitor Related Commands Command Description monitor session Starts or modifies a SPAN or RSPAN session ...

Page 528: ...ppear Examples This is an example of output from the show mvr command Switch show mvr MVR Running TRUE MVR multicast VLAN 1 MVR Max Multicast Groups 256 MVR Current multicast groups 0 MVR Global query response time 5 tenths of sec MVR Mode compatible In the preceding display the maximum number of multicast groups is fixed at 256 The MVR mode is either compatible for interoperability with Catalyst ...

Page 529: ...istration on the switch mvr interface configuration Configures MVR ports show mvr interface Displays the configured MVR interfaces status of the specified interface or all multicast groups to which the interface belongs when the interface and members keywords are appended to the command show mvr members Displays all ports that are members of an MVR multicast group or if there are no members means ...

Page 530: ...ers in the VLAN appear Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mvr interface command Switch show mvr interface Port Type Status Immediate Leave Gi0 1 SOURCE ACTIVE UP DISABLED Gi0 2 RECEIVER ACTIVE DOWN DISABLED interface id Optiona...

Page 531: ... an example of output from the show mvr interface interface id members command Switch show mvr interface gigabitethernet0 2 members 239 255 0 0 DYNAMIC ACTIVE 239 255 0 1 DYNAMIC ACTIVE 239 255 0 2 DYNAMIC ACTIVE 239 255 0 3 DYNAMIC ACTIVE 239 255 0 4 DYNAMIC ACTIVE 239 255 0 5 DYNAMIC ACTIVE 239 255 0 6 DYNAMIC ACTIVE 239 255 0 7 DYNAMIC ACTIVE 239 255 0 8 DYNAMIC ACTIVE 239 255 0 9 DYNAMIC ACTIV...

Page 532: ...rs command Switch show mvr members MVR Group IP Status Members 239 255 0 1 ACTIVE Gi0 1 d Gi0 5 s 239 255 0 2 INACTIVE None 239 255 0 3 INACTIVE None 239 255 0 4 INACTIVE None 239 255 0 5 INACTIVE None 239 255 0 6 INACTIVE None 239 255 0 7 INACTIVE None 239 255 0 8 INACTIVE None 239 255 0 9 INACTIVE None 239 255 0 10 INACTIVE None output truncated ip address Optional The IP multicast address If th...

Page 533: ... 2 239 255 003 22 ACTIVE Gi0 1 d Gi0 2 d Gi0 3 d Gi0 4 d Gi0 5 s Related Commands Command Description mvr global configuration Enables and configures multicast VLAN registration on the switch mvr interface configuration Configures MVR ports show mvr Displays the global MVR configuration on the switch show mvr interface Displays the configured MVR interfaces status of the specified interface or all...

Page 534: ... output do not appear but the lines that contain Output are appear Examples This is an example of output from the show pagp 1 counters command Switch show pagp 1 counters Information Flush Port Sent Recv Sent Recv Channel group 1 Gi0 1 45 42 0 0 Gi0 2 45 41 0 0 channel group number Optional Number of the channel group The range is 1 to 48 counters Display traffic information internal Display inter...

Page 535: ... Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Gi0 1 SC U6 S7 H 30s 1 128 Any 16 Gi0 2 SC U6 S7 H 30s 1 128 Any 16 This is an example of output from the show pagp 1 neighbor command Switch show pagp 1 neighbor Flags S Device is sending Slow hello C Device is in Consistent state A Device is in Auto mode P Device learns on physical port Channel group 1 neighbors Partn...

Page 536: ...s varies depending on the switch platform and the software image running on the switch Switch show parser macro Total number of macros 6 Macro name cisco global Macro type default global Enable dynamic port error recovery for link state failures errdisable recovery cause link flap errdisable recovery interval 60 output truncated brief Optional Display the name of each macro description interface i...

Page 537: ...ed Macro name cisco switch Macro type default interface macro keywords NVID Access Uplink to Distribution Do not apply to EtherChannel Port Group Define unique Native VLAN on trunk ports Recommended value for native vlan NVID should not be 1 switchport trunk native vlan NVID output truncated Macro name cisco router Macro type default interface macro keywords NVID Access Uplink to Distribution Defi...

Page 538: ... show parser macro description Global Macro s cisco global Interface Macro Description s Gi0 1 standard switch10 Gi0 2 this is test macro This is an example of output from the show parser description interface command Switch show parser macro description interface gigabitethernet0 2 Interface Macro Description Gi0 2 this is test macro Related Commands Command Description macro apply Applies a macr...

Page 539: ...istory Usage Guidelines Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show policy map command Switch show policy map Policy Map videowizard_policy2 class videowizard_10 10 10 10 set dscp 34 police 100000000 2000000 exceed action drop Policy Ma...

Page 540: ... Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands show policy map Related Commands Command Description policy map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy ...

Page 541: ...dresses for an interface even if you have not enabled port security on it If you enter the vlan keyword the command displays the configured maximum and the current number of secure MAC addresses for all VLANs on the interface This option is visible only on interfaces that have the switchport mode set to trunk Expressions are case sensitive For example if you enter exclude output the lines that con...

Page 542: ...Static address aging Disabled Security Violation count 0 This is an example of output from the show port security address command Switch show port security address Secure Mac Address Table Vlan Mac Address Type Ports Remaining Age mins 1 0006 0700 0800 SecureConfigured Gi0 2 1 Total Addresses in System excluding one mac per port 1 Max Addresses limit in System excluding one mac per port 6272 This ...

Page 543: ... Commands Command Description clear port security Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface switchport port security Enables port security on a port restricts the use of the port to a user defined group of stations and configures secure MAC addresses ...

Page 544: ...age for a Class 0 or Class 3 device Switch show power inline Available 370 0 w Used 80 6 w Remaining 289 4 w Interface Admin Oper Power Device Class Max Watts Fa0 1 auto on 6 3 IP Phone 7910 n a 15 4 Fa0 2 static off 15 4 n a n a 15 4 Fa0 3 auto on 6 3 IP Phone 7910 n a 15 4 Fa0 4 auto on 6 3 IP Phone 7960 2 15 4 Fa0 5 static on 15 4 IP Phone 7960 2 15 4 Fa0 6 static power deny 10 0 n a n a 10 0 F...

Page 545: ...faulty device detection or a powered device is in a faulty state power deny a powered device is detected but no PoE is available or the maximum wattage exceeds the detected powered device maximum Power The supplied PoE in watts Device The device type detected n a unknown Cisco powered device IEEE powered device name from CDP Class The IEEE classification n a Class 0 4 Available The total amount of...

Page 546: ...ending on the actual number of other features configured Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear access Optional Display the template that maximizes system resources for ACLs default Optional Display the template that balances system resources among features dual ipv4 and ipv6 defaul...

Page 547: ...resses 12K number of igmp groups multicast routes 1K number of unicast routes 0 number of qos aces 512 number of security aces 1K Switch show sdm prefer The current template is desktop default template The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs number of unicast mac addresses 6K number of igmp groups multicas...

Page 548: ...nterfaces and 1024 VLANs number of unicast mac addresses 2K number of IPv4 IGMP groups multicast routes 1K number of IPv4 unicast routes 3K number of directly connected IPv4 hosts 2K number of indirect IPv4 routes 1K number of IPv6 multicast groups 1K number of directly connected IPv6 addresses 2K number of indirect IPv6 unicast routes 1K number of IPv4 policy based routing aces 0 number of IPv4 M...

Page 549: ...5 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands show sdm prefer Related Commands Command Description sdm prefer Sets the SDM template to maximize resources for routing or VLANs or to the default template or to select a dual IPv4 and IPv6 template ...

Page 550: ...vileged EXEC Command History Examples This is an example of output from the show setup express command Switch show setup express express setup mode is active Related Commands begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that match the expression include Optional Display includes lines that match the specified expression expression ...

Page 551: ...ity rootcost state begin exclude include expression show spanning tree mst configuration digest instance id detail interface interface id detail begin exclude include expression Syntax Description bridge group Optional Specify the bridge group number The range is 1 to 255 active detail Optional Display spanning tree information only on active interfaces available only in privileged EXEC mode backb...

Page 552: ...t returns to the forwarding state or ceases to be designated instance id You can specify a single instance ID a range of IDs separated by a hyphen or a series of IDs separated by a comma The range is 1 to 4094 The display shows the number of currently configured instances interface interface id Optional Valid interfaces include physical ports VLANs and port channels The VLAN range is 1 to 4094 The...

Page 553: ...riority 32768 Address 0001 42e2 cdd0 Cost 3038 Port 24 GigabitEthernet0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 49153 priority 49152 sys id ext 1 Address 0003 fd63 9580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Uplinkfast enabled Interface Role Sts Cost Prio Nbr Type Gi0 1 Root FWD 3019 128 24 P2p output truncated begin Optional Display b...

Page 554: ...s 00d0 bbf5 c680 Designated port id is 128 25 designated path cost 19 Timers message age 2 forward delay 0 hold 0 Number of transitions to forwarding state 1 Link type is point to point by default BPDU sent 0 received 72364 output truncated This is an example of output from the show spanning tree interface interface id command Switch show spanning tree interface gigabitethernet0 1 Vlan Role Sts Co...

Page 555: ...interface gigabitethernet0 1 GigabitEthernet0 1 of MST00 is root forwarding Edge port no default port guard none default Link type point to point auto bpdu filter disable default Boundary boundary STP bpdu guard disable default Bpdus sent 5 received 74 Instance role state cost prio vlans mapped 0 root FWD 200000 128 1 12 14 4094 This is an example of output from the show spanning tree mst 0 comman...

Page 556: ...h the MST region configuration occurs spanning tree mst cost Sets the path cost for MST calculations spanning tree mst forward time Sets the forward delay time for all MST instances spanning tree mst hello time Sets the interval between hello BPDUs sent by root switch configuration messages spanning tree mst max age Sets the interval between messages that the spanning tree receives from the root s...

Page 557: ...e lines that contain output do not appear but the lines that contain Output appear Examples This is an example of a partial output from the show storm control command when no keywords are entered Because no traffic type keyword was entered the broadcast storm control settings appear Switch show storm control Interface Filter State Upper Lower Current Gi0 1 Forwarding 20 pps 10 pps 5 pps Gi0 2 Forw...

Page 558: ...he interface Filter State Displays the status of the filter Blocking Storm control is enabled and a storm has occurred Forwarding Storm control is enabled and no storms have occurred Inactive Storm control is disabled Upper Displays the rising suppression level as a percentage of total available bandwidth in packets per second or in bits per second Lower Displays the falling suppression level as a...

Page 559: ...to Gigabit ports the system routing MTU refers to routed ports Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show system mtu command Switch show system mtu System MTU size is 1500 bytes System Jumbo MTU size is 1550 bytes Routing MTU size is 1...

Page 560: ...ctional Table 2 32 describes the fields in this display Switch show udld gigabitethernet0 1 Interface gi0 1 Port enable administrative configuration setting Follows device default Port enable operational state Enabled Current bidirectional state Bidirectional Current operational state Advertisement Single Neighbor detected Message interval 60 Time out interval 5 Entry 1 Expiration time 146 Device ...

Page 561: ...ent from the local device Measured in seconds Time out interval The time period in seconds that UDLD waits for echoes from a neighbor device during the detection window Entry 1 Information from the first cache entry which contains a copy of echo information received from the neighbor Expiration time The amount of time in seconds remaining before this cache entry is aged out Device ID The neighbor ...

Page 562: ...iption udld Enables aggressive or normal mode in UDLD or sets the configurable message timer time udld port Enables UDLD on an individual interface or prevents a fiber optic interface from being enabled by the udld global configuration command udld reset Resets all interfaces shutdown by UDLD and permits traffic to begin passing through them again ...

Page 563: ...n is not supported on the switch Switch show version Cisco Internetwork Operating System Software IOS tm C3560 Software C3560 IPSERVICES M Version 12 2 25 SEB RELEASE SOFTWARE fc1 Copyright c 1986 2005 by cisco Systems Inc Compiled Tues 15 Feb 05 21 54 by yenanh Image text base 0x00003000 data base 0x009197B8 ROM Bootstrap program is C3560 boot loader BOOTLDR C3560 Boot Loader C3560 HBOOT M Versio...

Page 564: ...he password recovery mechanism is enabled 512K bytes of flash simulated non volatile configuration memory Base ethernet MAC Address 00 0B 46 30 6B 80 Motherboard assembly number 73 9299 01 Power supply part number 341 0029 02 Motherboard serial number CSJ0736990B Power supply serial number LIT0717000Y Model revision number 01 Motherboard revision number 03 Model number WS C3560 24PS S System seria...

Page 565: ... 1006 to 4094 and you cannot create VLANs with these IDS by using the vlan global configuration command until you remove them from internal use mtu Optional Display a list of VLANs and the minimum and maximum transmission unit MTU sizes configured on ports in the VLAN name vlan name Optional Display information about a single VLAN identified by VLAN name The VLAN name is an ASCII string from 1 to ...

Page 566: ...ry VLANs and then delete the secondary VLAN configuration without removing the association from the primary VLAN the VLAN that was the secondary VLAN is shown as normal in the display In the show vlan private vlan output the primary and secondary VLAN pair is shown as non operational Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear ...

Page 567: ...tatus Status of the VLAN active or suspend Ports Ports that belong to the VLAN Type Media type of the VLAN SAID Security association ID value for the VLAN MTU Maximum transmission unit size for the VLAN Parent Parent VLAN if one exists RingNo Ring number for the VLAN if applicable BrdgNo Bridge number for the VLAN if applicable Stp Spanning Tree Protocol type used on the VLAN BrdgMode Bridging mod...

Page 568: ...show vlan summary command Switch show vlan summary Number of existing VLANs 45 Number of existing VTP VLANs 45 Number of existing extended VLANs 0 This is an example of output from the show vlan id command Switch show vlan id 2 VLAN Name Status Ports 2 VLAN0200 active Fa0 7 Fa0 8 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 2 enet 100002 1500 0 0 Remote SPAN VLAN Disabled T...

Page 569: ...ty isolated or primary VLAN or associates a primary VLAN with secondary VLANs switchport mode Configures the VLAN membership mode of a port vlan global configuration Enables VLAN configuration mode where you can configure VLANs 1 to 4094 vlan VLAN configuration Configures VLAN characteristics in the VLAN database Only available for normal range VLANs VLAN IDs 1 to 1005 Do not enter leading zeros ...

Page 570: ... of output from the show vlan access map command Switch show vlan access map Vlan access map SecWiz 10 Match clauses ip address SecWiz_Fa10_3_in_ip Action forward Related Commands mapname Optional Name of a specific VLAN access map begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that match the expression include Optional Display inclu...

Page 571: ...er command Switch show vlan filter VLAN Map map_1 is filtering VLANs 20 22 Related Commands access map name Optional Display filtering information for the specified VLAN access map vlan vlan id Optional Display filtering information for the specified VLAN The range is 1 to 4094 begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that matc...

Page 572: ...ensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show vmps command Switch show vmps VQP Client Status VMPS VQP Version 1 Reconfirm Interval 60 min Server Retry Count 3 VMPS domain server Reconfirmation status VMPS Action other statistics Optional Display VQP client si...

Page 573: ...ed to or from the workstation with that address broadcast or multicast frames are delivered to the workstation if the port has been assigned to a VLAN The client keeps the denied address in the address table as a blocked address to prevent more queries from being sent to the VMPS for each new packet received from this workstation The client ages the address if no new packets are received from this...

Page 574: ...mmand Description clear vmps statistics Clears the statistics maintained by the VQP client vmps reconfirm privileged EXEC Sends VQP queries to reconfirm all dynamic VLAN assignments with the VMPS vmps retry Configures the per server retry count for the VQP client vmps server Configures the primary VMPS and up to three secondary servers ...

Page 575: ...in the display Switch show vtp counters VTP statistics Summary advertisements received 0 Subset advertisements received 0 Request advertisements received 0 Summary advertisements transmitted 0 Subset advertisements transmitted 0 Request advertisements transmitted 0 Number of config revision errors 0 Number of config digest errors 0 Number of V1 summary errors 0 counters Display the VTP statistics ...

Page 576: ... this switch on its trunk ports Summary advertisements contain the management domain name the configuration revision number the update timestamp and identity the authentication checksum and the number of subset advertisements to follow Subset advertisements transmitted Number of subset advertisements sent by this switch on its trunk ports Subset advertisements contain all the information for one o...

Page 577: ...he VTP password in the two switches is different To solve this problem make sure the VTP password on all switches is the same These errors mean that the switch is filtering incoming advertisements which causes the VTP database to become unsynchronized across the network Number of V1 summary errors Number of Version 1 errors Version 1 summary errors increment whenever a switch in VTP V2 mode receiv...

Page 578: ...When a VTP client starts up it does not send VTP advertisements until it receives advertisements to initialize its VLAN database Transparent a switch in VTP transparent mode is disabled for VTP does not send or learn from advertisements sent by other devices and cannot affect VLAN configurations on other devices in the network The switch receives VTP advertisements and forwards them on all trunk p...

Page 579: ... Cisco IOS Commands show vtp Related Commands Command Description clear vtp counters Clears the VTP and pruning counters vtp global configuration Configures the VTP filename interface name domain name and mode vtp VLAN configuration Configures the VTP domain name password pruning and mode ...

Page 580: ...2 548 Catalyst 3560 Switch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands show vtp ...

Page 581: ...spended or shut down The port must first be a member of an active VLAN before it can be re enabled The shutdown command disables all functions on the specified interface This command also marks the interface as unavailable To see if an interface is disabled use the show interfaces privileged EXEC command An interface that has been shut down is shown as administratively down in the display Examples...

Page 582: ...s down local traffic but the switch still advertises VTP information Examples This example shows how to shut down traffic on VLAN 2 Switch config shutdown vlan 2 You can verify your setting by entering the show vlan privileged EXEC command Related Commands vlan id ID of the VLAN to be locally shut down The range is 2 to 1001 VLANs defined as default VLANs under the VLAN Trunking Protocol VTP as we...

Page 583: ...specific errors lsa rate limit retransmit state change pim invalid pim message neighbor change rp mapping change port security trap rate rtr snmp authentication coldstart linkdown linkup warmstart storm control trap rate stpx inconsistency root inconsistency loop inconsistency syslog tty vlan membership vlancreate vlandelete vtp Syntax Description bgp Optional Enable Border Gateway Protocol BGP st...

Page 584: ... point RP mapping change traps port security trap rate value Optional Enable port security traps Use the trap rate keyword to set the maximum number of port security traps sent per second The range is from 0 to 1000 the default is 0 no limit imposed a trap is sent at every occurrence rtr Optional Enable SNMP Response Time Reporter traps snmp authentication coldstart linkdown linkup warmstart Optio...

Page 585: ... are sent When supported use the snmp server enable traps command to enable sending of traps or informs Note Informs are not supported in SNMPv1 To enable more than one type of trap you must enter a separate snmp server enable traps command for each trap type Examples This example shows how to send VTP traps to the NMS Switch config snmp server enable traps vtp You can verify your setting by enter...

Page 586: ...ps Related Commands Command Description show running config Displays the running configuration on the switch For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands snmp server host Specifies the host that receives SNMP traps ...

Page 587: ...l Configure the User Datagram Protocol UDP port number of the host to receive the traps The range is 0 to 65535 informs traps Optional Send SNMP traps or informs to this host version 1 2c 3 Optional Version of the SNMP used to send the traps These keywords are supported 1 SNMPv1 This option is not available with informs 2c SNMPv2C 3 SNMPv3 These optional keywords can follow the Version 3 keyword a...

Page 588: ... cluster Send cluster member status traps config Send SNMP configuration traps copy config Send SNMP copy configuration traps entity Send SNMP entity traps envmon Send environmental monitor traps flash Send SNMP FLASH notifications hsrp Send SNMP Hot Standby Router Protocol HSRP traps ipmulticast Send SNMP IP multicast routing traps mac notification Send SNMP MAC notification traps msdp Send SNMP ...

Page 589: ...t To configure the switch to send SNMP notifications you must enter at least one snmp server host command If you enter the command with no keywords all trap types are enabled for the host To enable multiple hosts you must enter a separate snmp server host command for each host You can specify multiple notification types in the command for each host If a local user is not associated with a remote h...

Page 590: ...specified by the name myhost cisco com The community string is defined as comaccess Switch config snmp server enable traps Switch config snmp server host myhost cisco com comaccess snmp This example shows how to enable the switch to send all traps to the host myhost cisco com by using the community string public Switch config snmp server enable traps Switch config snmp server host myhost cisco com...

Page 591: ...ry Usage Guidelines Even though you enable the notification trap for a specific interface by using the snmp trap mac notification command the trap is generated only when you enable the snmp server enable traps mac notification and the mac address table notification global configuration commands Examples This example shows how to enable the MAC notification trap when a MAC address is added to a por...

Page 592: ... Clears the MAC address notification global counters mac address table notification Enables the MAC address notification feature show mac address table notification Displays the MAC address notification settings for all interfaces or on the specified interface when the interface keyword is appended snmp server enable traps Sends the SNMP MAC notification traps when the mac notification keyword is ...

Page 593: ...the designated switch When a switch receives an inferior BPDU it means that a link to which the switch is not directly connected an indirect link has failed that is the designated switch has lost its connection to the root switch If there are alternate paths to the root switch BackboneFast causes the maximum aging time on the interfaces on which it received the inferior BPDU to expire and allows a...

Page 594: ...tree MST mode Caution Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning tree loops You can globally enable BPDU filtering on all Port Fast enabled interfaces by using the spanning tree portfast bpdufilter default global configuration command You can use the spanning tree bpdufilter interface configuration command to override the setting...

Page 595: ...elect Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree portfast global configuration Globally enables the BPDU filtering or the BPDU guard feature on Port Fast enabled interface or enables the Port Fast feature on all nontrunking interfaces spanning tree portfast interface configuration Enables the Por...

Page 596: ...ent an interface from being included in the spanning tree topology You can enable the BPDU guard feature when the switch is operating in the per VLAN spanning tree plus PVST rapid PVST or the multiple spanning tree MST mode You can globally enable BPDU guard on all Port Fast enabled interfaces by using the spanning tree portfast bpduguard default global configuration command You can use the spanni...

Page 597: ...lect Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree portfast global configuration Globally enables the BPDU filtering or the BPDU guard feature on Port Fast enabled interfaces or enables the Port Fast feature on all nontrunking interfaces spanning tree portfast interface configuration Enables the Por...

Page 598: ...lues represent higher costs If you configure an interface with both the spanning tree vlan vlan id cost cost command and the spanning tree cost cost command the spanning tree vlan vlan id cost cost command takes effect Examples This example shows how to set the path cost to 250 on a port Switch config interface gigabitethernet0 1 Switch config if spanning tree cost 250 This example shows how to se...

Page 599: ...nning tree cost Related Commands Command Description show spanning tree interface interface id Displays spanning tree information for the specified interface spanning tree port priority Configures an interface priority spanning tree vlan priority Sets the switch priority for the specified spanning tree instance ...

Page 600: ...DISABLE Channel misconfig error detected on chars putting chars in err disable state To show switch ports that are in the misconfigured EtherChannel use the show interfaces status err disabled privileged EXEC command To verify the EtherChannel configuration on a remote device use the show etherchannel summary privileged EXEC command on the remote device When a port is in the error disabled state b...

Page 601: ...mmands Command Description errdisable recovery cause channel misconfig Enables the timer to recover from the EtherChannel misconfiguration error disabled state show etherchannel summary Displays EtherChannel information for a channel as a one line summary per channel group show interfaces status err disabled Displays the interfaces in the error disabled state ...

Page 602: ...ed system ID VLAN identifier for the per VLAN spanning tree plus PVST and rapid PVST or as an instance identifier for the multiple spanning tree MST The spanning tree uses the extended system ID the switch priority and the allocated spanning tree MAC address to make the bridge ID unique for each VLAN or multiple spanning tree instance Support for the extended system ID affects how you manually con...

Page 603: ...nd system id Related Commands Command Description show spanning tree summary Displays a summary of spanning tree interface states spanning tree mst root Configures the MST root switch priority and timers based on the network diameter spanning tree vlan priority Sets the switch priority for the specified spanning tree instance ...

Page 604: ...ning tree MST mode When root guard is enabled if spanning tree calculations cause an interface to be selected as the root port the interface transitions to the root inconsistent blocked state to prevent the customer s switch from becoming the root switch or being in the path to the root The root port provides the best path from the switch to the root switch When the no spanning tree guard or the n...

Page 605: ...sociated with the specified port Switch config interface gigabitethernet0 2 Switch config if spanning tree guard root This example shows how to enable loop guard on all the VLANs associated with the specified port Switch config interface gigabitethernet0 2 Switch config if spanning tree guard loop You can verify your settings by entering the show running config privileged EXEC command Related Comm...

Page 606: ...iguration Command History Usage Guidelines You can override the default setting of the link type by using the spanning tree link type command For example a half duplex link can be physically connected point to point to a single interface on a remote switch running the Multiple Spanning Tree Protocol MSTP or the rapid per VLAN spanning tree plus rapid PVST protocol and be enabled for rapid transiti...

Page 607: ...anning tree detected protocols Restarts the protocol migration process force the renegotiation with neighboring switches on all interfaces or on the specified interface show spanning tree interface interface id Displays spanning tree state information for the specified interface show spanning tree mst interface interface id Displays MST information for the specified interface ...

Page 608: ...st effective when it is configured on the entire switched network When the switch is operating in PVST or rapid PVST mode loop guard prevents alternate and root ports from becoming designated ports and spanning tree does not send bridge protocol data units BPDUs on root or alternate ports When the switch is operating in MST mode BPDUs are not sent on nonboundary interfaces if the interface is bloc...

Page 609: ...ommand Description show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree guard loop Enables the loop guard feature on all the VLANs associated with the specified interface ...

Page 610: ...ive at any time All VLANs run PVST all VLANs run rapid PVST or all VLANs run MSTP When you enable the MST mode RSTP is automatically enabled Caution Changing spanning tree modes can disrupt traffic because all spanning tree instances are stopped for the previous mode and restarted in the new mode Examples This example shows to enable MST and RSTP on the switch Switch config spanning tree mode mst ...

Page 611: ...IOS Commands spanning tree mode Related Commands Command Description show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 612: ...gion configuration mode without applying configuration changes exit exits the MST region configuration mode and applies all configuration changes instance instance id vlan vlan range maps VLANs to an MST instance The range for the instance id is 1 to 4094 The range for vlan range is 1 to 4094 You can specify a single VLAN identified by VLAN ID number a range of VLANs separated by a hyphen or a ser...

Page 613: ... mode map VLANs 10 to 20 to MST instance 1 name the region region1 set the configuration revision to 1 display the pending configuration apply the changes and return to global configuration mode Switch spanning tree mst configuration Switch config mst instance 1 vlan 10 20 Switch config mst name region1 Switch config mst revision 1 Switch config mst show pending Pending MST configuration Name regi...

Page 614: ...alues 1000 Mbps 20000 100 Mbps 200000 10 Mbps 2000000 Command Modes Interface configuration Command History Usage Guidelines When you configure the cost higher values represent higher costs Examples This example shows how to set a path cost of 250 on a port associated with instances 2 and 4 Switch config interface gigabitethernet0 2 Switch config if spanning tree mst 2 4 cost 250 You can verify yo...

Page 615: ...g tree mst cost Related Commands Command Description show spanning tree mst interface interface id Displays MST information for the specified interface spanning tree mst port priority Configures an interface priority spanning tree mst priority Configures the switch priority for the specified spanning tree instance ...

Page 616: ...nging the spanning tree mst forward time command affects all spanning tree instances Examples This example shows how to set the spanning tree forwarding time to 18 seconds for all MST instances Switch config spanning tree mst forward time 18 You can verify your setting by entering the show spanning tree mst privileged EXEC command Related Commands seconds Length of the listening and learning state...

Page 617: ...es the spanning tree topology The max age setting must be greater than the hello time setting Changing the spanning tree mst hello time command affects all spanning tree instances Examples This example shows how to set the spanning tree hello time to 3 seconds for all multiple spanning tree MST instances Switch config spanning tree mst hello time 3 You can verify your setting by entering the show ...

Page 618: ...he root switch within the specified interval the switch recomputes the spanning tree topology The max age setting must be greater than the hello time setting Changing the spanning tree mst max age command affects all spanning tree instances Examples This example shows how to set the spanning tree max age to 30 seconds for all multiple spanning tree MST instances Switch config spanning tree mst max...

Page 619: ...rd with a cost of 0 and the hop count set to the maximum value When a switch receives this BPDU it decrements the received remaining hop count by one and propagates the decremented count as the remaining hop count in the generated M records A switch discards the BPDU and ages the information held for the interface when the count reaches 0 Changing the spanning tree mst max hops command affects all...

Page 620: ...scription show spanning tree mst Displays MST information spanning tree mst forward time Sets the forward delay time for all MST instances spanning tree mst hello time Sets the interval between hello BPDUs sent by root switch configuration messages spanning tree mst max age Sets the interval between messages that the spanning tree receives from the root switch ...

Page 621: ...can assign higher priority values lower numerical values to interfaces that you want selected first and lower priority values higher numerical values that you want selected last If all interfaces have the same priority value the multiple spanning tree MST puts the interface with the lowest interface number in the forwarding state and blocks other interfaces instance id Range of spanning tree insta...

Page 622: ... occurs Switch config interface gigabitethernet0 2 Switch config if spanning tree mst 20 22 port priority 0 You can verify your settings by entering the show spanning tree mst interface interface id privileged EXEC command Related Commands Command Description show spanning tree mst interface interface id Displays MST information for the specified interface spanning tree mst cost Sets the path cost...

Page 623: ...e CIST runs on this interface Note If a switch port is connected to a switch running prestandard Cisco IOS software you must use the spanning tree mst pre standard interface configuration command on the port If you do not configure the port to send only prestandard BPDUs the Multiple STP MSTP performance might diminish When the port is configured to automatically detect prestandard neighbors the p...

Page 624: ...d EXEC command Related Commands instance id Range of spanning tree instances You can specify a single instance a range of instances separated by a hyphen or a series of instances separated by a comma The range is 0 to 4094 priority Set the switch priority for the specified spanning tree instance This setting affects the likelihood that the switch is selected as the root switch A lower value increa...

Page 625: ...the switch sets the switch priority for the instance to 24576 if this value will cause this switch to become the root for the specified instance If any root switch for the specified instance has a switch priority lower than 24576 the switch sets its own priority to 4096 less than the lowest switch priority 4096 is the value of the least significant bit of a 4 bit switch priority value instance id ...

Page 626: ...fig spanning tree mst 10 root primary diameter 4 This example shows how to configure the switch as the secondary root switch for instance 10 with a network diameter of 4 Switch config spanning tree mst 10 root secondary diameter 4 You can verify your settings by entering the show spanning tree mst instance id privileged EXEC command Related Commands Command Description show spanning tree mst insta...

Page 627: ...e instance associated with VLAN 1 You can set the priority on a VLAN that has no interfaces assigned to it The setting takes effect when you assign the interface to the VLAN If you configure an interface with both the spanning tree vlan vlan id port priority priority command and the spanning tree port priority priority command the spanning tree vlan vlan id port priority priority command takes eff...

Page 628: ...rity 0 This example shows how to set the port priority value on VLANs 20 to 25 Switch config if spanning tree vlan 20 25 port priority 0 You can verify your settings by entering the show spanning tree interface interface id privileged EXEC command Related Commands Command Description show spanning tree interface interface id Displays spanning tree information for the specified interface spanning t...

Page 629: ...multiple spanning tree MST mode Use the spanning tree portfast bpdufilter default global configuration command to globally enable BPDU filtering on interfaces that are Port Fast enabled the interfaces are in a Port Fast operational state The interfaces still send a few BPDUs at link up before the switch begins to filter outbound BPDUs You should globally enable BPDU filtering on a switch so that h...

Page 630: ...ket loop and disrupt switch and network operation A Port Fast enabled interface moves directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward delay time You can override the spanning tree portfast default global configuration command by using the spanning tree portfast interface configuration command You can use the no spanning tree portfast defau...

Page 631: ...twork operation To enable Port Fast on trunk ports you must use the spanning tree portfast trunk interface configuration command The spanning tree portfast command is not supported on trunk ports You can enable this feature when the switch is operating in the per VLAN spanning tree plus PVST rapid PVST or the multiple spanning tree MST mode This feature affects all VLANs on the interface An interf...

Page 632: ...ption show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree bpdufilter Prevents an interface from sending or receiving bridge protocol data units BPDUs spanning tree bpduguard Puts an interface in the error disabl...

Page 633: ...age Guidelines Increasing the transmit hold count value can have a significant impact on CPU utilization when the switch is in rapid per VLAN spanning tree plus rapid PVST mode Decreasing this value might slow down convergence We recommend using the default setting Examples This example shows how to set the transmit hold count to 8 Switch config spanning tree transmit hold count 8 You can verify y...

Page 634: ...ast it is enabled for the entire switch and cannot be enabled for individual VLANs When UplinkFast is enabled the switch priority of all VLANs is set to 49152 If you change the path cost to a value less than 3000 and you enable UplinkFast or UplinkFast is already enabled the path cost of all interfaces and VLAN trunks is increased by 3000 if you change the path cost to 3000 or above the path cost ...

Page 635: ...ed in the root inconsistent state blocked and prevented from reaching the forwarding state If you set the max update rate to 0 station learning frames are not generated so the spanning tree topology converges more slowly after a loss of connectivity Examples This example shows how to enable UplinkFast Switch config spanning tree uplinkfast You can verify your setting by entering the show spanning ...

Page 636: ...e The forwarding time specifies how long each of the listening and learning states last before the interface begins forwarding The range is 4 to 30 seconds hello time seconds Optional Set the interval between hello bridge protocol data units BPDUs sent by the root switch configuration messages The range is 1 to 10 seconds max age seconds Optional Set the interval between messages the spanning tree...

Page 637: ...uld be used only on backbone switches When you enter the spanning tree vlan vlan id root command the software checks the switch priority of the current root switch for each VLAN Because of the extended system ID support the switch sets the switch priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN If any root switch for the specif...

Page 638: ...root switch for VLAN 10 with a network diameter of 4 Switch config spanning tree vlan 10 root secondary diameter 4 You can verify your settings by entering the show spanning tree vlan vlan id privileged EXEC command Related Commands Command Description show spanning tree vlan Displays spanning tree information spanning tree cost Sets the path cost for spanning tree calculations spanning tree guard...

Page 639: ...If both ends of the line support autonegotiation we highly recommend the default autonegotiation settings If one interface supports autonegotiation and the other end does not do use the auto setting on the supported side but set the duplex and speed on the other side Caution Changing the interface speed and duplex mode configuration might shut down and re enable the interface during the reconfigur...

Page 640: ... 10 Mbps Switch config interface gigabitethernet0 1 Switch config if speed auto 10 This example shows how to set a port to autonegotiate at only 10 or 100 Mbps Switch config interface gigabitethernet0 1 Switch config if speed auto 10 100 You can verify your settings by entering the show interfaces privileged EXEC command Related Commands Command Description duplex Specifies the duplex mode of oper...

Page 641: ...cent of the time The line rate drops to 80 percent of the connected speed These values are not exact because the hardware adjusts the line rate in increments of six Note The egress queue default settings are suitable for most situations You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your quality of service QoS solution Exam...

Page 642: ...ices Code Point DSCP values to an egress queue or maps DSCP values to a queue and to a threshold ID mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation for the queue set queue set Maps a port to a queue set show mls qos interface queueing Displays QoS information srr queue bandwidth ...

Page 643: ...h bursty traffic or to provide a smoother output over time The shaped mode overrides the shared mode If you configure a shaped queue weight to 0 by using the srr queue bandwidth shape interface configuration command this queue participates in shared mode The weight specified with the srr queue bandwidth shape command is ignored and the weights specified with the srr queue bandwidth share interface...

Page 644: ...f srr queue bandwidth share 4 4 4 4 You can verify your settings by entering the show mls qos interface interface id queueing privileged EXEC command Related Commands Command Description mls qos queue set output buffers Allocates buffers to a queue set mls qos srr queue output cos map Maps class of service CoS values to an egress queue or maps CoS values to a queue and to a threshold ID mls qos sr...

Page 645: ...bandwidth is guaranteed at this level but not limited to it For example if a queue empties and does not require a share of the link the remaining queues can expand into the unused bandwidth and share it among themselves If you configure a shaped queue weight to 0 by using the srr queue bandwidth shape interface configuration command this queue participates in SRR shared mode The weight specified w...

Page 646: ...mls qos interface interface id queueing privileged EXEC command Related Commands Command Description mls qos queue set output buffers Allocates buffers to a queue set mls qos srr queue output cos map Maps class of service CoS values to an egress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue output dscp map Maps Differentiated Services Code Point DSCP values to an egre...

Page 647: ...ntage of total bandwidth of the port level Rising suppression level up to two decimal places The range is 0 00 to 100 00 Block the flooding of storm packets when the value specified for level is reached level low Optional Falling suppression level up to two decimal places The range is 0 00 to 100 00 This value must be less than or equal to the rising suppression value If you do not configure a fal...

Page 648: ... control threshold for multicast traffic is reached all multicast traffic except control traffic such as bridge protocol data unit BDPU and Cisco Discovery Protocol CDP frames are blocked However the switch does not differentiate between routing updates such as Open Shortest Path First OSPF and regular multicast data traffic so both types of traffic are blocked level pps pps pps low Specify the ri...

Page 649: ... to filter traffic the switch blocks only broadcast traffic For more information see the software configuration guide for this release Examples This example shows how to enable broadcast storm control with a 75 5 percent rising suppression level Switch config if storm control broadcast level 75 5 This example shows how to enable unicast storm control on a port with a 87 percent rising suppression ...

Page 650: ...Command History Usage Guidelines Entering the no switchport command shuts the port down and then re enables it which might generate messages on the device to which the port is connected In Release 12 2 20 SE and later when you put an interface that is in Layer 2 mode into Layer 3 mode or the reverse the previous configuration information related to the affected interface might be lost and the inte...

Page 651: ...s not used on platforms that do not support Cisco routed ports All physical ports on such platforms are assumed to be Layer 2 switched interfaces You can verify the switchport status of an interface by entering the show running config privileged EXEC command Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting ...

Page 652: ...odes Interface configuration Command History Usage Guidelines The no switchport access command resets the access mode VLAN to the appropriate default VLAN for the device The port must be in access mode before the switchport access vlan command can take effect An access port can be assigned to only one VLAN The VMPS server such as a Catalyst 6000 series switch must be configured before a port is co...

Page 653: ...c access ports can only be in one VLAN and do not use VLAN tagging Dynamic access ports cannot be configured as Members of an EtherChannel port group dynamic access ports cannot be grouped with any other port including other dynamic ports Source or destination ports in a static address entry Monitor ports Examples This example shows how to change a switched port interface that is operating in acce...

Page 654: ... referred to as the active link the specified interface is identified as the backup link The feature provides an alternative to the Spanning Tree Protocol STP allowing users to turn off STP and still retain basic link redundancy This command is available only for Layer 2 interfaces You can configure only one Flex Link backup link for any active link and it must be a different interface from the ac...

Page 655: ...figured on the switch Flex Links do not participate in STP in all valid VLANs If STP is not running be sure that there are no loops in the configured topology Examples This example shows how to configure two interfaces as Flex Links Switch configure terminal Switch conf interface fastethernet0 1 Switch conf if switchport backup interface fastethernet0 2 Switch conf if end You can verify your setti...

Page 656: ...wn multicast or unicast traffic is not blocked on a protected port there could be security issues Blocking unknown multicast or unicast traffic is not automatically enabled on protected ports you must explicitly configure it For more information about blocking packets see the software configuration guide for this release Examples This example shows how to block unknown multicast traffic on an inte...

Page 657: ... Because spanning tree Port Fast is enabled you should enter the switchport host command only on ports that are connected to a single host Connecting other switches hubs concentrators or bridges to a fast start port can cause temporary spanning tree loops Enable the switchport host command to decrease the time that it takes to start up packet forwarding Examples This example shows how to optimize ...

Page 658: ... negotiates to convert the link into a trunk link even if the interface connecting to it does not agree to the change access Set the port to access mode either static access or dynamic access depending on the setting of the switchport access vlan interface configuration command The port is set to access unconditionally and operates as a nontrunking single VLAN interface that sends and receives non...

Page 659: ...ists ACLs but not by IP ACLs This is because the switch does not recognize the protocol inside the IEEE 802 1Q header This restriction applies to router ACLs port ACLs and VLAN maps Configuring a port as an IEEE 802 1Q tunnel port has these limitations IP routing and fallback bridging are not supported on tunnel ports Tunnel ports do not support IP ACLs If an IP ACL is applied to a trunk port in a...

Page 660: ...g if switchport mode trunk This example shows how to configure a port as an IEEE 802 1Q tunnel port Switch config interface gigabitethernet0 1 Switch config if switchport mode dot1q tunnel You can verify your settings by entering the show interfaces interface id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows Related Commands Comman...

Page 661: ...ous port the port becomes inactive Do not configure private VLAN on ports with these other features Dynamic access port VLAN membership Dynamic Trunking Protocol DTP Port Aggregation Protocol PAgP Link Aggregation Control Protocol LACP Multicast VLAN Registration MVR Voice VLAN A private VLAN port cannot be a SPAN destination port While a port is part of the private VLAN configuration any EtherCha...

Page 662: ...y using the spanning tree portfast bpduguard default global configuration command and the spanning tree portfast interface configuration command Switch configure terminal Switch config interface fastethernet 0 1 Switch config if switchport mode private vlan host Switch config if switchport private vlan host association 20 501 Switch config if end This example shows how to configure an interface as...

Page 663: ... using the switchport mode access or the switchport mode trunk interface configuration command This command returns an error if you attempt to execute it in dynamic auto or desirable mode Internetworking devices that do not support DTP might forward DTP frames improperly and cause misconfigurations To avoid this you should turn off DTP by using the switchport no negotiate command to configure the ...

Page 664: ... on the mode set Switch config interface gigabitethernet0 1 Switch config if switchport nonegotiate You can verify your setting by entering the show interfaces interface id switchport privileged EXEC command Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection se...

Page 665: ...n add additional secure MAC addresses up to the maximum value configured vlan vlan id Optional On a trunk port only specify the VLAN ID and the MAC address If no VLAN ID is specified the native VLAN is used vlan access Optional On an access port only specify the VLAN as an access VLAN vlan voice Optional On an access port only specify the VLAN as a voice VLAN Note The voice keyword is available on...

Page 666: ...opped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses You are not notified that a security violation has occurred Note We do not recommend configuring the protect mode on a trunk port The protect mode disables learning when any VLAN reaches its maximum limit even if the port has not reached its maxim...

Page 667: ...lue is less than the previous value and the number of configured secure addresses on the interface exceeds the new value the command is rejected The switch does not support port security aging of sticky secure MAC addresses A security violation occurs when the maximum number of secure MAC addresses are in the address table and a station whose MAC address is not in the address table attempts to acc...

Page 668: ...he interface does not need to relearn these addresses If you do not save the sticky secure addresses they are lost If sticky learning is disabled the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration If you disable sticky learning and enter the switchport port security mac address sticky mac address interface configuration command ...

Page 669: ...iption clear port security Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface show port security address Displays all the secure addresses configured on the switch show port security interface interface id Displays port security configuration for the switch or for the specified interface ...

Page 670: ...ed time access to particular secure addresses set the aging type as absolute When the aging time lapses the secure addresses are deleted To allow continuous access to a limited number of secure addresses set the aging type as inactivity This removes the secure address when it become inactive and other addresses can become secure To allow unlimited access to a secure address configure it as a secur...

Page 671: ... on the port Switch config interface gigabitethernet0 2 Switch config if switchport port security aging time 2 Switch config if switchport port security aging type inactivity Switch config if switchport port security aging static This example shows how to disable aging for configured secure addresses Switch config interface gigabitethernet0 2 Switch config if no switchport port security aging stat...

Page 672: ... the configuration to the Cisco IP Phone CDP is enabled by default globally and on all switch interfaces You should configure voice VLAN on switch access ports You can configure a voice VLAN only on Layer 2 ports Before you enable voice VLAN we recommend that you enable quality of service QoS on the switch by entering the mls qos global configuration command and configure the port trust state to t...

Page 673: ...r 2 Catalyst 3560 Switch Cisco IOS Commands switchport priority extend Related Commands Command Description show interfaces Displays the administrative and operational status of a switching nonrouting port switchport voice vlan Configures the voice VLAN on the port ...

Page 674: ...ommand History Usage Guidelines Private VLAN association or mapping has no effect on the port unless the port has been configured as a private VLAN host or promiscuous port by using the switchport mode private vlan host promiscuous interface configuration command If the port is in private VLAN host or promiscuous mode but the VLANs do not exist the command is allowed but the port is made inactive ...

Page 675: ...port private vlan mapping interface configuration command Examples This example shows how to configure an interface as a private VLAN host port and associate it with primary VLAN 20 and secondary VLAN 501 Switch configure terminal Switch config interface fastethernet 0 1 Switch config if switchport mode private vlan host Switch config if switchport private vlan host association 20 501 Switch confi...

Page 676: ...d ports on different switches you must configure the protected ports for unique VLANs on each switch and configure a trunk link between the switches A protected port is different from a secure port A protected port does not forward any traffic unicast multicast or broadcast to any other port that is also a protected port Data traffic cannot be forwarded between protected ports at Layer 2 only cont...

Page 677: ...ands switchport protected Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection settings switchport block Prevents unknown multicast or unicast traffic on the interface ...

Page 678: ...s with a comma use a hyphen to designate a range of IDs remove removes the defined list of VLANs from those currently set instead of replacing the list Valid IDs are from 1 to 1005 extended range VLAN IDs are valid in some cases Note You can remove extended range VLANs from the allowed VLAN list but you cannot remove them from the pruning eligible list allowed vlan vlan list Set the list of allowe...

Page 679: ...d a different port on the same switch as an IEEE 802 1Q trunk If you enter the negotiate keywords and DTP negotiation does not resolve the encapsulation format ISL is the selected format The no form of the command resets the trunk encapsulation format to the default The no form of the encapsulation command resets the encapsulation format to the default Native VLANs All untagged traffic received on...

Page 680: ...sulation dot1q This example shows how to configure VLAN 3 as the default for the port to send all untagged traffic Switch config interface gigabitethernet0 2 Switch config if switchport trunk native vlan 3 This example shows how to add VLANs 1 2 5 and 6 to the allowed list Switch config interface gigabitethernet0 2 Switch config if switchport trunk allowed vlan add 1 2 5 6 This example shows how t...

Page 681: ...e mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command When you enter a VLAN ID the IP phone forwards voice traffic in IEEE 802 1Q frames tagged with the specified VLAN ID The switch puts IEEE 802 1Q voice traffic in the voice VLAN When you select dot1q none or untagged the switch puts the indicated voice...

Page 682: ...nnot configure static secure MAC addresses in the voice VLAN A voice VLAN port cannot be a private VLAN port The Port Fast feature is automatically enabled when voice VLAN is configured When you disable voice VLAN the Port Fast feature is not automatically disabled Examples This example shows how to configure VLAN 2 as the voice VLAN for the port Switch config interface gigabitethernet0 2 Switch c...

Page 683: ... Syntax Description Defaults These are the default values Command Modes Global configuration Command History Usage Guidelines Though visible on all switches this command is only valid on these switches Catalyst 3560G 48TS Catalyst 3560G 48PS Catalyst 3560G 24TS Catalyst 3560G 24PS value Specify the difference between the yellow and red threshold values in Celsius The range is 10 to 25 The default ...

Page 684: ...ld For example if the red threshold is 66 degrees C and you want to configure the yellow threshold as 51 degrees C set the difference between the thresholds as 15 by using the system env temperature threshold yellow 15 command Note The internal temperature sensor in the switch measures the internal system temperature and might vary 5 degrees C Examples This example sets 15 as the difference betwee...

Page 685: ... reset to take effect Gigabit Ethernet ports operating at 1000 Mbps are not affected by the system mtu command and 10 100 Mbps ports are not affected by the system mtu jumbo command You can use the system mtu routing command to configure the MTU size on routed ports bytes Set the system MTU for ports that are set to 10 or 100 Mbps The range is 1500 to 1998 bytes This is the maximum MTU received at...

Page 686: ...PU some packets for example control traffic SNMP Telnet and routing protocols are sent to the CPU Because the switch does not fragment packets it drops switched packets larger than the packet size supported on the egress interface routed packets larger than the routing MTU value For example if the system mtu value is 1998 bytes and the system mtu jumbo value is 5000 bytes packets up to 5000 bytes ...

Page 687: ...rface interface id privileged EXEC command to display the results Examples This example shows how to run TDR on an interface Switch test cable diagnostics tdr interface gigabitethernet0 2 TDR test started on interface Gi0 2 A TDR test can take a few seconds to run on an interface Use show cable diagnostics tdr to read the TDR results If you enter the test cable diagnostics tdr interface interface ...

Page 688: ...ticast source or destination MAC address the physical path is not identified and an error message appears The traceroute mac command output shows the Layer 2 path when the specified source and destination addresses belong to the same VLAN If you specify source and destination addresses that belong to different VLANs the Layer 2 path is not identified and an error message appears If the source or d...

Page 689: ...2T 2 2 6 6 Gi0 2 auto auto Gi0 3 auto auto con5 WS C2950G 24 EI 2 2 5 5 Fa0 3 auto auto Gi0 1 auto auto con1 WS C3550 12G 2 2 1 1 Gi0 1 auto auto Gi0 2 auto auto con2 WS C3550 24 2 2 2 2 Gi0 2 auto auto Fa0 1 auto auto Destination 0000 0201 0201 found on con2 WS C3550 24 2 2 2 2 Layer 2 trace completed This example shows how to display the Layer 2 path by specifying the interfaces on the source an...

Page 690: ...1 0000 0301 0201 Error Source and destination macs are on different vlans Layer2 trace aborted This example shows the Layer 2 path when the destination MAC address is a multicast address Switch traceroute mac 0000 0201 0601 0100 0201 0201 Invalid destination mac address This example shows the Layer 2 path when source and destination switches belong to multiple VLANs Switch traceroute mac 0000 0201...

Page 691: ...aceroute mac ip command output shows the Layer 2 path when the specified source and destination IP addresses are in the same subnet When you specify the IP addresses the switch uses Address Resolution Protocol ARP to associate the IP addresses with the corresponding MAC addresses and the VLAN IDs If an ARP entry exists for the specified IP address the switch uses the associated MAC address and ide...

Page 692: ...50G 24 EI 2 2 5 5 Fa0 3 auto auto Gi0 1 auto auto con1 WS C3550 12G 2 2 1 1 Gi0 1 auto auto Gi0 2 auto auto con2 WS C3550 24 2 2 2 2 Gi0 2 auto auto Fa0 1 auto auto Destination 0000 0201 0201 found on con2 WS C3550 24 2 2 2 2 Layer 2 trace completed This example shows how to display the Layer 2 path by specifying the source and destination hostnames Switch traceroute mac ip con6 con2 Translating I...

Page 693: ... configuration command within the same policy map If you specify trust cos QoS uses the received or default port CoS value and the CoS to DSCP map to generate a DSCP value for the packet If you specify trust dscp QoS uses the DSCP value from the ingress packet For non IP packets that are tagged QoS uses the received CoS value for non IP packets that are untagged QoS uses the default port CoS value...

Page 694: ...te to trust incoming DSCP values for traffic classified with class1 Switch config policy map policy1 Switch config pmap class class1 Switch config pmap c trust dscp Switch config pmap c police 1000000 20000 exceed action policed dscp transmit Switch config pmap c exit You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description class Def...

Page 695: ...ection in the software configuration guide for this release If you change the message time between probe packets you are making a trade off between the detection speed and the CPU load By decreasing the time you can make the detection response faster but increase the load on the CPU This command affects fiber optic interfaces only Use the udld interface configuration command to enable UDLD on othe...

Page 696: ...tically recover from the UDLD error disabled state Examples This example shows how to enable UDLD on all fiber optic interfaces Switch config udld enable You can verify your setting by entering the show udld privileged EXEC command Related Commands Command Description show udld Displays UDLD administrative and operational status for all ports or the specified port udld port Enables UDLD on an indi...

Page 697: ...ult and aggressive In normal mode UDLD detects unidirectional links due to misconnected interfaces on fiber optic connections In aggressive mode UDLD also detects unidirectional links due to one way traffic on fiber optic and twisted pair links and due to misconnected interfaces on fiber optic links For information about normal and aggressive modes see the Configuring UDLD chapter in the software ...

Page 698: ...bled state Examples This example shows how to enable UDLD on an port Switch config interface gigabitethernet0 1 Switch config if udld port This example shows how to disable UDLD on a fiber optic interface despite the setting of the udld global configuration command Switch config interface gigabitethernet0 1 Switch config if no udld port You can verify your settings by entering the show running con...

Page 699: ...reason if the problem has not been corrected Examples This example shows how to reset all interfaces disabled by UDLD Switch udld reset 1 ports shutdown by UDLD were reset You can verify your setting by entering the show udld privileged EXEC command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show running config Displays the running configurati...

Page 700: ...command to put the switch in VTP transparent mode Extended range VLANs are not learned by VTP and are not added to the VLAN database but when VTP mode is transparent VTP mode and domain name and all VLAN configurations are saved in the running configuration and you can save them in the switch startup configuration file When you save the VLAN and VTP configurations in the startup configuration file...

Page 701: ...RF mode for this VLAN disable backup CRF mode for this VLAN the default bridge bridge number type specifies the logical distributed source routing bridge the bridge that interconnects all logical rings having this VLAN as a parent VLAN in FDDI NET Token Ring NET and TrBRF VLANs The range is 0 to 15 The default bridge number is 0 no source routing bridge for FDDI NET TrBRF and Token Ring NET VLANs ...

Page 702: ...e remote span command for more information ring ring number defines the logical ring for an FDDI Token Ring or TrCRF VLAN The range is 1 to 4095 The default for Token Ring VLANs is 0 For FDDI VLANs there is no default said said value specifies the security association identifier SAID as documented in IEEE 802 10 The range is 1 to 4294967294 and the number must be unique within the administrative d...

Page 703: ...ng concentrator relay function TrCRF VTP v2 mode is enabled name vlan name media tokenring state suspend active said said value mtu mtu size ring ring number parent parent vlan id bridge type srb srt are are number ste ste number backupcrf enable disable tb vlan1 tb vlan1 id tb vlan2 tb vlan2 id Token Ring NET VTP v1 mode is enabled name vlan name media tr net state suspend active said said value ...

Page 704: ...witch config vtp mode transparent Switch config vlan 2000 Switch config vlan end Switch copy running config startup config You can verify your setting by entering the show vlan privileged EXEC command VTP v2 mode is enabled and you are configuring a TrBRF VLAN media type Specify a bridge number Do not leave this field blank VTP v1 mode is enabled No VLAN can have an STP type set to auto This rule ...

Page 705: ...isco IOS Commands vlan global configuration Related Commands Command Description show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN ID or name is specified in the administrative domain vlan VLAN configuration Configures normal range VLANs in the VLAN database ...

Page 706: ...2 tb vlan2 id Extended range VLANs with VLAN IDs from 1006 to 4094 cannot be added or modified by using these commands To add extended range VLANs use the vlan global configuration command to enter config vlan mode Note The switch supports only Ethernet ports You configure only FDDI and Token Ring media specific characteristics for VLAN Trunking Protocol VTP global advertisements to other switches...

Page 707: ...hen defining a TrCRF The range is 0 to 1005 ring ring number Optional Specify the logical ring for an FDDI Token Ring or TrCRF VLAN The range is 1 to 4095 said said value Optional Enter the security association identifier SAID as documented in IEEE 802 10 The range is 1 to 4294967294 and the number must be unique within the administrative domain state suspend active Optional Specify the VLAN state...

Page 708: ... vlan2 tb vlan2 id Token Ring concentrator relay function TrCRF VTP v2 mode is enabled vlan vlan id name vlan name media tokenring state suspend active said said value mtu mtu size ring ring number parent parent vlan id bridge type srb srt are are number ste ste number backupcrf enable disable tb vlan1 tb vlan1 id tb vlan2 tb vlan2 id Token Ring NET VTP v1 mode is enabled vlan vlan id name vlan na...

Page 709: ...s the default is no type specified The tb vlan1 id and tb vlan2 id variables are zero no translational bridging Command Modes VLAN configuration VTP v2 mode is enabled and you are configuring a TrBRF VLAN media type Specify a bridge number Do not leave this field blank VTP v1 mode is enabled No VLAN can have an STP type set to auto This rule applies to Ethernet FDDI FDDI NET Token Ring and Token R...

Page 710: ...leted Deleting VLANs automatically resets to zero any other parent VLANs and translational bridging parameters that see the deleted VLAN When the no vlan vlan id bridge form is used the VLAN source routing bridge number returns to the default 0 The vlan vlan id bridge command is used only for FDDI NET and Token Ring NET VLANs and is ignored in other VLAN types When the no vlan vlan id media form i...

Page 711: ...o add an Ethernet VLAN with default media characteristics The default includes a vlan name of VLANxxx where xxxx represents four numeric digits including leading zeros equal to the VLAN ID number The default media option is ethernet the state option is active The default said value variable is 100000 plus the VLAN ID the mtu size variable is 1500 the stp type option is ieee When you enter the exit...

Page 712: ...or IP or non IP traffic to match and use the action command to set whether a match causes the packet to be forwarded or dropped In VLAN access map configuration mode these commands are available action sets the action to be taken forward or drop default sets a command to its defaults exit exits from VLAN access map configuration mode match sets the values to match IP address or MAC address no nega...

Page 713: ... actions to it If no other entries already exist in the map this will be entry 10 Switch config vlan access map vac1 Switch config access map match ip address acl1 Switch config access map action forward This example shows how to delete VLAN map vac1 Switch config no vlan access map vac1 Related Commands Command Description action Sets the action for the VLAN access map entry match access map conf...

Page 714: ...tion command to enter config vlan mode You can also configure VLAN IDs 1 to 1005 by using the vlan global configuration command To return to the privileged EXEC mode from the VLAN configuration mode enter the exit command Note This command mode is different from other modes because it is session oriented When you add delete or modify VLAN parameters the changes are not applied until you exit the s...

Page 715: ...ch and remains in VLAN configuration mode show displays VLAN database information show changes vlan id displays the differences between the VLAN database on the switch and the proposed VLAN database for all normal range VLAN IDs 1 to 1005 or the specified VLAN ID 1 to 1005 show current vlan id displays the VLAN database on the switch or on a selected VLAN 1 to 1005 show proposed vlan id displays t...

Page 716: ...fied State Suspended This example shows how to display the differences between VLAN 7 in the current database and the proposed database Switch vlan show changes 7 MODIFIED VLAN ISL Id 7 Current State Operational Modified State Suspended This is an example of output from the show current 20 command It displays only VLAN 20 of the current database Switch vlan show current 20 VLAN ISL Id 20 Name VLAN...

Page 717: ...rates on an edge switch of a service provider network and expands VLAN space by using a VLAN in VLAN hierarchy and tagging the tagged packets You must use IEEE 802 1Q trunk ports for sending packets to the service provider network However packets going through the core of the service provider network might also be carried on IEEE 802 1Q trunks If the native VLANs of an IEEE 802 1Q trunks match the...

Page 718: ... Switch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands vlan dot1q tag native Related Commands Command Description show vlan dot1q tag native Displays IEEE 802 1Q native VLAN tagging status ...

Page 719: ...n process we recommend that you completely define the VLAN access map before applying it to a VLAN For more information about VLAN map entries see the software configuration guide for this release Examples This example applies VLAN map entry map1 to VLANs 20 and 30 Switch config vlan filter map1 vlan list 20 30 This example shows how to delete VLAN map entry mac1 from VLAN 20 Switch config no vlan...

Page 720: ...lter Related Commands Command Description show vlan access map Displays information about a particular VLAN access map or all VLAN access maps show vlan filter Displays information about all VLAN filters or about a particular VLAN or VLAN access map vlan access map Creates a VLAN map entry for VLAN packet filtering ...

Page 721: ...EXEC Command History Examples This example shows how to immediately send VQP queries to the VMPS Switch vmps reconfirm You can verify your setting by entering the show vmps privileged EXEC command and examining the VMPS Action row of the Reconfirmation Status section The show vmps command shows the result of the last time the assignments were reconfirmed either because the reconfirmation timer exp...

Page 722: ... configuration Command History Examples This example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes Switch config vmps reconfirm 20 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Reconfirm Interval row Related Commands interval Reconfirmation interval for VQP client queries to the VLAN Membership Po...

Page 723: ...ault retry count is 3 Command Modes Global configuration Command History Examples This example shows how to set the retry count to 7 Switch config vmps retry 7 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Server Retry Count row Related Commands count Number of attempts to contact the VLAN Membership Policy Server VMPS by the client ...

Page 724: ...he VMPS server on the command switch and the command switch proxies the VMPS requests The VMPS server treats the cluster as a single switch and uses the IP address of the command switch to respond to requests When using the no form without specifying the ipaddress all configured servers are deleted If you delete all servers when dynamic access ports are present the switch cannot forward packets fr...

Page 725: ... example shows how to delete the server with IP address 191 10 49 21 Switch config no vmps server 191 10 49 21 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the VMPS Domain Server row Related Commands Command Description show vmps Displays VQP and VMPS information ...

Page 726: ...ions You cannot configure VLANs on the switch When a VTP client starts up it does not send VTP advertisements until it receives advertisements to initialize its VLAN database server Place the switch in VTP server mode A switch in VTP server mode is enabled for VTP and sends advertisements You can configure VLANs on the switch The switch can recover all the VLAN information in the current VTP datab...

Page 727: ... configuration for the first 1005 VLANs are selected by VLAN database information and VLANs greater than 1005 are configured from the switch configuration file The vtp file filename cannot be used to load a new database it renames only the file in which the existing database is stored Follow these guidelines when configuring a VTP domain name The switch is in the no management domain state until y...

Page 728: ... If extended range VLANs are configured on the switch and you attempt to set the VTP mode to server or client you receive an error message and the configuration is not allowed VTP can be set to either server or client mode only when dynamic VLAN creation is disabled Follow these guidelines when setting a VTP password Passwords are case sensitive Passwords should match on all switches in the same d...

Page 729: ...e name of the interface providing the VTP updater ID for this device Switch config vtp interface gigabitethernet This example shows how to set the administrative domain for the switch Switch config vtp domain OurDomainName This example shows how to place the switch in VTP transparent mode Switch config vtp mode transparent This example shows how to configure the VTP domain password Switch config v...

Page 730: ...assword can be an ASCII string from 1 to 32 characters The password is case sensitive pruning Enable pruning in the VTP administrative domain VTP pruning causes information about each pruning eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN v2 mode Enable VLAN Trunking Protocol VTP Version 2 in the administrative domains client Place the switch in VTP cl...

Page 731: ...uration changes on a switch in server mode If the receiving switch is in server mode or transparent mode the switch configuration is not changed Switches in transparent mode do not participate in VTP If you make VTP or VLAN configuration changes on a switch in transparent mode the changes are not propagated to other switches in the network If you make a change to the VTP or VLAN configuration on a...

Page 732: ...s should match on all switches in the same domain When the no vtp password form of the command is used the switch returns to the no password state Follow these guidelines when enabling VTP pruning If you enable pruning on the VTP server it is enabled for the entire management domain Only VLANs included in the pruning eligible list can be pruned Pruning is supported with VTP Version 1 and Version 2...

Page 733: ...ord private Setting device VLAN database password to private This example shows how to enable pruning in the proposed new VLAN database Switch vlan vtp pruning Pruning switched ON This example shows how to enable v2 mode in the proposed new VLAN database Switch vlan vtp v2 mode V2 mode enabled You can verify your settings by entering the show vtp status privileged EXEC command Related Commands Com...

Page 734: ...2 702 Catalyst 3560 Switch Command Reference 78 16405 05 Chapter 2 Catalyst 3560 Switch Cisco IOS Commands vtp VLAN configuration ...

Page 735: ...and then entering a new password The password recovery disable feature allows the system administrator to protect access to the switch password by disabling part of this functionality and allowing the user to interrupt the boot process only by agreeing to set the system back to the default configuration With password recovery disabled the user can still interrupt the boot process and change the pa...

Page 736: ...ion in the BOOT environment variable if any If you supply an image name for the file url variable the boot command attempts to boot the specified image When you set boot loader boot command options they are executed immediately and apply only to the current boot loader session These settings are not saved for the next boot operation Filenames and directory names are case sensitive Examples This ex...

Page 737: ...nd Reference 78 16405 05 Appendix A Catalyst 3560 Switch Boot Loader Commands boot Related Commands Command Description set Sets the BOOT environment variable to boot a specific image when the BOOT keyword is appended to the command ...

Page 738: ...t flash new images info flash env_vars version_suffix ipservices 122 25 SEB version_directory c3560 ipservices mz 122 25 SEB image_name c3560 ipservices mz 122 25 SEB bin ios_image_file_size 6395392 total_image_file_size 8059904 image_feature IP LAYER_3 PLUS MIN_DRAM_MEG 128 image_family C3560 info_end BAUD 57600 MANUAL_BOOT no Related Commands filesystem Alias for a flash file system Use flash fo...

Page 739: ...ontrol characters spaces deletes slashes quotes semicolons or colons If you are copying a file to a new directory the directory must already exist Examples This example show how to copy a file at the root switch copy flash test1 text flash test4 text File flash test1 text successfully copied to flash test4 text You can verify that the file was copied by entering the dir filesystem boot loader comm...

Page 740: ...ple shows how to delete two files switch delete flash test2 text flash test5 text Are you sure you want to delete flash test2 text y n y File flash test2 text deleted Are you sure you want to delete flash test5 text y n y File flash test2 text deleted You can verify that the files were deleted by entering the dir flash boot loader command Related Commands filesystem Alias for a flash file system U...

Page 741: ...s 9 drwx 768 Mar 01 2002 23 11 42 html 16 rwx 1037 Mar 01 2002 00 01 11 config text 14 rwx 1099 Mar 01 2002 01 14 05 homepage htm 22 rwx 96 Mar 01 2002 00 01 39 system_env_vars 17 drwx 192 Mar 06 2002 23 22 03 c3560 ipservices mz 122 25 SEB 15998976 bytes total 6397440 bytes free Table A 1 describes the fields in the display filesystem Alias for a flash file system Use flash for the system board f...

Page 742: ...60 Switch Boot Loader Commands dir Related Commands 1644045 Size of the file date Last modification date env_vars Filename Table A 1 dir Field Descriptions continued Field Description Command Description mkdir Creates one or more directories rmdir Removes one or more directories ...

Page 743: ...s or keywords Defaults The flash file system is automatically initialized during normal system operation Command Modes Boot loader Command History Usage Guidelines During the normal boot process the flash file system is automatically initialized Use this command to manually initialize the flash file system For example you use this command during the recovery procedure for a lost or forgotten passw...

Page 744: ...em and destroy all data in that file system format filesystem Syntax Description Command Modes Boot loader Command History Usage Guidelines Caution Use this command with care it destroys all data on the file system and renders your system unusable filesystem Alias for a flash file system Use flash for the system board flash device Release Modification 12 1 19 EA1 This command was introduced ...

Page 745: ...d then reconnect the power Examples This example shows how to perform an extensive file system check on flash memory switch fsck test flash test Optional Initialize the file system code and perform extra POST on flash memory An extensive nondestructive memory test is performed on every byte that makes up the file system f Optional Initialize the file system code and perform a fast file consistency...

Page 746: ...elp boot loader command to display the available commands help Syntax Description This command has no arguments or keywords Command Modes Boot loader Command History Usage Guidelines You can also use the question mark to display a list of available boot loader commands Release Modification 12 1 19 EA1 This command was introduced ...

Page 747: ...aults No helper files are loaded Command Modes Boot loader Command History Usage Guidelines The load_helper command searches for loadable files only if the HELPER environment variable is set Filenames and directory names are case sensitive filesystem Alias for a flash file system Use flash for the system board flash device file url Path directory and a list of loadable helper files to dynamically ...

Page 748: ...p utilization is 22 percent Total bytes 0xa9068 692328 Bytes used 0x26888 157832 Bytes available 0x827e0 534496 Alternate heap utilization is 0 percent Total alternate heap bytes 0x6fd000 7327744 Alternate heap bytes used 0x0 0 Alternate heap bytes available 0x6fd000 7327744 Table A 2 describes the fields in the display Release Modification 12 1 19 EA1 This command was introduced Table A 2 memory ...

Page 749: ...ectory called Saved_Configs switch mkdir flash Saved_Configs Directory flash Saved_Configs created This example shows how to make two directories switch mkdir flash Saved_Configs1 flash Test Directory flash Saved_Configs1 created Directory flash Test created You can verify that the directory was created by entering the dir filesystem boot loader command Related Commands filesystem Alias for a flas...

Page 750: ... more flash new images info flash env_vars version_suffix ipservices 122 25 SEB version_directory c3560 ipservices mx 122 25 SEB image_name c3560 ipservices mx 122 25 SEB bin ios_image_file_size 6395392 total_image_file_size 8059904 image_feature IP LAYER_3 PLUS MIN_DRAM_MEG 128 image_family C3560 info_end BAUD 57600 MANUAL_BOOT no Related Commands filesystem Alias for a flash file system Use flas...

Page 751: ...olons or colons Filenames are limited to 45 characters the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Examples This example shows a file named config text being renamed to config1 text switch rename flash config text flash config1 text You can verify that the file was renamed by entering the dir filesystem boot loader command Related Commands filesyst...

Page 752: ...ng the processor registers and memory reset Syntax Description This command has no arguments or keywords Command Modes Boot loader Command History Examples This example shows how to reset the system switch reset Are you sure you want to reset the system y n y System resetting Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description boot Loads and boots an e...

Page 753: ... you must first delete all the files in the directory The switch prompts you for confirmation before deleting each directory Examples This example shows how to remove a directory switch rmdir flash Test You can verify that the directory was deleted by entering the dir filesystem boot loader command Related Commands filesystem Alias for a flash file system Use flash for the system board flash devic...

Page 754: ... boot process by pressing the Break key on the console after the flash file system has initialized HELPER filesystem file url A semicolon separated list of loadable files to dynamically load during the boot loader initialization Helper files extend or patch the functionality of the boot loader PS1 prompt A string that is used as the command line prompt in boot loader mode CONFIG_FILE flash file ur...

Page 755: ...the value is a null string A variable that is set to a null string for example is a variable with a value Many environment variables are predefined and have default values Command Modes Boot loader Command History Usage Guidelines Environment variables are case sensitive and must be entered as documented Environment variables that have values are stored in flash memory outside of the flash file sy...

Page 756: ...m file url global configuration command The HELPER_CONFIG_FILE environment variable can also be set by using the boot helper config file filesystem file url global configuration command The boot loader prompt string PS1 can be up to 120 printable characters except the equal sign Examples This example shows how to change the boot loader prompt switch set PS1 loader loader You can verify your settin...

Page 757: ... type flash new images info flash env_vars version_suffix ipservices 122 25 SEB version_directory c3560 ipservices mx 122 25 SEB image_name c3560 ipservices mx 122 25 SEB bin ios_image_file_size 6395392 total_image_file_size 8059904 image_feature IP LAYER_3 PLUS MIN_DRAM_MEG 128 image_family C3560 info_end BAUD 57600 MANUAL_BOOT no Related Commands filesystem Alias for a flash file system Use flas...

Page 758: ... HELPER A semicolon separated list of loadable files to dynamically load during the boot loader initialization Helper files extend or patch the functionality of the boot loader PS1 A string that is used as the command line prompt in boot loader mode CONFIG_FILE Resets the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration BAUD Resets the rate in bits per ...

Page 759: ...ng the no boot enable break global configuration command The HELPER environment variable can also be reset by using the no boot helper global configuration command The CONFIG_FILE environment variable can also be reset by using the no boot config file global configuration command The BOOTHLPR environment variable can also be reset by using the no boot boothlpr global configuration command The HELP...

Page 760: ...e boot loader version version Syntax Description This command has no arguments or keywords Command Modes Boot loader Command History Examples This example shows how to display the boot loader version switch version C3560 Boot Loader C3560 HBOOT M Version 12 1 19 EA1 Compiled Wed 12 Nov 03 14 58 by devgoyal switch Release Modification 12 1 19 EA1 This command was introduced ...

Page 761: ...ed only under the guidance of Cisco technical support staff Caution Because debugging output is assigned high priority in the CPU process it can render the system unusable For this reason use the debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff It is best to use the debug commands during periods of lower network traffic and...

Page 762: ...ically generated when auto QoS is enabled Switch debug auto qos AutoQoS debugging is on Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gigabitethernet0 1 Switch config if auto qos voip cisco phone 21 29 41 mls qos map cos dscp 0 8 16 26 32 46 48 56 21 29 41 mls qos 21 29 42 no mls qos srr queue input cos map 21 29 42 no mls qos srr queue...

Page 763: ... 3 48 49 50 51 52 53 54 55 21 29 48 mls qos srr queue output dscp map queue 2 threshold 3 56 57 58 59 60 61 62 63 21 29 48 mls qos srr queue output dscp map queue 3 threshold 3 16 17 18 19 20 21 22 23 21 29 48 mls qos srr queue output dscp map queue 3 threshold 3 32 33 34 35 36 37 38 39 21 29 49 mls qos srr queue output dscp map queue 4 threshold 1 8 21 29 49 mls qos srr queue output dscp map queu...

Page 764: ...istory Usage Guidelines The undebug backup command is the same as the no debug backup command Related Commands all Display all backup interface debug messages errors Display backup interface error or exception debug messages events Display backup interface event debug messages Release Modification 12 2 20 SE This command was introduced Command Description show debugging Displays information about ...

Page 765: ...n the cluster command switch The undebug cluster command is the same as the no debug cluster command discovery Display cluster discovery debug messages events Display cluster event debug messages extended Display extended discovery debug messages hsrp Display the Hot Standby Router Protocol HSRP debug messages http Display Hypertext Transfer Protocol HTTP debug messages ip packet Display IP or tra...

Page 766: ...Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show cluster Displays the cluster status and a summary of the cluster to which the switch belongs show cluster candidates Displays a list of candidate switches when entered on the command switch show cluster members Di...

Page 767: ...e Though visible in the command line help strings the redundancy keyword is not supported Command Default Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug dot1x command is the same as the no debug dot1x command all Display all 802 1x debug messages errors Display 802 1x error debug messages events Display 802 1x event debug messages packets Display 8...

Page 768: ...out the types of debugging that are enabled For syntax information see the Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show dot1x Displays 802 1x statistics administrative status and operational status for the switch or for the specified port ...

Page 769: ...tion debug messages all Display all DTP debug messages decision Display the DTP decision table debug messages events Display the DTP event debug messages oserrs Display DTP operating system related error debug messages packets Display DTP packet processing debug messages queue Display DTP packet queueing debug messages states Display DTP state transition debug messages timers Display DTP timer eve...

Page 770: ...etail error event idb Syntax Description Note Though visible in the command line help strings the linecard keyword is not supported Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines If you do not specify a keyword all debug messages appear The undebug etherchannel command is the same as the no debug etherchannel command all Optional Display all EtherChan...

Page 771: ...debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show etherchannel Displays EtherChannel information for the channel ...

Page 772: ...rted only on PoE capable switches When you enable debugging it is enabled only on the switch Related Commands cdp Display PoE Cisco Discovery Protocol CDP debug messages controller Display PoE controller debug messages event Display PoE event debug messages ha Display PoE high availability messages port Display PoE port manager debug messages powerman Display PoE power management debug messages re...

Page 773: ...mand Modes Privileged EXEC Command History Usage Guidelines The undebug ip dhcp snooping command is the same as the no debug ip dhcp snooping command Related Commands mac address Display debug messages for a DHCP packet with the specified MAC address agent Display debug messages for DHCP snooping agents event Display debug messages for DHCP snooping events packet Display debug messages for DHCP sn...

Page 774: ...arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug ip verify source packet command is the same as the no debug ip verify source packet command Related Commands Release Modification 12 2 20 SE This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled F...

Page 775: ...d Modes Privileged EXEC Command History Usage Guidelines If you do not specify a keyword all debug messages appear The undebug interface command is the same as the no debug interface command interface id Display debug messages for the specified physical port identified by type switch number module number port for example gigabitethernet 0 2 null interface number Display debug messages for null int...

Page 776: ...bugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show etherchannel Displays EtherChannel information for the channel ...

Page 777: ...s no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug ip igmp filter command is the same as the no debug ip igmp filter command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled For syntax in...

Page 778: ...command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug ip igmp max groups command is the same as the no debug ip igmp max groups command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are ena...

Page 779: ...ommands group Optional Display IGMP snooping group activity debug messages management Optional Display IGMP snooping management activity debug messages querier Optional Display IGMP snooping querier debug messages router Optional Display IGMP snooping router activity debug messages timer Optional Display IGMP snooping timer event debug messages Release Modification 12 1 19 EA1 This command was int...

Page 780: ...ebug lacp command Related Commands all Optional Display all LACP debug messages event Optional Display LACP event debug messages fsm Optional Display LACP finite state machine debug messages misc Optional Display miscellaneous LACP debug messages packet Optional Display LACP packet debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displa...

Page 781: ...eged EXEC Command History Usage Guidelines The undebug mac notification command is the same as the no debug mac notification command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command R...

Page 782: ...d Modes Privileged EXEC Command History Usage Guidelines The undebug matm command is the same as the no debug matm command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description debug platform matm Displays information about platform dependent MAC address management show debugging Displays information about the types of debugging that are enabled For synt...

Page 783: ...tm move update command is the same as the no debug matm move update command Related Commands Release Modification 12 2 25 SED This command was introduced Command Description mac address table move update receive transmit Configures MAC address table move update feature on the switch show debugging Displays information about the types of debugging that are enabled For syntax information select Cisc...

Page 784: ...mand Modes Privileged EXEC Command History Usage Guidelines The undebug monitor command is the same as the no debug monitor command all Display all SPAN debug messages errors Display detailed SPAN error debug messages idb update Display SPAN interface description block IDB update trace debug messages info Display SPAN informational tracing debug messages list Display SPAN port and VLAN list tracin...

Page 785: ...ys information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show monitor Displays information about all SPAN and remote SPAN RSPAN sessions on the switch ...

Page 786: ...ug mvrdbg command Related Commands all Display all MVR activity debug messages events Display MVR event handling debug messages igmpsn Display MVR Internet Group Management Protocol IGMP snooping activity debug messages management Display MVR management activity debug messages ports Display MVR port debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description sho...

Page 787: ...ts Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug nvram command is the same as the no debug nvram command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configurati...

Page 788: ... pagp command Related Commands all Optional Display all PAgP debug messages event Optional Display PAgP event debug messages fsm Optional Display PAgP finite state machine debug messages misc Optional Display miscellaneous PAgP debug messages packet Optional Display PAgP packet debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays i...

Page 789: ...form acl command is the same as the no debug platform acl command Related Commands all Display all ACL manager debug messages exit Display ACL exit related debug messages label Display ACL label related debug messages main Display the main or important ACL debug messages racl Display router ACL related debug messages vacl Display VLAN ACL related debug messages vlmap Display ACL VLAN map related d...

Page 790: ...rguments or keywords Command Default Platform backup interface debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform backup interface command is the same as the no platform debug backup interface command Related Commands Release Modification 12 2 20 SE This command was introduced Command Description show debugging Displays information about the t...

Page 791: ...the broadcast queue cbt to spt q Display debug messages about packets received by the core based tree to shortest path tree cbt to spt queue cpuhub q Display debug messages about packets received by the CPU heartbeat queue host q Display debug messages about packets received by the host queue icmp q Display debug messages about packets received by the Internet Control Message Protocol ICMP queue i...

Page 792: ...ed Commands Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management ...

Page 793: ...command is the same as the no debug platform device manager command Related Commands all Display all platform device manager debug messages device info Display platform device manager device structure debug messages poll Display platform device manager 1 second poll debug messages port download Display platform device manager remote procedure call RPC usage debug messages trace Trace platform devi...

Page 794: ... Guidelines The undebug platform dot1x command is the same as the no debug platform dot1x command Related Commands initialization Display 802 1x initialization sequence debug messages interface configuration Display 802 1x interface configuration related debug messages rpc Display 802 1x remote procedure call RPC request debug messages Release Modification 12 1 19 EA1 This command was introduced C...

Page 795: ... The undebug platform etherchannel command is the same as the no debug platform etherchannel command Related Commands init Display EtherChannel module initialization debug messages link up Display EtherChannel link up and link down related debug messages rpc Display EtherChannel remote procedure call RPC debug messages warnings Display EtherChannel warning debug messages Release Modification 12 1 ...

Page 796: ...ager debug messages appear The undebug platform fallback bridging command is the same as the no debug platform fallback bridging command Related Commands error Optional Display fallback bridging manager error condition messages retry Optional Display fallback bridging manager retry messages rpc events messages Optional Display fallback bridging debugging information The keywords have these meaning...

Page 797: ... appear The undebug platform forw tcam command is the same as the no debug platform forw tcam command Related Commands adjustment Optional Display TCAM manager adjustment debug messages allocate Optional Display TCAM manager allocation debug messages audit Optional Display TCAM manager audit messages error Optional Display TCAM manager error messages move Optional Display TCAM manager move message...

Page 798: ... Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines This command is only supported on Catalyst 3560G 48TS 3560G 48PS 3560G 24TS and 3560G 24PS switches The undebug platform frontend controller command is the same as the no debug platform frontend controller command all Display all the debug messages for front end controller image Display Image...

Page 799: ... for the front end controller manager and subordinate applications and displays the hardware and software information for the front end controller show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 Syst...

Page 800: ...he no debug platform ip arp inspection command Related Commands all Display all dynamic ARP inspection debug messages error Display dynamic ARP inspection error debug messages event Display dynamic ARP inspection event debug messages packet Display dynamic ARP inspection packet related debug messages rpc Display dynamic ARP inspection remote procedure call RPC request debug messages Release Modifi...

Page 801: ... all Optional Display all DHCP debug messages error Optional Display DHCP error debug messages event Optional Display DHCP event debug messages packet Optional Display DHCP packet related debug messages rpc Optional Display DHCP remote procedure call RPC request debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show ip dhcp snooping Displays the DHCP s...

Page 802: ...P snooping destination index di coordination remote procedure call RPC debug messages error Display IGMP snooping error messages event Display IGMP snooping event debug messages group Display IGMP snooping group debug messages mgmt Display IGMP snooping management debug messages pak ip address error ipopt leave query report rx svi tx Display IGMP snooping packet event debug messages The keywords h...

Page 803: ...ssages l3mm Optional IGMP snooping Layer 3 multicast router group RPC debug messages misc Optional IGMP snooping miscellaneous RPC debug messages vlan Optional IGMP snooping VLAN assert RPC debug messages warn Display IGMP snooping warning messages Release Modification 12 1 19 EA1 This command was introduced Command Description debug ip igmp snooping Displays information about platform independent...

Page 804: ...icast event debug messages Note Using this command can degrade the performance of the switch mdb Display IP multicast debug messages for multicast distributed fast switching MDFS multicast descriptor block mdb events mdfs rp retry Display IP multicast MDFS rendezvous point RP retry event debug messages midb Display IP multicast MDFS multicast interface descriptor block MIDB debug messages mroute r...

Page 805: ...ted Commands Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management ...

Page 806: ... unicast routing DHCP dynamic address related event debug messages errors Display all IP unicast routing error debug messages including resource allocation failures events Display all IP unicast routing event debug messages including registry and miscellaneous events interface Display IP unicast routing interface event debug messages mpath Display IP unicast routing multi path adjacency programmin...

Page 807: ...he same as the no debug platform ip unicast command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management ...

Page 808: ...es Privileged EXEC Command History Usage Guidelines The undebug platform led command is the same as the no debug platform led command Related Commands generic Display LED generic action debug messages signal Display LED signal bit map debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that...

Page 809: ...mand Modes Privileged EXEC Command History Usage Guidelines The undebug platform matm command is the same as the no debug platform matm command aging Display MAC address aging debug messages all Display all platform MAC address management event debug messages ec aging Display EtherChannel address aging related debug messages errors Display MAC address management error messages learning Display MAC...

Page 810: ...isplays information about platform independent MAC address management show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management ...

Page 811: ...delines The undebug platform messaging application command is the same as the no debug platform messaging application command Related Commands all Display all application messaging debug messages badpak Display bad packet debug messages cleanup Display clean up debug messages events Display event debug messages memerr Display memory error debug messages messages Display application messaging debug...

Page 812: ...ssover auto MDIX debug messages cablediag Display PHY cable diagnostic debug messages dual purpose Display PHY dual purpose event debug messages flcd configure ipc iter trace Display PHY FLCD debug messages The keywords have these meanings configure Display PHY configure debug messages ipc Display Interprocess Communication Protocol IPC debug messages iter Display iter debug messages trace Display...

Page 813: ...ame as the no debug platform phy command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled For syntax information see the Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management ...

Page 814: ... hpm events Display platform port manager event debug messages idb events Display interface descriptor block IDB related events debug messages if numbers Display interface number translation event debug messages ios events Display Cisco IOS event debug messages link status Display interface link detection event debug messages platform Display port manager function event debug messages pm events Di...

Page 815: ...s the same as the no debug platform pm command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled For syntax information see the Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 Syste...

Page 816: ...nd History Usage Guidelines The undebug platform port asic command is the same as the no debug platform port asic command Related Commands interrupt Display port ASIC interrupt related function debug messages periodic Display port ASIC periodic function call debug messages read Display port ASIC read debug messages write Display port ASIC write debug messages Release Modification 12 1 19 EA1 This ...

Page 817: ...rt security command is the same as the no debug platform port security command Related Commands add Display secure address addition debug messages aging Display secure address aging debug messages all Display all port security debug messages delete Display secure address deletion debug messages errors Display port security error debug messages rpc Display remote procedure call RPC debug messages w...

Page 818: ...tcam command is the same as the no debug platform qos acl tcam command Related Commands all Display all QoS and ACL TCAM QATM manager debug messages ctcam Display Cisco TCAM CTCAM related events debug messages errors Display QATM error related events debug messages labels Display QATM label related events debug messages mask Display QATM mask related events debug messages rpc Display QATM remote p...

Page 819: ... arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform remote commands command is the same as the no debug platform remote commands command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabl...

Page 820: ...latform resource manager command Related Commands all Display all resource manager debug messages dm Display destination map debug messages erd Display equal cost route descriptor table debug messages errors Display error debug messages madmed Display the MAC address descriptor table and multi expansion descriptor table debug messages sd Display the station descriptor table debug messages stats Di...

Page 821: ...mand has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform snmp command is the same as the no debug platform snmp command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled For synt...

Page 822: ...as no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform span command is the same as the no debug platform span command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled For syntax inf...

Page 823: ...mmand History Usage Guidelines The undebug platform supervisor asic command is the same as the no debug platform supervisor asic command Related Commands all Display all supervisor ASIC event debug messages errors Display the supervisor ASIC error debug messages receive Display the supervisor ASIC receive debug messages send Display the supervisor ASIC send debug messages Release Modification 12 1...

Page 824: ...Usage Guidelines The undebug platform sw bridge command is the same as the no debug platform sw bridge command Related Commands broadcast Display broadcast data debug messages control Display protocol packet debug messages multicast Display multicast data debug messages packet Display sent and received data debug messages unicast Display unicast data debug messages Release Modification 12 1 19 EA1...

Page 825: ... tcam log l2 acl input output local qos debug platform tcam log l3 acl input output ipv6 acl input output local qos secondary local qos secondary debug platform tcam read reg ssram tcam debug platform tcam search debug platform tcam write forw ram reg tcam no debug platform tcam log read search write no debug platform tcam log l2 acl input output local qos no debug platform tcam log l3 acl input o...

Page 826: ...t local qos secondary Display IPv6 based look up debug messages Options include displaying input or output ACL look up local forwarding look up classification and QoS look up or secondary forwarding look up debug messages local Display local forwarding look up debug messages qos Display classification and quality of service QoS look up debug messages secondary Display secondary forwarding look up ...

Page 827: ...ame as the no debug platform tcam command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled For syntax information see the Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management ...

Page 828: ...nd History Usage Guidelines The undebug platform udld command is the same as the no debug platform udld command Related Commands all Optional Display all UDLD debug messages error Optional Display error condition debug messages rpc events messages Optional Display UDLD remote procedure call RPC debug messages The keywords have these meanings events Display UDLD RPC events messages Display UDLD RPC...

Page 829: ...ory Usage Guidelines The undebug platform vlan command is the same as the no debug platform vlan command Related Commands errors Display VLAN error debug messages mvid Display mapped VLAN ID allocations and free debug messages rpc Display remote procedure call RPC debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information abo...

Page 830: ...ough visible in the command line help strings the scp and pvlan keywords are not supported Defaults Debugging is disabled Command Modes Privileged EXEC Command History all Display all PM debug messages assert Display assert debug messages card Display line card related events debug messages etherchnl Display EtherChannel related events debug messages hatable Display Host Access Table events debug ...

Page 831: ...s the no debug pm command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management ...

Page 832: ...ng is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug port security command is the same as the no debug port security command Related Commands Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Confi...

Page 833: ...Command History Usage Guidelines The undebug qos manager command is the same as the no debug qos manager command Related Commands all Display all QoS manager debug messages event Display QoS manager related event debug messages verbose Display QoS manager detailed debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information abo...

Page 834: ... bpdu Display spanning tree bridge protocol data unit BPDU debug messages bpdu opt Display optimized BPDU handling debug messages config Display spanning tree configuration change debug messages etherchannel Display EtherChannel support debug messages events Display spanning tree topology event debug messages exceptions Display spanning tree exception debug messages general Display general spannin...

Page 835: ...how debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show spanning tree Displays spanning tree state information ...

Page 836: ... History Usage Guidelines The undebug spanning tree backbonefast command is the same as the no debug spanning tree backbonefast command Related Commands detail Optional Display detailed BackboneFast debug messages exceptions Optional Display spanning tree BackboneFast exception debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays i...

Page 837: ...ry Usage Guidelines The undebug spanning tree bpdu command is the same as the no debug spanning tree bpdu command Related Commands receive Optional Display the nonoptimized path for received BPDU debug messages transmit Optional Display the nonoptimized path for sent BPDU debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays informa...

Page 838: ...nd History Usage Guidelines The undebug spanning tree bpdu opt command is the same as the no debug spanning tree bpdu opt command Related Commands detail Optional Display detailed optimized BPDU handling debug messages packet Optional Display packet level optimized BPDU handling debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays ...

Page 839: ...ning tree MST region and a single spanning tree region running Rapid Spanning Tree Protocol RSTP An MST region and a single spanning tree region running 802 1D An MST region and another MST region with a different configuration bpdu rx Debug the received MST bridge protocol data units BPDUs bpdu tx Debug the sent MST BPDUs errors Debug MSTP errors flush Debug the port flushing mechanism init Debug...

Page 840: ...g tree mstp command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show spanning tree Displays spanning tr...

Page 841: ...ch command all Display all spanning tree switch debug messages errors Display debug messages for the interface between the spanning tree software module and the port manager software module flush Display debug messages for the shim flush operation general Display general event debug messages helper Display spanning tree helper task debug messages Helper tasks handle bulk spanning tree updates pm D...

Page 842: ...on show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show spanning tree Displays spanning tree state information ...

Page 843: ...vileged EXEC Command History Usage Guidelines The undebug spanning tree uplinkfast command is the same as the no debug spanning tree uplinkfast command Related Commands exceptions Optional Display spanning tree UplinkFast exception debug messages Release Modification 12 1 19 EA1 This command was introduced Command Description show debugging Displays information about the types of debugging that ar...

Page 844: ... vlan command badpmcookies Display debug messages for VLAN manager incidents of bad port manager cookies cfg vlan bootup cli Display config vlan debug messages The keywords have these meanings bootup Display messages when the switch is booting up cli Display messages when the command line interface CLI is in config vlan mode events Display debug messages for VLAN manager events ifs See the debug s...

Page 845: ... syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN name or ID is specified in the administrative domain show vtp Displays general information about V...

Page 846: ... vlan ifs command When selecting the file read operation Operation 1 reads the file header which contains the header verification word and the file version number Operation 2 reads the main body of the file which contains most of the domain and VLAN information Operation 3 reads type length version TLV descriptor structures Operation 4 reads TLV data open read write Display VLAN manager IFS file o...

Page 847: ...t the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN name or ID is specified in the administrative domain ...

Page 848: ...ge Guidelines The undebug sw vlan notification command is the same as the no debug sw vlan notification command accfwdchange Display debug messages for VLAN manager notification of aggregated access interface spanning tree forward changes allowedvlancfgchange Display debug messages for VLAN manager notification of changes to the allowed VLAN configuration fwdchange Display debug messages for VLAN ...

Page 849: ... about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN name or ID is specified in the administrative do...

Page 850: ...TP pruning code events Display debug messages for general purpose logic flow and detailed VTP messages generated by the VTP_LOG_RUNTIME macro in the VTP code packets Display debug messages for the contents of all incoming VTP packets that have been passed into the VTP code from the IOS VTP platform dependent layer except for pruning packets pruning packets xmit Display debug messages generated by ...

Page 851: ...Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show vtp Displays general information about VTP management domain status and counters ...

Page 852: ...cessing of configuration commands Processing of link up and link down indications For debug udld packets these debugging messages appear General packet processing program flow on receipt of an incoming packet Indications of the contents of the various pieces of packets received such as type length versions TLVs as they are examined by the packet reception code Packet transmission attempts and the ...

Page 853: ...mand Description show debugging Displays information about the types of debugging that are enabled For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Configuration Fundamentals Configuration Guide Release 12 2 System Management Troubleshooting and Fault Management show udld Displays UDLD administrative and operational status for all ports or ...

Page 854: ...c command Related Commands all Optional Display all VQP client debug messages cli Optional Display the VQP client command line interface CLI debug messages events Optional Display VQP client event debug messages learn Optional Display VQP client address learning debug messages packet Optional Display VQP client packet information debug messages Release Modification 12 1 19 EA1 This command was int...

Page 855: ...nds This appendix describes the show platform privileged EXEC commands that have been created or changed for use with the Catalyst 3560 switch These commands display information helpful in diagnosing and resolving internetworking problems and should be used only under the guidance of Cisco technical support staff ...

Page 856: ... contain Output appear interface interface id Display per interface ACL manager information for the specified interface The interface can be a physical interface or a VLAN label label number detail Display per label ACL manager information The label number range is 0 to 255 The keyword has this meaning detail Optional Display detailed ACL manager label information statistics asic number Display pe...

Page 857: ...leshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear interface id Optional Display backup information for all interfaces or the specified interface The interface can be a physical interface or...

Page 858: ...pport representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear config output Display the output of the last auto configuration application default Display whether or not the system is running the default configuration running Display a snapshot of the backed up runnin...

Page 859: ...l support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear flags Display EtherChannel port flags time stamps Display EtherChannel time stamps begin Optional Displ...

Page 860: ...ation type cos cos Optional Class of service CoS value of the frame The range is 0 to 7 ip src ip dst ip Optional but required for IP packets Source and destination IP addresses in dotted decimal notation frag field Optional The IP fragment field for a fragmented IP packet The range is 0 to 65535 dscp dscp Optional Differentiated Services Code Point DSCP field in the IP header The range is 0 to 63...

Page 861: ...are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples For examples of the show platform forward command output displays and what they mean see the Troubleshooting chapter of the software configuration guide for this release exclude Optional Display excludes lines that match the expression include Opt...

Page 862: ... problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear buffer Display the last 1024 bytes sent from the manager to the subordinate and the reverse generic Display the generic counters that do not specifical...

Page 863: ...ounters flood vlan vlan id Display IGMP snooping flood information The keyword has this meaning vlan vlan id Optional Display flood information for the specified VLAN The range is 1 to 4094 group ip address Display the IGMP snooping multicast group information where ip address is the IP address of the group hardware Display IGMP snooping information loaded into hardware retry count local count Dis...

Page 864: ...uld use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear ...

Page 865: ...ll info Display IP multicast routing access control list ACL information in particular the number of outgoing VLANs for which router ACLs at the output cannot be applied in hardware counters Display IP multicast counters and statistics groups Display IP multicast routes per group hardware detail Display IP multicast routes loaded into hardware The keyword has this meaning detail Optional Display p...

Page 866: ... these meanings adjacency Display the adjacency entries that failed to be programmed in hardware arp Display the Address Resolution Protocol ARP deletions because of failure and because of retries A B C D Optional Prefix of the ARP entries to display route Display the route entries that failed to be programmed in hardware loadbalance Display the platform loadbalance database mpaths Display the Lay...

Page 867: ... use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear ...

Page 868: ...Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that m...

Page 869: ...tion Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines t...

Page 870: ...rmation loadbalance Display backwalk load balance information compress ipv6 prefix prefix length Display IPv6 prefix compression information ipv6 prefix The IPv6 network prefix length The length of the IPv6 network prefix A decimal value from 0 to 128 that shows how many of the high order contiguous bits of the address comprise the prefix the network portion of the address A slash mark must preced...

Page 871: ...his command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Release Modification 12 2 25 SEA This com...

Page 872: ... output the lines that contain output do not appear but the lines that contain Output appear acl Display access control list ACL Layer 4 operators information pacl port asic Display port ACL Layer 4 operators information The keyword has this meaning port asic Optional Port ASIC number qos port asic Display quality of service QoS Layer 4 operators information The keyword has this meaning port asic ...

Page 873: ... support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear aging array Optional Display the MAC address table aging array hash table Optional Display the MAC address table hash table mac address mac address Optional Display the MAC address table MAC address inf...

Page 874: ...that contain output do not appear but the lines that contain Output appear application incoming outgoing summary Display application message information The keywords have these meanings incoming Optional Display only information about incoming application messaging requests outgoing Optional Display only information about incoming application messaging requests summary Optional Display summary inf...

Page 875: ...resentative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear session session number Optional Display SPAN information for the specified SPAN session The range is 1 to 66 begin O...

Page 876: ...command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear begin Optional Display begins with the line t...

Page 877: ...t appear counters Display module counters information group masks Display EtherChannel group masks information idbs active idbs deleted idbs Display interface data block IDB information The keywords have these meanings active idbs Display active IDB information deleted idbs Display deleted and leaked IDB information if numbers Display interface numbers information link status Display local port li...

Page 878: ...c number asic number stats drop enqueue miscellaneous supervisor asic number port number asic number transmit port fifo queue supervisor sram asic number port number asic number vct asic number port number asic number version begin exclude include expression Syntax Description cpu queue map table asic number port number asic number Display the CPU queue map table entries The keywords have these me...

Page 879: ... cache The keywords have these meanings asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports mac info asic number port number asic number Display the contents of the MAC information register The keywords have these m...

Page 880: ...splay the buffer queue information port fifo Display the port FIFO information supervisor sram Display the supervisor static RAM SRAM information asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports span vlan id asic...

Page 881: ...s 0 to 27 where 0 is the supervisor and 1 to 25 are the ports vct asic number port number asic number Display the VLAN compression table entries for the specified ASIC or for the specified port and ASIC The keywords have these meanings asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number ...

Page 882: ...e this command only when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear ...

Page 883: ...working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear begin Optional Display begins with the line that matches the expr...

Page 884: ...le if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear label asic number Display QoS label maps for the specified ASIC Optional For asic number the range is 0 to 1 policer parameters asic number port alloc number asic number Display policer information The keywords have these meanings parameters asic number Display parameter information ...

Page 885: ... is 0 to 65535 med index number Display the multi expansion descriptor table for the specified index The keyword has this meaning index number Optional Display the specified index The range is 0 to 65535 mod Display the resource manager module information msm hash table vlan vlan id mac address mac address vlan vlan id Display the MAC address descriptor table and the station descriptor table infor...

Page 886: ...ort representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear include Optional Display includes lines that match the specified expression expression Expression in the o...

Page 887: ...nly when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear begin Optional Display begins with the line that...

Page 888: ...hnical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear synchronization detail vlan vlan id Display spanning tree state synchronization information The keywords have these meanings detail Optional Display detailed spanning tree information vlan vlan id...

Page 889: ...rt representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear vlan id Display spanning tree instance information for the specified VLAN The range is 1 to 4094 begin Opti...

Page 890: ...lid num number detail invalid invalid invalid num number detail invalid invalid begin exclude include expression show platform tcam table local asic number detail invalid index number detail invalid invalid num number detail invalid invalid invalid num number detail invalid invalid begin exclude include expression show platform tcam table mac address asic number detail invalid index number detail ...

Page 891: ...able mac address Display the MAC address table multicast expansion Display the IPv6 multicast expansion table qos Display the QoS table secondary Display the secondary table station Display the station table vlan list Display the VLAN list table usage Display the CAM and forwarding table usage asic number detail invalid index number detail invalid invalid num number detail invalid invalid invalid ...

Page 892: ...you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Release Modification 12 1 19 EA1 This command was introdu...

Page 893: ...ase sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear misc Display miscellaneous VLAN module information mvid Display the mapped VLAN ID MVID allocation information prune Display the platform maintained pruning database refcount Display the VLAN lock module wise reference counts rpc receive transmit Display remote...

Page 894: ...C 40 Catalyst 3560 Switch Command Reference 78 16405 05 Appendix C Catalyst 3560 Switch Show Platform Commands show platform vlan ...

Page 895: ... allowed VLANs 2 646 apply command 2 683 archive download sw command 2 7 archive tar command 2 10 archive upload sw command 2 13 arp access list command 2 15 audience xix authentication failed VLAN See dot1x auth fail vlan auth fail max attempts See dot1x auth fail max attempts auth fail vlan See dot1x auth fail vlan authorization state of controlled port 2 99 autonegotiation of duplex mode 2 107 ...

Page 896: ...tches See clusters cat boot loader command A 4 caution description xx CDP enabling protocol tunneling for 2 199 channel group command 2 30 channel protocol command 2 33 Cisco Network Assistant See Network Assistant xx Cisco SoftPhone auto QoS configuration 2 17 trusting packets sent from 2 272 class command 2 34 class map command 2 36 class maps creating 2 36 defining the match criteria 2 234 disp...

Page 897: ...uring multiple interfaces 2 118 config vlan mode commands 2 669 description 1 4 entering 2 668 summary 1 2 conventions command xx for examples xx publication xx text xx copy boot loader command A 5 CoS assigning default value to incoming packets 2 242 assigning to Layer 2 protocol packets 2 202 overriding the incoming value 2 242 CoS to DSCP map 2 246 CPU ASIC statistics displaying 2 366 crashinfo...

Page 898: ...command B 69 debug pm command B 70 debug port security command B 72 debug qos manager command B 73 debug spanning tree backbonefast command B 76 debug spanning tree bpdu command B 77 debug spanning tree bpdu opt command B 78 debug spanning tree command B 74 debug spanning tree mstp command B 79 debug spanning tree switch command B 81 debug spanning tree uplinkfast command B 83 debug sw vlan comman...

Page 899: ...106 dynamic access ports configuring 2 620 restrictions 2 621 dynamic ARP inspection ARP ACLs apply to a VLAN 2 127 define 2 15 deny packets 2 70 display 2 349 permit packets 2 290 dynamic ARP inspection continued clear log buffer 2 38 statistics 2 39 display ARP ACLs 2 349 configuration and operating state 2 414 log buffer 2 414 statistics 2 414 trust state and rate limit 2 414 enable per VLAN 2 ...

Page 900: ... 2 110 learn method 2 286 modes 2 30 physical port learner 2 286 priority of interface for transmitted traffic 2 288 Ethernet controller internal register display 2 368 Ethernet statistics collecting 2 329 examples conventions for xx exception crashinfo command 2 113 exit command 2 683 extended discovery of candidate switches 2 56 extended range VLANs and allowed VLAN list 2 646 and pruning eligib...

Page 901: ...y solicitation 2 167 IGMP snooping continued report suppression 2 165 switch topology change notification behavior 2 167 images See software images Immediate Leave feature MVR 2 283 Immediate Leave processing IPv6 2 195 immediate leave processing 2 170 initial configuration See getting started guide and hardware installation guide interface configuration mode 1 2 1 4 interface port channel command...

Page 902: ...d 2 169 ip igmp snooping vlan immediate leave command 2 170 ip igmp snooping vlan mrouter command 2 171 ip igmp snooping vlan static command 2 173 IP multicast addresses 2 280 IP phones auto QoS configuration 2 17 trusting packets sent from 2 272 IP precedence to DSCP map 2 246 ip source binding command 2 175 IP source guard disabling 2 179 displaying binding entries 2 432 configuration 2 434 dyna...

Page 903: ...isplaying 2 457 MAC access list configuration mode 2 212 mac access list extended command 2 212 MAC access lists 2 77 MAC addresses displaying aging time 2 463 all 2 461 dynamic 2 467 MAC address table move updates 2 471 notification settings 2 473 number of addresses in a VLAN 2 465 per interface 2 469 per VLAN 2 477 static 2 475 static and dynamic entries 2 459 dynamic aging time 2 214 deleting ...

Page 904: ...s dscp mutation command 2 244 mls qos map command 2 246 mls qos queue set output buffers command 2 250 mls qos queue set output threshold command 2 252 mls qos rewrite ip dscp command 2 254 mls qos srr queue input bandwidth command 2 256 mls qos srr queue input buffers command 2 258 mls qos srr queue input cos map command 2 260 mls qos srr queue input dscp map command 2 262 mls qos srr queue input...

Page 905: ...setting 2 528 Multicase Listener Discovery See MLD multicast group address MVR 2 283 multicast groups MVR 2 281 Multicast Listener Discovery See MLD multicast router learning method 2 171 multicast router ports IPv6 2 195 multicast router ports configuring 2 171 multicast storm control 2 615 multicast VLAN MVR 2 280 multicast VLAN registration See MVR multiple hosts on authorized port 2 93 Multipl...

Page 906: ...ing 2 480 for a single class 2 301 for multiple classes 2 240 2 303 policed DSCP map 2 246 policy maps continued traffic classification defining the class 2 34 defining trust states 2 661 setting DSCP or IP precedence values 2 338 Port Aggregation Protocol See EtherChannel port based authentication AAA method list 2 3 debug messages display B 7 enabling IEEE 802 1x globally 2 80 per interface 2 99...

Page 907: ...S auto QoS configuring 2 17 debug messages display 1 6 B 2 displaying 2 350 class maps creating 2 36 defining the match criteria 2 234 displaying 2 359 defining the CoS value for an incoming packet 2 242 displaying configuration information 2 350 2 479 DSCP transparency 2 254 DSCP trusted ports applying DSCP to DSCP mutation map to 2 244 defining DSCP to DSCP mutation map 2 246 egress queues alloc...

Page 908: ...ssifications 2 34 trust states 2 661 port trust states 2 272 queues enabling the expedite 2 315 statistics in profile and out of profile packets 2 483 packets enqueued or dropped 2 483 sent and received CoS values 2 483 sent and received DSCP values 2 483 trusted boundary for IP phones 2 272 VLAN based 2 274 quality of service See QoS querytime MVR 2 280 queue set command 2 322 R rapid per VLAN sp...

Page 909: ...w controllers power inline command 2 375 show controllers tcam command 2 377 show controller utilization command 2 379 show current command 2 683 show dot1q tunnel command 2 381 show dot1x command 2 382 show dtp 2 386 show env command 2 388 show errdisable detect command 2 390 show errdisable flap values command 2 392 show errdisable recovery command 2 394 show etherchannel command 2 396 show flow...

Page 910: ...e command C 19 show platform messaging command C 20 show platform monitor command C 21 show platform mvr table command C 22 show platform pm command C 23 show platform port asic command C 24 show platform port security command C 29 show platform qos command C 30 show platform resource manager command C 31 show platform snmp counters command C 33 show platform spanning tree command C 34 show platfo...

Page 911: ...mst max hops command 2 587 spanning tree mst port priority command 2 589 spanning tree mst pre standard command 2 591 spanning tree mst priority command 2 592 spanning tree mst root command 2 593 spanning tree portfast global configuration command 2 597 spanning tree portfast interface configuration command 2 599 spanning tree port priority command 2 595 Spanning Tree Protocol See STP spanning tre...

Page 912: ...ckup interface command 2 622 switchport block command 2 624 switchport command 2 618 switchport host command 2 625 switchport mode command 2 626 switchport mode private vlan command 2 629 switchport nonegotiate command 2 631 switchport port security aging command 2 638 switchport port security command 2 633 switchport priority extend command 2 640 switchport private vlan command 2 642 switchport p...

Page 913: ...mand A 26 VLAN enabling guest VLAN supplicant 2 83 vlan global configuration command 2 668 vlan VLAN configuration command 2 674 vlan access map command 2 680 VLAN access map configuration mode 2 680 VLAN access maps actions 2 5 displaying 2 539 VLAN based QoS 2 274 VLAN configuration rules 2 671 2 676 saving 2 668 2 678 VLAN configuration mode commands VLAN 2 674 VTP 2 698 description 1 5 enterin...

Page 914: ...command 2 691 vmps server command 2 692 voice VLAN configuring 2 649 setting port priority 2 640 VQP and dynamic access ports 2 621 clearing client statistics 2 52 displaying information 2 541 per server retry count 2 691 reconfirmation interval 2 690 reconfirming dynamic VLAN assignments 2 689 VTP changing characteristics 2 694 clearing pruning counters 2 53 configuring domain name 2 694 2 698 fi...

Reviews:

No comments

Related manuals for 3560G-24PS - Catalyst Switch

Key Digital Champion KD-2X1 Operating Instructions Manual preview
Champion KD-2X1
Brand: Key Digital Pages: 12
LEGRAND C2G 29974 Manual preview
C2G 29974
Brand: LEGRAND Pages: 12
Optical Systems Design OSD2154P Operator'S Manual preview
OSD2154P
Brand: Optical Systems Design Pages: 20
WIKA PSM-700 Operating Instructions Manual preview
PSM-700
Brand: WIKA Pages: 8
Touch-plate 10138 Manual preview
10138
Brand: Touch-plate Pages: 12
Data EOC Master CD7944N Product User Manual preview
EOC Master CD7944N
Brand: Data Pages: 18
VeEX AT1701 User Manual preview
AT1701
Brand: VeEX Pages: 22
Racal Instruments 1260-X121 User Manual preview
1260-X121
Brand: Racal Instruments Pages: 33
Black Box LGB408A-R2 Manual preview
LGB408A-R2
Brand: Black Box Pages: 20
Hama 78496 Operating Instructions Manual preview
78496
Brand: Hama Pages: 14
Orbis DICROMAT+ User Instructions preview
DICROMAT+
Brand: Orbis Pages: 2
Sensor Switch SPODMRA JOT Installation Instructions preview
SPODMRA JOT
Brand: Sensor Switch Pages: 2
Eaton Cutler-Hammer NTV Series Instruction Bulletin preview
Cutler-Hammer NTV Series
Brand: Eaton Pages: 28
QNAP QSW-M1208-8C Quick Installation Manual preview
QSW-M1208-8C
Brand: QNAP Pages: 30
Transition Networks LAN MASTER 33022.B User Manual preview
LAN MASTER 33022.B
Brand: Transition Networks Pages: 12
Magnetrol TD1 Series Installation And Operating Manual preview
TD1 Series
Brand: Magnetrol Pages: 32
Nortek GoControl WA00Z-1 Instruction Manual preview
GoControl WA00Z-1
Brand: Nortek Pages: 4
VICOR 4kW MegaPAC User Manual preview
4kW MegaPAC
Brand: VICOR Pages: 31

Brands by name

Popular brands

Load more brands