manualshive.com logo in svg

Cisco 3750 - Catalyst EMI Switch, Command Reference Manual

The Cisco 3750 Catalyst EMI Switch is a high-performance networking solution offering advanced features and flexibility. To maximize its potential, make sure to download the comprehensive Software Configuration Manual for free from our website. This manual provides detailed instructions and valuable insights for seamless integration and optimal functionality.

Share
Download
background image

 

2-37

Catalyst 3750 Switch Command Reference

OL-8552-07

Chapter 2      Catalyst 3750 Switch Cisco IOS Commands

authentication port-control

authentication port-control

Use the 

authentication port-control 

interface configuration command to enable manual control of the 

port authorization state. Use the 

no

 form of this command to return to the default setting. 

authentication port-control 

{

auto

 |

 force-authorized 

force-un authorized

}

no authentication port-control 

{

auto

 |

 force-authorized 

force-un authorized

}

Syntax Description

Defaults

The default setting is force-authorized.

Command Modes

Interface configuration

Command History

Usage Guidelines

Use the 

auto

 keyword only on one of these port types:

  •

Trunk port—If you try to enable IEEE 802.1x authentication on a trunk port, an error message 
appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled 
port to trunk, an error message appears, and the port mode is not changed.

  •

Dynamic ports—A dynamic port can negotiate with its neighbor to become a trunk port. If you try 
to enable IEEE 802.1x authentication on a dynamic port, an error message appears, and IEEE 802.1x 
authentication is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to 
dynamic, an error message appears, and the port mode does not change.

  •

Dynamic-access ports—If you try to enable IEEE 802.1x authentication on a dynamic-access 
(VLAN Query Protocol [VQP]) port, an error message appears, and IEEE 802.1x authentication is 
not enabled. If you try to change an IEEE 802.1x-enabled port to dynamic VLAN, an error message 
appears, and the VLAN configuration does not change.

  •

EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an 
EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x authentication on an 
EtherChannel port, an error message appears, and IEEE 802.1x authentication is not enabled.

auto

Enable IEEE 802.1x authentication on the port. The port changes to the 
authorized or unauthorized state based, on the IEEE 802.1x authentication 
exchange between the switch and the client.

force-authorized

Disable IEEE 802.1x authentication on the port. The port changes to the 
authorized state without an authentication exchange. The port sends and 
receives normal traffic without IEEE 802.1x-based authentication of the 
client.

force-un authorized

Deny all access the port. The port changes to the unauthorized state, 
ignoring all attempts by the client to authenticate. The switch cannot 
provide authentication services to the client through the port.

Release

Modification

12.2(50)SE

This command was introduced.

Summary of Contents for 3750 - Catalyst EMI Switch

Page 1: ...co IOS Release 12 2 50 SE March 2009 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE ALL STATEMENTS INFORMATION AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS Text Part Number OL 855...

Page 2: ...bEx DCE and Welcome to the Human Network are trademarks Changing the Way We Work Live Play and Learn and Cisco Store are service marks and Access Registrar Aironet AsyncOS Bringing the Meeting To You Catalyst CCDA CCDP CCIE CCIP CCNA CCNP CCSP CCVP Cisco the Cisco Certified Internetwork Expert logo Cisco IOS Cisco Press Cisco Systems Cisco Systems Capital the Cisco Systems logo Cisco Unity Collabo...

Page 3: ...ed EXEC Mode 1 3 Global Configuration Mode 1 4 Interface Configuration Mode 1 4 config vlan Mode 1 4 VLAN Configuration Mode 1 5 Line Configuration Mode 1 5 C H A P T E R 2 Catalyst 3750 Switch Cisco IOS Commands 2 1 aaa accounting dot1x 2 1 aaa authentication dot1x 2 3 aaa authorization network 2 5 action 2 6 archive copy sw 2 8 archive download sw 2 11 archive tar 2 15 archive upload sw 2 18 arp...

Page 4: ...2 53 boot helper 2 54 boot helper config file 2 55 boot manual 2 56 boot private config file 2 57 boot system 2 58 channel group 2 60 channel protocol 2 64 cisp enable 2 65 class 2 66 class map 2 68 clear dot1x 2 70 clear eap sessions 2 71 clear energywise neighbors 2 72 clear errdisable interface 2 73 clear arp inspection log 2 74 clear ip arp inspection statistics 2 75 clear ip dhcp snooping 2 7...

Page 5: ...er run 2 101 cluster standby group 2 102 cluster timer 2 104 define interface range 2 106 delete 2 108 deny ARP access list configuration 2 110 deny IPv6 access list configuration 2 112 deny MAC access list configuration 2 117 diagnostic monitor 2 120 diagnostic schedule 2 123 diagnostic start 2 125 dot1x 2 127 dot1x auth fail max attempts 2 129 dot1x auth fail vlan 2 131 dot1x control direction 2...

Page 6: ...violation mode 2 165 duplex 2 167 energywise global configuration 2 169 energywise interface configuration 2 171 energywise domain 2 173 energywise query 2 175 errdisable detect cause 2 179 errdisable detect cause small frame 2 182 errdisable recovery cause small frame 2 184 errdisable recovery 2 185 exception crashinfo 2 188 fallback profile 2 189 flowcontrol 2 191 interface port channel 2 193 in...

Page 7: ...ust 2 232 ip dhcp snooping verify 2 233 ip dhcp snooping vlan 2 234 ip dhcp snooping vlan information option format type circuit id string 2 235 ip igmp filter 2 237 ip igmp max groups 2 239 ip igmp profile 2 241 ip igmp snooping 2 243 ip igmp snooping last member query interval 2 245 ip igmp snooping querier 2 247 ip igmp snooping report suppression 2 249 ip igmp snooping tcn 2 251 ip igmp snoopi...

Page 8: ...294 ipv6 traffic filter 2 296 l2protocol tunnel 2 298 l2protocol tunnel cos 2 301 lacp port priority 2 302 lacp system priority 2 304 location global configuration 2 306 location interface configuration 2 308 link state group 2 310 link state track 2 312 logging event 2 313 logging event power inline status 2 314 logging file 2 315 mac access group 2 317 mac access list extended 2 319 mac address ...

Page 9: ...369 mls qos srr queue input bandwidth 2 371 mls qos srr queue input buffers 2 373 mls qos srr queue input cos map 2 375 mls qos srr queue input dscp map 2 377 mls qos srr queue input priority queue 2 379 mls qos srr queue input threshold 2 381 mls qos srr queue output cos map 2 383 mls qos srr queue output dscp map 2 385 mls qos trust 2 387 mls qos vlan based 2 389 monitor session 2 390 mvr global...

Page 10: ... 437 priority queue 2 439 private vlan 2 441 private vlan mapping 2 444 queue set 2 446 radius server dead criteria 2 447 radius server host 2 449 rcommand 2 451 reload 2 453 remote command 2 455 remote span 2 457 renew ip dhcp snooping database 2 459 reserved only 2 461 rmon collection stats 2 463 sdm prefer 2 464 service password recovery 2 468 service policy 2 470 session 2 473 set 2 475 setup ...

Page 11: ...ow controllers utilization 2 521 show diagnostic 2 523 show dot1q tunnel 2 526 show dot1x 2 527 show dtp 2 532 show eap 2 534 show energywise 2 537 show env 2 541 show errdisable detect 2 544 show errdisable flap values 2 546 show errdisable recovery 2 548 show etherchannel 2 550 show fallback profile 2 553 show flowcontrol 2 555 show idprom 2 557 show interfaces 2 560 show interfaces counters 2 5...

Page 12: ...rier 2 615 show ipv6 route updated 2 617 show l2protocol tunnel 2 619 show lacp 2 622 show location 2 626 show link state group 2 629 show mac access group 2 631 show mac address table 2 633 show mac address table address 2 635 show mac address table aging time 2 637 show mac address table count 2 639 show mac address table dynamic 2 641 show mac address table interface 2 643 show mac address tabl...

Page 13: ... 2 687 show port security 2 689 show power inline 2 692 show sdm prefer 2 695 show setup express 2 698 show shell 2 699 show spanning tree 2 702 show storm control 2 710 show switch 2 712 show system mtu 2 717 show udld 2 718 show version 2 721 show vlan 2 723 show vlan access map 2 728 show vlan filter 2 730 show vmps 2 731 show vtp 2 734 shutdown 2 739 shutdown vlan 2 740 small frame violation r...

Page 14: ...ime 2 779 spanning tree mst max age 2 780 spanning tree mst max hops 2 781 spanning tree mst port priority 2 783 spanning tree mst pre standard 2 785 spanning tree mst priority 2 786 spanning tree mst root 2 787 spanning tree port priority 2 789 spanning tree portfast global configuration 2 791 spanning tree portfast interface configuration 2 793 spanning tree transmit hold count 2 795 spanning tr...

Page 15: ...extend 2 849 switchport private vlan 2 851 switchport protected 2 853 switchport trunk 2 855 switchport voice detect 2 859 switchport voice vlan 2 860 system env temperature threshold yellow 2 862 system mtu 2 864 test cable diagnostics tdr 2 866 traceroute mac 2 867 traceroute mac ip 2 870 trust 2 872 udld 2 874 udld port 2 876 udld reset 2 878 vlan global configuration 2 879 vlan VLAN configurat...

Page 16: ... copy A 5 delete A 6 dir A 7 flash_init A 9 format A 10 fsck A 11 help A 12 memory A 13 mkdir A 15 more A 16 rename A 17 reset A 18 rmdir A 19 set A 20 type A 23 unset A 24 version A 26 A P P E N D I X B Catalyst 3750 Switch Debug Commands B 1 debug auto qos B 2 debug backup B 4 debug cisp B 5 debug cluster B 6 debug dot1x B 8 debug dtp B 10 debug eap B 11 debug etherchannel B 12 debug ilpower B 1...

Page 17: ...B 34 debug platform backup interface B 35 debug platform cisp B 36 debug platform cli redirection main B 37 debug platform configuration B 38 debug platform cpu queues B 39 debug platform device manager B 41 debug platform dot1x B 42 debug platform etherchannel B 43 debug platform fallback bridging B 44 debug platform forw tcam B 45 debug platform frontend controller B 46 debug platform ip arp ins...

Page 18: ... platform stack manager B 74 debug platform supervisor asic B 75 debug platform sw bridge B 76 debug platform tcam B 77 debug platform udld B 80 debug platform vlan B 81 debug pm B 82 debug port security B 84 debug qos manager B 85 debug spanning tree B 86 debug spanning tree backbonefast B 88 debug spanning tree bpdu B 89 debug spanning tree bpdu opt B 90 debug spanning tree mstp B 91 debug spann...

Page 19: ...cast vrf tcam label C 15 show platform ip wccp C 16 show platform ipc trace C 17 show platform ipv6 unicast C 18 show platform layer4op C 20 show platform mac address table C 21 show platform messaging C 22 show platform monitor C 23 show platform mvr table C 24 show platform pm C 25 show platform port asic C 26 show platform port security C 31 show platform qos C 32 show platform resource manager...

Page 20: ...Contents xx Catalyst 3750 Switch Command Reference OL 8552 07 A P P E N D I X D Acknowledgments for Open Source Software D 1 I N D E X ...

Page 21: ...richer set of enterprise class features It includes Layer 2 features and full Layer 3 routing IP unicast routing IP multicast routing and fallback bridging To distinguish it from the Layer 2 static routing and RIP the IP services image includes protocols such as the Enhanced Interior Gateway Routing Protocol EIGRP and Open Shortest Path First OSPF Protocol This guide provides the information that ...

Page 22: ...ans reader take note Notes contain helpful suggestions or references to materials not contained in this manual Caution Means reader be careful In this situation you might do something that could result in equipment damage or loss of data Related Publications These documents provide complete information about the switch and are available from this Cisco com site http www cisco com en US products hw...

Page 23: ... Redundant Power System Hardware Installation Guide Cisco RPS 675 Redundant Power System Hardware Installation Guide Cisco Redundant Power System 2300 Hardware Installation Guide order number DOC 7817647 For information about the Network Admission Control NAC features see the Network Admission Control Software Configuration Guide These compatibility matrix documents are available from this Cisco c...

Page 24: ...onthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com en US docs general whatsnew whatsnew html Subscribe to the What s New in Cisco Product Documentation as a Really Simple Syndication RSS feed and set content to be delivered directly to your desktop using a reader application The RSS feeds are a free service and ...

Page 25: ...figuration steps see the software configuration guide for this release In this document IP refers to IP version 4 IPv4 unless there is a specific reference to IP version 6 IPv6 Accessing the Switch You manage the switch stack and the stack member interfaces through the stack master You cannot manage stack members on an individual switch basis You can connect to the stack master through the console...

Page 26: ...ow to access each mode the prompt you see in that mode and how to exit that mode The prompts listed use the default name Switch Table 1 1 Command Modes Summary Command Mode Access Method Prompt Exit or Access Next Mode User EXEC This is the first level of access For the switch Change terminal settings perform basic tasks and list system information Switch Enter the logout command To enter privileg...

Page 27: ...before being granted access to privileged EXEC mode The password does not appear on the screen and is case sensitive The privileged EXEC mode prompt is the device name followed by the pound sign Switch Enter the enable command to access privileged EXEC mode Switch enable Switch The supported commands can vary depending on the version of software in use To display a comprehensive list of commands e...

Page 28: ...ce configuration commands modify the operation of the interface Interface configuration commands always follow a global configuration command which defines the interface type Use the interface interface id command to access interface configuration mode The new prompt means interface configuration mode Switch config if The supported commands can vary depending on the version of software in use To d...

Page 29: ...ompt Switch vlan To return to privileged EXEC mode enter the abort VLAN configuration command to abandon the proposed database Otherwise enter exit to implement the proposed new VLAN database and to return to privileged EXEC mode When you enter exit or apply the configuration is saved in the VLAN database configuration from VLAN configuration mode cannot be saved in the switch configuration file L...

Page 30: ...1 6 Catalyst 3750 Switch Command Reference OL 8552 07 Chapter 1 Using the Command Line Interface CLI Command Modes ...

Page 31: ...low as the default list for accounting services start stop Send a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process The start accounting record is sent in the background The requested user process begins regardless of whether or not the start accounting notice was received by the accounting server broadcast Enable accounting records to be se...

Page 32: ...aaa accounting dot1x default start stop group radius Note The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client Related Commands Release Modification 12 2 20 SE This command was introduced Command Description aaa authentication dot1x Specifies one or more AAA methods for use on interfaces running IEEE 802 1x aaa new model Enab...

Page 33: ...t The only method that is truly IEEE 802 1x compliant is the group radius method in which the client data is validated against a RADIUS authentication server If you specify group radius you must configure the RADIUS server by entering the radius server host global configuration command Use the show running config privileged EXEC command to display the configured lists of authentication methods Exa...

Page 34: ... access control model For syntax information see the Cisco IOS Security Command Reference Release 12 2 Authentication Authorization and Accounting Authentication Commands show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 35: ...ameters from the RADIUS servers in the default authorization list The authorization parameters are used by features such as per user ACLs or VLAN assignment to get parameters from the RADIUS servers Use the show running config privileged EXEC command to display the configured lists of authorization methods Examples This example shows how to configure the switch for user RADIUS authorization for al...

Page 36: ...onfiguration mode use the match access map configuration command to define the match conditions for a VLAN map Use the action command to set the action that occurs when a packet matches the conditions The drop and forward parameters are not used in the no form of the command Examples This example shows how to identify and apply a VLAN access map vmap4 to VLANs 5 and 6 that causes the VLAN to forwa...

Page 37: ...dressing and Services Release 12 2 IP Services Commands ip access list Creates a named access list For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands mac access list extended Creates a named MAC address access list match class map configuration Defines the match conditions for a VLAN map show vlan access map Displays...

Page 38: ...FTP server the images for both the member switch being added and the master You use the archive download sw privileged EXEC command to perform the download destination system destination stack member number Optional The number of the member to which to copy the running image The range is 1 to 9 force reload Optional Unconditionally force a system reload after successfully downloading the software ...

Page 39: ...s that the new image is not the same as the one on the switch flash device or is not running on any members If the images are the same the copy does not occur If the images are different the old image is deleted and the new one is copied After copying a new image enter the reload privileged EXEC command to begin using the new image or specify the reload or force reload option in the archive copy s...

Page 40: ... image from member 5 to member 7 If the image being copied already exists on the second member s flash memory it can be overwritten with the copied one The system reloads after the image is copied Switch archive copy sw destination system 7 overwrite force reload 5 Related Commands Command Description archive download sw Downloads a new image from a TFTP server to the switch archive tar Creates a ...

Page 41: ...TML files associated with the embedded device manager The HTML files for the existing version are deleted only if the existing version is being overwritten or removed leave old sw Keep the old software version after a successful download no set boot Do not alter the setting of the BOOT environment variable to point to the new software image after it is successfully downloaded no version check Down...

Page 42: ...ptions are supported The syntax for the secondary boot loader BS1 bs1 The syntax for the local flash file system on the standalone switch or the master flash The syntax for the local flash file system on a member flash member number The syntax for the FTP ftp username password location directory image name tar The syntax for an HTTP server http username password hostname host ip directory image na...

Page 43: ...ember to be upgraded with the image Note Use the no version check option with care All members including the master must have the same stack protocol version to be in the same stack This option allows an image to be downloaded without first confirming the compatibility of its stack protocol version with the version of the stack You can upgrade more than one specific stack member by repeating the d...

Page 44: ...chive download sw imageonly destination system 6 destination system 8 tftp 172 20 129 10 test image tar Related Commands Command Description archive copy sw Copies the running image from the flash memory on one stack member to the flash memory on one or more other stack members archive tar Creates a tar file lists the files in a tar file or extracts the files from a tar file archive upload sw Uplo...

Page 45: ...r the local flash filesystem flash The syntax for the FTP ftp username password location directory tar filename tar The syntax for an HTTP server http username password hostname host ip directory image name tar The syntax for a secure HTTP server https username password hostname host ip directory image name tar The syntax for the Remote Copy Protocol RCP is rcp username location directory tar file...

Page 46: ...e tar file to display xtract source url flash file url dir file Extract files from a tar file to the local file system For source url specify the source URL alias for the local file system These options are supported The syntax for the local flash file system flash The syntax for the FTP ftp username password location directory tar filename tar The syntax for an HTTP server http username password ...

Page 47: ...example shows how to display only the html directory and its contents Switch archive tar table flash c3750 ipservices 12 25 SEB tar c3750 ipservices 12 25 html c3750 ipservices mz 12 25 SEB html directory c3750 ipservices mz 12 25 SEB html const htm 556 bytes c3750 ipservices mz 12 25 SEB html xhome htm 9373 bytes c3750 ipservices mz 12 25 SEB html menu css 1654 bytes output truncated This example...

Page 48: ...ation URL alias for a local or network file system These options are supported The syntax for the local flash file system on the standalone switch or the stack master flash The syntax for the local flash file system on a stack member flash member number The syntax for the FTP ftp username password location directory image name tar The syntax for an HTTP server http username password hostname host ...

Page 49: ...his sequence the Cisco IOS image the HTML files and info After these files are uploaded the software creates the tar file Image names are case sensitive Examples This example shows how to upload the currently running image on stack member 6 to a TFTP server at 172 20 140 2 Switch archive upload sw source system num 6 tftp 172 20 140 2 test image tar Related Commands Command Description archive cop...

Page 50: ...xit exits ARP access list configuration mode no negates a command or returns to default settings permit specifies packets to forward For more information see the permit ARP access list configuration section on page 2 415 Use the permit and deny access list configuration commands to forward and to drop ARP packets based on the specified matching criteria When the ARP ACL is defined you can apply it...

Page 51: ...1 1 1 1 mac host 00001 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Command Description deny ARP access list configuration Denies an ARP packet based on matches compared against the DHCP bindings ip arp inspection filter vlan Permits ARP requests and responses from a host configured with a static IP ...

Page 52: ...ion control direction both This example shows how to enable unidirectional mode Switch config authentication control direction in You can verify your settings by entering the show authentication privileged EXEC command Related Commands both Enable bidirectional control on port The port cannot receive packets from or send packets to the host in Enable unidirectional control on port The port can sen...

Page 53: ...ntication priority Adds an authentication method to the port priority list authentication timer Configures the timeout and reauthentication parameters for an 802 1x enabled port authentication violation Configures the violation modes that occur when a new device connects to a port or when a new device connects to a port with the maximum number of devices already connected to that port show authent...

Page 54: ...and Modes Interface configuration Command History Usage Guidelines Use this command with the fail no response or event keywords to configure the switch response for a specific action action Configure the required action for an authentication event alive Configure the authentication authorization and accounting AAA server alive actions authorize Authorize the port dead Configure the AAA server dead...

Page 55: ...red access VLAN and authentication restarts You can configure any active VLAN except a Remote Switched Port Analyzer RSPAN VLAN a primary private VLAN or a voice VLAN as an IEEE 802 1x guest VLAN The guest VLAN feature is supported only on access ports It is not supported on internal VLANs routed ports or trunk ports When MAC authentication bypass is enabled on an IEEE 802 1x port the switch can a...

Page 56: ...ntication event no response action authorize vlan 10 This example shows how to configure a server response action Switch config authentication event server alive action reinitialize You can verify your settings by entering the show authentication privileged EXEC command Related Commands Command Description authentication control direction Configures the port mode as unidirectional or bidirectional...

Page 57: ...entication as a fallback method to 802 1x or MAB so one or both of these authentication methods should be configured for the fallback to enable Examples This example shows how to specify a fallback profile on a port Switch config authentication fallback profile1 You can verify your settings by entering the show authentication privileged EXEC command Related Commands name Specify a web authenticati...

Page 58: ...ion method to the port priority list authentication timer Configures the timeout and reauthentication parameters for an 802 1x enabled port authentication violation Configures the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port show authentication Displays information about authen...

Page 59: ...configured if the voice device needs to be authenticated Multi auth mode should be configured to allow up to eight devices behind a hub to obtain secured port access through individual authentication Only one voice device can be authenticated in this mode if a voice VLAN is configured Multi host mode also offers port access for multiple hosts behind a hub but multi host mode gives unrestricted por...

Page 60: ...clients that do not support IEEE 802 1x authentication authentication open Enables or disable open access on a port authentication order Sets the order of authentication methods used on a port authentication periodic Enables or disable reauthentication on a port authentication port control Enables manual control of the port authorization state authentication priority Adds an authentication method ...

Page 61: ...hentication open This example shows how to set the port to disable open access on a port Switch config no authentication open Related Commands Release Modification 12 2 50 SE This command was introduced Command Description authentication control direction Configures the port mode as unidirectional or bidirectional authentication event Sets the action for specific authentication events authenticati...

Page 62: ... reauthentication parameters for an 802 1x enabled port authentication violation Configures the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port show authentication Displays information about authentication manager events on the switch Command Description ...

Page 63: ...een 802 1x and MAB Web authentication can be configured as either a standalone method or as the last method in the order after either 802 1x or MAB Web authentication should be configured only as fallback to dot1x or mab Examples This example shows how to add 802 1x as the first authentication method MAB as the second method and web authentication as the third method Switch config authentication o...

Page 64: ...ables open access on a port authentication periodic Enables or disables reauthentication on a port authentication port control Enables manual control of the port authorization state authentication priority Adds an authentication method to the port priority list authentication timer Configures the timeout and reauthentication parameters for an 802 1x enabled port authentication violation Configures...

Page 65: ...example shows how to disable periodic reauthentication on a port Switch config no authentication periodic You can verify your settings by entering the show authentication privileged EXEC command Related Commands Release Modification 12 2 50 SE This command was introduced Command Description authentication control direction Configures the port mode as unidirectional or bidirectional authentication ...

Page 66: ...nd reauthentication parameters for an 802 1x enabled port authentication violation Configures the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port show authentication Displays information about authentication manager events on the switch Command Description ...

Page 67: ...an IEEE 802 1x enabled port to dynamic an error message appears and the port mode does not change Dynamic access ports If you try to enable IEEE 802 1x authentication on a dynamic access VLAN Query Protocol VQP port an error message appears and IEEE 802 1x authentication is not enabled If you try to change an IEEE 802 1x enabled port to dynamic VLAN an error message appears and the VLAN configurat...

Page 68: ...rized state Switch config authentication port control force unauthorized You can verify your settings by entering the show authentication privileged EXEC command Related Commands Command Description authentication control direction Configures the port mode as unidirectional or bidirectional authentication event Sets the action for specific authentication events authentication fallback Configures a...

Page 69: ...ning priorities to different authentication methods allows a higher priority method to interrupt an in progress authentation method with a lower priority Note If a client is already authenticated it might be reauthenticated if an interruption from a higher priority method occurs The default priority of an authentication method is equivalent to its position in execution list order 802 1x authentica...

Page 70: ...at do not support IEEE 802 1x authentication authentication host mode Sets the authorization manager mode on a port authentication open Enables or disables open access on a port authentication order Sets the order of authentication methods used on a port authentication periodic Enables or disables reauthentication on a port authentication port control Enables manual control of the port authorizati...

Page 71: ... other host can use the port and the connected host cannot move to another port on the same switch Examples This example shows how to set the authentication inactivity timer to 60 seconds Switch config authentication timer inactivity 60 This example shows how to set the reauthentication timer to 120 seconds Switch config authentication timer restart 120 You can verify your settings by entering the...

Page 72: ...e authorization manager mode on a port authentication open Enables or disables open access on a port authentication order Sets the order of authentication methods used on a port authentication periodic Enables or disables reauthentication on a port authentication port control Enables manual control of the port authorization state authentication priority Adds an authentication method to the port pr...

Page 73: ...ntication violation shutdown This example shows how to configure an IEEE 802 1x enabled port to generate a system error message and to change the port to restricted mode when a new device connects to it Switch config if authentication violation restrict This example shows how to configure an IEEE 802 1x enabled port to ignore a new device when it connects to the port Switch config if authenticatio...

Page 74: ...n Enables or disables open access on a port authentication order Sets the order of authentication methods used on a port authentication periodic Enables or disables reauthentication on a port authentication port control Enables manual control of the port authorization state authentication priority Adds an authentication method to the port priority list authentication timer Configures the timeout a...

Page 75: ...elephone is detected This keyword is not supported on a 10 Gigabit Ethernet interface cisco softphone Identify this port as connected to a device running the Cisco SoftPhone and automatically configure QoS for VoIP This keyword is not supported on a 10 Gigabit Ethernet interface trust Identify this port as connected to a trusted switch or router and automatically configure QoS for VoIP The QoS lab...

Page 76: ...Cisco IP phone To take advantage of the auto QoS defaults you should enable auto QoS before you configure other QoS commands You can fine tune the auto QoS configuration after you enable auto QoS Table 2 2 Auto QoS Configuration for the Ingress Queues Ingress Queue Queue Number CoS to Queue Map Queue Weight Bandwidth Queue Buffer Size SRR1 shared 1 SRR shaped round robin Ingress queues support sha...

Page 77: ...DSCP value of 24 26 or 46 or is out of profile the switch changes the DSCP value to 0 When a Cisco IP Phone is absent the ingress classification is set to not trust the QoS label in the packet The switch configures ingress and egress queues on the port according to the settings in Table 2 2 and Table 2 3 The policing is applied to traffic matching the policy map classification before the switch en...

Page 78: ...d Traffic is switched in pass through mode packets are switched without any rewrites and classified as best effort without any policing Examples This example shows how to enable auto QoS and to trust the QoS labels received in incoming packets when the switch or router connected to the port is a trusted device Switch config interface gigabitethernet2 0 1 Switch config if auto qos voip trust You ca...

Page 79: ...s Displays auto QoS information show mls qos interface Displays QoS information at the port level srr queue bandwidth shape Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a port srr queue bandwidth share Assigns the shared weights and enables bandwidth sharing on the four egress queues mapped to a port Command Description ...

Page 80: ... History Usage Guidelines A switch in version mismatch mode is a switch that has a different minor version number than the version on the stack A switch in version mismatch mode cannot join the stack as a fully functioning member If the stack has an image that can be copied to a switch in version mismatch mode the auto upgrade process automatically copies the image from a stack member to the switc...

Page 81: ...are supported The syntax for the local flash file system on a standalone switch or the stack master flash The syntax for the local flash file system on a stack member flash member number The syntax for the FTP ftp username password location directory image name tar The syntax for an HTTP server http username password hostname host ip directory image name tar The syntax for a secure HTTP server htt...

Page 82: ...o download sw Usage Guidelines This command specifies a path URL to use for automatic software upgrades You can use this command to configure the URL for the master switch to access in case of a version mismatch Related Commands Command Description show boot Displays the settings of the boot environment variables ...

Page 83: ...ile Syntax Description Defaults The default configuration file is flash config text Command Modes Global configuration Command History Usage Guidelines This command works properly only from a standalone switch Filenames and directory names are case sensitive This command changes the setting of the CONFIG_FILE environment variable For more information see Appendix A Catalyst 3750 Switch Bootloader ...

Page 84: ...mmand Modes Global configuration Command History Usage Guidelines This command works properly only from a standalone switch When you enter this command you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized Note Despite the setting of this command you can interrupt the automatic boot process at any time by pressing the MODE ...

Page 85: ...n Command History Usage Guidelines This variable is used only for internal development and testing Filenames and directory names are case sensitive This command changes the setting of the HELPER environment variable For more information see Appendix A Catalyst 3750 Switch Bootloader Commands Related Commands filesystem Alias for a flash file system Use flash for the system board flash device file ...

Page 86: ...boot helper config file Syntax Description Defaults No helper configuration file is specified Command Modes Global configuration Command History Usage Guidelines This variable is used only for internal development and testing Filenames and directory names are case sensitive This command changes the setting of the HELPER_CONFIG_FILE environment variable For more information see Appendix A Catalyst ...

Page 87: ...sabled Command Modes Global configuration Command History Usage Guidelines This command works properly only from a standalone switch The next time you reboot the system the switch is in boot loader mode which is shown by the switch prompt To boot up the system use the boot boot loader command and specify the name of the bootable image This command changes the setting of the MANUAL_BOOT environment...

Page 88: ... file filename no boot private config file Syntax Description Defaults The default configuration file is private config Command Modes Global configuration Command History Usage Guidelines This command works properly only from a standalone switch Filenames are case sensitive Examples This example shows how to specify the name of the private configuration file to be pconfig Switch config boot privat...

Page 89: ...Modes Global configuration Command History Usage Guidelines Filenames and directory names are case sensitive If you enter the boot system filesystem file url command on the stack master the specified software image is loaded only on the stack master during the next boot cycle On the stack master use the boot system switch number command to specify that the software image is loaded on the specified...

Page 90: ... example stack member 1 an error message like this appears Command to set boot system switch all xxx on switch 1 failed If you are using the archive download sw privileged EXEC command to maintain system images you never need to use the boot system command The boot system command is automatically manipulated to load the downloaded image This command changes the setting of the BOOT environment vari...

Page 91: ... another port group in either the active or passive mode auto Enable the Port Aggregation Protocol PAgP only if a PAgP device is detected Auto mode places a port into a passive negotiating state in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation A channel is formed only with another port group in desirable mode When auto is enabled silent operation is...

Page 92: ...o all the physical ports assigned to the port channel interface Configuration changes applied to the physical port affect only the port where you apply the configuration To change the parameters of all ports in an EtherChannel apply configuration commands to the port channel interface for example spanning tree commands or commands to configure a Layer 2 EtherChannel as a trunk If you do not specif...

Page 93: ...mplete list of configuration guidelines see the Configuring EtherChannels chapter in the software configuration guide for this release Caution Do not enable Layer 3 addresses on the physical EtherChannel ports Do not assign bridge groups on the physical EtherChannel ports because it creates loops Examples This example shows how to configure an EtherChannel on a single switch in the stack It assign...

Page 94: ...ernet3 0 3 Switch config if switchport mode access Switch config if switchport access vlan 10 Switch config if channel group 5 mode passive Switch config if exit You can verify your settings by entering the show running config privileged EXEC command Related Commands Command Description channel protocol Restricts the protocol used on a port to manage channeling interface port channel Accesses or c...

Page 95: ...he channel group interface configuration command to configure the EtherChannel parameters The channel group command also can set the mode for the EtherChannel You cannot enable both the PAgP and LACP modes on an EtherChannel group PAgP and LACP are not compatible both ends of a channel must use the same protocol Examples This example shows how to specify LACP as the protocol that manages the Ether...

Page 96: ... a trunk When you enable VTP on both switches the VTP domain name must be the same and the VTP mode must be server When you configure VTP mode to avoid the MD5 checksum mismatch error verify that VLANs are not configured on two different switches which can be caused by two VTP servers in the same domain Both switches have the different configuration revision numbers Examples This example shows how...

Page 97: ...ou enter policy map class configuration mode and these configuration commands are available exit exits policy map class configuration mode and returns to policy map configuration mode no returns a command to its default setting police defines a policer or aggregate policer for the classified traffic The policer specifies the bandwidth limitations and the action to take when the limits are exceeded...

Page 98: ...pmap c set dscp 10 Switch config pmap c police 1000000 20000 exceed action policed dscp transmit Switch config pmap c exit You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description class map Creates a class map to be used for matching packets to the class whose name you specify police Defines a policer for classified traffic policy ma...

Page 99: ...define packet classification marking and aggregate policing as part of a globally named service policy applied on a per port basis After you are in quality of service QoS class map configuration mode these configuration commands are available description describes the class map up to 200 characters The show class map privileged EXEC command displays the description and the name of the class map ex...

Page 100: ...witch config access list 103 permit ip any any dscp 10 Switch config class map class1 Switch config cmap match access group 103 Switch config cmap exit This example shows how to delete the class map class1 Switch config no class map class1 You can verify your settings by entering the show class map privileged EXEC command Related Commands Command Description class Defines a traffic classification ...

Page 101: ... using the clear dot1x interface interface id command Examples This example shows how to clear all IEEE 8021 x information Switch clear dot1x all This example shows how to clear IEEE 8021 x information for the specified interface Switch clear dot1x interface gigabithethernet1 0 1 You can verify that the information was deleted by entering the show dot1x privileged EXEC command Related Commands all...

Page 102: ...an clear only the specific information by using the keywords Examples This example shows how to clear all EAP information Switch clear eap This example shows how to clear EAP session credential information for the specified profile Switch clear eap sessions credential type1 You can verify that the information was deleted by entering the show dot1x privileged EXEC command Related Commands credentia...

Page 103: ... has no arguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to delete the neighbor tables Switch clear energywise neighbors Cleared all non static energywise neighbors You can verify that the tables were deleted by entering the show energywise neighbors privileged EXEC command Related Commands Release Modification 12 2 ...

Page 104: ...ble interface command Examples This example shows how to re enable all VLANs that were error disabled on port Gi4 0 2 Switch clear errdisable interface GigabitEthernet4 0 2 vlan Related Commands vlan list Optional Specify a list of VLANs to be re enabled If a vlan list is not specified then all VLANs are re enabled Release Modification 12 2 37 SE This command was introduced Command Description err...

Page 105: ...Modes Privileged EXEC Command History Examples This example shows how to clear the contents of the log buffer Switch clear ip arp inspection log You can verify that the log was cleared by entering the show ip arp inspection log privileged command Related Commands Release Modification 12 2 20 SE This command was introduced Command Description arp access list Defines an ARP access control list ACL i...

Page 106: ...ear the statistics for VLAN 1 Switch clear ip arp inspection statistics vlan 1 You can verify that the statistics were deleted by entering the show ip arp inspection statistics vlan 1 privileged EXEC command Related Commands vlan vlan range Optional Clear statistics for the specified VLAN or VLANs You can specify a single VLAN identified by VLAN ID number a range of VLANs separated by a hyphen or ...

Page 107: ... DHCP snooping binding database agent statistics Switch clear ip dhcp snooping database statistics You can verify that the statistics were cleared by entering the show ip dhcp snooping database privileged EXEC command This example shows how to clear the DHCP snooping statistics counters Switch clear ip dhcp snooping statistics You can verify that the statistics were cleared by entering the show ip...

Page 108: ...ping Enables DHCP snooping on a VLAN ip dhcp snooping database Configures the DHCP snooping binding database agent or the binding file show ip dhcp snooping binding Displays the status of DHCP snooping database agent show ip dhcp snooping database Displays the DHCP snooping binding database agent statistics show ip dhcp snooping statistics Displays the DHCP snooping statistics ...

Page 109: ...mmand or you can clear only the queue statistics by using the clear ipc queue statistics command Examples This example shows how to clear all statistics Switch clear ipc statistics This example shows how to clear only the queue statistics Switch clear ipc queue statistics You can verify that the statistics were deleted by entering the show ipc rpc or the show ipc session privileged EXEC command Re...

Page 110: ...n command and reload the switch When you configure the DHCPv6 server to detect conflicts it uses ping The client uses neighbor discovery to detect clients and reports to the server through a DECLINE message If an address conflict is detected the address is removed from the pool and the address is not assigned until the administrator removes the address from the conflict list If you use the asteris...

Page 111: ...ivileged EXEC Command History Usage Guidelines Use this command to clear protocol tunnel counters on the switch or on the specified interface Examples This example shows how to clear Layer 2 protocol tunnel counters on an interface Switch clear l2protocol tunnel counters gigabitethernet0 3 Related Commands interface id Optional Specify interface physical interface or port channel for which protoco...

Page 112: ...nnel group by using the clear lacp channel group number counters command Examples This example shows how to clear all channel group information Switch clear lacp counters This example shows how to clear LACP traffic counters for group 4 Switch clear lacp 4 counters You can verify that the information was deleted by entering the show lacp counters or the show lacp 4 counters privileged EXEC command...

Page 113: ...ear mac address table dynamic address 0008 0070 0007 You can verify that the information was deleted by entering the show mac address table privileged EXEC command Related Commands dynamic Delete all dynamic MAC addresses dynamic address mac addr Optional Delete the specified dynamic MAC address dynamic interface interface id Optional Delete all dynamic MAC addresses on the specified physical port...

Page 114: ... clear mac address table show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface snmp trap mac notification Enables the Simple Network Management Protocol SNMP MAC address notification trap on a specific interface Command Description ...

Page 115: ...lt is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear the mac address table move update related counters Switch clear mac address table move update You can verify that the information was cleared by entering the show mac address table move update privileged EXEC command Related Commands Release Modification 12 2 25 SED This command was introduced Comm...

Page 116: ...he cryptographic encrypted software image clear nmsp statistics Syntax Description This command has no arguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear NMSP statistics Switch clear nmsp statistics You can verify that information was deleted by entering the show nmsp statistics privileged EXEC command Related...

Page 117: ...the specified channel group by using the clear pagp channel group number counters command Examples This example shows how to clear all channel group information Switch clear pagp counters This example shows how to clear PAgP traffic counters for group 10 Switch clear pagp 10 counters You can verify that information was deleted by entering the show pagp privileged EXEC command Related Commands chan...

Page 118: ...70 0007 all Delete all secure MAC addresses configured Delete configured secure MAC addresses dynamic Delete secure MAC addresses auto learned by hardware sticky Delete secure MAC addresses either auto learned or configured address mac addr Optional Delete the specified dynamic secure MAC address interface interface id Optional Delete all the dynamic secure MAC addresses on the specified physical ...

Page 119: ...from the address table Switch clear port security dynamic You can verify that the information was deleted by entering the show port security privileged EXEC command Related Commands Command Description switchport port security Enables port security on an interface switchport port security mac address mac address Configures secure MAC addresses switchport port security maximum value Configures a ma...

Page 120: ...ory Usage Guidelines If the interface id is not specified spanning tree counters are cleared for all interfaces Examples This example shows how to clear spanning tree counters for all interfaces Switch clear spanning tree counters Related Commands interface interface id Optional Clear all spanning tree counters on the specified interface Valid interfaces include physical ports VLANs and port chann...

Page 121: ...nning tree MST switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU an MST BPDU Version 3 associated with a different region or a rapid spanning tree RST BPDU Version 2 However the switch does not automatically revert to the rapid PVST or the MSTP mode if it no longer receives IEEE 802 1D BPDUs because it cannot learn whether the legacy switch has been r...

Page 122: ...rguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear VLAN Membership Policy Server VMPS statistics Switch clear vmps statistics You can verify that information was deleted by entering the show vmps statistics privileged EXEC command Related Commands Release Modification 12 1 11 AX This command was introduced Comm...

Page 123: ...n This command has no arguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear the VTP counters Switch clear vtp counters You can verify that information was deleted by entering the show vtp counters privileged EXEC command Related Commands Release Modification 12 1 11 AX This command was introduced Command Descript...

Page 124: ... cluster command switch stack or the cluster command switch A cluster member can have only one cluster command switch The cluster member switch retains the identity of the cluster command switch during a system reload by using the mac address parameter You can enter the no form on a cluster member switch to remove it from the cluster during debugging or recovery procedures You would normally use t...

Page 125: ...ress 00e0 9bc0 a500 member 4 name my_cluster output truncated This example shows how to remove a member from the cluster by using the cluster member console Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config no cluster commander address You can verify your settings by entering the show cluster privileged EXEC command Related Commands Command Descripti...

Page 126: ...rate on cluster member switches If the hop count is set to 1 it disables extended discovery The cluster command switch discovers only candidates that are one hop from the edge of the cluster The edge of the cluster is the point between the last discovered cluster member switch and the first discovered candidate switch Examples This example shows how to set hop count limit to 4 This command is exec...

Page 127: ...r This command fails if a device is already configured as a member of the cluster You must name the cluster when you enable the cluster command switch If the switch is already configured as the cluster command switch this command changes the cluster name if it is different from the previous cluster name Examples This example shows how to enable the cluster command switch name the cluster and set t...

Page 128: ...he cluster command switch propagates the values to all its cluster members so that the setting is consistent among all switches in the cluster The holdtime is typically set as a multiple of the interval timer cluster timer For example it takes holdtime in secs divided by the interval in secs number of heartbeat messages to be missed in a row to declare a switch down Examples This example shows how...

Page 129: ...switch selects the next available member number and assigns it to the switch that is joining the cluster You must enter the enable password of the candidate switch for authentication when it joins the cluster The password is not saved in the running or startup configuration After a candidate switch becomes a member of the cluster its password becomes the same as the cluster command switch password...

Page 130: ... MAC address 00E0 1E00 3333 to the cluster This switch does not have a password The cluster command switch selects the next available member number and assigns it to the switch that is joining the cluster Switch config cluster member mac address 00E0 1E00 3333 You can verify your settings by entering the show cluster members privileged EXEC command on the cluster command switch Related Commands Co...

Page 131: ...lobal configuration Command History Usage Guidelines Enter this command only on the cluster command switch If you enter this command on a cluster member switch an error message appears Examples This example shows how to set the outside interface to VLAN 1 Switch config cluster outside interface vlan 1 You can verify your setting by entering the show running config privileged EXEC command Related C...

Page 132: ...s disabled Clustering is disabled and the switch cannot become a candidate switch When you enter the no cluster run command on a cluster member switch it is removed from the cluster Clustering is disabled and the switch cannot become a candidate switch When you enter the no cluster run command on a switch that is not part of a cluster clustering is disabled on this switch This switch cannot then b...

Page 133: ...members Each cluster member switch stores the binding information in its NVRAM The HSRP group name must be a valid standby group otherwise the command exits with an error The same group name should be used on all members of the HSRP standby group that is to be bound to the cluster The same HSRP group name should also be used on all cluster HSRP capable members for the HSRP group that is to be boun...

Page 134: ...outing redundancy ERROR This command runs on a cluster command switch You can verify your settings by entering the show cluster privileged EXEC command The output shows whether redundancy is enabled in the cluster Related Commands Command Description standby ip Enables HSRP on the interface For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 1...

Page 135: ...he cluster command switch The cluster command switch propagates the values to all its cluster members so that the setting is consistent among all switches in the cluster The holdtime is typically set as a multiple of the heartbeat interval timer cluster timer For example it takes holdtime in secs divided by the interval in secs number of heartbeat messages to be missed in a row to declare a switch...

Page 136: ... Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands cluster timer Related Commands Command Description show cluster Displays the cluster status and a summary of the cluster to which the switch belongs ...

Page 137: ...When entering the interface range use this format type first interface last interface You must add a space between the first interface number and the hyphen when entering an interface range For example gigabitethernet 1 0 1 2 is a valid range gigabitethernet 1 0 1 2 is not a valid range Valid values for type and interface vlan vlan id vlan ID where the VLAN ID is 1 to 4094 VLAN interfaces must hav...

Page 138: ...tiple ranges When you define multiple ranges you must enter a space after the first entry before the comma The space after the comma is optional for example fastethernet1 0 3 gigabitethernet1 0 1 2 fastethernet1 0 3 4 gigabitethernet1 0 1 2 Examples This example shows how to create a multiple interface macro Switch config define interface range macro1 fastethernet1 0 1 2 gigabitethernet1 0 1 2 Rel...

Page 139: ... on destructive file operations For more information about this command see the Cisco IOS Command Reference for Release 12 1 Examples This example shows how to remove the directory that contains the old software image after a successful download of a new image Switch delete force recursive flash old image You can verify that the directory was removed by entering the dir filesystem privileged EXEC ...

Page 140: ...tch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands delete Related Commands Command Description archive download sw Downloads a new image to the switch and overwrites or keeps the existing image ...

Page 141: ... target mac target mac target mac mask log Syntax Description Defaults There are no default settings However at the end of the ARP access list there is an implicit deny ip any mac any command Command Modes ARP access list configuration Command History request Optional Define a match for the ARP request When request is not specified matching is performed against all ARP packets ip Specify the sende...

Page 142: ...abcd Switch config arp access list static hosts Switch config arp nacl deny ip host 1 1 1 1 mac host 0000 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Command Description arp access list Defines an ARP access control list ACL ip arp inspection filter vlan Permits ARP requests and responses from a hos...

Page 143: ... Message Protocol deny icmp source ipv6 prefix prefix length any host source ipv6 address operator port number destination ipv6 prefix prefix length any host destination ipv6 address operator port number icmp type icmp code icmp message dscp value log log input sequence value time range name Transmission Control Protocol deny tcp source ipv6 prefix prefix length any host source ipv6 address operat...

Page 144: ...not equal and range inclusive range If the operator is positioned after the source ipv6 prefix prefix length argument it must match the source port If the operator is positioned after the destination ipv6 prefix prefix length argument it must match the destination port The range operator requires two port numbers All other operators require one port number The optional port number argument is a de...

Page 145: ...e range that applies to the deny statement The name of the time range and its restrictions are specified by the time range and absolute or periodic commands respectively icmp type Optional Specify an ICMP message type for filtering ICMP packets ICMP packets can be filtered by an ICMP message type The type is a number from 0 to 255 icmp code Optional Specify an ICMP message code for filtering ICMP ...

Page 146: ...v6 ACL has implicit permit icmp any any nd na permit icmp any any nd ns and deny ipv6 any any statements as its last match conditions The two permit conditions allow ICMPv6 neighbor discovery To disallow ICMPv6 neighbor discovery and to deny icmp any any nd na or icmp any any nd ns there must be an explicit deny entry in the ACL For the implicit deny ipv6 any any statement to take effect an IPv6 A...

Page 147: ...fig ipv6 access list CISCO Switch config ipv6 acl deny tcp any any gt 5000 Switch config ipv6 acl deny 0 lt 5000 0 log Switch config ipv6 acl permit icmp any any Switch config ipv6 acl permit any any Switch config ipv6 acl exit Switch config interface gigabitethernet1 0 3 Switch config if no switchport Switch config if ipv6 address 2001 64 eui 64 Switch config if ipv6 traffic filter CISCO out Rela...

Page 148: ...e address for a packet matches the defined address non IP traffic from that address is denied host dst MAC addr dst MAC addr mask Define a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied type mask Optional Use the Ethertype number of a packet with Ethernet II or SNAP encapsulation to ident...

Page 149: ...protocol of the packet mask is a mask of don t care bits applied to the LSAP number before testing for a match mop console Optional Select EtherType DEC MOP Remote Console mop dump Optional Select EtherType DEC MOP Dump msdos Optional Select EtherType DEC MSDOS mumps Optional Select EtherType DEC MUMPS netbios Optional Select EtherType DEC Network Basic Input Output System NETBIOS vines echo Optio...

Page 150: ...onfiguration guide for this release Examples This example shows how to define the named MAC extended access list to deny NETBIOS traffic from any source to MAC address 00c0 00a0 03fa Traffic matching this list is denied Switch config ext macl deny any host 00c0 00a0 03fa netbios This example shows how to remove the deny condition from the named MAC extended access list Switch config ext macl no de...

Page 151: ...m test test id test id range all failure count Syntax Description Defaults The defaults are as follows Monitoring is disabled syslog is enabled switch num Specify the module number The range is from 1 to 9 test Specify a test to run test id Identification number for the test to be run see the Usage Guidelines section for additional information test id range Range of identification numbers for test...

Page 152: ... packets during the test Reset the system or the test module before putting the system back into the normal operating mode Note If you are running a diagnostic test that has the reload attribute on a switch in a stack you could potentially partition the stack depending on your cabling configuration To avoid partitioning your stack you should enter the show switch detail privileged EXEC command to ...

Page 153: ...talyst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands diagnostic monitor Related Commands Command Description show diagnostic Displays online diagnostic test results ...

Page 154: ...st Enter the range as integers separated by a comma and a hyphen for example 1 3 6 specifies test IDs 1 3 4 5 and 6 hh mm Enter the time as a 2 digit number for a 24 hour clock for hours minutes the colon is required switch num Specify the switch number The range is from 1 to 9 test Specify the test to be scheduled test id Identification number for the test to be run see the Usage Guidelines secti...

Page 155: ... such as Monday Tuesday Sunday either upper case or lower case characters Examples This example shows how to schedule diagnostic testing on a specific date and time for a specific switch Switch config diagnostic schedule switch 1 test 1 2 4 6 on january 3 2006 23 32 This example shows how to schedule diagnostic testing to occur weekly at a certain time for a specific switch Switch config diagnosti...

Page 156: ...kPortLoopback ID 1 switch 1 06 27 51 DIAG 6 TEST_OK Switch 1 TestPortAsicStackPortLoopback ID 1 has completed successfully switch 1 This example shows how to start diagnostics test 2 on a switch that will disrupt normal system operation Switch diagnostic start switch 1 test 2 Switch 1 Running test s 2 will cause the switch under test to reload after completion of the test list Switch 1 Running tes...

Page 157: ...Switch 1 00 00 25 SPANTREE 5 EXTENDED_SYSID Extended SysId enabled for type vlan Switch 1 00 00 29 SYS 5 CONFIG_I Configured from memory by console Switch 1 00 00 29 STACKMGR 5 SWITCH_READY Switch 2 is READY Switch 1 00 00 29 STACKMGR 5 MASTER_READY Master Switch 2 is READY Switch 1 00 00 30 STACKMGR 5 SWITCH_READY Switch 1 is READY Switch 1 00 00 30 DIAG 6 TEST_RUNNING Switch 1 Running TestPortAs...

Page 158: ...Before globally enabling IEEE 802 1x authentication on a switch remove the EtherChannel configuration from the interfaces on which IEEE 802 1x authentication and EtherChannel are configured If you are using a device running the Cisco Access Control Server ACS application for IEEE 802 1x authentication with EAP Transparent LAN Services TLS and with EAP MD5 and your switch is running Cisco IOS Relea...

Page 159: ... dot1x guest vlan supplicant You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands Command Description dot1x critical global configuration Configures the parameters for the inaccessible authentication bypass feature on the switch dot1x guest vlan Enables and specifies an active VLAN as an IEEE 802 1x guest VLAN dot1x port control En...

Page 160: ...maximum number of authentication attempts allowed by the VLAN the change takes effect after the re authentication timer expires Examples This example shows how to set 2 as the maximum number of authentication attempts allowed before the port is moved to the restricted VLAN on port 3 Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gigabite...

Page 161: ...ommands Command Description dot1x auth fail vlan vlan id Enables the optional restricted VLAN feature dot1x max reauth req count Sets the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 162: ... detect any new hosts until the next re authentication attempt occurs If the supplicant fails authentication the port is moved to a restricted VLAN and an EAP success message is sent to the supplicant Because the supplicant is not notified of the actual authentication failure there might be confusion about this restricted network access An EAP success message is sent for these reasons If the EAP s...

Page 163: ...e the restricted VLAN is inactive all authentication attempts are counted so that when the restricted VLAN becomes active the port is immediately placed in the restricted VLAN The restricted VLAN is supported only in single host mode the default port mode For this reason when a port is placed in a restricted VLAN the supplicant s MAC address is added to the MAC address table and any other MAC addr...

Page 164: ...ection in the Configuring IEEE 802 1x Port Based Authentication chapter in the software configuration guide Examples This example shows how to enable unidirectional control Switch config if dot1x control direction in This example shows how to enable bidirectional control Switch config if dot1x control direction both You can verify your settings by entering the show dot1x all privileged EXEC comman...

Page 165: ... in the show dot1x all command output ControlDirection In If you enter the dot1x control direction in interface configuration command and the port cannot support this mode due to a configuration conflict this appears in the show dot1x all command output ControlDirection In Disabled due to port settings Related Commands Command Description show dot1x all interface interface id Displays control dire...

Page 166: ... Global configuration Command History Usage Guidelines You must have another switch set up as the authenticator for this switch to be the supplicant Examples This example shows how to configure a switch as a supplicant Switch config dot1x credentials profile You can verify your settings by entering the show running config privileged EXEC command Related Commands profile Specify a profile for the s...

Page 167: ...EAPOL Success message when the switch puts the critical port in the critical authentication state Use the recovery delay milliseconds keyword to set the recovery delay period during which the switch waits to re initialize a critical port when a RADIUS server that was unavailable becomes available The default recovery delay period is 1000 milliseconds A port can be re initialized every second To en...

Page 168: ...co IOS Commands dot1x critical global configuration Related Commands Command Description dot1x critical interface configuration Enables the inaccessible authentication bypass feature and configures the access VLAN for the feature show dot1x Displays IEEE 802 1x status for the specified port ...

Page 169: ...ort when the port is in the critical authentication state use the vlan vlan id keywords The specified type of VLAN must match the type of port as follows If the critical port is an access port the VLAN must be an access VLAN If the critical port is a private VLAN host port the VLAN must be a secondary private VLAN If the critical port is a routed port you can specify a VLAN but this is optional If...

Page 170: ...bypass feature and port security on the same switch port Examples This example shows how to enable the inaccessible authentication bypass feature on port 21 Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gigabitethernet1 0 21 Switch config if dot1x critical Switch config if end Switch config end Switch You can verify your configuration b...

Page 171: ...e quiet period is 60 seconds The retransmission time is 30 seconds The maximum retransmission number is 2 times The host mode is single host The client timeout period is 30 seconds The authentication server timeout period is 30 seconds Command Modes Interface configuration Command History Examples This example shows how to reset the IEEE 802 1x parameters on a port Switch config if dot1x default Y...

Page 172: ...ow to specify a fallback profile to a switch port that has been configured for IEEE 802 1x authentication Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gigabitethernet1 0 3 Switch config if dot1x fallback profile1 Switch config fallback profile exit Switch config end You can verify your settings by entering the show dot1x interface inte...

Page 173: ...users might be upgrading their systems for IEEE 802 1x authentication and some hosts such as Windows 98 systems might not be IEEE 802 1x capable When you enable a guest VLAN on an IEEE 802 1x port the switch assigns clients to a guest VLAN when it does not receive a response to its Extensible Authentication Protocol over LAN EAPOL request identity frame or when EAPOL packets are not sent by the cl...

Page 174: ... the settings depends on the connected IEEE 802 1x client type The switch supports MAC authentication bypass in Cisco IOS Release 12 2 25 SEE and later When it is enabled on an IEEE 802 1x port the switch can authorize clients based on the client MAC address when IEEE 802 1x authentication times out while waiting for an EAPOL message exchange After detecting a client on an IEEE 802 1x port the swi...

Page 175: ...52 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands dot1x guest vlan Related Commands Command Description dot1x Enables the optional guest VLAN supplicant feature show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 176: ...e authentication fails or an Extensible Authentication Protocol over LAN EAPOL logoff message is received all attached clients are denied access to the network Use the multi domain keyword to enable MDA on a port MDA divides the port into both a data domain and a voice domain MDA allows both a data device and a voice device such as an IP phone Cisco or non Cisco on the same IEEE 802 1x enabled por...

Page 177: ... to enable MDA on the specified port Switch config dot1x system auth control Switch config interface gigabitethernet2 0 1 Switch config if dot1x port control auto Switch config if dot1x host mode multi domain You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands Command Description show dot1x interface interface id Displays IEEE 802...

Page 178: ...se this command to initialize the IEEE 802 1x state machines and to set up a fresh environment for authentication After you enter this command the port status becomes unauthorized There is not a no form of this command Examples This example shows how to manually initialize a port Switch dot1x initialize interface gigabitethernet2 0 22 You can verify the unauthorized port status by entering the sho...

Page 179: ...AC authentication bypass to re authorize the port If the port is in the authorized state the port remains in this state until re authorization occurs If an EAPOL packet is detected on the interface during the lifetime of the link the switch determines that the device connected to that interface is an IEEE 802 1x capable supplicant and uses IEEE 802 1x authentication not MAC authentication bypass t...

Page 180: ...h config if dot1x mac auth bypass eap This example shows how to enable MAC authentication bypass and to configure the timeout if the connected host is inactive for 30 seconds Switch config if dot1x mac auth bypass timeout inactivity 30 You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands Command Description show dot1x interface int...

Page 181: ...how to set 4 as the number of times that the switch restarts the authentication process before the port changes to the unauthorized state Switch config if dot1x max reauth req 4 You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands count Number of times that the switch restarts the authentication process before the port changes to t...

Page 182: ...fic behavioral problems with certain clients and authentication servers Examples This example shows how to set 5 as the number of times that the switch sends an EAP frame from the authentication server to the client before restarting the authentication process Switch config if dot1x max req 5 You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Rel...

Page 183: ...sts clients on an IEEE 802 1x authorized port Command History Related Commands Release Modification 12 1 11 AX This command was introduced 12 1 14 EA1 The dot1x multiple hosts interface configuration command was replaced by the dot1x host mode interface configuration command Command Description dot1x host mode Sets the IEEE 802 1x host mode on a port show dot1x Displays IEEE 802 1x statistics admi...

Page 184: ...EE 802 1x authentication on the port When you configure IEEE 802 1x authentication on a port such as by entering the dot1x port control interface configuration command the switch automatically configures the port as an EEE 802 1x authenticator After the no dot1x pae interface configuration command is entered the Authenticator PAE operation is disabled Examples This example shows how to disable IEE...

Page 185: ...t enabled If you try to change the mode of an IEEE 802 1x enabled port to trunk an error message appears and the port mode is not changed Dynamic ports A port in dynamic mode can negotiate with its neighbor to become a trunk port If you try to enable IEEE 802 1x authentication on a dynamic port an error message appears and IEEE 802 1x authentication is not enabled If you try to change the mode of ...

Page 186: ...PAN RSPAN destination ports You can enable IEEE 802 1x authentication on a port that is a SPAN or RSPAN destination port However IEEE 802 1x authentication is disabled until the port is removed as a SPAN or RSPAN destination You can enable IEEE 802 1x authentication on a SPAN or RSPAN source port To globally disable IEEE 802 1x authentication on the switch use the no dot1x system auth control glob...

Page 187: ...re authenticate a client without waiting for the configured number of seconds between re authentication attempts re authperiod and automatic re authentication Examples This example shows how to manually re authenticate the device connected to a port Switch dot1x re authenticate interface gigabitethernet2 0 21 Related Commands interface interface id Optional Stack switch number module and port numb...

Page 188: ... periodic re authentication attempts Command History Related Commands Release Modification 12 1 11 AX This command was introduced 12 1 14 EA1 The dot1x reauthentication interface configuration command replaced the dot1x re authentication global configuration command Command Description dot1x reauthentication Sets the number of seconds between re authentication attempts show dot1x Displays IEEE 802...

Page 189: ...amples This example shows how to disable periodic re authentication of the client Switch config if no dot1x reauthentication This example shows how to enable periodic re authentication and to set the number of seconds between re authentication attempts to 4000 seconds Switch config if dot1x reauthentication Switch config if dot1x timeout reauth period 4000 You can verify your settings by entering ...

Page 190: ...02 1x capability of the devices connected to all ports or to specific ports on a switch There is not a no form of this command Examples This example shows how to enable the IEEE 802 1x readiness check on a switch to query a port It also shows the response received from the queried port verifying that the device connected to it is IEEE 802 1x capable switch dot1x test eapol capable interface gigabi...

Page 191: ... this command to configure the timeout used to wait for EAPOL response There is not a no form of this command Examples This example shows how to configure the switch to wait 27 seconds for an EAPOL response Switch dot1x test timeout 27 You can verify the timeout configuration status by entering the show run privileged EXEC command Related Commands timeout Time in seconds to wait for an EAPOL respo...

Page 192: ...on exchange with the client The range is 1 to 65535 ratelimit period seconds Number of seconds that the switch ignores Extensible Authentication Protocol over LAN EAPOL packets from clients that have been successfully authenticated during this duration The range is 1 to 65535 reauth period seconds server Set the number of seconds between re authentication attempts The keywords have these meanings ...

Page 193: ...eriodic re authentication and to specify the value of the Session Timeout RADIUS attribute as the number of seconds between re authentication attempts Switch config if dot1x reauthentication Switch config if dot1x timeout reauth period server This example shows how to set 30 seconds as the quiet time on the switch Switch config if dot1x timeout quiet period 30 This example shows how to set 45 seco...

Page 194: ... IOS Commands dot1x timeout This example shows how to set 30 as the number of seconds that the switch ignores EAPOL packets from successfully authenticated clients Switch config if dot1x timeout ratelimit period 30 You can verify your settings by entering the show dot1x privileged EXEC command ...

Page 195: ...timeout Related Commands Command Description dot1x max req Sets the maximum number of times that the switch sends an EAP request identity frame before restarting the authentication process dot1x reauthentication Enables periodic re authentication of the client show dot1x Displays IEEE 802 1x status for all ports ...

Page 196: ...wn when a new device connects to the port Switch config if dot1x violation mode shutdown This example shows how to configure an IEEE 802 1x enabled port to generate a system error message and change the port to restricted mode when a new device connects to the port Switch config if dot1x violation mode restrict This example shows how to configure an IEEE 802 1x enabled port to ignore a new connect...

Page 197: ...tch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands dot1x violation mode Related Commands Command Description show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 198: ...r Fast Ethernet ports setting the port to auto has the same effect as specifying half if the attached device does not autonegotiate the duplex parameter For Gigabit Ethernet ports setting the port to auto has the same effect as specifying full if the attached device does not autonegotiate the duplex parameter Note Half duplex mode is supported on Gigabit Ethernet interfaces if the duplex mode is a...

Page 199: ...tiated value The duplex setting remains as configured on each end of the link which could result in a duplex setting mismatch You can configure the duplex setting when the speed is set to auto Caution Changing the interface speed and duplex mode configuration might shut down and re enable the interface during the reconfiguration For guidelines on setting the switch speed and duplex parameters see ...

Page 200: ...ning multiple keywords separate the keywords with commas and do not use spaces between keywords You can enter alphanumeric characters and symbols such as or Do not use an asterisk or a blank space between the characters and symbols level level Set the power level of the entity The range is from 1 to 10 management udp port number Specify the UDP port that sends and receives queries The range is fro...

Page 201: ...igure terminal Enter configuration commands one per line End with CNTL Z Switch config energywise domain cisco secret cisco protocol udp port 43440 ip 2 2 4 30 Switch config energywise importance 50 Switch config energywise keywords lab1 devlab Switch config energywise management 60500 Switch config energywise name Entity01 Switch config energywise neighbor TG3560G 21 43440 Switch config energywis...

Page 202: ...ot use spaces between keywords You can enter alphanumeric characters and symbols such as or Do not use an asterisk or a blank space between the characters and symbols level level Optional Set the power level of the port The range is from 0 and 10 If the power level is 0 the port is powered off If the power level is from 1 to 10 the port is powered You can enter any value this range to power the Po...

Page 203: ...0 8 Switch config if energywise level 0 recurrence importance 90 at 0 20 Switch config if energywise inportance 50 Switch config if energywise name lobbyInterface 3 Switch config if energywise role role lobbyaccess Switch config if end Related Commands name name Optional Specify the EnergyWise specific port name You can enter alphanumeric characters and symbols such as or Do not use an asterisk or...

Page 204: ...mmand History domain domain name Assign the entity to a domain with the specified domain name You can enter alphanumeric characters and symbols such as or Do not use an asterisk or a blank space between the characters and symbols secret 0 7 password Set the password for secure communication among the entities in the domain Optional 0 Use an unencrypted password Optional 7 Use an hidden password If...

Page 205: ...available port to communicate with the network and with management applications Examples This example shows how to enable EnergyWise set the domain name and password and specify the IP address Switch config energywise domain cisco secret cisco protocol udp port 43440 ip 2 2 4 30 Related Commands Command Description show energywise Displays the EnergyWise settings and status show energywise domain ...

Page 206: ...ords with commas and do not use spaces between keywords You can enter alphanumeric characters and symbols such as or Do not use an asterisk or a blank space between the characters and symbols name name Filter the results based on the name For the wildcard use or name with the asterisk at the end of the name phrase You can enter alphanumeric characters and symbols such as or Do not use an asterisk ...

Page 207: ...query with care because it affects the entity on which you enter the command and other domain devices that match the query criteria Examples These examples show how to filter with the entity name Switch energywise query name phone collect usage EnergyWise query timeout is 3 seconds Host Name Usage 2 2 2 21 phone 0 0 W 2 2 2 21 phone 15 4 W 2 2 2 21 phoneA 0 0 W 2 2 2 22 phone 0 0 W 2 2 2 21 phoneB...

Page 208: ...ise query timeout is 3 seconds Level Label Delta Power W 0 Shut 12 9 1 Hibernate 723 8 2 Sleep 723 8 3 Standby 723 8 4 Ready 723 8 5 Low 723 8 6 Frugal 723 8 7 Medium 723 8 8 Reduced 723 8 9 High 723 8 10 Full 723 8 Queried 48 Responded 48 Time 0 15 seconds This example shows the power usage in the domain Switch show energywise children Interface Role Name Usage Lvl Imp Type control SwitchA 86 0 W...

Page 209: ...c Switch config if end Switch show running config interface gigabitethernet1 0 2 interface GigabitEthernet1 0 2 energywise level 0 recurrence importance 90 at 0 8 energywise level 10 recurrence importance 90 at 0 20 energywise importance 50 energywise role role lobbyaccess energywise keywords lobby sattelite public energywise name lobbyInterface 2 end Switch energywise query keyword lobby collect ...

Page 210: ... occurs the entire port is disabled Use the no form of this command to disable the per VLAN error disable feature errdisable detect cause bpduguard shutdown vlan no errdisable detect cause bpduguard shutdown vlan Syntax Description all Enable error detection for all error disabled causes arp inspection Enable error detection for dynamic Address Resolution Protocol ARP inspection bpduguard shutdown...

Page 211: ...out of the error disabled state and allowed to retry the operation when all causes have timed out If you do not set a recovery mechanism you must enter the shutdown and then the no shutdown commands to manually change the port from the error disabled state Examples This example shows how to enable error disable detection for the link flap error disabled cause Switch config errdisable detect cause ...

Page 212: ...ds Command Description show errdisable detect Displays error disabled detection information show interfaces status err disabled Displays interface status or a list of interfaces in the error disabled state clear errdisable interface Clears the error disabled state from a port or VLAN that was error disabled by the per VLAN error disable feature ...

Page 213: ...e is disabled Command Modes Global configuration Command History Usage Guidelines This command globally enables the small frame arrival feature Use the small violation rate interface configuration command to set the threshold for each port You can configure the port to be automatically re enabled by using the errdisable recovery cause small frame global configuration command You configure the reco...

Page 214: ...covery cause small frame Enables the recovery timer errdisable recovery interval interval Specifies the time to recover from the specified error disabled state show interfaces Displays the interface settings on the switch including input and output flow control small violation rate Configures the rate threshold for incoming small frames to cause a port to be put into the error disabled state ...

Page 215: ...lines This command enables the recovery timer for error disabled ports You configure the recovery time by using the errdisable recovery interval interval interface configuration command Examples This example shows how to set the recovery timer Switch config errdisable recovery cause small frame You can verify your setting by entering the show interfaces user EXEC command Related Commands Release M...

Page 216: ...ddress Resolution Protocol ARP inspection error disabled state channel misconfig Enable the timer to recover from the EtherChannel misconfiguration error disabled state dhcp rate limit Enable the timer to recover from the DHCP snooping error disabled state dtp flap Enable the timer to recover from the Dynamic Trunking Protocol DTP flap error disabled state gbic invalid Enable the timer to recover ...

Page 217: ...t out of the error disabled state and allowed to retry the operation again when all the causes have timed out Otherwise you must enter the shutdown and then the no shutdown commands to manually recover a port from the error disabled state vmps Enable the timer to recover from the VLAN Membership Policy Server VMPS error disabled state interval interval Specify the time to recover from the specifie...

Page 218: ...to 500 seconds Switch config errdisable recovery interval 500 You can verify your settings by entering the show errdisable recovery privileged EXEC command Related Commands Command Description show errdisable recovery Displays error disabled recovery timer information show interfaces status err disabled Displays interface status or a list of interfaces in error disabled state clear errdisable inte...

Page 219: ...nformation that can help determine the cause of the switch failure If you enter the exception crashinfo global configuration command on a stack master it configures all the stack members to create the extended crashinfo file if the Cisco IOS image on the stack members fail Use the no exception crashinfo global configuration command to configure the switch to not create the extended crashinfo file ...

Page 220: ... and these configuration commands are available ip Create an IP configuration access group Specify access control for packets sent by hosts that have not yet been authenticated admission Apply an IP admission rule Examples This example shows how to create a fallback profile to be used with web authentication Switch configure terminal Switch config ip admission name rule1 proxy http Switch config f...

Page 221: ...rt to use web authentication as a fallback method for clients that do not support IEEE 802 1x authentication ip admission Enable web authentication on a switch port ip admission name proxy http Enable web authentication globally on a switch show dot1x interface interface id Displays IEEE 802 1x status for the specified port show fallback profile Display the configured profiles on a switch ...

Page 222: ...eywords have the same result When you use the flowcontrol command to set a port to control traffic rates during congestion you are setting flow control on a port to one of these conditions receive on or desired The port cannot send pause frames but can operate with an attached device that is required to or is able to send pause frames The port can receive pause frames receive off Flow control does...

Page 223: ...te Device Local Device Remote Device send off receive on send on receive on send on receive off send desired receive on send desired receive off send off receive on send off receive off Receives only Receives only Receives only Receives only Receives only Does not send or receive Sends and receives Sends only Sends and receives Sends only Receives only Does not send or receive send off receive off...

Page 224: ...f you create the port channel interface first the channel group number can be the same as the port channel number or you can use a new number If you use a new number the channel group command dynamically creates a new port channel You create Layer 3 port channels by using the interface port channel command followed by the no switchport interface configuration command You should manually configure ...

Page 225: ...ines see the Configuring EtherChannels chapter in the software configuration guide for this release Examples This example shows how to create a port channel interface with a port channel number of 5 Switch config interface port channel 5 You can verify your setting by entering the show running config privileged EXEC or show etherchannel channel group number detail privileged EXEC command Related C...

Page 226: ...EC command VLANs not displayed cannot be used in the interface range command The commands entered under interface range command are applied to all existing VLAN SVIs in the range All configuration changes made to an interface range are saved to NVRAM but the interface range itself is not saved to NVRAM You can enter the interface range in two ways Specifying up to five interface ranges Specifying ...

Page 227: ...ernet1 0 1 2 gigabitethernet1 0 1 2 You cannot specify both a macro and an interface range in the same command You can also specify a single interface in port range The command is then similar to the interface interface id global configuration command For more information about configuring interface ranges see the software configuration guide for this release Examples This example shows how to use...

Page 228: ...associated with a physical port If you delete an SVI by entering the no interface vlan vlan id command the deleted interface is no longer visible in the output from the show interfaces privileged EXEC command Note You cannot delete the VLAN 1 interface You can re instate a deleted SVI by entering the interface vlan vlan id command for the deleted interface The interface comes back up but the previ...

Page 229: ... interface vlan Switch config if You can verify your setting by entering the show interfaces and show interfaces vlan vlan id privileged EXEC commands Related Commands Command Description show interfaces vlan vlan id Displays the administrative and operational status of all interfaces or the specified VLAN ...

Page 230: ...nd 1300 to 1999 or extended access lists ranging from 100 to 199 and 2000 to 2699 You can use this command to apply an access list to a Layer 2 or Layer 3 interface However note these limitations for Layer 2 interfaces port ACLs You can only apply ACLs in the inbound direction the out keyword is not supported for Layer 2 interfaces You can only apply one IP ACL and one MAC ACL per interface Layer ...

Page 231: ...kets are filtered by both the VLAN map and the router ACL Other packets are filtered only by the VLAN map You can apply IP ACLs to both outbound or inbound Layer 3 interfaces A Layer 3 interface can have one IP ACL applied in each direction You can configure only one VLAN map and one router ACL in each direction input output on a VLAN interface For standard inbound access lists after the switch re...

Page 232: ...select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands show access lists Displays ACLs configured on the switch show ip access lists Displays IP ACLs configured on the switch For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands show ip interface Displays informatio...

Page 233: ...s command If the switch detects another host using one of its IP addresses it will send an error message to the console You can use the optional keyword secondary to specify an unlimited number of secondary addresses Secondary addresses are treated like primary addresses except the system never generates datagrams other than routing updates with secondary source addresses IP broadcasts and ARP req...

Page 234: ...ation command to reallocate system hardware resources based on templates and feature tables For more information see the sdm prefer command Examples This example shows how to configure the IP address for the Layer 2 switch on a subnetted network Switch config interface vlan 1 Switch config if ip address 172 20 128 2 255 255 255 0 This example shows how to configure the IP address for a port on the...

Page 235: ... Switch config if ip admission rule1 This example shows how to apply a web authentication rule to a fallback profile for use on an IEEE 802 1x enabled switch port Switch configure terminal Switch config fallback profile profile1 Switch config ip admission name rule1 Switch config end Related Commands rule Apply an IP admission rule to the interface Release Modification 12 2 35 SE This command was ...

Page 236: ...sion web rule interface configuration commands to enable web authentication on a specific interface Examples This example shows how to configure only web authentication on a switchport Switch configure terminal Switch config ip admission name http rule proxy http Switch config interface gigabitethernet1 0 1 Switch config if ip access group 101 in Switch config if ip admission rule Switch config if...

Page 237: ...t to use web authentication as a fallback method for clients that do not support IEEE 802 1x authentication fallback profile Create a web authentication fallback profile ip admission Enable web authentication on a port show ip admission Displays information about NAC cached entries or the NAC configuration For more information see the Network Admission Control Software Configuration Guide on Cisco...

Page 238: ...ut validation If the switch denies a packet because of an explicit deny statement in the ACL the packet is dropped If the switch denies a packet because of an implicit deny statement the packet is then compared against the list of DHCP bindings unless the ACL is static which means that packets are not compared against the bindings Use the arp access list acl name global configuration command to de...

Page 239: ...ng the show ip arp inspection vlan 1 privileged EXEC command Related Commands Command Description arp access list Defines an ARP ACL deny ARP access list configuration Denies an ARP packet based on matches against the DHCP bindings permit ARP access list configuration Permits an ARP packet based on matches against the DHCP bindings show arp access list Displays detailed information about ARP acces...

Page 240: ...ves more than the configured rate of packets every second consecutively over a number of burst seconds the interface is placed into an error disabled state Unless you explicitly configure a rate limit on an interface changing the trust state of the interface also changes its rate limit to the default value for that trust state After you configure the rate limit the interface retains the rate limit...

Page 241: ...nnel ports equals the sum of the incoming rate of ARP packets from all the channel members Configure the rate limit for EtherChannel ports only after examining the rate of incoming ARP packets on all the channel members Examples This example shows how to limit the rate of incoming ARP requests on a port to 25 pps and to set the interface monitoring interval to 5 consecutive seconds Switch config i...

Page 242: ...ds is 4 the switch generates system messages for five entries every second while there are entries in the log buffer A log buffer entry can represent more than one packet For example if an interface receives many packets on the same VLAN with the same ARP parameters the switch combines the packets as one entry in the log buffer and generates a system message as a single entry If the log buffer ove...

Page 243: ...rp inspection log buffer entries 45 This example shows how to configure the logging rate to 20 log entries per 4 seconds With this configuration the switch generates system messages for five entries every second while there are entries in the log buffer Switch config ip arp inspection log buffer logs 20 interval 4 You can verify your settings by entering the show ip arp inspection log privileged E...

Page 244: ...ck ARP packets that it receives on the trusted interface it simply forwards the packets For untrusted interfaces the switch intercepts all ARP requests and responses It verifies that the intercepted packets have valid IP to MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination The switch drops invalid packets and logs them in the log b...

Page 245: ...ommands Command Description ip arp inspection log buffer Configures the dynamic ARP inspection logging buffer show inventory interfaces Displays the trust state and the rate limit of ARP packets for the specified interface or all interfaces show inventory log Displays the configuration and contents of the dynamic ARP inspection log buffer ...

Page 246: ...dst mac validations are disabled as a result of the second command src mac Compare the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses When enabled packets with different MAC addresses are classified as invalid and are dropped dst mac Compare the destination MAC address in the Ethernet header agains...

Page 247: ...p arp inspection validate ip command ARP probes are dropped unless you enter the allow zeros keyword The no form of the command disables only the specified checks If none of the options are enabled all checks are disabled Examples This example show how to enable source MAC validation Switch config ip arp inspection validate src mac You can verify your setting by entering the show ip arp inspection...

Page 248: ... ARP inspection Dynamic ARP inspection is supported on access ports trunk ports EtherChannel ports or private VLAN ports Examples This example shows how to enable dynamic ARP inspection on VLAN 1 Switch config ip arp inspection vlan 1 You can verify your setting by entering the show ip arp inspection vlan vlan range privileged EXEC command Related Commands vlan range VLAN number or range You can s...

Page 249: ...n or a series of VLANs separated by a comma The range is 1 to 4094 acl match matchlog none Specify that the logging of packets is based on access control list ACL matches The keywords have these meanings matchlog Log packets based on the logging configuration specified in the access control entries ACE If you specify the matchlog keyword in this command and the log keyword in the permit or deny AR...

Page 250: ... arp inspection filter vlan global configuration command the ACL overrides the DHCP bindings Some denied packets might not be logged unless you explicitly specify the deny ip any mac any log ACE at the end of the ARP ACL Examples This example shows how to configure ARP inspection on VLAN 1 to log packets that match the permit commands in the ACL Switch config arp access list test1 Switch config ar...

Page 251: ...es For any DHCP snooping configuration to take effect you must globally enable DHCP snooping DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan vlan id global configuration command Examples This example shows how to enable DHCP snooping Switch config ip dhcp snooping You can verify your settings by entering the show ip dhcp snooping user EXEC command...

Page 252: ...he interface to which the binding applies and the VLAN to which the interface belongs The database can have up to 8192 bindings Use the show ip dhcp snooping binding privileged EXEC command to display only the configured bindings Use the show ip source binding privileged EXEC command to display the dynamically and statically configured bindings Examples This example shows how to generate a DHCP bi...

Page 253: ...mmands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN show ip dhcp snooping binding Displays the dynamically configured bindings in the DHCP snooping binding database and the configuration information show ip source binding Displays the dynamically and statically configured bindings in the DHCP snooping binding database ...

Page 254: ...the database agent or the binding file is in the flash memory Optional Use the number parameter to specify the stack member number of the stack master The range for number is 1 to 9 ftp user password host filename Specify that the database agent or the binding file is on an FTP server http username password hostname host ip directory image name tar Specify that the database agent or the binding fi...

Page 255: ...he ip dhcp snooping database timeout command to 0 seconds and the database is being written to a TFTP file if the TFTP server goes down the database agent continues to try the transfer indefinitely No other transfer can be initiated while this one is in progress This might be inconsequential because if the server is down no file can be written to it Use the no ip dhcp snooping database command to ...

Page 256: ...ntifier vlan mod port from which the packet is received circuit ID suboption The switch forwards the DHCP request that includes the option 82 field to the DHCP server When the DHCP server receives the packet it can use the remote ID the circuit ID or both to assign IP addresses and implement policies such as restricting the number of IP addresses that can be assigned to a single remote ID or a cir...

Page 257: ...apter 2 Catalyst 3750 Switch Cisco IOS Commands ip dhcp snooping information option Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration show ip dhcp snooping binding Displays the DHCP snooping binding information ...

Page 258: ... also want to enable DHCP security features such as DHCP snooping IP source guard or dynamic Address Resolution Protocol ARP inspection on an aggregation switch However if DHCP snooping is enabled on the aggregation switch the switch drops packets with option 82 information that are received on an untrusted port and does not learn DHCP snooping bindings for connected devices on a trusted interface...

Page 259: ... check the option 82 information in untrusted packets from an edge switch and to accept the packets Switch config ip dhcp snooping information option allow untrusted You can verify your settings by entering the show ip dhcp snooping user EXEC command Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration show ip dhcp snooping binding Displays the DHCP s...

Page 260: ... enable DHCP snooping by using the ip dhcp snooping global configuration command for any DHCP snooping configuration to take effect When the option 82 feature is enabled the default remote ID suboption is the switch MAC address This command allows you to configure either the switch hostname or a string of up to 63 ASCII characters but no spaces to be the remote ID Note If the hostname exceeds 63 c...

Page 261: ...Cisco IOS Commands ip dhcp snooping information option format remote id Related Commands Command Description ip dhcp snooping vlan information option format type circuit id string Configures the option 82 circuit ID suboption show ip dhcp snooping Displays the DHCP snooping configuration ...

Page 262: ...r value If the rate limit is exceeded the interface is error disabled If you enabled error recovery by entering the errdisable recovery dhcp rate limit global configuration command the interface retries the operation again when all the causes have timed out If the error recovery mechanism is not enabled the interface stays in the error disabled state until you enter the shutdown and no shutdown in...

Page 263: ...sabled Command Modes Interface configuration Command History Usage Guidelines Configure as trusted ports those that are connected to a DHCP server or to other switches or routers Configure as untrusted ports those that are connected to DHCP clients Examples This example shows how to enable DHCP snooping trust on a port Switch config if ip dhcp snooping trust You can verify your settings by enterin...

Page 264: ...acket that is received on untrusted ports matches the client hardware address in the packet Command Modes Global configuration Command History Usage Guidelines In a service provider network when a switch receives a packet from a DHCP client on an untrusted port it automatically verifies that the source MAC address and the DHCP client hardware address match If the addresses match the switch forward...

Page 265: ...g on a VLAN Examples This example shows how to enable DHCP snooping on VLAN 10 Switch config ip dhcp snooping vlan 10 You can verify your settings by entering the show ip dhcp snooping user EXEC command Related Commands vlan range Specify a VLAN ID or a range of VLANs on which to enable DHCP snooping The range is 1 to 4094 You can enter a single VLAN ID identified by VLAN ID number a series of VLA...

Page 266: ...s the default circuit ID Command Modes Interface configuration Command History Usage Guidelines You must globally enable DHCP snooping by using the ip dhcp snooping global configuration command for any DHCP snooping configuration to take effect When the option 82 feature is enabled the default circuit ID suboption is the switch VLAN and the port identifier in the format vlan mod port This command ...

Page 267: ...it id string customerABC 250 0 0 You can verify your settings by entering the show ip dhcp snooping user EXEC command Note The show ip dhcp snooping user EXEC command only displays the global command output including a remote ID configuration It does not display any per interface per VLAN string that you have configured for the circuit ID Related Commands Command Description ip dhcp snooping infor...

Page 268: ...s Interface configuration Command History Usage Guidelines You can apply IGMP filters only to Layer 2 physical interfaces you cannot apply IGMP filters to routed ports switch virtual interfaces SVIs or ports that belong to an EtherChannel group An IGMP profile can be applied to one or more switch port interfaces but one port can have only one profile applied to it Examples This example shows how t...

Page 269: ...show ip dhcp snooping statistics Displays the characteristics of the specified IGMP profile show running config interface interface id Displays the running configuration on the switch interface including the IGMP profile if any that is applied to an interface For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration Fil...

Page 270: ...GMP maximum groups for routed ports switch virtual interfaces SVIs or ports that belong to an EtherChannel group Follow these guidelines when configuring the IGMP throttling action If you configure the throttling action as deny and set the maximum group limitation the entries that were previously in the forwarding table are not removed but are aged out After these entries are aged out when the max...

Page 271: ...e new group for which the IGMP report was received when the maximum number of entries is in the forwarding table Switch config interface gigabitethernet2 0 1 Switch config if ip igmp max groups action replace You can verify your setting by using the show running config privileged EXEC command and by specifying an interface Related Commands Command Description show running config interface interfac...

Page 272: ...mmands deny specifies that matching addresses are denied this is the default condition exit exits from igmp profile configuration mode no negates a command or resets to its defaults permit specifies that matching addresses are permitted range specifies a range of IP addresses for the profile This can be a single IP address or a range with a start and an end address When entering a range enter the ...

Page 273: ...st 3750 Switch Cisco IOS Commands ip igmp profile Related Commands Command Description ip igmp filter Applies the IGMP profile to the specified interface show ip dhcp snooping statistics Displays the characteristics of all IGMP profiles or the specified IGMP profile number ...

Page 274: ...bal configuration Command History Usage Guidelines When IGMP snooping is enabled globally it is enabled in all the existing VLAN interfaces When IGMP snooping is globally disabled it is disabled on all the existing VLAN interfaces VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Examples This example shows how to globally enable IGMP snooping Swi...

Page 275: ... suppression Enables IGMP report suppression show ip dhcp snooping statistics Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snooping mrouter Displays the IGMP snooping router ports show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch ...

Page 276: ...ng is disabled on all the existing VLAN interfaces VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Configuring the leave timer on a VLAN overrides the global setting The IGMP configurable leave time is only supported on devices running IGMP Version 2 The configuration is saved in NVRAM Examples This example shows how to globally enable the IGMP ...

Page 277: ...escription ip igmp snooping Enables IGMP snooping on the switch or on a VLAN ip igmp snooping vlan immediate leave Enables IGMP Immediate Leave processing ip igmp snooping vlan mrouter Configures a Layer 2 port as a multicast router port ip igmp snooping vlan static Configures a Layer 2 port as a member of a group show ip igmp snooping Displays the IGMP snooping configuration ...

Page 278: ...ticast enabled device Command Modes Global configuration Command History vlan vlan id Optional Enable IGMP snooping and the IGMP querier function on the specified VLAN The range is 1 to 1001 and 1006 to 4094 address ip address Optional Specify a source IP address If you do not specify an IP address the querier tries to use the global IP address configured for the IGMP querier max response time res...

Page 279: ...ooping Examples This example shows how to globally enable the IGMP snooping querier feature Switch config ip igmp snooping querier This example shows how to set the IGMP snooping querier maximum response time to 25 seconds Switch config ip igmp snooping querier max response time 25 This example shows how to set the IGMP snooping querier interval time to 60 seconds Switch config ip igmp snooping qu...

Page 280: ...uter query to multicast devices When IGMP router suppression is enabled the default the switch sends the first IGMP report from all hosts for a group to all the multicast routers The switch does not send the remaining IGMP reports for the group to the multicast routers This feature prevents duplicate reports from being sent to the multicast devices If the multicast router query includes requests o...

Page 281: ...Catalyst 3750 Switch Cisco IOS Commands ip igmp snooping report suppression Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN ...

Page 282: ... stops after receiving 1 general query If you set the count to 7 the flooding of multicast traffic due to the TCN event lasts until 7 general queries are received Groups are relearned based on the general queries received during the TCN event Use the ip igmp snooping tcn query solicit global configuration command to enable the switch to send the global leave message whether or not it is the spanni...

Page 283: ... snooping tcn Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN ip igmp snooping tcn flood Specifies flooding on an interface as the IGMP snooping spanning tree TCN behavior show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN ...

Page 284: ...affic is flooded to all the ports until two general queries are received If the switch has many ports with attached hosts that are subscribed to different multicast groups the flooding might exceed the capacity of the link and cause packet loss You can change the flooding query count by using the ip igmp snooping tcn flood query count count global configuration command Examples This example shows ...

Page 285: ...Modes Global configuration Command History Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping You should configure the Immediate Leave feature only when there is a maximum of one receiver on every port in the VLAN The configuration is saved in NVRAM The Immediate Leave feature is supported only with IGMP Version 2 hosts Examples Th...

Page 286: ... snooping report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snooping mrouter Displays the IGMP snooping router ports show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch ...

Page 287: ...nnot be used in IGMP snooping The CGMP learn method is useful for reducing control traffic The configuration is saved in NVRAM vlan id Enable IGMP snooping and add the port in the specified VLAN as the multicast router port The range is 1 to 1001 and 1006 to 4094 interface interface id Specify the next hop interface to the multicast router The keywords have these meanings fastethernet interface nu...

Page 288: ...ch config ip igmp snooping vlan 1 mrouter learn cgmp You can verify your settings by entering the show ip igmp snooping privileged EXEC command Related Commands Command Description ip igmp snooping report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snoopi...

Page 289: ...5 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping The configuration is saved in NVRAM Examples This example shows how to statically configure a host on an interface Switch config ip igmp snooping vlan 1 static 0100 5e02 0203 interface gigabitethernet1 0 1 Configuring port gigabitethernet1 0 1 on group 0100 5e02 0203 You can verify your settings by entering the show i...

Page 290: ...oping report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snooping mrouter Displays the IGMP snooping router ports show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch ...

Page 291: ...e ip snap forwarding global configuration command to enable forwarding of IPv4 and IPv6 frames with SNAP encapsulation If a switch that is joining the stack does not support forwarding of IPv4 and IPv6 frames with SNAP encapsulation all the switches in the stack do not forward the IPv4 and IPv6 frames and this forwarding feature is disabled Examples This example shows how to enable forwarding of I...

Page 292: ...nging only the IP address the switch updates the entry instead creating a new one Examples This example shows how to add a static IP source binding Switch config ip source binding 0001 1234 1234 vlan 1 172 20 50 5 interface gigabitethernet1 0 1 This example shows how to add a static binding and then modify the IP address for it Switch config ip source binding 0001 1357 0007 vlan 1 172 20 50 25 int...

Page 293: ...apter 2 Catalyst 3750 Switch Cisco IOS Commands ip source binding show ip source binding Displays the IP source bindings on the switch show ip verify source Displays the IP source guard configuration on the switch or on a specific interface Command Description ...

Page 294: ...specify a keyword the SSH server selects the latest SSH version supported by the SSH client For example if the SSH client supports SSHv1 and SSHv2 the SSH server selects SSHv2 The switch supports an SSHv1 or an SSHv2 server It also supports an SSHv1 client For more information about the SSH server and the SSH client see the software configuration guide for this release A Rivest Shamir and Adelman ...

Page 295: ...on for the SSH server For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Security Command Reference Release 12 2 Other Security Features Secure Shell Commands show ssh Displays the status of the SSH server For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Security Command Reference Rele...

Page 296: ...ticky ARP is enabled on the switch the default If you enter the ip sticky arp interface configuration command it does not take effect If you enter the no ip sticky arp interface configuration command you do not disable sticky ARP on an interface Note We recommend that you use the show arp privileged EXEC command to display and verify private VLAN interface ARP entries If you disconnect the switch ...

Page 297: ...when sticky ARP is disabled on the switch Examples To disable sticky ARP Switch config no ip sticky arp You can verify your settings by using the show arp privileged EXEC command Related Commands Command Description arp Adds a permanent entry in the ARP table For syntax information see the Cisco IOS IP Addressing Services Command Reference Release 12 4 ARP Commands show arp Displays the entries in...

Page 298: ...on SVIs and Layer 3 interfaces These entries do not age out The ip sticky arp interface configuration command is only supported on Layer 3 interfaces SVIs belonging to normal VLANs SVIs belonging to private VLANs On a Layer 3 interface or on an SVI belonging to a normal VLAN Use the sticky arp interface configuration command to enable sticky ARP Use the no sticky arp interface configuration comman...

Page 299: ...rdware address type global configuration command to add a private VLAN ARP entry Use the no sticky arp global configuration command to disable sticky ARP on the switch Use the no sticky arp interface configuration command to disable sticky ARP on an interface Examples To enable sticky ARP on a normal SVI Switch config if ip sticky arp To disable sticky ARP on a Layer 3 interface or an SVI Switch c...

Page 300: ...on command To enable IP source guard with source IP and MAC address filtering you must enable port security on the interface Examples This example shows how to enable IP source guard with source IP address filtering Switch config if ip verify source This example shows how to enable IP source guard with source IP and MAC address filtering Switch config if ip verify source port security You can veri...

Page 301: ...ry Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch The ipv6 access list command is similar to the ip access list command except that it is IPv6 specific Note IPv6 ACLs are defined by a unique name IPv6 does not support numbered ACLs An IPv4 ACL and an IPv6 ACL cannot share the same...

Page 302: ...d ACLs but only inbound IPv6 ACLs to Layer 2 interfaces for port ACLs Note An IPv6 ACL applied to an interface with the ipv6 traffic filter command filters traffic that is forwarded by the switch and does not filter traffic generated by the switch Examples This example puts the switch in IPv6 access list configuration mode and configures the IPv6 ACL named list2 and applies the ACL to outbound tra...

Page 303: ... Command Description deny IPv6 access list configuration Sets deny conditions for an IPv6 access list ipv6 traffic filter Filters incoming or outgoing IPv6 traffic on an interface permit IPv6 access list configuration Sets permit conditions for an IPv6 access list show ipv6 access list Displays the contents of all current IPv6 access lists ...

Page 304: ...nter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch The ipv6 address dhcp interface configuration command allows any interface to dynamically learn its IPv6 address by using the DHCP protocol The rapid commit keyword enables the use of the two message exchange for address allocation and other configuration If it is enabled the client includes the ...

Page 305: ...and Modes Interface configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Use the ipv6 dhcp client request vendor interface configuration to request a vendor specific option When enabled the command is checked only when an IPv6 address is acquired from DHCP ...

Page 306: ...he default is 0 Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch The DHCPv6 server pings a pool address before assigning the address to a requesting client If the ping is unanswered the server assumes with a high probability that th...

Page 307: ...isco IOS Commands ipv6 dhcp ping packets Related Commands Command Description clear ipv6 dhcp conflict Clears an address conflict from the DHCPv6 server database show ipv6 dhcp conflict Displays address conflicts found by a DHCPv6 server or reported through a DECLINE message from a client ...

Page 308: ...guration mode These configuration commands are available address prefix IPv6 prefix sets an address prefix for address assignment This address must be in hexadecimal using 16 bit values between colons lifetime t1 t2 sets a valid and a preferred time interval in seconds for the IPv6 address The range is 5 to 4294967295 seconds The valid default is 2 days The preferred default is 1 day The valid lif...

Page 309: ...nfigured options The link address keyword allows matching a link address without necessarily allocating an address You can match the pool from multiple relays by using multiple link address configuration commands inside a pool Because a longest match is performed on either the address pool information or the link information you can configure one pool to allocate addresses and another pool on a su...

Page 310: ...rence OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands ipv6 dhcp pool Related Commands Command Description ipv6 dhcp server Enables DHCPv6 service on an interface show ipv6 dhcp pool Displays DHCPv6 configuration pool information ...

Page 311: ...v6 DHCP packet is received by the server the server determines if it was received from a DHCP relay or if it was directly received from the client If the packet was received from a relay the server verifies the link address field inside the packet associated with the first relay that is closest to the client The server matches this link address against all address prefix and link address configura...

Page 312: ...quest message to the server from which the message was received If the allow hint keyword is specified the server allocates a valid client suggested address in the solicit and request messages The prefix address is valid if it is in the associated local prefix address pool and it is not assigned to a device If the allow hint keyword is not specified the server ignores the client hint and an addres...

Page 313: ... global configuration command and reload the switch When MLD snooping is globally disabled it is disabled on all the existing VLAN interfaces When you globally enable MLD snooping it is enabled on all VLAN interfaces that are in the default state enabled VLAN configuration will override global configuration on interfaces on which MLD snooping has been disabled If MLD snooping is globally disabled ...

Page 314: ...ipv6 mld snooping This example shows how to disable MLD snooping on a VLAN Switch config no ipv6 mld snooping vlan 11 You can verify your settings by entering the show ipv6 mld snooping user EXEC command Related Commands Command Description sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configura...

Page 315: ...ual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch In MLD snooping the IPv6 multicast router periodically sends out queries to hosts belonging to the multicast group If a host wants to leave a multicast group it can silently leave or it can respond to the query with a Multicast Listener Done message equivalent to an IG...

Page 316: ...t the last listener query count for VLAN 10 Switch config ipv6 mld snooping vlan 10 last listener query count 3 You can verify your settings by entering the show ipv6 mld snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query interval Sets IPv6 MLD snooping last listener query interval sdm prefer Configures an SDM template to optimize sys...

Page 317: ...l count is used Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch In MLD snooping when the IPv6 multicast router receives an MLD leave message it sends out queries to hosts belonging to the multicast group If there are no responses f...

Page 318: ...e last listener query interval for VLAN 1 to 5 5 seconds Switch config ipv6 mld snooping vlan 1 last listener query interval 5500 You can verify your settings by entering the show ipv6 MLD snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query count Sets IPv6 MLD snooping last listener query count sdm prefer Configures an SDM template to ...

Page 319: ...sage suppression to be disabled Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch MLD snooping listener message suppression is equivalent to IGMP snooping report suppression When enabled received MLDv1 reports to a group are forwarde...

Page 320: ...ommands ipv6 mld snooping listener message suppression Related Commands Command Description ipv6 mld snooping Enables IPv6 MLD snooping sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configuration ...

Page 321: ...address is 0 which means that the system uses the global robustness variable for aging out the listener Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Robustness is measured in terms of the number of MLDv1 queries sent with no res...

Page 322: ... example shows how to configure the robustness variable for VLAN 1 This value overrides the global configuration for the VLAN Switch config ipv6 mld snooping vlan 1 robustness variable 1 You can verify your settings by entering the show ipv6 MLD snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query count Sets IPv6 MLD snooping last liste...

Page 323: ...sabled When enabled the default flood query count is 2 Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Examples This example shows how to enable TCN query soliciting Switch config ipv6 mld snooping tcn query solicit This example sh...

Page 324: ... 2 Catalyst 3750 Switch Cisco IOS Commands ipv6 mld snooping tcn Related Commands Command Description sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configuration ...

Page 325: ...ulticast router ports Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch You should only configure the Immediate Leave feature when there is only one receiver on every port in the VLAN The configuration is saved in NVRAM The static ke...

Page 326: ...to enable MLD Immediate Leave processing on VLAN 1 Switch config ipv6 mld snooping vlan 1 immediate leave This example shows how to disable MLD Immediate Leave processing on VLAN 1 Switch config no ipv6 mld snooping vlan 1 immediate leave This example shows how to configure a port as a multicast router port Switch config ipv6 mld snooping vlan 1 mrouter interface gigabitethernet1 01 2 This example...

Page 327: ...nd History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch You can use the ipv6 traffic filter command on physical interfaces Layer 2 or Layer 3 ports Layer 3 port channels or switch virtual interfaces SVIs You can apply an ACL to outbound or inbound traffic on Layer 3 interfaces p...

Page 328: ...fig interface gigabitethernet1 0 1 Switch config if no switchport Switch config if ipv6 address 2001 64 eui 64 Switch config if ipv6 traffic filter cisco in Related Commands Command Description ipv6 access list Defines an IPv6 access list and sets deny or permit conditions for the defined access list show ipv6 access list Displays the contents of all current IPv6 access lists show ipv6 interface D...

Page 329: ...f Layer 2 protocol packets l2protocol tunnel Enable point to multipoint tunneling of CDP STP and VTP packets cdp Optional Enable tunneling of CDP specify a shutdown threshold for CDP or specify a drop threshold for CDP stp Optional Enable tunneling of STP specify a shutdown threshold for STP or specify a drop threshold for STP vtp Optional Enable tunneling or VTP specify a shutdown threshold for V...

Page 330: ...r for all three protocols Caution PAgP LACP and UDLD tunneling is only intended to emulate a point to point topology An erroneous configuration that sends tunneled packets to many ports could lead to a network failure Enter the shutdown threshold keyword to control the number of protocol packets per second that are received on an interface before it shuts down When no protocol option is specified ...

Page 331: ...h config if l2protocol tunnel stp Switch config if l2protocol tunnel drop threshold stp 400 This example shows how to enable point to point protocol tunneling for PAgP and UDLD packets and to configure the PAgP drop threshold as 1000 packets per second Switch config if l2protocol tunnel point to point pagp Switch config if l2protocol tunnel point to point udld Switch config if l2protocol tunnel dr...

Page 332: ...ckets Command Modes Global configuration Command History Usage Guidelines When enabled the tunneled Layer 2 protocol packets use this CoS value The value is saved in NVRAM Examples This example shows how to configure a Layer 2 protocol tunnel CoS value of 7 Switch config l2protocol tunnel cos 7 Related Commands value Specify CoS priority value for tunneled Layer 2 protocol packets If a CoS value i...

Page 333: ...risons a numerically lower value has a higher priority When there are more than eight ports in an LACP channel group the eight ports with the numerically lowest values highest priority values for LACP port priority are bundled into the channel group and the lower priority ports are put in hot standby mode If two or more ports have the same LACP port priority for example they are configured with th...

Page 334: ...t2 0 1 Switch config if lacp port priority 1000 You can verify your settings by entering the show lacp channel group number internal privileged EXEC command Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group lacp system priority Configures the LACP system priority show lacp channel group number internal Displays internal information for all channel...

Page 335: ... Port priorities on the other switch the noncontrolling end of the link are ignored In priority comparisons numerically lower values have higher priority Therefore the system with the numerically lower value higher priority value for LACP system priority becomes the controlling system If both switches have the same LACP system priority for example they are both configured with the default setting ...

Page 336: ...50 Switch Cisco IOS Commands lacp system priority Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group lacp port priority Configures the LACP port priority show lacp sys id Displays the system identifier that is being used by LACP ...

Page 337: ...on command to disable the location TLV The location TLV is enabled by default For more information see the Configuring LLDP and LLDP MED chapter of the software configuration guide for this release Examples This example shows how to configure civic location information on the switch Switch config location civic location identifier 1 Switch config civic number 3550 Switch config civic primary road ...

Page 338: ...ergency location information on the switch Switch config location elin location 14085553881 identifier 1 You can verify your settings by entering the show location elin privileged EXEC command Related Commands Command Description location interface configuration Configures the location information for an interface show location Displays the location information for an endpoint ...

Page 339: ...uration mode In this mode you can enter the additional location information Examples These examples show how to enter civic location information for an interface Switch config if interface gigabitethernet1 0 1 Switch config if location civic location id 1 Switch config if end Switch config if interface gigabitethernet2 0 1 Switch config if location civic location id 1 Switch config if end You can ...

Page 340: ...ion for an interface Switch config interface gigabitethernet2 0 2 Switch config if location elin location id 1 Switch config if end You can verify your settings by entering the show location elin interface privileged EXEC command Related Commands Command Description link state group Configures the location information for an endpoint show location Displays the location information for an endpoint ...

Page 341: ...routed port In a link state group these interfaces are bundled together The downstream interfaces are bound to the upstream interfaces Interfaces connected to servers are referred to as downstream interfaces and interfaces connected to distribution switches and network devices are referred to as upstream interfaces For more information about the interactions between the downstream and upstream int...

Page 342: ...p 2 downstream Switch config if range end Switch config if end You can verify your settings by entering the show running config privileged EXEC command Related Commands Command Description link state track Enables a link state group show link state group Displays the link state group information show running config Displays the current operating configuration For syntax information select Cisco IO...

Page 343: ...up Examples This example shows how enable link state group 2 Switch config link state track 2 You can verify your settings by entering the show running config privileged EXEC command Related Commands number Optional Specify the link state group number The group number can be 1 to 10 The default is 1 Release Modification 12 2 25 SEE This command was introduced Command Description link state track C...

Page 344: ...ing tree status trunk status Syntax Description Defaults Event logging is disabled Command Modes Interface configuration Command History Examples This example shows how to enable spanning tree logging Switch config if logging event spanning tree bundle status Enable notification of BUNDLE and UNBUNDLE messages link status Enable notification of interface data link status changes spanning tree Enab...

Page 345: ...escription Defaults Logging of PoE events is enabled Command Modes Interface configuration Command History Usage Guidelines The power inline status keyword is available only on PoE interfaces Examples This example shows how to enable logging of PoE events on a port Switch config if interface gigabitethernet1 0 1 Switch config if logging event power inline status Switch config if Related Commands p...

Page 346: ... syntax for the local flash file system on the stack member or the stack master flash From the stack master the syntax for the local flash file system on a stack member flash member number max file size Optional Specify the maximum logging file size The range is 4096 to 2147483647 nomax Optional Specify the maximum file size of 2147483647 min file size Optional Specify the minimum logging file siz...

Page 347: ...d to display its contents The command rejects the minimum file size if it is greater than the maximum file size minus 1024 the minimum file size then becomes the maximum file size minus 1024 Specifying a level causes messages at that level and numerically lower levels to be displayed Examples This example shows how to save informational log messages to a file in flash memory Switch config logging ...

Page 348: ... an IP ACL and a MAC ACL to the interface You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface If a MAC ACL is already configured on a Layer 2 interface and you apply a new MAC ACL to the interface the new ACL replaces the previously configured one If you apply an ACL to a Layer 2 interface on a switch and the switch has an input Layer 3 ACL or a VLAN...

Page 349: ...he show mac access group privileged EXEC command You can see configured ACLs on the switch by entering the show access lists privileged EXEC command Related Commands Command Description show access lists Displays the ACLs configured on the switch show link state group Displays the MAC ACLs configured on the switch show running config Displays the running configuration on the switch For syntax info...

Page 350: ...s and class maps You can apply named MAC extended ACLs to VLAN maps or to Layer 2 interfaces you cannot apply named MAC extended ACLs to Layer 3 interfaces Entering the mac access list extended command enables the MAC access list configuration mode These configuration commands are available default sets a command to its default deny specifies packets to reject For more information see the deny MAC...

Page 351: ...delete MAC named extended access list mac1 Switch config no mac access list extended mac1 You can verify your settings by entering the show access lists privileged EXEC command Related Commands Command Description deny MAC access list configuration permit MAC access list configuration Configures the MAC ACL in extended MAC access list configuration mode show access lists Displays the access lists ...

Page 352: ...creasing the time can reduce the possibility of flooding when the hosts send again If you do not specify a specific VLAN this command sets the aging time for all VLANs Examples This example shows how to set the aging time to 200 seconds for all VLANs Switch config mac address table aging time 200 You can verify your setting by entering the show mac address table aging time privileged EXEC command ...

Page 353: ...ning on a VLAN could cause flooding in the network For example if you disable MAC address learning on a VLAN with a configured switch virtual interface SVI the switch floods all IP packets in the Layer 2 domain If you disable MAC address learning on a VLAN that includes more than two ports every packet entering the switch is flooded in that VLAN domain We recommend that you disable MAC address lea...

Page 354: ... is enabled To display MAC address learning status of all VLANs or a specified VLAN enter the show mac address table learning vlan vlan id command Examples This example shows how to disable MAC address learning on VLAN 2003 Switch config no mac address table learning vlan 2003 To display MAC address learning status of all VLANs or a specified VLAN enter the show mac address table learning vlan vla...

Page 355: ...o send the MAC address table move update messages if the primary link goes down and the standby link comes up You can configure the uplink switches to receive and process the MAC address table move update messages Examples This example shows how to configure an access switch to send MAC address table move update messages Switch configure terminal Switch conf mac address table move update transmit ...

Page 356: ...ove update Related Commands Command Description clear mac address table move update Clears the MAC address table move update global counters debug matm move update Debugs the MAC address table move update message processing show mac address table move update Displays the MAC address table move update information on the switch ...

Page 357: ...ons are generated only for dynamic and secure MAC addresses Events are not generated for self addresses multicast addresses or other static addresses When you configure the history size option the existing MAC address history table is deleted and a new table is created You enable the MAC address notification feature by using the mac address table notification command You must also enable MAC addre...

Page 358: ...fig mac address table notification history size 100 You can verify your settings by entering the show mac address table notification privileged EXEC command Related Commands Command Description clear mac address table notification Clears the MAC address notification global counters show mac address table notification Displays the MAC address notification settings on all interfaces or on the specif...

Page 359: ...ket is forwarded to the specified interface Switch config mac address table static c2f3 220a 12f4 vlan 4 interface gigabitethernet6 0 1 You can verify your setting by entering the show mac address table privileged EXEC command Related Commands mac addr Destination MAC address unicast or multicast to add to the address table Packets with this destination address received in the specified VLAN are f...

Page 360: ...are also not supported If you add a unicast MAC address as a static address and configure unicast MAC address filtering the switch either adds the MAC address as a static address or drops packets with that MAC address depending on which command was entered last The second command that you entered overrides the first command For example if you enter the mac address table static mac addr vlan vlan i...

Page 361: ...When a packet is received in VLAN 4 with this MAC address as its source or destination the packet is dropped Switch config mac address table static c2f3 220a 12f4 vlan 4 drop This example shows how to disable unicast MAC address filtering Switch config no mac address table static c2f3 220a 12f4 vlan 4 You can verify your setting by entering the show mac address table static privileged EXEC command...

Page 362: ...tive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a larger string is considered a match and is replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro apply macro name command to display a list of any required values in the macro If you apply a ...

Page 363: ...elete a macro applied configuration on an interface by entering the default interface interface id interface configuration command Examples After you have created a macro by using the macro name global configuration command you can apply it to an interface This example shows how to apply a user created macro called duplex to an interface Switch config if macro apply duplex To debug a macro use the...

Page 364: ...hernet1 0 4 Switch config if macro apply cisco desktop AVID 25 Related Commands Command Description macro description Adds a description about the macros that are applied to an interface macro global Applies a macro on a switch or applies and traces a macro on a switch macro global description Adds a description about the macros that are applied to the switch macro name Creates a macro show parser...

Page 365: ...ts no macro auto execute event trigger builtin built in macro name parameter value parameter value function contents Note Beginning with Cisco IOS Release 12 2 50 SE the macro auto execute command replaces the macro name command Though not visible in the command line the macro name command is still active The command will become obsolete in a future Cisco IOS software release Syntax Description ev...

Page 366: ...es ACCESS_VLAN 1 CISCO_DOT1X_DESKTOP_AUTO_SMARTPORT Optional Specify the parameter values ACCESS_VLAN 1 CISCO_DOT1X_EASY_AUTO_SMARTPORT Optional Specify the parameter values ACCESS_VLAN 1 CISCO_DOT1X_MAB_GUEST_AUTO_SMARTPORT Optional Specify the parameter values ACCESS_VLAN 1 CISCO_DOT1X_MAB_TIMEOUT_AUTO_SMARTPORT Optional Specify the parameter values ACCESS_VLAN 1 CISCO_DOT1X_AUTH_FAIL_AUTO_SMART...

Page 367: ...a VLAN is VLAN 1 The default voice VLAN is VLAN 2 You should modify the built in macro default values if your switch uses different VLANs To view all built in macro default values use the show shell functions privileged EXEC command For 802 1x authentication or MAB configure the RADIUS server to support the Cisco attribute value av pair auto smart port event trigger to detect non Cisco devices For...

Page 368: ...tribute value pair CISCO_DMP_EVENT response from the RADIUS server and applies the macro associated with this event trigger Switch config shell trigger CISCO_DMP_EVENT Cisco DMP player Switch config macro auto execute CISCO_DMP_EVENT if LINKUP eq YES then conf t interface INTERFACE macro description TRIGGER switchport access vlan 1 switchport mode access switchport port security switchport port se...

Page 369: ...se as a conditional construct z Use as a conditional construct Variables that begin with the character are replaced with a parameter value Use the character to enter comment text Table 2 7 Unsupported Cisco IOS Shell Reserved Keywords Command Description Pipeline case Conditional construct esac Conditional construct for Looping construct function Shell function in Conditional construct select Cond...

Page 370: ...lly applies the IP phone macro The IP phone macro enables quality of service QoS security features and a dedicated voice VLAN to ensure proper treatment of delay sensitive voice traffic Auto Smartports uses event triggers to map devices to macros The most common event triggers are based on Cisco Discovery Protocol CDP messages received from connected devices The detection of a device invokes a CDP...

Page 371: ...switch and to disable the feature on a specific interface Switch config macro auto global processing Switch config interface interface_id Switch config if no macro auto processing Related Commands Command Description macro auto execute Configure mapping from an event trigger to a built in macro shell trigger Creates an event trigger show shell Displays information about event triggers and macros ...

Page 372: ...erface the description text will be from the last applied macro This example shows how to add a description to an interface Switch config if macro description duplex settings You can verify your settings by entering the show parser macro description privileged EXEC command Related Commands description text Enter a description about the macros that are applied to the specified interface Release Mod...

Page 373: ... switch Keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a larger string is considered a match and is replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro global apply macro name command to display a list of any...

Page 374: ...ve created a new macro by using the macro name global configuration command you can apply it to a switch This example shows how see the snmp macro and how to apply the macro and set the hostname to test server and set the IP precedence value to 7 Switch show parser macro name snmp Macro name snmp Macro type customizable enable port security linkup and linkdown traps snmp server enable traps port s...

Page 375: ...plies a macro on an interface or applies and traces a macro on an interface macro description Adds a description about the macros that are applied to an interface macro global description Adds a description about the macros that are applied to the switch macro name Creates a macro show parser macro Displays the macro definition for all macros or for the specified macro ...

Page 376: ...plied on a switch the description text will be from the last applied macro This example shows how to add a description to a switch Switch config macro global description udld aggressive mode enabled You can verify your settings by entering the show parser macro description privileged EXEC command Related Commands description text Enter a description about the macros that are applied to the switch ...

Page 377: ... the keywords that are available for use with the macro You can enter up to three help string keywords separated by a space If you enter more than three macro keywords only the first three are shown Macro names are case sensitive For example the commands macro name Sample Macro and macro name sample macro will result in two separate macros When creating a macro do not use the exit or end commands ...

Page 378: ...w to display the mandatory keyword values before you apply the macro to an interface Switch config interface gigabitethernet1 0 1 Switch config if macro apply test WORD keyword to replace with a value e g VLANID MAX cr Switch config if macro apply test VLANID WORD Value of first keyword to replace Switch config if macro apply test VLANID 2 WORD keyword to replace with a value e g VLANID MAX cr Swi...

Page 379: ...one access list name or number others are optional You can match packets against one or more access lists Matching any of the lists counts as a match of the entry In access map configuration mode use the match command to define the match conditions for a VLAN map applied to a VLAN Use the action command to set the action that occurs when the packet matches the conditions Packets are matched only a...

Page 380: ...ify your settings by entering the show vlan access map privileged EXEC command Related Commands Command Description access list Configures a standard numbered ACL For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands action Specifies the action to be taken if the packet matches an entry in an access control list ACL ip ...

Page 381: ...ex or name Number or name of an IP standard or extended access control list ACL or MAC ACL For an IP standard ACL the ACL index range is 1 to 99 and 1300 to 1999 For an IP extended ACL the ACL index range is 100 to 199 and 2000 to 2699 input interface interface id list Specify the physical ports to which the interface level class map in a hierarchical policy map applies This command can only be us...

Page 382: ...called class3 which matches all the incoming traffic with IP precedence values of 5 6 and 7 Switch config class map class3 Switch config cmap match ip precedence 5 6 7 Switch config cmap exit This example shows how to delete the IP precedence match criteria and to classify traffic using acl1 Switch config class map class2 Switch config cmap match ip precedence 5 6 7 Switch config cmap no match ip ...

Page 383: ...plex to auto so that the feature operates correctly When auto MDIX and autonegotiation of speed and duplex is enabled on one or both of connected interfaces link up occurs even if the cable type straight through or crossover is incorrect Auto MDIX is supported on all 10 100 and 10 100 1000 Mb s interfaces and on 10 100 1000BASE TX small form factor pluggable SFP module interfaces It is not support...

Page 384: ...licy maps are configured The default port trust state on all ports is untrusted The default ingress and egress queue settings are in effect Command Modes Global configuration Command History Usage Guidelines QoS must be globally enabled to use QoS classification policing mark down or drop queueing and traffic shaping features You can create a policy map and attach it to a port before entering the ...

Page 385: ...2 355 Catalyst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands mls qos Related Commands Command Description show mls qos Displays QoS information ...

Page 386: ...t ASIC device which controls more than one physical port supports 256 policers 255 user configurable policers plus 1 policer reserved for internal use The maximum number of user configurable policers supported per port is 63 Policers are allocated on demand by the software and are constrained by the hardware and ASIC boundaries You cannot reserve policers per port there is no guarantee that a port...

Page 387: ...the mls qos aggregate policer global configuration command For more information see the software configuration guide for this release Examples This example shows how to define the aggregate policer parameters and how to apply the policer to multiple classes in a policy map Switch config mls qos aggregate policer agg_policer1 1000000 1000000 exceed action drop Switch config policy map policy2 Switc...

Page 388: ...cket does not have a CoS value You also can assign a default CoS and DSCP value to all incoming packets by using the override keyword Use the override keyword when all incoming packets on certain ports deserve higher or lower priority than packets entering from other ports Even if a port is previously set to trust DSCP CoS or IP precedence this command overrides the previously configured trust sta...

Page 389: ... qos trust cos Switch config if mls qos cos 4 This example shows how to assign all the packets entering a port to the default port CoS value of 4 on a port Switch config interface gigabitethernet2 0 1 Switch config if mls qos cos 4 Switch config if mls qos cos override You can verify your settings by entering the show mls qos interface privileged EXEC command Related Commands Command Description s...

Page 390: ...iving port ingress mutation at the boundary of a quality of service QoS administrative domain With ingress mutation the new DSCP value overwrites the one in the packet and QoS handles the packet with this new value The switch sends the packet out the port with the new DSCP value You can configure multiple DSCP to DSCP mutation maps on ingress ports You apply the map only to DSCP trusted ports If y...

Page 391: ...mutation1 from the port and to reset the map to the default Switch config if no mls qos dscp mutation dscpmutation1 You can verify your settings by entering the show mls qos maps privileged EXEC command Related Commands Command Description mls qos map dscp mutation Defines the DSCP to DSCP mutation map mls qos trust Configures the port trust state show mls qos maps Displays QoS mapping information...

Page 392: ...he range is 0 to 63 dscp cos dscp list to cos Define the DSCP to CoS map For dscp list enter up to eight DSCP values with each value separated by a space The range is 0 to 63 Then enter the to keyword For cos enter a single CoS value to which the DSCP values correspond The range is 0 to 7 dscp mutation dscp mutation name in dscp to out dscp Define the DSCP to DSCP mutation map For dscp mutation na...

Page 393: ...ult DSCP to CoS map Table 2 10 shows the default IP precedence to DSCP map Table 2 8 Default CoS to DSCP Map CoS Value DSCP Value 0 0 1 8 2 16 3 24 4 32 5 40 6 48 7 56 Table 2 9 Default DSCP to CoS Map DSCP Value CoS Value 0 7 0 8 15 1 16 23 2 24 31 3 32 39 4 40 47 5 48 55 6 56 63 7 Table 2 10 Default IP Precedence to DSCP Map IP Precedence Value DSCP Value 0 0 1 8 2 16 3 24 4 32 5 40 6 48 7 56 ...

Page 394: ...igure terminal Switch config mls qos map policed dscp 1 2 3 4 5 6 to 0 This example shows how to define the DSCP to CoS map DSCP values 20 21 22 23 and 24 are mapped to CoS 1 DSCP values 10 11 12 13 14 15 16 and 17 are mapped to CoS 0 Switch configure terminal Switch config mls qos map dscp cos 20 21 22 23 24 to 1 Switch config mls qos map dscp cos 10 11 12 13 14 15 16 17 to 0 This example shows h...

Page 395: ... 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands mls qos map Related Commands Command Description mls qos dscp mutation Applies a DSCP to DSCP mutation map to a DSCP trusted port show mls qos maps Displays quality of service QoS mapping information ...

Page 396: ... traffic To configure different classes of traffic with different characteristics use this command with the mls qos queue set output qset id threshold global configuration command Note The egress queue default settings are suitable for most situations You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution qset id ...

Page 397: ...abitethernet2 0 1 Switch config if queue set 2 You can verify your settings by entering the show mls qos interface interface id buffers or the show mls qos queue set privileged EXEC command Related Commands Command Description mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation to a ...

Page 398: ...ich defines all the characteristics of the four egress queues per port The range is 1 to 2 queue id Specific queue in the queue set on which the command is performed The range is 1 to 4 drop threshold1 drop threshold2 Two WTD thresholds expressed as a percentage of the allocated memory of the queue The range is 1 to 3200 percent reserved threshold Amount of memory to be guaranteed reserved for the...

Page 399: ...priving other queues and to decide whether to grant buffer space to a requesting queue The switch decides whether the target queue has not consumed more buffers than its reserved amount under limit whether it has consumed all of its maximum buffers over limit and whether the common pool is empty no free buffers or not empty free buffers If the queue is not over limit the switch can allocate buffer...

Page 400: ...going packet is the same as that in the incoming packet Note Enabling DSCP transparency does not affect the port trust settings on IEEE 802 1Q tunneling ports By default DSCP transparency is disabled The switch modifies the DSCP field in an incoming packet and the DSCP field in the outgoing packet is based on the quality of service QoS configuration including the port trust setting policing and ma...

Page 401: ... to change the DSCP value of the incoming IP packet Switch config mls qos Switch config mls qos rewrite ip dscp You can verify your settings by entering the show running config include rewrite privileged EXEC command Related Commands Command Description mls qos Enables QoS globally show mls qos Displays QoS information show running config include rewrite Displays the DSCP transparency setting For ...

Page 402: ...andwidth weight global configuration command Then SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr queue input bandwidth weight1 weight2 global configuration command You specify which ingress queue is the priority queue by using the mls qos srr queue input priority queue global configuration command Examples T...

Page 403: ...u can verify your settings by entering the show mls qos interface interface id queueing or the show mls qos input queue privileged EXEC command Related Commands Command Description mls qos srr queue input buffers Allocates the buffers between the ingress queues mls qos srr queue input cos map Maps class of service CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID m...

Page 404: ...uffer space to ingress queue 2 Switch config mls qos srr queue input buffers 60 40 You can verify your settings by entering the show mls qos interface interface id buffers or the show mls qos input queue privileged EXEC command Related Commands percentage1 percentage2 Percentage of buffers allocated to ingress queues 1 and 2 The range is 0 to 100 Separate each value with a space Release Modificati...

Page 405: ... OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands mls qos srr queue input buffers show mls qos input queue Displays ingress queue settings show mls qos interface buffers Displays quality of service QoS information Command Description ...

Page 406: ...ut cos map Syntax Description Defaults Table 2 12 shows the default CoS input queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 2 cos1 cos8 Map CoS values to an ingress queue For cos1 cos8 enter up to eight values and separate each value with a space The range is 0 to 7 threshold threshold id cos1 cos8 Map Co...

Page 407: ... 5 to ingress queue 1 and to threshold ID 2 with a drop threshold of 70 percent Switch config mls qos srr queue input cos map queue 1 threshold 1 0 1 2 3 Switch config mls qos srr queue input cos map queue 1 threshold 2 4 5 Switch config mls qos srr queue input threshold 1 50 70 You can verify your settings by entering the show mls qos maps privileged EXEC command Related Commands Command Descript...

Page 408: ...input dscp map Syntax Description Defaults Table 2 13 shows the default DSCP input queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 2 dscp1 dscp8 Map DSCP values to an ingress queue For dscp1 dscp8 enter up to eight values and separate each value with a space The range is 0 to 63 threshold threshold id dscp1...

Page 409: ...It maps DSCP values 20 to 26 to ingress queue 1 and to threshold 2 with a drop threshold of 70 percent Switch config mls qos srr queue input dscp map queue 1 threshold 1 0 1 2 3 4 5 6 Switch config mls qos srr queue input dscp map queue 1 threshold 2 20 21 22 23 24 25 26 Switch config mls qos srr queue input threshold 1 50 70 You can verify your settings by entering the show mls qos maps privilege...

Page 410: ...f the bandwidth on the stack ring which reduces the delay and jitter under heavy network traffic on an oversubscribed stack when there is more traffic than the backplane can carry and the queues are full and dropping frames The amount of bandwidth that can be guaranteed is restricted because a large value affects the entire stack and can degrade the stack performance Shaped round robin SRR service...

Page 411: ...idth 4 4 You can verify your settings by entering the show mls qos interface interface id queueing or the show mls qos input queue privileged EXEC command Related Commands Command Description mls qos srr queue input bandwidth Assigns shaped round robin SRR weights to an ingress queue mls qos srr queue input buffers Allocates the buffers between the ingress queues mls qos srr queue input cos map Ma...

Page 412: ...er packets assigned to threshold 2 continue to be queued and sent as long as the second threshold is not exceeded Each queue has two configurable explicit drop threshold and one preset implicit drop threshold full You configure the CoS to threshold map by using the mls qos srr queue input cos map global configuration command You configure the DSCP to threshold map by using the mls qos srr queue in...

Page 413: ...ress queues mls qos srr queue input cos map Maps class of service CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps Differentiated Services Code Point DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures the ingress priority queue and guarantees b...

Page 414: ...s map Syntax Description Defaults Table 2 14 shows the default CoS output queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 4 cos1 cos8 Map CoS values to an egress queue For cos1 cos8 enter up to eight values and separate each value with a space The range is 0 to 7 threshold threshold id cos1 cos8 Map CoS val...

Page 415: ...and 70 percent of the allocated memory guarantees reserves 100 percent of the allocated memory and configures 200 percent as the maximum memory that this queue can have before packets are dropped Switch config mls qos srr queue output cos map queue 1 threshold 1 0 1 2 3 Switch config mls qos queue set output 1 threshold 1 50 70 100 200 Switch config interface gigabitethernet2 0 1 Switch config if ...

Page 416: ...ap Syntax Description Defaults Table 2 15 shows the default DSCP output queue threshold map Command Modes Global configuration Command History queue queue id Specify a queue number For queue id the range is 1 to 4 dscp1 dscp8 Map DSCP values to an egress queue For dscp1 dscp8 enter up to eight values and separate each value with a space The range is 0 to 63 threshold threshold id dscp1 dscp8 Map D...

Page 417: ...or queue 1 to 50 and 70 percent of the allocated memory guarantees reserves 100 percent of the allocated memory and configures 200 percent as the maximum memory that this queue can have before packets are dropped Switch config mls qos srr queue output dscp map queue 1 threshold 1 0 1 2 3 Switch config mls qos queue set output 1 threshold 1 50 70 100 200 Switch config interface gigabitethernet2 0 1...

Page 418: ...sify traffic When a port is configured with trust DSCP or trust IP precedence and the incoming packet is a non IP packet the CoS to DSCP map is used to derive the corresponding DSCP value from the CoS value The CoS can be the packet CoS for trunk ports or the port default CoS for nontrunk ports cos Optional Classify an ingress packet by using the packet CoS value For an untagged packet use the por...

Page 419: ...e incoming voice and data packets and assigns the default CoS value to them For an inter QoS domain boundary you can configure the port to the DSCP trusted state and apply the DSCP to DSCP mutation map if the DSCP values are different between the QoS domains Classification using a port trust state for example mls qos trust cos dscp ip precedence and a policy map for example service policy input po...

Page 420: ...interface level of the hierarchical policy map When you configure hierarchical policing the hierarchical policy map is attached to the SVI and affects all traffic belonging to the VLAN The individual policer in the interface level traffic classification only affects the physical ports specified for that classification For detailed instructions about configuring hierarchical policy maps see the Cla...

Page 421: ...nitor session session_number destination interface interface id encapsulation replicate ingress dot1q vlan vlan id isl untagged vlan vlan id vlan vlan id remote vlan vlan id no monitor session session_number filter vlan vlan id no monitor session session_number source interface interface id both rx tx vlan vlan id both rx tx remote vlan vlan id Syntax Description session_number Specify the session...

Page 422: ...on session The range is 2 to 1001 and 1006 to 4094 The RSPAN VLAN cannot be VLAN 1 the default VLAN or VLAN IDs 1002 to 1005 reserved for Token Ring and FDDI VLANs Optional Specify a series of interfaces or VLANs or separate a range of interfaces or VLANs from a previous range Enter a space before and after the comma Optional Specify a range of interfaces or VLANs Enter a space before and after th...

Page 423: ...ivate VLAN port cannot be configured as a SPAN destination port You can monitor individual ports while they participate in an EtherChannel or you can monitor the entire EtherChannel bundle by specifying the port channel number as the RSPAN source interface A port used as a destination port cannot be a SPAN or RSPAN source nor can a port be a destination port for more than one session at a time You...

Page 424: ... config monitor session 1 filter vlan 100 110 This example shows how to configure RSPAN source session 1 to monitor multiple source interfaces and to configure the destination RSPAN VLAN 900 Switch config monitor session 1 source interface gigabitethernet1 0 1 Switch config monitor session 1 source interface port channel 2 tx Switch config monitor session 1 destination remote vlan 900 Switch confi...

Page 425: ...iption remote span Configures an RSPAN VLAN in vlan configuration mode show monitor Displays SPAN and RSPAN session information show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 426: ...this command to remove a statically configured IP multicast address or contiguous addresses or when no IP address is entered to remove all statically configured MVR IP multicast addresses count Optional Configure multiple contiguous MVR group addresses The range is 1 to 256 the default is 1 mode Optional Specify the MVR mode of operation The default is compatible mode compatible Set MVR mode to pr...

Page 427: ...s on MVR source ports MVR can coexist with IGMP snooping on a switch Multicast routing and MVR cannot coexist on a switch If you enable multicast routing and a multicast routing protocol while MVR is enabled MVR is disabled and a warning message appears If you try to enable MVR while multicast routing and a multicast routing protocol are enabled the operation to enable MVR is cancelled with an Err...

Page 428: ...Configures MVR ports show mvr Displays MVR global parameters or port parameters show mvr interface Displays the configured MVR interfaces with their type status and Immediate Leave configuration Also displays all MVR groups of which the interface is a member show mvr members Displays all ports that are members of an MVR multicast group if the group has no members its status is shown as Inactive ...

Page 429: ...ve feature of MVR on a port Use the no mvr immediate command to disable the feature type Optional Configure the port as an MVR receiver port or a source port The default port type is neither an MVR source nor a receiver port The no mvr type command resets the port as neither a source or a receiver port receiver Configure the port as a subscriber port that can only receive multicast data Receiver p...

Page 430: ...age is received the receiver port is removed from multicast group membership which speeds up leave latency The Immediate Leave feature should be enabled only on receiver ports to which a single receiver device is connected The mvr vlan group command statically configures ports to receive multicast traffic sent to the IP multicast address A port statically configured as a member of group remains a ...

Page 431: ...nables and configures multicast VLAN registration on the switch show mvr Displays MVR global parameters or port parameters show mvr interface Displays the configured MVR interfaces or displays the multicast groups to which a receiver port belongs Also displays all MVR groups of which the interface is a member show mvr members Displays all receiver ports that are members of an MVR multicast group ...

Page 432: ...ot apply the switchport voice vlan command on the interface If switchport voice vlan vlan id is already configured on an interface you can apply a network policy profile on the interface The interface then has the voice or voice signaling VLAN network policy profile applied on the interface Examples This example shows how to apply network policy profile 60 to an interface Switch config interface_i...

Page 433: ...lobal configuration command to create a profile and to enter network policy profile configuration mode To return to the privileged EXEC mode from the network policy profile configuration mode enter the exit command When you are in network policy profile configuration mode you can create the profile for voice and voice signalling by specifying the values for VLAN class of service CoS differentiated...

Page 434: ...rk policy profile global configuration Related Commands Command Description network policy Applies a network policy to an interface network policy profile network policy configuration Configures the attributes of network policy profiles show network policy profile Displays the configured network policy profiles ...

Page 435: ...eractive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security through isolation from data applications The voice signaling application type is for network topologies that require a different policy for voice signaling than for voice media This application type should not be advertised if all the same network policies apply as those adv...

Page 436: ...o configure the voice application type for VLAN 100 with a DSCP value of 34 Switch config network policy profile 1 Switch config network policy voice vlan 100 dscp 34 This example shows how to configure the voice application type for the native VLAN with priority tagging Switch config network policy voice vlan dot1p cos 4 Related Commands Command Description network policy Applies a network policy...

Page 437: ...figuration Command History Usage Guidelines Use the nmsp global configuration command to enable the switch to send NMSP location and attachment notifications to a Cisco Mobility Services Engine MSE Examples This example shows how to enable NMSP on a switch and set the location notification time to 10 seconds Switch config nmsp enable Switch config nmsp notification interval location 10 enable Enab...

Page 438: ...alyst 3750 Switch Cisco IOS Commands nmsp Related Commands Command Description clear nmsp statistics Clears the NMSP statistic counters nmsp attachment suppress Suppresses reporting attachment information from a specified interface show nmsp Displays the NMSP information ...

Page 439: ...iption This command has no arguments or keywords Defaults This command has no default setting Command Modes Interface configuration Command History Usage Guidelines Use the nmsp attachment suppress interface configuration command to configure an interface to not send location and attachment notifications to a Cisco Mobility Services Engine MSE Examples This example shows how to configure an interf...

Page 440: ...ess The switch supports Cisco NSF for OSPF and EIGRP protocols When NSF is enabled and a stack master switchover is detected the NSF capable routers rebuild routing information from NSF aware or NSF capable neighbors and do not wait for a restart Examples This example shows how to enable OSPF NSF Switch config router ospf 100 Switch config router nsf Use the show ip ospf privileged EXEC command to...

Page 441: ...ces that only support address learning by physical ports such as the Catalyst 1900 switch When the link partner to the switch is a physical learner we recommend that you configure the switch as a physical port learner by using the pagp learn method physical port interface configuration command and to set the load distribution method based on the source MAC address by using the port channel load ba...

Page 442: ...Switch config if pagp learn method aggregation port You can verify your settings by entering the show running config privileged EXEC command or the show pagp channel group number internal privileged EXEC command Related Commands Command Description pagp port priority Selects a port over which all traffic through the EtherChannel is sent show pagp Displays PAgP channel group information show runnin...

Page 443: ...rt keyword is provided in the command line interface CLI The pagp learn method and the pagp port priority interface configuration commands have no effect on the switch hardware but they are required for PAgP interoperability with devices that only support address learning by physical ports such as the Catalyst 1900 switch When the link partner to the switch is a physical learner we recommend that ...

Page 444: ...pagp learn method Provides the ability to learn the source address of incoming packets show pagp Displays PAgP channel group information show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 445: ...c mask any host target mac target mac target mac mask log Syntax Description Defaults There are no default settings Command Modes ARP access list configuration request Optional Requests a match for the ARP request When request is not specified matching is performed against all ARP packets ip Specify the sender IP address any Accept any IP or MAC address host sender ip Accept the specified sender I...

Page 446: ...nfig arp access list static hosts Switch config arp nacl permit ip host 1 1 1 1 mac host 0000 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Release Modification 12 2 20 SE This command was introduced Command Description arp access list Defines an ARP access control list ACL deny ARP access list config...

Page 447: ... label reflect and routing keywords are not supported Internet Control Message Protocol permit icmp source ipv6 prefix prefix length any host source ipv6 address operator port number destination ipv6 prefix prefix length any host destination ipv6 address operator port number icmp type icmp code icmp message dscp value log log input sequence value time range name Transmission Control Protocol permi...

Page 448: ... not equal and range inclusive range If the operator is positioned after the source ipv6 prefix prefix length argument it must match the source port If the operator is positioned after the destination ipv6 prefix prefix length argument it must match the destination port The range operator requires two port numbers All other operators require one port number The optional port number argument is a d...

Page 449: ...ange is from 1 to 4294967295 time range name Optional Specify the time range that applies to the permit statement The name of the time range and its restrictions are specified by the time range and absolute or periodic commands respectively icmp type Optional Specify an ICMP message type for filtering ICMP packets ICMP packets can be filtered by the ICMP message type The type is a number from 0 to...

Page 450: ...it permit icmp any any nd na permit icmp any any nd ns and deny ipv6 any any statements as its last match conditions The two permit conditions allow ICMPv6 neighbor discovery To disallow ICMPv6 neighbor discovery and to deny icmp any any nd na or icmp any any nd ns there must be an explicit deny entry in the ACL For the implicit deny ipv6 any any statement to take effect an IPv6 ACL must contain a...

Page 451: ... 64 any Switch config ipv6 acl permit udp 2001 0DB8 0300 0201 64 any Switch config ipv6 acl deny FE80 0 0 0201 64 any Switch config ipv6 acl permit icmp any any Switch config ipv6 acl exit Switch config ipv6 access list INBOUND Switch config ipv6 acl permit icmp any any Switch config ipv6 acl exit Switch config interface gigabitethernet1 0 3 Switch config if no switchport Switch config if ipv6 add...

Page 452: ...ommands Command Description ipv6 access list Defines an IPv6 access list and enters IPv6 access list configuration mode ipv6 traffic filter Filters incoming or outgoing IPv6 traffic on an interface deny IPv6 access list configuration Sets deny conditions for an IPv6 access list show ipv6 access list Displays the contents of all current IPv6 access lists ...

Page 453: ... a host MAC address and optional subnet mask If the source address for a packet matches the defined address non IP traffic from that address is denied host dst MAC addr dst MAC addr mask Define a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied type mask Optional Use the Ethertype number of...

Page 454: ...p lsap number mask Optional Use the LSAP number 0 to 65535 of a packet with 802 2 encapsulation to identify the protocol of the packet The mask is a mask of don t care bits applied to the LSAP number before testing for a match mop console Optional Select EtherType DEC MOP Remote Console mop dump Optional Select EtherType DEC MOP Dump msdos Optional Select EtherType DEC MSDOS mumps Optional Select ...

Page 455: ...raffic from any source to MAC address 00c0 00a0 03fa Traffic matching this list is allowed Switch config ext macl permit any host 00c0 00a0 03fa netbios This example shows how to remove the permit condition from the MAC named extended access list Switch config ext macl no permit any 00c0 00a0 03fa 0000 0000 0000 netbios This example permits all packets with Ethertype 0x4321 Switch config ext macl ...

Page 456: ...sical port supports 256 policers 255 user configurable policers plus 1 policer reserved for internal use The maximum number of user configurable policers supported per port is 63 Policers are allocated on demand by the software and are constrained by the hardware and ASIC boundaries You cannot reserve policers per port There is no guarantee that a port will be assigned to any policer To return to ...

Page 457: ...policy map policy1 Switch config pmap class class1 Switch config pmap c trust dscp Switch config pmap c police 1000000 20000 exceed action drop Switch config pmap c exit This example shows how to configure a policer which marks down the DSCP values with the values defined in policed DSCP map and sends the packet Switch config policy map policy2 Switch config pmap class class2 Switch config pmap c ...

Page 458: ...s 255 user configurable policers plus 1 policer reserved for internal use The maximum number of user configurable policers supported per port is 63 Policers are allocated on demand by the software and are constrained by the hardware and ASIC boundaries You cannot reserve policers per port There is no guarantee that a port will be assigned to any policer You set aggregate policer parameters by usin...

Page 459: ...r1 Switch config pmap c exit Switch config pmap class class2 Switch config pmap c set dscp 10 Switch config pmap c police aggregate agg_policer1 Switch config pmap c exit Switch config pmap class class3 Switch config pmap c trust dscp Switch config pmap c police aggregate agg_policer2 Switch config pmap c exit You can verify your settings by entering the show mls qos aggregate policer privileged E...

Page 460: ...he specified class map For more information see the class section on page 2 67 description describes the policy map up to 200 characters exit exits policy map configuration mode and returns you to global configuration mode no removes a previously defined policy map rename renames the current policy map To return to global configuration mode use the exit command To return to privileged EXEC mode us...

Page 461: ...policy map If you want these changes to occur the hierarchical policy map must first be removed from the SVI For more information about hierarchical policy maps see the Policing on SVIs section in the Configuring QoS chapter of the software configuration guide for this release Examples This example shows how to create a policy map called policy1 When attached to the ingress port it matches all the...

Page 462: ...pmap class cm non int Switch config pmap c set dscp 7 Switch config pmap c service policy pm test int Switch config pmap class cm non int 2 Switch config pmap c set dscp 15 Switch config pmap c service policy pm test int Switch config pmap c end Switch config cmap exit Switch config interface vlan 10 Switch config if service policy input pm test pm 2 This example shows how to delete policymap2 Swi...

Page 463: ...e load distribution method to dst mac Switch config port channel load balance dst mac You can verify your setting by entering the show running config privileged EXEC command or the show etherchannel load balance privileged EXEC command dst ip Load distribution is based on the destination host IP address dst mac Load distribution is based on the destination host MAC address Packets to the same dest...

Page 464: ...cription interface port channel Accesses or creates the port channel show etherchannel Displays EtherChannel information for a channel show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 465: ...the max max wattage option to disallow higher power powered devices With this configuration when the powered device sends Cisco Discovery Protocol CDP messages requesting more power than the maximum wattage the switch removes power from the port If the powered device IEEE class maximum is greater than the maximum wattage the switch does not power the device The power is reclaimed into the global p...

Page 466: ...witch cannot pre allocate power when a port is in static mode for example because the entire power budget is already allocated to other auto or static ports this message appears Command rejected power inline static pwr not available The port configuration remains unchanged When you configure a port by using the power inline auto or the power inline static interface configuration command the port a...

Page 467: ... power inline Related Commands Command Description logging event power inline status Enables the logging of PoE events show controllers power inline Displays the values in the registers of the specified PoE controller show power inline Displays the PoE status for the specified PoE port or for all PoE ports ...

Page 468: ...d device IEEE classification If the powered device is a Class 0 class status unknown or a Class 3 the switch budgets 15400 milliwatts for the device regardless of the actual amount of power needed If the powered device reports a higher class than its actual consumption or does not support power classification defaults to Class 0 the switch can power fewer devices because it uses the IEEE class inf...

Page 469: ...port that does not support PoE an error message appears In a switch stack this command is supported on all switches or ports in the stack that support PoE Examples By using the global configuration command this example shows how to configure the switch to budget 5000 milliwatts to each PoE port Switch config power inline consumption default 5000 CAUTION Interface Gi1 0 1 Misconfiguring the power i...

Page 470: ...t is serviced until empty before the other queues are serviced Follow these guidelines when the expedite queue is enabled or the egress queues are serviced based on their SRR weights If the egress expedite queue is enabled it overrides the SRR shaped and shared weights for queue 1 If the egress expedite queue is disabled and the SRR shaped and shared weights are configured the shaped mode override...

Page 471: ...25 Switch config if no priority queue out You can verify your settings by entering the show mls qos interface interface id queueing or the show running config privileged EXEC command Related Commands Command Description show mls qos interface queueing Displays the queueing strategy SRR priority queueing the weights corresponding to the queues and the CoS to egress queue map srr queue bandwidth sha...

Page 472: ...private VLAN you should not change the VTP mode to client or server VTP does not propagate private VLAN configuration You must manually configure private VLANs on all switches in the Layer 2 network to merge their Layer 2 databases and to prevent flooding of private VLAN traffic You cannot include VLAN 1 or VLANs 1002 to 1005 in the private VLAN configuration Extended VLANs VLAN IDs 1006 to 4094 c...

Page 473: ...rimary VLAN is the VLAN that carries traffic from a gateway to customer end stations on private ports Configure Layer 3 VLAN interfaces SVIs only for primary VLANs You cannot configure Layer 3 VLAN interfaces for secondary VLANs SVIs for secondary VLANs are inactive while the VLAN is configured as a secondary VLAN The private vlan commands do not take effect until you exit from VLAN configuration ...

Page 474: ...ig vlan 502 Switch config vlan private vlan community Switch config vlan exit Switch config vlan 503 Switch config vlan private vlan community Switch config vlan exit Switch config vlan 20 Switch config vlan private vlan association 501 503 Switch config vlan end You can verify your setting by entering the show vlan private vlan or show interfaces status privileged EXEC command Related Commands Co...

Page 475: ...re Layer 3 VLAN interfaces for secondary VLANs SVIs for secondary VLANs are inactive while the VLAN is configured as a secondary VLAN The secondary_vlan_list parameter cannot contain spaces It can contain multiple comma separated items Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs The list can contain one isolated VLAN and multiple community VLANs Traffic that...

Page 476: ...itch config vlan end This example shows how to permit routing of secondary VLAN traffic from secondary VLANs 303 to 305 and 307 through VLAN 20 SVI Switch configure terminal Switch interface vlan 20 Switch config if private vlan mapping 303 305 307 Switch config vlan end You can verify your setting by entering the show interfaces private vlan mapping privileged EXEC command Related Commands Comman...

Page 477: ...1 Switch config if queue set 2 You can verify your settings by entering the show mls qos interface interface id buffers privileged EXEC command Related Commands qset id ID of the queue set Each port belongs to a queue set which defines all the characteristics of the four egress queues per port The range is 1 to 2 Release Modification 12 1 11 AX This command was introduced Command Description mls q...

Page 478: ...the default seconds value that is from 10 to 60 seconds Use the radius server retransmit retries global configuration command to specify the number of times the switch tries to reach the radius servers before considering the servers to be unavailable The switch dynamically determines the default tries value that is from 10 to 100 The seconds parameter is less than or equal to the number of retrans...

Page 479: ...ies the number of times that the switch tries to reach the RADIUS servers before considering the servers to be unavailable For syntax information select Cisco IOS Security Command Reference Release 12 2 Server Security Protocols RADIUS Commands radius server timeout seconds Specifies the time in seconds during which the switch waits for a RADIUS server to respond before the IEEE 802 1x authenticat...

Page 480: ...server acct port udp port Optional Specify the UDP port for the RADIUS accounting server The range is from 0 to 65536 auth port udp port Optional Specify the UDP port for the RADIUS authentication server The range is from 0 to 65536 test username name Optional Enable automatic server testing of the RADIUS server status and specify the username to be used idle time time Optional Set the interval of...

Page 481: ... automated testing of the RADIUS server status specify the username to be used and configure a key string Switch config radius server host 1 1 1 2 acct port 800 auth port 900 test username aaafail idle time 75 key abc123 You can verify your settings by entering the show running config privileged EXEC command Related Commands Command Description dot1x critical global configuration Configures the pa...

Page 482: ...e this command at user level on the cluster command switch the cluster member switch is accessed at user level If you use this command on the cluster command switch at privileged level the command accesses the remote device at privileged level If you use an intermediate enable level lower than privileged access to the cluster member switch is at user level For Catalyst 1900 and 2820 switches runni...

Page 483: ...ter member switches inherited the password of the cluster command switch when they joined the cluster Examples This example shows how to start a session with member 3 All subsequent commands are directed to member 3 until you enter the exit command or close the session Switch rcommand 3 Switch 3 show version Cisco Internet Operating System Software Switch 3 exit Switch Related Commands Command Des...

Page 484: ...eload the switch stack Switch config reload System configuration has been modified Save yes no y Proceed to reload the whole Stack confirm y This example shows how to reload a specific stack member Switch config reload slot 6 Proceed with reload confirm y This example shows how to reload a single switch switch stack there is only one member switch Switch config reload slot 3 System configuration h...

Page 485: ...witch Cisco IOS Commands reload Related Commands Command Description rcommand Accesses a specific stack member switch Changes the stack member priority value switch renumber Changes the stack member number show switch Displays information about the switch stack and its stack members ...

Page 486: ...member or to the switch stack Examples This example shows how to execute the undebug command on the switch stack Switch config remote command all undebug all Switch 1 All possible debugging has been turned off Switch 5 All possible debugging has been turned off Switch 9 All possible debugging has been turned off This example shows how to execute the debug udld event command on stack member 5 Switc...

Page 487: ...ch Cisco IOS Commands remote command Related Commands Command Description reload Accesses a specific stack member switch Changes the stack member priority value switch renumber Changes the stack member number show switch Displays information about the switch stack and its stack members ...

Page 488: ...se privileged EXEC command If VLAN Trunking Protocol VTP is enabled the RSPAN feature is propagated by VTP for VLAN IDs that are lower than 1005 If the RSPAN VLAN ID is in the extended range you must manually configure intermediate switches those in the RSPAN VLAN between the source switch and the destination switch Before you configure the RSPAN remote span command use the vlan global configurati...

Page 489: ...ows how to remove the RSPAN feature from a VLAN Switch config vlan 901 Switch config vlan no remote span You can verify your settings by entering the show vlan remote span user EXEC command Related Commands Command Description monitor session Enables Switched Port Analyzer SPAN and RSPAN monitoring on a port and configures a port as a source or destination port vlan global configuration Changes to...

Page 490: ...abase validation none You can verify your settings by entering the show ip dhcp snooping database privileged EXEC command flash number filen ame Optional Specify that the database agent or the binding file is in the flash memory Use the number parameter to specify the stack member number of the stack master The range for number is 1 to 9 ftp user password host filename Optional Specify that the da...

Page 491: ...co IOS Commands renew ip dhcp snooping database Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN ip dhcp snooping binding Configures the DHCP snooping binding database show ip dhcp snooping database Displays the status of the DHCP snooping database agent ...

Page 492: ...CP pool to preconfigured reservations Unreserved addresses that are part of the network or on pool ranges are not offered to the client and other clients are not served by the pool By entering this command users can configure a group of switches with DHCP pools that share a common IP subnet and that ignore requests from clients of other switches To access DHCP pool configuration mode enter the ip ...

Page 493: ...463 Catalyst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands reserved only Related Commands Command Description show ip dhcp pool Displays the DHCP address pools ...

Page 494: ...2 464 Catalyst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands reserved only ...

Page 495: ...ed Command Modes Interface configuration Command History Usage Guidelines The RMON statistics collection command is based on hardware counters Examples This example shows how to collect RMON statistics for the owner root Switch config interface gigabitethernet2 0 1 Switch config if rmon collection stats 2 owner root You can verify your setting by entering the show rmon statistics privileged EXEC c...

Page 496: ...ccess control lists ACLs Use this template if you have a large number of ACLs default Sets the switch to use the default template On Catalyst 3750 12S switches use with the desktop keyword to set the switch to the default desktop template Use the no sdm prefer command to set a desktop switch to the default desktop template or to set an aggregator switch to the default aggregator template dual ipv4...

Page 497: ... 3750 12S and you change the template from an aggregator template to a desktop template and reload the switch the entire stack operates with the selected desktop template This could cause configuration losses if the number of ternary content addressable memory TCAM entries exceeds the desktop template sizes If you change the template on a Catalyst 3750 12S master from a desktop template to an aggr...

Page 498: ...ates for a desktop or aggregator switch Table 2 17 Approximate Number of Feature Resources Allowed by IPv4Templates Resource Desktop Templates Aggregator Templates Access Default Routing VLAN Access Default Routing VLAN Unicast MAC addresses 4 K 6 K 3 K 12 K 6 K 6 K 6 K 12 K Internet Group Management Protocol IGMP groups and multicast routes 1 K 1 K 1 K 1 K 1 K 1 K 1 K 1 K Unicast routes 6 K 8 K 1...

Page 499: ... a desktop switch this is the default desktop template Switch config no sdm prefer Switch config exit Switch reload This example shows how to configure the desktop default template on an aggregator switch Switch config sdm prefer default desktop Switch config exit Switch reload You can verify your settings by entering the show sdm prefer privileged EXEC command Related Commands IPv4 policy based r...

Page 500: ...ssword only by agreeing to return to the default configuration To use the password recovery procedure a user with physical access to the switch holds down the Mode button while the unit powers up and for a second or two after the LED above port 1X turns off When the button is released the system continues with initialization If the password recovery mechanism is disabled this message appears The p...

Page 501: ...tch When you enter the service password recovery or no service password recovery command on the stack master it is propagated throughout the stack and applied to all switches in the stack You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command Examples This example shows how to disable password recovery on a switch or switch stack so that a u...

Page 502: ... on the port If VLAN based QoS is enabled by using the mls qos vlan based interface configuration command on a physical port the switch removes the previously configured port based policy map After a hierarchical policy map is configured and applied on an SVI the interface level policy map takes effect on the interface You can apply a policy map to incoming traffic on a physical port or on an SVI ...

Page 503: ...re terminal Enter configuration commands one per line End with CNTL Z Switch config class map cm interface 1 Switch config cmap match input gigabitethernet3 0 1 gigabitethernet3 0 2 Switch config cmap exit Switch config policy map port plcmap Switch config pmap class map cm interface 1 Switch config pmap c police 900000 9000 exc policed dscp transmit Switch config pmap c exit Switch config pmap ex...

Page 504: ...Creates or modifies a policy map that can be attached to multiple ports to specify a service policy show policy map Displays QoS policy maps show running config Displays the running configuration on the switch For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 505: ...cessor 1 keyword to change to the controller command line interface See the Cisco Wireless LAN Controller Configuration Guide Release 4 0 for controller configuration information Examples This example shows how to access member 6 Switch config session 6 Switch 6 This example shows how to access the controller on member 2 which is a Catalyst 3750G wireless LAN controller switch standalone or stack ...

Page 506: ...tch Cisco IOS Commands session Related Commands Command Description reload Reloads the member and puts a configuration change into effect switch Changes the member priority value switch renumber Changes the member number show switch Displays information about the stack and its members ...

Page 507: ...g appears as set ip precedence in the switch configuration The set command is mutually exclusive with the trust policy map class configuration command within the same policy map For the set dscp new dscp or the set ip precedence new precedence command you can enter a mnemonic name for a commonly used value For example you can enter the set dscp af11 command which is the same as entering the set ds...

Page 508: ...map exit You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description class Defines a traffic classification match criteria through the police set and trust policy map class configuration commands for the specified class map name police Defines a policer for classified traffic policy map Creates or modifies a policy map that can be attac...

Page 509: ...and facility or the configure privileged EXEC command Help text is provided for each prompt To access help text press the question mark key at a prompt To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog press Ctrl C When you complete your changes the setup program shows you the configuration command script that was crea...

Page 510: ...urrent interface summary Any interface listed with OK value NO does not have a valid configuration Interface IP Address OK Method Status Protocol Vlan1 172 20 135 202 YES NVRAM up up GigabitEthernet6 0 1 unassigned YES unset up up GigabitEthernet6 0 2 unassigned YES unset up down output truncated Port channel1 unassigned YES unset up down Enter interface name used to connect to the management netw...

Page 511: ...ck to the setup without saving this config 2 Save this configuration to nvram and exit Enter your selection 2 Related Commands Command Description show running config Displays the running configuration on the switch For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands show version Displays ...

Page 512: ...ode button for a total of 10 seconds the switch configuration is deleted and the switch reboots The switch can then be configured like a new switch either through the web based Express Setup program or the CLI based setup program Note As soon as you make any change to the switch configuration including entering no at the beginning of the CLI based setup program configuration by Express Setup is no...

Page 513: ...ter 2 seconds and turn solid green after 10 seconds Caution If you hold the Mode button down for a total of 10 seconds the configuration is deleted and the switch reboots This example shows how to disable Express Setup mode Switch config no setup express You can verify that Express Setup mode is disabled by pressing the Mode button The mode LEDs do not turn solid green or begin blinking green if E...

Page 514: ...mand History Usage Guidelines Use this command to create user defined event triggers for use with the macro auto execute global configuration command To support dynamic device discovery when using 802 1x authentication configure the RADIUS authentication server to support the Cisco attribute value av pair auto smart port event trigger Examples This example shows how to create a user defined event ...

Page 515: ...witch Cisco IOS Commands shell trigger Related Commands Command Description macro auto global processing Enables Auto Smartports on a switch macro auto execute Configure mapping from an event trigger to a built in macro show shell Displays information about event triggers and macros ...

Page 516: ...plays the MAC ACLs that are configured Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed name Optional Name of the ACL number Optional ACL number The range is 1 to 2699 hardware counters Optional Display global hardware ACL statistics for switched and routed packets ipc Optional Dis...

Page 517: ...ny 70 permit ip host 10 99 75 128 any 80 permit ip host 10 38 49 0 any This is an example of output from the show access lists hardware counters command Switch show access lists hardware counters L2 ACL INPUT Statistics Drop All frame count 855 Drop All bytes count 94143 Drop And Log All frame count 0 Drop And Log All bytes count 0 Bridge Only All frame count 0 Bridge Only All bytes count 0 Bridge...

Page 518: ...rop And Log All bytes count 0 Bridge Only All frame count 0 Bridge Only All bytes count 0 Bridge Only And Log All frame count 0 Bridge Only And Log All bytes count 0 Forwarding To CPU All frame count 0 Forwarding To CPU All bytes count 0 Forwarded All frame count 514434 Forwarded All bytes count 39048748 Forwarded And Log All frame count 0 Forwarded And Log All bytes count 0 Related Commands Comma...

Page 519: ...of the download Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples These are examples of output from the show archive status command Switch show archive status IDLE No upgrade in progress Switch show archive status LOADING Upgrade in progress Switch show archive status EXTRA...

Page 520: ...ist ARP access list rose permit ip 10 101 1 1 0 0 0 255 mac any permit ip 20 3 1 0 0 0 0 255 mac any Related Commands acl name Optional Name of the ACL begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that match the expression include Optional Display includes lines that match the specified expression expression Expression in the outpu...

Page 521: ...rface interface id Optional Display all of the authentication manager details for the specified interface method method Optional Displays all clients authorized by a specified authentication method dot1x mab or webauth registrations Optional Display authentication manager registrations sessions Optional Display detail of the current authentication manager sessions for example client devices If you...

Page 522: ...dot1x Runnable methods list Handle Priority Name 3 0 dot1x This is an example of the show authentication sessions command Switch show authentication sessions Interface MAC Address Method Domain Status Session ID Gi3 45 unknown N A DATA Authz Failed 0908140400000007003651EC Gi3 46 unknown N A DATA Authz Success 09081404000000080057C274 Authc Success A method has resulted in authentication success f...

Page 523: ...uthorized By Authentication Server Vlan Policy 10 Handle 0xE0000000 Runnable methods list Method State dot1x Authc Success This is an example of the show authentication session method command for a specified method Switch show authentication sessions method mab No Auth Manager contexts match supplied criteria Switch show authentication sessions method dot1x MAC Address Domain Status Handle Interfa...

Page 524: ... show authentication authentication port control Enables manual control of the port authorization state authentication priority Adds an authentication method to the port priority list authentication timer Configures the timeout and reauthentication parameters for an 802 1x enabled port Command Description ...

Page 525: ...cy information for the Cisco IP phone To display information about the QoS configuration that might be affected by auto QoS use one of these commands show mls qos show mls qos maps cos dscp show mls qos interface interface id buffers queueing show mls qos maps cos dscp cos input q cos output q dscp cos dscp input q dscp output q show mls qos input queue show running config Examples This is an exam...

Page 526: ...hreshold 2 33 34 35 36 37 38 39 48 mls qos srr queue input dscp map queue 2 threshold 2 49 50 51 52 53 54 55 56 mls qos srr queue input dscp map queue 2 threshold 2 57 58 59 60 61 62 63 mls qos srr queue input dscp map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr queue input dscp map queue 2 threshold 3 40 41 42 43 44 45 46 47 mls qos srr queue output cos map queue 1 threshold 3 5 mls q...

Page 527: ...oliced dscp transmit interface GigabitEthernet2 0 4 switchport mode access switchport port security maximum 400 service policy input AutoQoS Police SoftPhone speed 100 duplex half srr queue bandwidth share 10 10 60 20 priority queue out auto qos voip cisco softphone interface GigabitEthernet2 0 5 switchport mode access switchport port security maximum 1999 speed 100 duplex full srr queue bandwidth...

Page 528: ...ethernet1 0 2 FastEthernet1 0 2 auto qos voip cisco softphone This is an example of output from the show auto qos command when auto QoS is disabled on the switch Switch show auto qos AutoQoS not enabled on any interface This is an example of output from the show auto qos interface interface id command when auto QoS is disabled on an interface Switch show auto qos interface gigabitethernet3 0 1 Aut...

Page 529: ...embers Table 2 21 describes each field in the display Switch show boot BOOT path list flash c3750 ipservices mz Config file flash config text Private Config file flash private config text Enable Break no Manual Boot yes HELPER path list Auto upgrade yes Switch 1 BOOT path list flash c3750 ipservices mz Config file flash config text Private Config file flash private config text Enable Break no Manu...

Page 530: ... the bootloader attempts to automatically boot up the system If it is set to anything else you must manually boot up the switch from the bootloader mode Helper path list Displays a semicolon separated list of loadable files to dynamically load during the bootloader initialization Helper files extend or patch the functionality of the bootloader Auto upgrade Displays whether the switch stack is set ...

Page 531: ... lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show cable diagnostics tdr interface interface id command on a switch other than a Catalyst 3750G 24PS or 3750G 48PS switch Switch show cable diagnostics tdr interface gigabitethernet1 0 2 TDR test last run on March 01 20 15 40 Interface Speed Local pair Pair length Remo...

Page 532: ... diagnostics tdr interface gigabitethernet1 0 2 TDR test was never issued on Gi1 0 2 Table 2 22 Fields Descriptions for the show cable diagnostics tdr Command Output Field Description Interface Interface on which TDR was run Speed Speed of connection Local pair Name of the pair of wires that TDR is testing on the local interface Pair length Location on the cable where the problem is with respect t...

Page 533: ...2 Catalyst 3750 Switch Cisco IOS Commands show cable diagnostics tdr If an interface does not support TDR this message appears TDR test is not supported on switch 1 Related Commands Command Description test cable diagnostics tdr Enables and runs TDR on an interface ...

Page 534: ...summary command CISP is not running on any interface Related Commands clients Optional Display CISP client details interface interface id Optional Display CISP information about the specified interface Valid interfaces include physical ports and port channels summary Optional Display begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines tha...

Page 535: ...command Switch show class map Class Map match all videowizard_10 10 10 10 id 2 Match access group name videowizard_10 10 10 10 Class Map match any class default id 0 Match any Class Map match all dscp5 id 3 Match ip dscp 5 Related Commands class map name Optional Display the contents of the specified class map begin Optional Display begins with the line that matches the expression exclude Optional...

Page 536: ...shows the cluster status and time since the status changed If redundancy is enabled it displays the primary and secondary command switch information Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples This is an example of output when the show cluster command is entered on th...

Page 537: ...luster command is entered on the cluster command switch that has lost connectivity with member 1 Switch show cluster Command switch for cluster Ajang Total number of members 7 Status 1 members are unreachable Time since last status change 0 days 0 hours 5 minutes Redundancy Disabled Heartbeat interval 8 Heartbeat hold time 80 Extended discovery hop count 3 This is an example of output when the sho...

Page 538: ...nd switch Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples This is an example of output from the show cluster candidates command Switch show cluster candidates Upstream MAC Address Name Device Type PortIf FEC Hops SN PortIf FEC 00d0 7961 c4c0 StLouis 2 WS C3750 12T Gi6 0 1...

Page 539: ... Fa2 1 FEC number Upstream port Fa0 24 FEC Number Hops from cluster edge 3 Hops from command device This is an example of output from the show cluster candidates detail command Switch show cluster candidates detail Device Tahiti 12 with mac address number 00d0 7961 c4c0 Device type cisco WS C3512 XL Upstream MAC address 00d0 796d 2f00 Cluster Member 1 Local port Fa0 3 FEC number Upstream port Fa0 ...

Page 540: ...C Address Name PortIf FEC Hops SN PortIf FEC State 0 0002 4b29 2e00 StLouis1 0 Up Cmdr 1 0030 946c d740 tal switch 1 Fa0 13 1 0 Gi0 1 Up 2 0002 b922 7180 nms 2820 10 0 2 1 Fa0 18 Up 3 0002 4b29 4400 SanJuan2 Gi0 1 2 1 Fa0 11 Up 4 0002 4b28 c480 GenieTest Gi0 2 2 1 Fa0 9 Up This is an example of output from the show cluster members for cluster member 3 Switch show cluster members 3 Device SanJuan2 ...

Page 541: ...Cluster member 1 Local port 10 FEC number 0 Upstream port Fa0 18 FEC Number Hops from command device 2 Device SanJuan2 with member number 3 Device type cisco WS C3750 MAC address 0002 4b29 4400 Upstream MAC address 0030 946c d740 Cluster member 1 Local port Gi6 0 1 FEC number Upstream port Fa6 0 11 FEC Number Hops from command device 2 Device GenieTest with member number 4 Device type cisco SeaHor...

Page 542: ...es This is a partial output example from the show controllers cpu interface command Switch show controllers cpu interface cpu queue frames retrieved dropped invalid hol block rpc 4523063 0 0 0 stp 1545035 0 0 0 ipc 1903047 0 0 0 routing protocol 96145 0 0 0 L2 protocol 79596 0 0 0 remote console 0 0 0 0 sw forwarding 5756 0 0 0 host 225646 0 0 0 broadcast 46472 0 0 0 cbt to spt 0 0 0 0 igmp snoopi...

Page 543: ...1 StartPtr 03A9BC00 ReadPtr 03A9BC60 WritePtrs 03A9BC60 Fifo_Flag 89800400 writeHeaderPtr 03A9BC60 Fifo2 StartPtr 038C8800 ReadPtr 038C88E0 WritePtrs 038C88E0 Fifo_Flag 88800200 writeHeaderPtr 038C88E0 Fifo3 StartPtr 03C30400 ReadPtr 03C30638 WritePtrs 03C30638 Fifo_Flag 89800400 writeHeaderPtr 03C30638 Fifo4 StartPtr 03AD5000 ReadPtr 03AD50A0 WritePtrs 03AD50A0 Fifo_Flag 89800400 writeHeaderPtr 0...

Page 544: ...ing the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed interface id The physical interface including type stack member module and port number phy Optional Display the status of the internal registers on the switch physical layer device PHY for the device or the interface T...

Page 545: ...ames 0 Excessive collisions 0 Late collisions 0 Invalid frames too large 0 VLAN discard frames 0 Valid frames too large 0 Excess defer frames 0 Invalid frames too small 0 64 byte frames 0 Valid frames too small 0 127 byte frames 0 255 byte frames 0 Too old frames 0 511 byte frames 0 Valid oversize frames 0 1023 byte frames 0 System FCS error frames 0 1518 byte frames 0 RxPortFifoFull drop frame 0 ...

Page 546: ...nt VLAN discard frames The number of frames dropped on an interface because the CFI1 bit is set Excess defer frames The number of frames that are not sent after the time exceeds the maximum packet time 64 byte frames The total number of frames sent on an interface that are 64 bytes 127 byte frames The total number of frames sent on an interface that are from 65 to 127 bytes 255 byte frames The tot...

Page 547: ...of frames that are from 128 to 255 bytes 256 to 511 byte frames The total number of frames that are from 256 to 511 bytes 512 to 1023 byte frames The total number of frames that are from 512 to 1023 bytes 1024 to 1518 byte frames The total number of frames that are from 1024 to 1518 bytes Overrun frames The total number of overrun frames received on an interface Pause frames The number of pause fr...

Page 548: ...1100 0110 1000 Receive Error Counter 0000 0000 0000 0000 Reserved Register 1 0000 0000 0000 0000 Global Status 0000 0000 0000 0000 LED Control 0100 0001 0000 0000 Manual LED Override 0000 1000 0010 1010 Extended PHY Specific Control 0000 0000 0001 1010 Disable Receiver 1 0000 0000 0000 1011 Disable Receiver 2 1000 0000 0000 0100 Extended PHY Specific Status 1000 0100 1000 0000 Auto MDIX On AdminSt...

Page 549: ...10GBASE LR 10GbE Code Byte 1 0x0 SONET SDH Code Byte 0 0x0 SONET SDH Code Byte 1 0x0 SONET SDH Code Byte 2 0x0 SONET SDH Code Byte 3 0x0 10GFC Code Byte 0 0x0 10GFC Code Byte 1 0x0 10GFC Code Byte 2 0x0 10GFC Code Byte 3 0x0 Transmission range in 10m 0x3E8 Fibre Type Fibre Type Byte 0 0x40 NDSF only Fibre Type Byte 1 0x0 Unspecified Centre Optical Wavelength in 0 01nm steps Channel 0 0x1 0xFF 0xB8...

Page 550: ...visorBroadcast 000A0F01 GeneralIO 000003F9 00000000 00000004 StackPcsInfo FFFF1000 860329BD 5555FFFF FFFFFFFF FF0FFF00 86020000 5555FFFF 00000000 StackRacInfo 73001630 00000003 7F001644 00000003 24140003 FD632B00 18E418E0 FFFFFFFF StackControlStatus 18E418E0 stackControlStatusMask FFFFFFFF TransmitBufferFreeListInfo 00000854 00000800 00000FF8 00000000 0000088A 0000085D 00000FF8 00000000 TransmitRi...

Page 551: ... 0 SneakQueue Drop Count 0 Tx Too Old Frames 0 Learning Queue Overflow Fra 0 System Fcs Error Frames 0 Learning Cam Skip Count 15 Sup Queue 0 Drop Frames 0 Sup Queue 8 Drop Frames 0 Sup Queue 1 Drop Frames 0 Sup Queue 9 Drop Frames 0 Sup Queue 2 Drop Frames 0 Sup Queue 10 Drop Frames 0 Sup Queue 3 Drop Frames 0 Sup Queue 11 Drop Frames 0 Sup Queue 4 Drop Frames 0 Sup Queue 12 Drop Frames 0 Sup Que...

Page 552: ...ugh visible on all switches this command is valid only for PoE switches It provides no information for switches that do not support PoE The output provides information that might be useful for Cisco technical support representatives troubleshooting the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contai...

Page 553: ... 1 Address 0x42 output truncated This is an example of output from the show controllers power inline command on a Catalyst 3750G 24PS switch Switch show controllers power inline Alchemy instance 0 address 0 Pending event flag N N N N N N N N N N N N Current State 00 05 10 51 61 11 Current Event 00 01 00 10 40 00 Timers 00 C5 57 03 12 20 04 B2 05 06 07 07 Error State 00 00 00 00 10 00 Error Code 00...

Page 554: ...ain output do not appear but the lines that contain Output appear Examples This is an example of output from the show controllers tcam command Switch show controllers tcam TCAM 0 Registers REV 00B30103 SIZE 00080040 ID 00000000 CCR 00000000_F0000020 RPID0 00000000_00000000 RPID1 00000000_00000000 RPID2 00000000_00000000 RPID3 00000000_00000000 asic Optional Display port ASIC TCAM information numbe...

Page 555: ... FF_FFFFFFFF_FFFFFFFF TCAM related PortASIC 1 registers LookupType 89A1C67D_24E35F00 LastCamIndex 0000FFE0 LocalNoMatch 000069E0 ForwardingRamBaseAddress 00022A00 0002FE00 00040600 0002FE00 0000D400 00000000 003FBA00 00009000 00009000 00040600 00000000 00012800 00012900 Related Commands Command Description show controllers cpu interface Displays the state of the CPU network ASIC and send and recei...

Page 556: ...n example of output from the show controllers utilization command Switch show controllers utilization Port Receive Utilization Transmit Utilization Fa1 0 1 0 0 Fa1 0 2 0 0 Fa1 0 3 0 Fa1 0 4 0 0 Fa1 0 5 0 0 Fa1 0 6 0 0 Fa1 0 7 0 0 output truncated output truncated Switch Receive Bandwidth Percentage Utilization 0 Switch Transmit Bandwidth Percentage Utilization 0 Switch Fabric Percentage Utilizatio...

Page 557: ...d Descriptions Field Description Receive Bandwidth Percentage Utilization Displays the received bandwidth usage of the switch which is the sum of the received traffic on all the ports divided by the switch receive capacity Transmit Bandwidth Percentage Utilization Displays the transmitted bandwidth usage of the switch which is the sum of the transmitted traffic on all the ports divided it by the s...

Page 558: ...including test ID test attributes and supported coverage test levels for each test and for all modules switch num Specify the switch number The range is from 1 to 9 switch all Specify all of the switches in the switch stack post Display the power on self test POST results the command output is the same as the show post command result Displays the test results detail Optional Displays the all test ...

Page 559: ... enabled monitoring test NA A I Monitoring is active Monitoring is inactive R Switch will reload after test list completion NA P will partition stack NA Test Interval Thre ID Test Name attributes day hh mm ss ms shold 1 TestPortAsicStackPortLoopback B N A 000 00 01 00 00 n a 2 TestPortAsicLoopback B D X IR not configured n a 3 TestPortAsicCam B D X IR not configured n a 4 TestPortAsicRingLoopback ...

Page 560: ...ortAsicRingLoopback OD TestMicRingLoopback OD TestPortAsicMem OD 3 N A N A 4 N A N A Switch This example shows how to display the online diagnostic test schedule for a switch This example shows how to display the online diagnostic test schedule for a switch Switch show diagnostic schedule switch 1 Current Time 14 39 49 PST Tue Jul 5 2005 Diagnostic for Switch 1 Schedule 1 To be run daily 12 00 Tes...

Page 561: ...tunnel mode LAN Port s Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 6 Po2 Switch show dot1q tunnel interface gigabitethernet1 0 1 dot1q tunnel mode LAN Port s Gi1 0 1 Related Commands interface interface id Optional Specify the interface for which to display IEEE 802 1Q tunneling information Valid interfaces include physical ports and port channels begin Optional Display begins with the line that matches the exp...

Page 562: ...not displayed but the lines that contain Output appear all summary Optional Display the IEEE 802 1x status for all ports interface interface id Optional Display the IEEE 802 1x status for the specified port including type stack member module and port number details Optional Display the IEEE 802 1x interface details statistics Optional Display IEEE 802 1x statistics for the specified port begin Opt...

Page 563: ...Violation Mode PROTECT ReAuthentication Disabled QuietPeriod 60 ServerTimeout 30 SuppTimeout 30 ReAuthPeriod 3600 Locally configured ReAuthMax 2 MaxReq 2 TxPeriod 30 RateLimitPeriod 0 output truncated This is an example of output from the show dot1x all summary user EXEC command Interface PAE Client Status Gi2 0 1 AUTH none UNAUTHORIZED Gi2 0 2 AUTH 00a0 c9b8 0072 AUTHORIZED Gi2 0 3 AUTH none UNAU...

Page 564: ...osts mode Switch show dot1x interface gigabitethernet1 0 1 details Dot1x Info for GigabitEthernet1 0 1 PAE AUTHENTICATOR PortControl AUTO ControlDirection Both HostMode SINGLE_HOST ReAuthentication Enabled QuietPeriod 60 ServerTimeout 30 SuppTimeout 30 ReAuthPeriod 3600 Locally configured ReAuthMax 2 MaxReq 2 TxPeriod 30 RateLimitPeriod 0 Guest Vlan 182 Dot1x Authenticator Client List Empty Port S...

Page 565: ...RxStart 0 RxLogoff 0 RxResp 1 RxRespID 1 RxInvalid 0 RxLenErr 0 RxTotal 2 TxReq 2 TxReqID 132 TxTotal 134 RxVersion 2 LastRxSrcMAC 00a0 c9b8 0072 Table 2 26 show dot1x statistics Field Descriptions Field Description RxStart Number of valid EAPOL start frames that have been received RxLogoff Number of EAPOL logoff frames that have been received RxResp Number of valid EAP response frames other than ...

Page 566: ...col over LAN EAPOL frames of any type that have been sent RxVersion Number of received packets in the IEEE 802 1x Version 1 format LastRxSrcMac Source MAC address carried in the most recently received EAPOL frame Table 2 26 show dot1x statistics Field Descriptions continued Field Description Command Description dot1x default Resets the IEEE 802 1x parameters to their default values ...

Page 567: ...w dtp interface command Switch show dtp interface gigabitethernet1 0 1 DTP information for GigabitEthernet1 0 1 TOS TAS TNS ACCESS AUTO ACCESS TOT TAT TNT NATIVE NEGOTIATE NATIVE Neighbor address 1 000943A7D081 Neighbor address 2 000000000000 Hello timer expiration sec state 1 RUNNING Access timer expiration sec state never STOPPED Negotiation timer expiration sec state never STOPPED Multidrop tim...

Page 568: ...kets dropped 0 nonegotiate 0 bad version 0 domain mismatches 0 bad TLVs 0 other 6320 packets output 6320 good 3160 native 3160 software encap isl 0 isl hardware native 0 output errors 0 trunk timeouts 1 link ups last link up on Mon Mar 01 1993 01 02 29 0 link downs Related Commands Command Description show interfaces trunk Displays interface trunking information ...

Page 569: ...e the show eap sessions privileged EXEC command with these keywords the command output shows this information None All active EAP sessions credentials name keyword The specified credentials profile interface interface id keyword The parameters for the specified interface method name keyword The specified EAP method transport name keyword The specified lower layer registrations Display EAP registra...

Page 570: ...e of output from the show eap sessions privileged EXEC command Switch show eap sessions Role Authenticator Decision Fail Lower layer Dot1x AuthenticaInterface Gi1 0 1 Current method None Method state Uninitialised Retransmission count 0 max 2 Timer Authenticator ReqId Retransmit timeout 30s remaining 2s EAP handle 0x5200000A Credentials profile None Lower layer context ID 0x93000004 Eap profile na...

Page 571: ...caInterface Gi1 0 1 Current method None Method state Uninitialised Retransmission count 1 max 2 Timer Authenticator ReqId Retransmit timeout 30s remaining 13s EAP handle 0x5200000A Credentials profile None Lower layer context ID 0x93000004 Eap profile name None Method context ID 0x00000000 Peer Identity None Start timeout s 1 Retransmit timeout s 30 30 Current ID 2 Available local methods None Rel...

Page 572: ...power levels children Available power levels for the entity and the PoE ports current Current power levels for the entity Optional children Current power levels for the entity and the PoE ports delta Difference between the current and available power levels for the entity Optional children Difference between the current and available power levels for the entity and the PoE ports neighbors Optional...

Page 573: ... Port 43440 Switch show energywise events Sequence 246818 References 0 1 Errors Class PN_CLASS_QUERY Action PN_ACTION_CPQR_POWERNET_QUERY_SET Reply To 8 8 8 24 43440 Sequence 246827 References 0 1 Errors Class PN_CLASS_DISCOVERY Action PN_ACTION_CPQR_POWERNET_DISCOVERY_DISCOVERY_UPDATE Reply To 8 8 8 24 43440 Switch show energywise level Levels Watts Interface Name 0 1 2 3 4 5 6 7 8 9 10 lobby 1 0...

Page 574: ... 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 Gi1 0 2 Gi1 0 2 0 0 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 Gi1 0 3 Gi1 0 3 0 0 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 Gi1 0 4 Gi1 0 4 0 0 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 15 4 output truncated Switch show energywise neighbors Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater ...

Page 575: ...resumed Gi1 0 2 Gi1 0 2 0 0 W presumed Gi1 0 3 Gi1 0 3 0 0 W presumed Gi1 0 4 Gi1 0 4 0 0 W presumed Gi1 0 5 Gi1 0 5 0 0 W presumed output truncated Switch show energywise version EnergyWise is Enabled IOS Version 12 2 50 SE EnergyWise Specification 1 0 1 Related Commands Command Description energywise global configuration Enables and configures EnergyWise on the entity energywise interface config...

Page 576: ...ches the command output shows the switch temperature states and the threshold levels If you enter the command on a switch other than these four switches the output field shows Not Applicable all Display both fan and temperature environmental status fan Display the switch fan status power Display the switch power status rps Display whether an RPS 300 Redundant Power System is connected to the switc...

Page 577: ...Output are displayed Examples This is an example of output from the show env all command entered from the master switch or a standalone switch Switch show env all FAN is OK TEMPERATURE is OK POWER is OK RPS is AVAILABLE This is an example of output from the show env fan command Switch show env fan FAN is OK This is an example of output from the show env stack command Switch show env stack SWITCH 1...

Page 578: ...witch show env temperature status Temperature Value 28 Degree Celsius Temperature State GREEN Yellow Threshold 70 Degree Celsius Red Threshold 75 Degree Celsius Table 2 27 States in the show env temperature status Command Output State Description Green The switch temperature is in the normal operating range Yellow The temperature is in the warning range You should check the external temperature ar...

Page 579: ...re physical port is error disabled if a violation occurs vlan mode The VLAN is error disabled if a violation occurs port vlan mode The entire physical port is error disabled on some ports and per VLAN error disabled on other ports Examples This is an example of output from the show errdisable detect command Switch show errdisable detect ErrDisable Reason Detection Mode arp inspection Enabled port ...

Page 580: ...config mismat Enabled port storm control Enabled port udld Enabled port vmps Enabled port Related Commands Command Description errdisable detect cause Enables error disabled detection for a specific cause or all causes show errdisable flap values Displays error condition recognition information show errdisable recovery Displays error disabled recovery timer information show interfaces status Displ...

Page 581: ...runk or Port Aggregation Protocol PAgP flap changes occur during a 30 second interval or if 5 link state link up down changes occur during a 10 second interval ErrDisable Reason Flaps Time sec pagp flap 3 30 dtp flap 3 30 link flap 5 10 Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displa...

Page 582: ...s Command Description errdisable detect cause Enables error disabled detection for a specific cause or all causes show errdisable detect Displays error disabled detection status show errdisable recovery Displays error disabled recovery timer information show interfaces status Displays interface status or a list of interfaces in error disabled state ...

Page 583: ...ontain Output are displayed Examples This is an example of output from the show errdisable recovery command Switch show errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Disabled security violatio Disabled channel misconfig Disabled vmps Disabled pagp flap Disabled dtp flap Disabled link flap Enabled l2ptguard Disabled psecure violation Disabled gbic invalid Disabled dhcp ...

Page 584: ...me left sec Gi1 0 2 link flap 279 Note Though visible in the output the unicast flood field is not valid Related Commands Command Description errdisable recovery Configures the recover mechanism variables show errdisable detect Displays error disabled detection status show errdisable flap values Displays error condition recognition information show interfaces status Displays interface status or a ...

Page 585: ...ve For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed channel group number Optional Number of the channel group The range is 1 to 48 detail Display detailed EtherChannel information load balance Display the load balance or frame distribution scheme among ports in the port channel port Display EtherChannel port inf...

Page 586: ...vice is sending Slow LACPDUs F Device is sending fast LACPDU A Device is in active mode P Device is in passive mode Local information LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi1 0 1 SA bndl 32768 0x1 0x1 0x101 0x3D Gi1 0 2 SA bndl 32768 0x0 0x1 0x0 0x3D Age of the port in the current state 01d 20h 06m 04s Port channels in the group Port channel Po1 Primary Agg...

Page 587: ...Switch show etherchannel 1 port channel Port channels in the group Port channel Po1 Primary Aggregator Age of the Port channel 01d 20h 24m 50s Logical slot port 10 1 Number of ports 2 HotStandBy port null Port state Port channel Ag Inuse Protocol LACP Ports in the Port channel Index Load Port EC state No of bits 0 00 Gi1 0 1 Active 0 0 00 Gi1 0 2 Active 0 Time since last port bundled 01d 20h 24m 4...

Page 588: ...an example of output from the show fallback profile command switch show fallback profile Profile Name dot1x www Description NONE IP Admission Rule webauth fallback IP Access Group IN default policy Profile Name dot1x www lpip Description NONE IP Admission Rule web lpip IP Access Group IN default policy Profile Name profile1 Description NONE IP Admission Rule NONE IP Access Group IN NONE append Opt...

Page 589: ...port to use web authentication as a fallback method for clients that do not support IEEE 802 1x authentication fallback profile profile Create a web authentication fallback profile ip admission rule Enable web authentication on a switch port ip admission name proxy http Enable web authentication globally on a switch show dot1x interface interface id Displays IEEE 802 1x status for the specified po...

Page 590: ...e For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show flowcontrol command Switch show flowcontrol Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper Gi2 0 1 Unsupp Unsupp off off 0 0 Gi2 0 2 desired off off off 0 0 Gi2 0 3 desired off off off 0 0...

Page 591: ... example of output from the show flowcontrol interface interface id command Switch show flowcontrol gigabitethernet2 0 2 Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper Gi2 0 2 desired off off off 0 0 Related Commands Command Description flowcontrol Sets the receive flow control state for an interface ...

Page 592: ...interface tengigabitethernet1 0 1 command for the 10 Gigabit Ethernet interface It shows the XENPAK module serial EEPROM contents For information about the EEPROM map and the field descriptions for the display see the XENPAK multisource agreement MSA at these sites http www xenpak org MSA XENPAK_MSA_R2 1 pdf http www xenpak org MSA XENPAK_MSA_R3 0 pdf interface interface id Display the IDPROM info...

Page 593: ... 10GbE Code Byte 1 0x0 SONET SDH Code Byte 0 0x0 SONET SDH Code Byte 1 0x0 SONET SDH Code Byte 2 0x0 SONET SDH Code Byte 3 0x0 10GFC Code Byte 0 0x0 10GFC Code Byte 1 0x0 10GFC Code Byte 2 0x0 10GFC Code Byte 3 0x0 Transmission range in 10m 0x3E8 Fibre Type Fibre Type Byte 0 0x40 NDSF only Fibre Type Byte 1 0x0 Unspecified Centre Optical Wavelength in 0 01nm steps Channel 0 0x1 0xFF 0xB8 Centre Op...

Page 594: ... 00 00 00 00 00 00 00 00 0x20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x30 00 00 00 00 11 5E 19 E9 BF 1B AD 98 03 9B DF 87 0x40 CC F6 45 FF 99 00 00 00 00 00 00 00 00 00 C0 48 0x50 46 D2 00 00 00 00 00 00 00 Related Commands Command Description show controllers ethernet controller Displays per interface send and receive statistics read from the hardware interface internal registers or port...

Page 595: ...is not available for VLAN IDs module number Optional Display capabilities switchport configuration or transceiver characteristics depending on preceding keyword of all interfaces on the specified stack member The range is 1 to 9 This option is not available if you enter a specific interface ID counters Optional See the show interfaces counters command description Optional Display the administrativ...

Page 596: ...physical properties of a CWDM1 or DWDM2 small form factor SFP module interface The keywords have these meanings detail Optional Display calibration properties including high and low numbers and any alarm information properties Optional Display speed duplex and inline power settings on an interface trunk Display interface trunk information If you do not specify an interface only information for act...

Page 597: ...0 0 size max drops flushes Total output drops 0 Queueing strategy fifo Output queue 0 40 size max 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 2 packets input 1040 bytes 0 no buffer Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 watchdog 0 multicast 0 pause input 0 input packets with dribble condit...

Page 598: ...nfiguration command Switch show interfaces gigabitethernet1 0 2 description Interface Status Protocol Description Gi1 0 2 up down Connects to Marketing This is an example of output from the show interfaces etherchannel command when port channels are configured on the switch Switch show interfaces etherchannel Port channel1 Age of the Port channel 03d 20h 17m 29s Logical slot port 10 1 Number of po...

Page 599: ...seTX Fa1 0 6 connected 122 11 a full a 1000 10 100BaseTX output truncated Gi1 0 1 notconnect 1 auto auto 10 100 1000BaseTX Gi1 0 2 notconnect 1 auto auto unsupported These are examples of output from the show interfaces status command for a specific interface when private VLANs are configured Port 22 is configured as a private VLAN host port It is associated with primary VLAN 20 and secondary VLAN...

Page 600: ...Appliance trust none Table 2 28 show interfaces switchport Field Descriptions Field Description Name Displays the port name Switchport Displays the administrative and operational status of the port In this display the port is in switchport mode Administrative Mode Operational Mode Displays the administrative and operational modes Administrative Trunking Encapsulation Operational Trunking Encapsula...

Page 601: ... VLAN none Administrative private vlan trunk Native VLAN tagging enabled Administrative private vlan trunk encapsulation dot1q Administrative private vlan trunk normal VLANs none Administrative private vlan trunk private VLANs none Operational private vlan 20 VLAN0020 25 VLAN0025 30 VLAN0030 35 VLAN0035 output truncated This is an example of output from the show interfaces switchport backup comman...

Page 602: ...itch Backup Interface Pairs Active Interface Backup Interface State GigabitEthernet2 0 6 GigabitEthernet2 0 8 Active Down Backup Up Vlans on Interface Gi 2 0 6 Vlans on Interface Gi 2 0 8 1 50 60 100 120 When a Flex Link interface comes up VLANs preferred on this interface are blocked on the peer interface and moved to the forwarding state on the interface that has just come up In this example if ...

Page 603: ...rning low warning low alarm A2D readouts if they differ are reported in parentheses The threshold values are uncalibrated High Alarm High Warn Low Warn Low Alarm Temperature Threshold Threshold Threshold Threshold Port Celsius Celsius Celsius Celsius Celsius Gi2 0 3 41 5 110 0 103 0 8 0 12 0 High Alarm High Warn Low Warn Low Alarm Voltage Threshold Threshold Threshold Threshold Port Volts Volts Vo...

Page 604: ...dBm dBm dBm Te1 0 1 1 9 1 0 0 5 8 2 8 5 Optical High Alarm High Warn Low Warn Low Alarm Receive Power Threshold Threshold Threshold Threshold Port dBm dBm dBm dBm dBm Te1 0 1 1 4 1 0 0 5 14 1 15 0 This is an example of output from the show interfaces tengigabitethernet interface id transceiver properties command Switch show interfaces tengigabitethernet1 0 1 transceiver properties Transceiver moni...

Page 605: ... vlan Defines private VLAN association for a host port or private VLAN mapping for a promiscuous port switchport protected Isolates unicast multicast and broadcast traffic at Layer 2 from other protected ports on the same switch switchport trunk pruning Configures the VLAN pruning eligible list for ports in trunking mode Command Description ...

Page 606: ...ncluding type stack member module and port number errors Optional Display error counters etherchannel Optional Display EtherChannel counters including octets broadcast packets multicast packets and unicast packets received and sent module switch number Optional Display counters for the specified stack member The range is from 1 to 9 depending upon the switch numbers in the stack Note In this comma...

Page 607: ...2 0 0 Fa2 0 2 520 2 0 0 Fa2 0 3 520 2 0 0 Fa2 0 4 520 2 0 0 Fa2 0 5 520 2 0 0 Fa2 0 6 520 2 0 0 Fa2 0 7 520 2 0 0 Fa2 0 8 520 2 0 0 output truncated This is an example of partial output from the show interfaces counters protocol status command for all interfaces Switch show interfaces counters protocol status Protocols allocated Vlan1 Other IP Vlan20 Other IP ARP Vlan30 Other IP ARP Vlan40 Other I...

Page 608: ...he show interfaces counters trunk command It displays trunk counters for all interfaces Switch show interfaces counters trunk Port TrunkFramesTx TrunkFramesRx WrongEncap Gi1 0 1 0 0 0 Gi1 0 2 0 0 0 Gi1 0 3 80678 4155 0 Gi1 0 4 82320 126 0 Gi1 0 5 0 0 0 output truncated Related Commands Command Description show interfaces Displays additional interface characteristics ...

Page 609: ...rs when you enter the show inventory command Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displayed Examples This is example output from the show inventory command Switch show inventory NAME 5 DESCR WS C3750G 12S PID WS C3750G 12S S VID E0 SN CAT0749R204 entity name Optional Display the ...

Page 610: ...ay statistics for forwarded dropped MAC validation failure IP validation failure access control list ACL permitted and denied and DHCP permitted and denied packets for the specified VLAN If no VLANs are specified or if a range is specified display information only for VLANs with dynamic ARP inspection enabled active You can specify a single VLAN identified by VLAN ID number a range of VLANs separa...

Page 611: ...face Trust State Rate pps Burst Interval Gi1 0 1 Untrusted 15 1 Gi1 0 2 Untrusted 15 1 Gi1 0 3 Untrusted 15 1 This is an example of output from the show ip arp inspection interfaces interface id command Switch show ip arp inspection interfaces gigabitethernet1 0 1 Interface Trust State Rate pps Burst Interval Gi1 0 1 Untrusted 15 1 This is an example of output from the show ip arp inspection log c...

Page 612: ...ssed by dynamic ARP inspection for all active VLANs Switch show ip arp inspection statistics Vlan Forwarded Dropped DHCP Drops ACL Drops 5 3 4618 4605 4 2000 0 0 0 0 Vlan DHCP Permits ACL Permits Source MAC Failures 5 0 12 0 2000 0 0 0 Vlan Dest MAC Failures IP Validation Failures 5 0 9 2000 0 0 For the show ip arp inspection statistics command the switch increments the number of forwarded packets...

Page 613: ...Validation Enabled Vlan Configuration Operation ACL Match Static ACL 5 Enabled Active second No Vlan ACL Logging DHCP Logging 5 Acl Match All Related Commands Command Description arp access list Defines an ARP ACL clear ip arp inspection log Clears the dynamic ARP inspection log buffer clear ip arp inspection statistics Clears the dynamic ARP inspection statistics ip arp inspection log buffer Conf...

Page 614: ...ooping command Switch show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs 40 42 Insertion of option 82 is enabled circuit id format vlan mod port remote id format string Option 82 on untrusted port is allowed Verification of hwaddr field is enabled Interface Trusted Rate limit pps GigabitEthernet1 0 1 yes unlimited GigabitEthernet1 0 2 yes unlimited...

Page 615: ...s Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This example shows how to display the DHCP snooping binding entries for a switch Switch show ip dhcp snooping binding MacAddress IpAddress Lease sec Type VLAN Interface 01 02 03 04 05 06 10 1 2 150 9837 dhcp snooping 20 GigabitEthern...

Page 616: ... 35 10 1 2 151 290 dhcp snooping 20 GigabitEthernet2 0 2 Total number of bindings 1 This example shows how to display the DHCP snooping binding entries on VLAN 20 Switch show ip dhcp snooping binding vlan 20 MacAddress IpAddress Lease sec Type VLAN Interface 01 02 03 04 05 06 10 1 2 150 9747 dhcp snooping 20 GigabitEthernet2 0 1 00 00 00 00 00 02 10 1 2 151 65 dhcp snooping 20 GigabitEthernet2 0 2...

Page 617: ... 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands show ip dhcp snooping binding Related Commands Command Description ip dhcp snooping binding Configures the DHCP snooping binding database show ip dhcp snooping Displays the DHCP snooping configuration ...

Page 618: ...er 300 seconds Abort Timer 300 seconds Agent Running No Delay Timer Expiry Not Running Abort Timer Expiry Not Running Last Succeded Time None Last Failed Time None Last Failed Reason No failure recorded Total Attempts 0 Startup Failures 0 Successful Transfers 0 Failed Transfers 0 Successful Reads 0 Failed Reads 0 Successful Writes 0 Failed Writes 0 Media Failures 0 detail Optional Display detailed...

Page 619: ...e to access URL Total Attempts 21 Startup Failures 0 Successful Transfers 0 Failed Transfers 21 Successful Reads 0 Failed Reads 0 Successful Writes 0 Failed Writes 21 Media Failures 0 First successful access Read Last ignored bindings counters Binding Collisions 0 Expired leases 0 Invalid interfaces 0 Unsupported vlans 0 Parse failures 0 Last Ignored Time None Total ignored bindings counters Bindi...

Page 620: ...itch show ip dhcp snooping statistics Packets Forwarded 0 Packets Dropped 0 Packets Dropped From untrusted ports 0 This is an example of output from the show ip dhcp snooping statistics detail command Switch show ip dhcp snooping statistics detail Packets Processed by DHCP Snooping 0 Packets Dropped Because IDB not known 0 Queue full 0 Interface is in errdisabled 0 Rate limit exceeded 0 Received o...

Page 621: ...guration command is not configured and a packet received on an untrusted port contained option 82 data Source mac not equal to chaddr Number of times the client MAC address field of the DHCP packet chaddr does not match the packet source MAC address and the ip dhcp snooping verify mac address global configuration command is configured Binding mismatch Number of times a RELEASE or DECLINE packet wa...

Page 622: ...t port causing a possible loop Indicates a possible network misconfiguration or misuse of trust settings on ports Packet denied by platform Number of times the packet has been denied by a platform specific registry Table 2 30 DHCP Snooping Statistics continued DHCP Snooping Statistic Description Command Description clear ip dhcp snooping Clears the DHCP snooping binding database the DHCP snooping ...

Page 623: ...thout specifying a profile number If no profile number is entered the display includes all profiles configured on the switch Switch show ip igmp profile 40 IGMP Profile 40 permit range 233 1 1 1 233 255 255 255 Switch show ip igmp profile IGMP Profile 3 range 230 9 9 0 230 9 9 0 IGMP Profile 4 permit range 229 9 9 0 229 255 255 255 Related Commands profile number Optional The IGMP profile number t...

Page 624: ...p snooping vlan 1 command It shows snooping characteristics for a specific VLAN Switch show ip igmp snooping vlan 1 Global IGMP Snooping configuration IGMP snooping Enabled IGMPv3 snooping minimal Enabled Report suppression Enabled TCN solicit query Disabled groups Optional See the show ip igmp snooping groups command mrouter Optional See the show ip igmp snooping mrouter command querier Optional ...

Page 625: ...ulticast router learning mode pim dvmrp Source only learning age timer 10 CGMP interoperability mode IGMP_ONLY Last member query interval 100 Vlan 2 IGMP snooping Enabled Immediate leave Disabled Multicast router learning mode pim dvmrp Source only learning age timer 10 CGMP interoperability mode IGMP_ONLY Last member query interval 333 output truncated Related Commands Command Description ip igmp...

Page 626: ...ooping vlan static Statically adds a Layer 2 port as a member of a multicast group show ip igmp snooping groups Displays the IGMP snooping multicast table for the switch show ip igmp snooping mrouter Displays IGMP snooping multicast router ports for the switch or for the specified multicast VLAN show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier...

Page 627: ...o 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear count Optional Display the total number of entries for the specified command options instead of the actual entries dynamic Optional Display entries learned by...

Page 628: ...ntries learned by IGMP snooping Switch show ip igmp snooping groups vlan 1 dynamic Vlan Group Type Version Port List 104 224 1 4 2 igmp v2 Gi2 0 1 Fa1 0 15 104 224 1 4 3 igmp v2 Gi2 0 1 Fa1 0 15 This is an example of output from the show ip igmp snooping groups vlan vlan id ip address command It shows the entries for the group with the specified IP address Switch show ip igmp snooping groups vlan ...

Page 629: ...ooping When multicast VLAN registration MVR is enabled the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show ip igmp snooping mroute...

Page 630: ...GMP snooping on the switch or on a VLAN ip igmp snooping vlan mrouter Adds a multicast router port ip igmp snooping vlan static Statically adds a Layer 2 port as a member of a multicast group show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN show ip igmp snooping groups Displays IGMP snooping multicast information for the switch or for the specified parameter...

Page 631: ...rier is learned in the Port field The show ip igmp snooping querier detail user EXEC command is similar to the show ip igmp snooping querier command However the show ip igmp snooping querier command displays only the device IP address most recently detected by the switch querier The show ip igmp snooping querier detail command displays the device IP address most recently detected by the switch que...

Page 632: ... version 2 source IP address 0 0 0 0 query interval sec 60 max response time sec 10 querier timeout sec 120 tcn query count 2 tcn query interval sec 10 Vlan 1 IGMP switch querier status elected querier is 1 1 1 1 on port Fa8 0 1 admin state Enabled admin version 2 source IP address 10 1 1 65 query interval sec 60 max response time sec 10 querier timeout sec 120 tcn query count 2 tcn query interval...

Page 633: ... Examples This is an example of output from the show ip source binding command Switch show ip source binding MacAddress IpAddress Lease sec Type VLAN Interface 00 00 00 0A 00 0B 11 0 0 1 infinite static 10 GigabitEthernet1 0 1 00 00 00 0A 00 0A 11 0 0 2 10000 dhcp snooping 10 GigabitEthernet1 0 1 ip address Optional Display IP source bindings for a specific IP address mac address Optional Display ...

Page 634: ... 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands show ip source binding Related Commands Command Description ip dhcp snooping binding Configures the DHCP snooping binding database ip source binding Configures static IP source bindings on the switch ...

Page 635: ... ip mac active deny all deny all 12 20 gi1 5 ip mac active 10 0 0 3 permit all 10 gi1 5 ip mac active deny all permit all 11 20 In the previous example this is the IP source guard configuration On the Gigabit Ethernet 1 interface DHCP snooping is enabled on VLANs 10 to 20 For VLAN 10 IP source guard with IP address filtering is configured on the interface and a binding exists on the interface For ...

Page 636: ...ace for the VLANs on which IP source guard is not configured On the Gigabit Ethernet 5 interface IP source guard with source IP and MAC address filtering is enabled and configured with a static IP binding but port security is disabled The switch cannot filter source MAC addresses This is an example of output on an interface on which IP source guard is disabled Switch show ip verify source gigabite...

Page 637: ...ay the IPC remote procedure statistics session all rx tx Display the IPC session statistics available only in privileged EXEC mode The keywords have these meanings all Display all the session statistics rx Display the sessions statistics for traffic that the switch receives tx Display the sessions statistics for traffic that the switch forwards verbose Optional Display detailed statistics availabl...

Page 638: ...ow to display the participating nodes Switch show ipc nodes There is 1 node in this IPC realm ID Type Name Last Last Sent Heard 10000 Local IPC Master 0 0 This example shows how to display the local IPC ports Switch show ipc ports There are 8 ports defined Port ID Type Name current peak total There are 8 ports defined 10000 1 unicast IPC Master Zone 10000 2 unicast IPC Master Echo 10000 3 unicast ...

Page 639: ... RIL port_index 0 type Reliable last sent 0 last heard 0 Msgs requested 0 Msgs returned 0 Rx Sessions Port ID Type Name 10000 7 Unicast MDFS RP Statistics port_index 0 seat_id 0x10000 last sent 0 last heard 0 No of msgs requested 180 Msgs returned 180 10000 8 Unicast Slot 1 MDFS control RIL port_index 0 seat_id 0x10000 last sent 0 last heard 0 No of msgs requested 0 Msgs returned 0 This example sh...

Page 640: ...610 Catalyst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands show ipc Related Commands Command Description clear ipc Clears the IPC multicast routing statistics ...

Page 641: ... prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Examples The following output from the show ipv6 access list command shows IPv6 access lists named inbound and outbound Router show ipv6 access list IPv6 access list inbound permit tcp any any eq bgp 8 matches sequence 10 permit tcp any any eq telnet 15 matches sequence 20 permit udp any any sequence 30 Tabl...

Page 642: ...which an incoming packet is compared to lines in an access list Access list lines are ordered from first priority lowest number for example 10 to last priority highest number for example 80 Table 2 31 show ipv6 access list Field Descriptions continued Field Description Command Description clear ipv6 access list Resets the IPv6 access list match counters ipv6 access list Defines an IPv6 access list...

Page 643: ...late enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch When you configure the DHCPv6 server to detect conflicts it uses ping The client uses neighbor discovery to detect clients and reports to the server through a DECLINE message If an address conflict is detected the address is removed from the pool and the address is not assigned until the ad...

Page 644: ...ipv6 default vlan global configuration command and reload the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show ipv6 mld snooping vlan command It shows snooping characteristics for a specific VLAN Switch show ipv6 mld snooping vlan 100...

Page 645: ...ssion Enabled TCN solicit query Disabled TCN flood query count 2 Robustness variable 3 Last listener query count 2 Last listener query interval 1000 Vlan 1 MLD snooping Disabled MLDv1 immediate leave Disabled Explicit host tracking Enabled Multicast router learning mode pim dvmrp Robustness variable 1 Last listener query count 2 Last listener query interval 1000 output truncated Vlan 951 MLD snoop...

Page 646: ...to display information only about groups that have been configured To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear vlan vlan id Optional Specif...

Page 647: ...mple of output from the show snooping address count user EXEC command Switch show ipv6 mld snooping address count Total number of multicast groups 2 This is an example of output from the show snooping address user user EXEC command Switch show ipv6 mld snooping address user Vlan Group Type Version Port List 2 FF12 3 user v2 Fa1 0 2 Gi2 0 2 Gi3 0 1 Gi4 0 3 Related Commands Command Description ipv6 ...

Page 648: ...sed in MLD snooping To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show ipv6 mld snooping mrout...

Page 649: ...cific VLAN Switch show ipv6 mld snooping mrouter vlan 100 Vlan ports 2 Gi1 0 11 dynamic Related Commands Command Description ipv6 mld snooping Enables and configures MLD snooping on the switch or on a VLAN ipv6 mld snooping vlan mrouter interface interface id static ipv6 multicast address interface interface id Configures multicast router ports for a VLAN sdm prefer Configures an SDM template to o...

Page 650: ... a router the output shows the port number on which the querier is learned in the Port field The output of the show ipv6 mld snoop querier vlan command displays the information received in response to a query message from an external or internal querier It does not display user configured VLAN values such as the snooping robustness variable on the particular VLAN This querier information is used o...

Page 651: ...uerier vlan command Switch show ipv6 mld snooping querier vlan 2 IP address FE80 201 C9FF FE40 6000 MLD version v1 Port Gi3 0 1 Max response time 1000s Related Commands Command Description ipv6 mld snooping Enables and configures IPv6 MLD snooping on the switch or on a VLAN ipv6 mld snooping last listener query cou nt Configures the maximum number of queries that the switch sends before aging out ...

Page 652: ...utes for the specified routing protocol using any of these keywords bgp isis ospf rip or displays routes for the specified type of route using any of these keywords connected local static interface interface id boot up Display the current contents of the IPv6 routing table hh mm Enter the time as a 2 digit number for a 24 hour clock Make sure to use the colons For example enter 13 32 day Enter the...

Page 653: ...ted 10 31 10 27 February 2007 R 2004 64 120 2 via FE80 A8BB CCFF FE00 9001 GigabitEthernet1 0 2 Last updated 17 23 05 22 February 2007 R 4000 64 120 2 via FE80 A8BB CCFF FE00 9001 GigabitEthernet1 0 3 Last updated 17 23 05 22 February 2007 R 5000 64 120 2 via FE80 A8BB CCFF FE00 9001 GigabitEthernet1 0 4 Last updated 17 23 05 22 February 2007 R 5001 64 120 2 via FE80 A8BB CCFF FE00 9001 GigabitEth...

Page 654: ...id command only information about the active ports on which all the parameters are configured appears If you enter the show l2protocol tunnel summary command only information about the active ports on which some or all of the parameters are configured appears Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contai...

Page 655: ...gp 1000 24249 242700 lacp 24256 242660 udld 0 897960 Gi6 0 3 cdp 134482 1344820 pagp 1000 0 242500 lacp 500 0 485320 udld 300 44899 448980 Gi6 0 4 cdp 134482 1344820 pagp 1000 0 242700 lacp 0 485220 udld 300 44899 448980 This is an example of output from the show l2protocol tunnel summary command Switch show l2protocol tunnel summary COS for Encapsulated Packets 5 Drop Threshold for Encapsulated P...

Page 656: ...ol tunnel Related Commands Command Description clear l2protocol tunnel counters Clears counters for protocol tunneling ports l2protocol tunnel Enables Layer 2 protocol tunneling for CDP STP or VTP packets on an interface l2protocol tunnel cos Configures a class of service CoS value for tunneled Layer 2 protocol packets ...

Page 657: ...put do not appear but the lines that contain Output appear Examples This is an example of output from the show lacp counters user EXEC command Table 2 32 describes the fields in the display Switch show lacp counters LACPDUs Marker Marker Response LACPDUs Port Sent Recv Sent Recv Sent Recv Pkts Err Channel group 1 channel group number Optional Number of the channel group The range is 1 to 48 counte...

Page 658: ...umber of LACP marker packets sent and received by a port Marker Response Sent and Recv The number of LACP marker response packets sent and received by a port LACPDUs Pkts and Err The number of unknown and illegal packets received by LACP for a port Table 2 33 show lacp internal Field Descriptions Field Description State State of the specific port These are the allowed values Port is in an unknown ...

Page 659: ...8 0x3 0x3C Admin Key Administrative key assigned to this port LACP automatically generates an administrative key value as a hexadecimal number The administrative key defines the ability of a port to aggregate with other ports A port s ability to aggregate with other ports is determined by the port physical characteristics for example data rate and duplex capability and configuration restrictions t...

Page 660: ... system identification is made up of the system priority and the system MAC address The first two bytes are the system priority and the last six bytes are the globally administered individual MAC address associated to the system Related Commands Command Description clear lacp Clears the LACP channel group information lacp port priority Configures the LACP port priority lacp system priority Configu...

Page 661: ...tput from the show location civic location command that displays location information for an interface Switch show location civic interface gigibitethernet2 0 1 Civic location information Identifier 1 County Santa Clara Street number 3550 Building 19 admin tag Display administrative tag or site information civic location Display civic location information elin location Display emergency location i...

Page 662: ...ity San Jose State CA Country US Ports Gi2 0 1 Identifier 2 Street number 24568 Street number suffix West Landmark Golden Gate Bridge Primary road name 19th Ave City San Francisco Country US This is an example of output from the show location elin location command that displays the emergency location information Switch show location elin location identifier 1 Elin location information Identifier 1...

Page 663: ... Catalyst 3750 Switch Cisco IOS Commands show location Related Commands Command Description location global configuration Configures the global location information for an endpoint location interface configuration Configures the location information for an interface ...

Page 664: ...isplays only those link state groups that have link state tracking enabled or that have upstream or downstream interfaces or both configured If there is no link state group configuration for a group it is not shown as enabled or disabled Expressions are case sensitive For example if you enter exclude output the lines that contain output are not displayed but the lines that contain Output are displ...

Page 665: ... 13 Dis Gi1 0 14 Dis Link State Group 2 Status Enabled Down Upstream Interfaces Gi1 0 15 Dwn Gi1 0 16 Dwn Gi1 0 17 Dwn Downstream Interfaces Gi1 0 11 Dis Gi1 0 12 Dis Gi1 0 13 Dis Gi1 0 14 Dis Up Interface up Dwn Interface Down Dis Interface disabled Related Commands Command Description link state group Configures an interface as a member of a link state group link state track Enables a link state...

Page 666: ...e GigabitEthernet1 0 1 Inbound access list is not set Interface GigabitEthernet1 0 2 Inbound access list is macl_e1 Interface GigabitEthernet1 0 3 Inbound access list is not set Interface GigabitEthernet1 0 4 Inbound access list is not set output truncated This is an example of output from the show mac access group interface command Switch show mac access group interface gigabitethernet1 0 1 Inter...

Page 667: ...yst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands show mac access group Related Commands Command Description mac access group Applies a MAC access group to an interface ...

Page 668: ...ddress table Mac Address Table Vlan Mac Address Type Ports All 0000 0000 0001 STATIC CPU All 0000 0000 0002 STATIC CPU All 0000 0000 0003 STATIC CPU All 0000 0000 0009 STATIC CPU All 0000 0000 0012 STATIC CPU All 0180 c200 000b STATIC CPU All 0180 c200 000c STATIC CPU All 0180 c200 000d STATIC CPU All 0180 c200 000e STATIC CPU All 0180 c200 000f STATIC CPU All 0180 c200 0010 STATIC CPU 1 0030 9441...

Page 669: ...ll VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification setting...

Page 670: ...w mac address table address 0002 4b28 c482 Mac Address Table Vlan Mac Address Type Ports All 0002 4b28 c482 STATIC CPU Total Mac Addresses for this criterion 1 mac address Specify the 48 bit MAC address the valid format is H H H interface interface id Optional Display information for a specific interface Valid interfaces include physical ports and port channels vlan vlan id Optional Display entrie...

Page 671: ...es present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface show mac address table static Displays sta...

Page 672: ...t the lines that contain Output appear Examples This is an example of output from the show mac address table aging time command Switch show mac address table aging time Vlan Aging Time 1 300 This is an example of output from the show mac address table aging time vlan 10 command Switch show mac address table aging time vlan 10 Vlan Aging Time 10 300 vlan vlan id Optional Display aging time informat...

Page 673: ...fied MAC address show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification settings for all inte...

Page 674: ...r but the lines that contain Output appear Examples This is an example of output from the show mac address table count command Switch show mac address table count Mac Entries for Vlan 1 Dynamic Address Count 2 Static Address Count 0 Total Mac Addresses 2 vlan vlan id Optional Display the number of addresses for a specific VLAN The range is 1 to 4094 begin Optional Display begins with the line that...

Page 675: ...g time in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface show mac address table static Displays static ...

Page 676: ...ddress Table Vlan Mac Address Type Ports 1 0030 b635 7862 DYNAMIC Gi6 0 2 1 00b0 6496 2741 DYNAMIC Gi6 0 2 Total Mac Addresses for this criterion 2 address mac address Optional Specify a 48 bit MAC address the valid format is H H H available in privileged EXEC mode only interface interface id Optional Specify an interface to match valid interfaces include physical ports and port channels vlan vlan...

Page 677: ... mac address table address Displays MAC address table information for the specified MAC address show mac address table aging time Displays the aging time in all VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table interface Displays the MAC address table information for the specified interface sh...

Page 678: ...s table interface command Switch show mac address table interface gigabitethernet6 0 2 Mac Address Table Vlan Mac Address Type Ports 1 0030 b635 7862 DYNAMIC Gi6 0 2 1 00b0 6496 2741 DYNAMIC Gi6 0 2 Total Mac Addresses for this criterion 2 interface id Specify an interface type valid interfaces include physical ports and port channels vlan vlan id Optional Display entries for a specific VLAN the r...

Page 679: ...ing time in all VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table notification Displays the MAC address notification settings for all interfaces or the specified interface show mac address table static Displays stat...

Page 680: ...us on an individual VLAN Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mac address table learning user EXEC command showing that MAC address learning is disabled on VLAN 200 Switch show mac address table learning VLAN Learning Status 1 ye...

Page 681: ...ss table move update Switch ID 010b 4630 1780 Dst mac address 0180 c200 0010 Vlans Macs supported 1023 8320 Default Current settings Rcv Off On Xmt Off On Max packets per min Rcv 40 Xmt 60 Rcv packet count 10 Rcv conforming packet count 5 Rcv invalid packet count 0 Rcv packet count this min 0 Rcv threshold exceed count 0 Rcv last sequence this min 0 Rcv last interface Po2 Rcv last src mac address ...

Page 682: ...itch Cisco IOS Commands show mac address table move update Related Commands Command Description clear mac address table move update Clears the MAC address table move update counters mac address table move update receive transmit Configures MAC address table move update on the switch ...

Page 683: ...lags for all interfaces If the interface id is included only the flags for that interface appear Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear interface Optional Display information for all interfaces Valid interfaces include physical ports and port channels interface id Optional Display i...

Page 684: ...peration Added Vlan 2 MAC Addr 0000 0000 0003 Module 0 Port 1 History Index 2 Entry Timestamp 1074254 Despatch Timestamp 1074254 MAC Changed Message Operation Deleted Vlan 2 MAC Addr 0000 0000 0000 Module 0 Port 1 Operation Deleted Vlan 2 MAC Addr 0000 0000 0001 Module 0 Port 1 Operation Deleted Vlan 2 MAC Addr 0000 0000 0002 Module 0 Port 1 Operation Deleted Vlan 2 MAC Addr 0000 0000 0003 Module ...

Page 685: ...appear address mac address Optional Specify a 48 bit MAC address the valid format is H H H available in privileged EXEC mode only interface interface id Optional Specify an interface to match valid interfaces include physical ports and port channels vlan vlan id Optional Display addresses for a specific VLAN The range is 1 to 4094 begin Optional Display begins with the line that matches the expres...

Page 686: ... address table mac address table static drop Enables unicast MAC address filtering and configures the switch to drop traffic with a specific source or destination MAC address show mac address table address Displays MAC address table information for the specified MAC address show mac address table aging time Displays the aging time in all VLANs or the specified VLAN show mac address table count Dis...

Page 687: ...lan 1 Mac Address Table Vlan Mac Address Type Ports 1 0100 0ccc cccc STATIC CPU 1 0180 c200 0000 STATIC CPU 1 0100 0ccc cccd STATIC CPU 1 0180 c200 0001 STATIC CPU 1 0180 c200 0002 STATIC CPU 1 0180 c200 0003 STATIC CPU 1 0180 c200 0005 STATIC CPU 1 0180 c200 0006 STATIC CPU 1 0180 c200 0007 STATIC CPU Total Mac Addresses for this criterion 9 vlan id Optional Display addresses for a specific VLAN ...

Page 688: ... in all VLANs or the specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification se...

Page 689: ...o not appear but the lines that contain Output appear Examples This is an example of output from the show mls qos command when QoS is enabled and DSCP transparency is enabled Switch show mls qos QoS is enabled QoS ip packet dscp rewrite is enabled Related Commands begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that match the expressi...

Page 690: ...the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mls qos aggregate policer command Switch show mls qos aggregate policer policer1 aggregate policer policer1 1000000 2000000 exceed action drop Not used by any policy map Related Commands aggregate policer name Optional Display the policer configuration for the sp...

Page 691: ...if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mls qos input queue command Switch show mls qos input queue Queue 1 2 buffers 90 10 bandwidth 4 4 priority 0 10 threshold1 100 100 threshold2 100 100 begin Optional Display begins with the line that matches the expression exclude Optio...

Page 692: ...queues mls qos srr queue input cos map Maps assigned class of service CoS values to an ingress queue and assigns CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps assigned Differentiated Services Code Point DSCP values to an ingress queue and assigns DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures the ingress priority q...

Page 693: ...ace gigabitethernet1 0 1 GigabitEthernet1 0 1 trust state not trusted trust mode not trusted trust enabled flag ena COS override dis default COS 0 interface id Optional Display QoS information for the specified port Valid interfaces include physical ports buffers Optional Display the buffer allocation among the queues queueing Optional Display the queueing strategy shared or shaped and the weights...

Page 694: ...ations between the queues are 25 25 25 25 This is an example of output from the show mls qos interface interface id queueing command The egress expedite queue overrides the configured shaped round robin SRR weights Switch show mls qos interface gigabitethernet1 0 2 queueing GigabitEthernet1 0 2 Egress Priority Queue enabled Shaped queue weights absolute 25 0 0 0 Shared queue weights 25 25 25 25 Th...

Page 695: ... out of profile packets for each policer Command Description mls qos queue set output buffers Allocates buffers to a queue set mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation to a queue set mls qos srr queue input bandwidth Assigns SRR weights to an ingress queue mls qos srr queu...

Page 696: ... Creates or modifies a policy map priority queue Enables the egress expedite queue on a port queue set Maps a port to a queue set srr queue bandwidth limit Limits the maximum output on a port srr queue bandwidth shape Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a port srr queue bandwidth share Assigns the shared weights and enables bandwidth sharing...

Page 697: ...ecifies the most significant digit in the DSCP The d2 row specifies the least significant digit in the DSCP The intersection of the d1 and d2 values provides the policed DSCP the CoS or the mutated DSCP value For example in the DSCP to CoS map a DSCP value of 43 corresponds to a CoS value of 5 cos dscp Optional Display class of service CoS to DSCP map cos input q Optional Display the CoS input que...

Page 698: ...d Switch show mls qos maps Policed dscp map d1 d2 0 1 2 3 4 5 6 7 8 9 0 00 01 02 03 04 05 06 07 08 09 1 10 11 12 13 14 15 16 17 18 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 Dscp cos map d1 d2 0 1 2 3 4 5 6 7 8 9 0 00 00 00 00 00 00 00 00 01 01 1 01 01 01 01 01 01 02 02 02 02 2 02 02 02 02 03 03 0...

Page 699: ... 2 1 1 1 1 1 Dscp dscp mutation map Default DSCP Mutation Map d1 d2 0 1 2 3 4 5 6 7 8 9 0 00 01 02 03 04 05 06 07 08 09 1 10 11 12 13 14 15 16 17 18 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 Related Commands Command Description mls qos map Defines the CoS to DSCP map DSCP to CoS map DSCP to DSCP ...

Page 700: ...e set command Switch show mls qos queue set Queueset 1 Queue 1 2 3 4 buffers 25 25 25 25 threshold1 100 200 100 100 threshold2 100 200 100 100 reserved 50 50 50 50 maximum 400 400 400 400 Queueset 2 Queue 1 2 3 4 buffers 25 25 25 25 threshold1 100 200 100 100 threshold2 100 200 100 100 reserved 50 50 50 50 maximum 400 400 400 400 qset id Optional ID of the queue set Each port belongs to a queue se...

Page 701: ...ow mls qos queue set Related Commands Command Description mls qos queue set output buffers Allocates buffers to the queue set mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation of the queue set ...

Page 702: ... the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mls qos vlan command Switch show mls qos vlan 10 Vlan10 Attached policy map for Ingress pm test pm 2 Related Commands vlan id Specify the VLAN ID of the SVI to display the policy maps The range is 1 to 4094 begin Optional Display begins with the line that matche...

Page 703: ... Display information about specified SPAN sessions session_number Specify the number of the SPAN or RSPAN session The range is 1 to 66 all Display all SPAN sessions local Display only local SPAN sessions range list Display a range of SPAN sessions where list is the range of valid sessions either a single session or a range of sessions described by two numbers the lower one first separated by a hyp...

Page 704: ...nitor user EXEC command for local SPAN source session 1 Switch show monitor session 1 Session 1 Type Local Session Source Ports RX Only Fa4 0 1 Both Fa4 0 2 3 Fa4 0 5 6 Destination Ports Fa4 0 20 Encapsulation Replicate Ingress Disabled This is an example of output for the show monitor session all user EXEC command when ingress traffic forwarding is enabled Switch show monitor session all Session ...

Page 705: ...Catalyst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands show monitor Related Commands Command Description monitor session Starts or modifies a SPAN or RSPAN session ...

Page 706: ...ppear Examples This is an example of output from the show mvr command Switch show mvr MVR Running TRUE MVR multicast VLAN 1 MVR Max Multicast Groups 256 MVR Current multicast groups 0 MVR Global query response time 5 tenths of sec MVR Mode compatible In the preceding display the maximum number of multicast groups is fixed at 256 The MVR mode is either compatible for interoperability with Catalyst ...

Page 707: ...stration on the switch mvr interface configuration Configures MVR ports show mvr interface Displays the configured MVR interfaces status of the specified interface or all multicast groups to which the interface belongs when the interface and members keywords are appended to the command show mvr members Displays all ports that are members of an MVR multicast group or if there are no members means t...

Page 708: ...e VLAN appear Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show mvr interface command Switch show mvr interface Port Type Status Immediate Leave Gi1 0 1 SOURCE ACTIVE UP DISABLED Gi1 0 2 RECEIVER ACTIVE DOWN DISABLED interface id Optional Dis...

Page 709: ...an example of output from the show mvr interface interface id members command Switch show mvr interface gigabitethernet1 0 2 members 239 255 0 0 DYNAMIC ACTIVE 239 255 0 1 DYNAMIC ACTIVE 239 255 0 2 DYNAMIC ACTIVE 239 255 0 3 DYNAMIC ACTIVE 239 255 0 4 DYNAMIC ACTIVE 239 255 0 5 DYNAMIC ACTIVE 239 255 0 6 DYNAMIC ACTIVE 239 255 0 7 DYNAMIC ACTIVE 239 255 0 8 DYNAMIC ACTIVE 239 255 0 9 DYNAMIC ACTI...

Page 710: ... command Switch show mvr members MVR Group IP Status Members 239 255 0 1 ACTIVE Gi1 0 1 d Gi1 0 5 s 239 255 0 2 INACTIVE None 239 255 0 3 INACTIVE None 239 255 0 4 INACTIVE None 239 255 0 5 INACTIVE None 239 255 0 6 INACTIVE None 239 255 0 7 INACTIVE None 239 255 0 8 INACTIVE None 239 255 0 9 INACTIVE None 239 255 0 10 INACTIVE None output truncated ip address Optional The IP multicast address If ...

Page 711: ...9 255 003 22 ACTIVE Gi1 0 1 d Gi1 0 2 d Gi1 0 3 d Gi1 0 4 d Gi1 0 5 s Related Commands Command Description mvr global configuration Enables and configures multicast VLAN registration on the switch mvr interface configuration Configures MVR ports show mvr Displays the global MVR configuration on the switch show mvr interface Displays the configured MVR interfaces status of the specified interface o...

Page 712: ...ile Network Policy Profile 10 voice vlan 17 cos 4 Interface none Network Policy Profile 30 voice vlan 30 cos 5 Interface none Network Policy Profile 36 voice vlan 4 cos 3 Interface Interface_id profile number Optional Display the network policy profile number If no profile is entered all network policy profiles appear detail Optional Display detailed status and statistics information begin Optiona...

Page 713: ...s show network policy profile Related Commands Command Description network policy Applies a network policy to an interface network policy profile global configuration Creates the network policy profile network policy profile network policy configuration Configures the attributes of network policy profiles ...

Page 714: ...nd Switch show nmsp capability NMSP Switch Capability attachment suppress interface Display attachment suppress interfaces capability Display switch capabilities including the supported services and subservices notification interval Display the notification intervals of the supported services statistics connection summary Display the NMSP statistics information connection display the message count...

Page 715: ...statistics connection NMSP Connection Counters Connection 1 Connection status UP Freed connection 0 Tx message count Rx message count Subscr Resp 1 Subscr Req 1 Capa Notif 1 Capa Notif 1 Atta Resp 1 Atta Req 1 Atta Notif 0 Loc Resp 1 Loc Req 1 Loc Notif 0 Unsupported msg 0 Switch show nmsp statistics summary NMSP Global Counters Send too big msg 0 Failed socket write 0 Partial socket write 0 Socke...

Page 716: ...nds Switch show nmsp subscription detail Mobility Services Subscribed by 172 19 35 109 Services Subservices Attachment Wired Station Location Subscription Switch show nmsp subscription summary Mobility Services Subscribed MSE IP Address Services 172 19 35 109 Attachment Location Related Commands Command Description clear nmsp statistics Clears the NMSP statistic counters nmsp Enables Network Mobil...

Page 717: ... contain Output are appear Examples This is an example of output from the show pagp 1 counters command Switch show pagp 1 counters Information Flush Port Sent Recv Sent Recv Channel group 1 Gi1 0 1 45 42 0 0 Gi1 0 2 45 41 0 0 channel group number Optional Number of the channel group The range is 1 to 48 counters Display traffic information dual active Display the dual active status internal Displa...

Page 718: ... output from the show pagp 1 neighbor command Switch show pagp 1 neighbor Flags S Device is sending Slow hello C Device is in Consistent state A Device is in Auto mode P Device learns on physical port Channel group 1 neighbors Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap Gi1 0 1 switch p2 0002 4b29 4600 Gi01 1 9s SC 10001 Gi1 0 2 switch p2 0002 4b29 4600 Gi1 0 2 24s...

Page 719: ...ware image running on the switch Switch show parser macro Total number of macros 6 Macro name cisco global Macro type default global Enable dynamic port error recovery for link state failures errdisable recovery cause link flap errdisable recovery interval 60 output truncated Macro name cisco desktop Macro type default interface macro keywords AVID Basic interface Enable data VLAN only brief Optio...

Page 720: ...Recommended value for native vlan NVID should not be 1 switchport trunk native vlan NVID output truncated Macro name cisco router Macro type default interface macro keywords NVID Access Uplink to Distribution Define unique Native VLAN on trunk ports Recommended value for native vlan NVID should not be 1 switchport trunk native vlan NVID output truncated Macro name snmp Macro type customizable enab...

Page 721: ... macro This is an example of output from the show parser description interface command Switch show parser macro description interface gigabitethernet1 0 2 Interface Macro Description Gi1 0 2 this is test macro Related Commands Command Description macro apply Applies a macro on an interface or applies and traces a macro on an interface macro description Adds a description about the macros that are ...

Page 722: ...istory Usage Guidelines Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show policy map command Switch show policy map Policy Map videowizard_policy2 class videowizard_10 10 10 10 set dscp 34 police 100000000 2000000 exceed action drop Policy Ma...

Page 723: ... Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands show policy map Related Commands Command Description policy map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy ...

Page 724: ...e not enabled port security on it If you enter the vlan keyword the command displays the configured maximum and the current number of secure MAC addresses for all VLANs on the interface This option is visible only on interfaces that have the switchport mode set to trunk Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines ...

Page 725: ...tic address aging Disabled Security Violation count 0 This is an example of output from the show port security address command Switch show port security address Secure Mac Address Table Vlan Mac Address Type Ports Remaining Age mins 1 0006 0700 0800 SecureConfigured Gi1 0 2 1 Total Addresses in System excluding one mac per port 1 Max Addresses limit in System excluding one mac per port 6272 This i...

Page 726: ...Commands Command Description clear port security Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface switchport port security Enables port security on a port restricts the use of the port to a user defined group of stations and configures secure MAC addresses ...

Page 727: ...s configured for 10 W The connected powered device has a reported class maximum wattage for a Class 0 or Class 3 device Table 2 35 describes the output fields Switch show power inline Module Available Used Remaining Watts Watts Watts 1 370 0 114 9 255 1 2 370 0 34 3 335 Interface Admin Oper Power Device Class Max Watts Fa1 0 1 auto on 6 3 IP Phone 7910 n a 15 4 Fa1 0 2 static off 15 4 n a n a 15 4...

Page 728: ... power inline module 1 Module Available Used Remaining Watts Watts Watts 1 370 0 166 2 203 9 Interface Admin Oper Power Device Class Max Watts Fa1 0 1 auto on 6 3 IP Phone 7910 n a 15 4 Fa1 0 2 auto on 6 3 IP Phone 7910 n a 15 4 Fa1 0 3 auto on 6 3 IP Phone 7910 n a 15 4 Fa1 0 4 auto on 6 3 IP Phone 7910 n a 15 4 Fa1 0 5 auto on 6 3 IP Phone 7910 n a 15 4 Fa1 0 6 auto on 6 3 IP Phone 7910 n a 15 4...

Page 729: ...ted to ports in the system Available Used Remaining Table 2 35 show power inline interface Field Descriptions continued Field Description Command Description logging event power inline status Enables the logging of PoE events power inline Configures the power management mode for the specified PoE port or for all PoE ports show controllers power inline Displays the values in the registers of the sp...

Page 730: ... default Display the default dual template configuration routing Display the routing dual template configuration vlan Display the VLAN dual template configuration routing Optional Display the template that maximizes system resources for routing vlan Optional Display the template that maximizes system resources for Layer 2 VLANs desktop Optional For Catalyst 3750 12S aggregator switches only displa...

Page 731: ...number of unicast mac addresses 6K number of igmp groups multicast routes 1K number of unicast routes 8K number of directly connected hosts 6K number of indirect routes 2K number of policy based routing aces 0 number of qos aces 512 number of security aces 1K This is a sample output from the show sdm prefer routing command entered on an aggregator switch Switch show sdm prefer routing aggregate ro...

Page 732: ...0 number of IPv4 MAC qos aces 512 number of IPv4 MAC security aces 1K number of IPv6 policy based routing aces 0 number of IPv6 qos aces 510 number of IPv6 security aces 510 This is an example of output from the show sdm prefer command when you have configured a new template but have not reloaded the switch Switch show sdm prefer The current template is desktop routing template The selected templa...

Page 733: ...ileged EXEC Command History Examples This is an example of output from the show setup express command Switch show setup express express setup mode is active Related Commands begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that match the expression include Optional Display includes lines that match the specified expression expression E...

Page 734: ...ers Trigger Id CISCO_PHONE_EVENT Trigger description Event for ip phone macro Trigger environment ACCESS_VLAN 1 VOICE_VLAN 2 Trigger mapping function CISCO_PHONE_AUTO_SMARTPORT Trigger Id CISCO_ROUTER_EVENT Trigger description Event for router macro Trigger environment NATIVE_VLAN 1 Trigger mapping function CISCO_ROUTER_AUTO_SMARTPORT Trigger Id CISCO_SWITCH_EVENT Trigger description Event for swi...

Page 735: ...on CISCO_AP_AUTO_SMARTPORT if LINKUP eq YES then conf t interface INTERFACE macro description TRIGGER switchport trunk encapsulation dot1q switchport trunk native vlan NATIVE_VLAN switchport trunk allowed vlan ALL switchport mode trunk switchport nonegotiate auto qos voip trust mls qos trust cos exit end fi if LINKUP eq NO then conf t interface INTERFACE no macro description no switchport nonegoti...

Page 736: ...o switchport mode trunk no switchport trunk encapsulation dot1q no switchport trunk native vlan NATIVE_VLAN no switchport trunk allowed vlan ALL exit end fi output truncated Related Commands Command Description macro auto global processing Enables Auto Smartports on a switch macro auto execute Defines mapping from an event trigger to a built in macro shell trigger Creates an event trigger ...

Page 737: ...ty rootcost state begin exclude include expression show spanning tree mst configuration digest instance id detail interface interface id detail begin exclude include expression Syntax Description bridge group Optional Specify the bridge group number The range is 1 to 255 active detail Optional Display spanning tree information only on active interfaces available only in privileged EXEC mode backbo...

Page 738: ... returns to the forwarding state or ceases to be designated instance id You can specify a single instance ID a range of IDs separated by a hyphen or a series of IDs separated by a comma The range is 1 to 4094 The display shows the number of currently configured instances interface interface id Optional Valid interfaces include physical ports VLANs and port channels The VLAN range is 1 to 4094 The ...

Page 739: ... Cost Prio Nbr Type Gi2 0 1 Root FWD 3019 128 24 P2p output truncated This is an example of output from the show spanning tree detail command Switch show spanning tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 49152 sysid 1 address 0003 fd63 9580 Configured hello time 2 max age 20 forward delay 15 Current root has priority 32768 address ...

Page 740: ... 3019 128 24 P2p Switch show spanning tree summary Switch is in pvst mode Root bridge for none EtherChannel misconfiguration guard is enabled Extended system ID is enabled Portfast is disabled by default PortFast BPDU Guard is disabled by default Portfast BPDU Filter is disabled by default Loopguard is disabled by default UplinkFast is enabled BackboneFast is enabled Pathcost method used is short ...

Page 741: ...2768 sysid 0 port Gi1 0 1 path cost 200038 IST master this switch Operational hello time 2 forward delay 15 max age 20 max hops 20 Configured hello time 2 forward delay 15 max age 20 max hops 20 Interface role state cost prio type GigabitEthernet2 0 1 root FWD 200000 128 P2P bound STP GigabitEthernet2 0 2 desg FWD 200000 128 P2P bound STP Port channel1 desg FWD 200000 128 P2P bound STP Related Com...

Page 742: ...ax hops Sets the number of hops in an MST region before the BPDU is discarded and the information held for an interface is aged spanning tree mst port priority Configures an interface priority spanning tree mst priority Configures the switch priority for the specified spanning tree instance spanning tree mst root Configures the MST root switch priority and timers based on the network diameter span...

Page 743: ...that contain output do not appear but the lines that contain Output appear Examples This is an example of a partial output from the show storm control command when no keywords are entered Because no traffic type keyword was entered the broadcast storm control settings appear Switch show storm control Interface Filter State Upper Lower Current Gi1 0 1 Forwarding 20 pps 10 pps 5 pps Gi1 0 2 Forwardi...

Page 744: ...the interface Filter State Displays the status of the filter Blocking Storm control is enabled and a storm has occurred Forwarding Storm control is enabled and no storms have occurred Inactive Storm control is disabled Upper Displays the rising suppression level as a percentage of total available bandwidth in packets per second or in bits per second Lower Displays the falling suppression level as ...

Page 745: ...l Optional Display detailed information about the stack ring neighbors Optional Display the neighbors for the entire stack stack ports summary Optional Display port information for the entire stack Use the summary keyword to display the StackWise cable length the stack link status and the loopback status stack ring activity detail Optional Display the number of frames per member that are sent to t...

Page 746: ...s and the priority number in the display are always 0 for the provisioned switch A typical state transition for a member including a master booting up is Waiting Initializing Ready A typical state transition for a member becoming a master after a master election is Ready Master Re Init Ready A typical state transition for a member in version mismatch mode is Waiting Ver Mismatch You can use the sh...

Page 747: ...OK Changes Loopback Status To LinkOK 1 1 Down 2 50 cm No NO No 10 No 1 2 Ok 3 1 m Yes Yes Yes 0 No 2 1 Ok 5 3 m Yes Yes Yes 0 No 2 2 Down 1 50 cm No No No 10 No 3 1 Ok 1 1 m Yes Yes Yes 0 No 3 2 Ok 5 1 m Yes Yes Yes 0 No 5 1 Ok 3 1 m Yes Yes Yes 0 No 5 2 Ok 2 3 m Yes Yes Yes 0 No Table 2 37 show switch stack ports summary Command Output Field Description Switch Port Member number and its StackWise...

Page 748: ...ighbor switch No The link partner receives invalid protocol messages from the port Yes The link partner receives valid protocol messages from the port Link Active This shows if the StackWise port is in the same state as its link partner No The port cannot send traffic to the link partner Yes The port can send traffic to the link partner Sync OK No The link partner does not send valid protocol mess...

Page 749: ...mmands Command Description reload Reloads the member and puts a configuration change into effect remote command Monitors all or specified members session Accesses a specific member switch Changes the member priority value switch provision Provisions a new switch before it joins the stack switch renumber Changes the member number ...

Page 750: ...to Gigabit ports the system routing MTU refers to routed ports Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show system mtu command Switch show system mtu System MTU size is 1500 bytes System Jumbo MTU size is 1550 bytes Routing MTU size is 1...

Page 751: ...nal Table 2 38 describes the fields in this display Switch show udld gigabitethernet2 0 1 Interface gi2 0 1 Port enable administrative configuration setting Follows device default Port enable operational state Enabled Current bidirectional state Bidirectional Current operational state Advertisement Single Neighbor detected Message interval 60 Time out interval 5 Entry 1 Expiration time 146 Device ...

Page 752: ...ent from the local device Measured in seconds Time out interval The time period in seconds that UDLD waits for echoes from a neighbor device during the detection window Entry 1 Information from the first cache entry which contains a copy of echo information received from the neighbor Expiration time The amount of time in seconds remaining before this cache entry is aged out Device ID The neighbor ...

Page 753: ...ption udld Enables aggressive or normal mode in UDLD or sets the configurable message timer time udld port Enables UDLD on an individual interface or prevents a fiber optic interface from being enabled by the udld global configuration command udld reset Resets all interfaces shutdown by UDLD and permits traffic to begin passing through them again ...

Page 754: ...Version 12 2 25 SEB RELEASE SOFTWARE fc1 Copyright c 1986 2005 by cisco Systems Inc Compiled Tues 15 Feb 05 21 09 by antonino Image text base 0x00003000 data base 0x008E36A4 ROM Bootstrap program is C3750 boot loader BOOTLDR C3750 Boot Loader C3750 HBOOT M Version 12 2 25 SEB Switch uptime is 2 days 11 hours 16 minutes System returned to ROM by power on System image file is flash i5 709 cisco WS C...

Page 755: ...mber CSJ0638004U Motherboard revision number 05 Model number 73 7056 05 Switch Ports Model SW Version SW Image 1 28 WS C3750G 24TS 12 2 25 SEB C3750 IPSERVICES M 8 52 WS C3750 48TS 12 2 25 SEB C3750 IPSERVICES M Switch 01 Switch Uptime 2 days 11 hours 17 minutes Base ethernet MAC Address 00 0B 46 2E 35 80 Motherboard assembly number 73 7058 04 Power supply part number 341 0045 01 Motherboard seria...

Page 756: ...cannot create VLANs with these IDS by using the vlan global configuration command until you remove them from internal use mtu Optional Display a list of VLANs and the minimum and maximum transmission unit MTU sizes configured on ports in the VLAN name vlan name Optional Display information about a single VLAN identified by VLAN name The VLAN name is an ASCII string from 1 to 32 characters private ...

Page 757: ... then delete the secondary VLAN configuration without removing the association from the primary VLAN the VLAN that was the secondary VLAN is shown as normal in the display In the show vlan private vlan output the primary and secondary VLAN pair is shown as non operational Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the line...

Page 758: ...igured of the VLAN Status Status of the VLAN active or suspend Ports Ports that belong to the VLAN Type Media type of the VLAN SAID Security association ID value for the VLAN MTU Maximum transmission unit size for the VLAN Parent Parent VLAN if one exists RingNo Ring number for the VLAN if applicable BrdgNo Bridge number for the VLAN if applicable Stp Spanning Tree Protocol type used on the VLAN B...

Page 759: ...3 0 21 Gi3 0 1 20 35 community Fa1 0 13 Fa1 0 20 Fa1 0 23 Fa1 0 33 Gi1 0 1 Fa2 0 13 Fa3 0 14 Fa3 0 20 Fa3 0 23 Fa3 0 33 Gi3 0 1 20 55 non operational 2000 2500 isolated Fa1 0 5 Fa1 0 10 Fa2 0 5 Fa2 0 10 Fa2 0 15 This is an example of output from the show vlan private vlan type command Switch show vlan private vlan type Vlan Type 10 primary 501 isolated 502 community 503 normal This is an example o...

Page 760: ...ange VLAN When you start up the routed port another internal VLAN number is assigned to it Switch show vlan internal usage VLAN Usage 1025 FastEthernet1 0 23 1026 FastEthernet1 0 24 Related Commands Command Description private vlan Configures a VLAN as a community isolated or primary VLAN or associates a primary VLAN with secondary VLANs switchport mode Configures the VLAN membership mode of a por...

Page 761: ...tput the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show vlan access map command Switch show vlan access map Vlan access map SecWiz 10 Match clauses ip address SecWiz_Gi0_3_in_ip ip address SecWiz_Fa10_3_in_ip Action forward mapname Optional Name of a specific VLAN access map begin Optional Display begins with the...

Page 762: ...OS Commands show vlan access map Related Commands Command Description show vlan filter Displays information about all VLAN filters or about a particular VLAN or VLAN access map vlan access map Creates a VLAN map entry for VLAN packet filtering vlan filter Applies a VLAN map to one or more VLANs ...

Page 763: ...er command Switch show vlan filter VLAN Map map_1 is filtering VLANs 20 22 Related Commands access map name Optional Display filtering information for the specified VLAN access map vlan vlan id Optional Display filtering information for the specified VLAN The range is 1 to 4094 begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that matc...

Page 764: ...ensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show vmps command Switch show vmps VQP Client Status VMPS VQP Version 1 Reconfirm Interval 60 min Server Retry Count 3 VMPS domain server Reconfirmation status VMPS Action other statistics Optional Display VQP client si...

Page 765: ...d to or from the workstation with that address broadcast or multicast frames are delivered to the workstation if the port has been assigned to a VLAN The client keeps the denied address in the address table as a blocked address to prevent more queries from being sent to the VMPS for each new packet received from this workstation The client ages the address if no new packets are received from this ...

Page 766: ...mmand Description clear vmps statistics Clears the statistics maintained by the VQP client vmps reconfirm privileged EXEC Sends VQP queries to reconfirm all dynamic VLAN assignments with the VMPS vmps retry Configures the per server retry count for the VQP client vmps server Configures the primary VMPS and up to three secondary servers ...

Page 767: ...show vtp counters VTP statistics Summary advertisements received 0 Subset advertisements received 0 Request advertisements received 0 Summary advertisements transmitted 0 Subset advertisements transmitted 0 Request advertisements transmitted 0 Number of config revision errors 0 Number of config digest errors 0 Number of V1 summary errors 0 counters Display the VTP statistics for the switch passwor...

Page 768: ... by this switch on its trunk ports Summary advertisements contain the management domain name the configuration revision number the update timestamp and identity the authentication checksum and the number of subset advertisements to follow Subset advertisements transmitted Number of subset advertisements sent by this switch on its trunk ports Subset advertisements contain all the information for on...

Page 769: ...e VTP password in the two switches is different To solve this problem make sure the VTP password on all switches is the same These errors mean that the switch is filtering incoming advertisements which causes the VTP database to become unsynchronized across the network Number of V1 summary errors Number of Version 1 errors Version 1 summary errors increment whenever a switch in VTP V2 mode receive...

Page 770: ...hen a VTP client starts up it does not send VTP advertisements until it receives advertisements to initialize its VLAN database Transparent a switch in VTP transparent mode is disabled for VTP does not send or learn from advertisements sent by other devices and cannot affect VLAN configurations on other devices in the network The switch receives VTP advertisements and forwards them on all trunk po...

Page 771: ...Cisco IOS Commands show vtp Related Commands Command Description clear vtp counters Clears the VTP and pruning counters vtp global configuration Configures the VTP filename interface name domain name and mode vtp VLAN configuration Configures the VTP domain name password pruning and mode ...

Page 772: ...2 742 Catalyst 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands show vtp ...

Page 773: ...ended or shut down The port must first be a member of an active VLAN before it can be re enabled The shutdown command disables all functions on the specified interface This command also marks the interface as unavailable To see if an interface is disabled use the show interfaces privileged EXEC command An interface that has been shut down is shown as administratively down in the display Examples T...

Page 774: ...s down local traffic but the switch still advertises VTP information Examples This example shows how to shut down traffic on VLAN 2 Switch config shutdown vlan 2 You can verify your setting by entering the show vlan privileged EXEC command Related Commands vlan id ID of the VLAN to be locally shut down The range is 2 to 1001 VLANs defined as default VLANs under the VLAN Trunking Protocol VTP as we...

Page 775: ...e considered packets that are 67 frames or less Use the errdisable detect cause small frame global configuration command to globally enable the small frames threshold for each port You can configure the port to be automatically re enabled by using the errdisable recovery cause small frame global configuration command You configure the recovery time by using the errdisable recovery interval interva...

Page 776: ...ion errdisable detect cause small frame Allows any switch port to be put into the error disabled state if an incoming frame is smaller than the minimum size and arrives at the specified rate threshold errdisable recovery cause small frame Enables the recovery timer show interfaces Displays the interface settings on the switch including input and output flow control ...

Page 777: ...lancreate vlandelete vtp no snmp server enable traps bgp bridge newroot topologychange cluster config copy config cpu threshold dot1x auth fail vlan guest vlan no auth fail vlan no guest vlan entity envmon fan shutdown status supply temperature errdisable notification rate flash insertion removal fru ctrl hsrp ipmulticast mac notification msdp ospf cisco specific errors lsa rate limit retransmit s...

Page 778: ...onal Enable environmental monitor shutdown traps status Optional Enable SNMP environmental status change traps supply Optional Enable environmental monitor power supply traps temperature Optional Enable environmental monitor temperature traps errdisable notification rate value Optional Enable errdisable traps Use notification rate keyword to set the maximum value of errdisable traps sent per minut...

Page 779: ...rom 0 to 1000 the default is 0 no limit imposed a trap is sent at every occurrence rtr Optional Enable SNMP Response Time Reporter traps snmp authentication coldstart linkdown linkup warmstart Optional Enable SNMP traps The keywords have these meanings authentication Optional Enable authentication trap coldstart Optional Enable cold start trap linkdown Optional Enable linkdown trap linkup Optional...

Page 780: ...rap you must enter a separate snmp server enable traps command for each trap type To set the CPU threshold notification types and values use the process cpu threshold type global configuration command Examples This example shows how to send VTP traps to the NMS Switch config snmp server enable traps vtp vlandelete Optional Enable SNMP VLAN deleted traps vtp Optional Enable VLAN Trunking Protocol V...

Page 781: ...status or the show running config privileged EXEC command Related Commands Command Description show running config Displays the running configuration on the switch For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands snmp server host Specifies the host that receives SNMP traps ...

Page 782: ...l Configure the User Datagram Protocol UDP port number of the host to receive the traps The range is 0 to 65535 informs traps Optional Send SNMP traps or informs to this host version 1 2c 3 Optional Version of the SNMP used to send the traps These keywords are supported 1 SNMPv1 This option is not available with informs 2c SNMPv2C 3 SNMPv3 These optional keywords can follow the Version 3 keyword a...

Page 783: ...tification operation Though you can set this string by using the snmp server host command we recommend that you define this string by using the snmp server community global configuration command before using the snmp server host command Note The symbol is used for delimiting the context information Avoid using the symbol as part of the SNMP community string when configuring this command ...

Page 784: ... notifications fru ctrl Send entity FRU control traps In the switch stack this trap refers to the insertion or removal of a switch in the stack hsrp Send SNMP Hot Standby Router Protocol HSRP traps ipmulticast Send SNMP IP multicast routing traps mac notification Send SNMP MAC notification traps msdp Send SNMP Multicast Source Discovery Protocol MSDP traps ospf Send Open Shortest Path First OSPF t...

Page 785: ...ications are sent To configure the switch to send SNMP notifications you must enter at least one snmp server host command If you enter the command with no keywords all trap types are enabled for the host To enable multiple hosts you must enter a separate snmp server host command for each host You can specify multiple notification types in the command for each host If a local user is not associated...

Page 786: ...erver host 172 20 2 160 comaccess Switch config access list 10 deny any This example shows how to send the SNMP traps to the host specified by the name myhost cisco com The community string is defined as comaccess Switch config snmp server enable traps Switch config snmp server host myhost cisco com comaccess snmp This example shows how to enable the switch to send all traps to the host myhost cis...

Page 787: ...y Usage Guidelines Even though you enable the notification trap for a specific interface by using the snmp trap mac notification command the trap is generated only when you enable the snmp server enable traps mac notification and the mac address table notification global configuration commands Examples This example shows how to enable the MAC notification trap when a MAC address is added to a port...

Page 788: ... Clears the MAC address notification global counters mac address table notification Enables the MAC address notification feature show mac address table notification Displays the MAC address notification settings for all interfaces or on the specified interface when the interface keyword is appended snmp server enable traps Sends the SNMP MAC notification traps when the mac notification keyword is ...

Page 789: ...the designated switch When a switch receives an inferior BPDU it means that a link to which the switch is not directly connected an indirect link has failed that is the designated switch has lost its connection to the root switch If there are alternate paths to the root switch BackboneFast causes the maximum aging time on the interfaces on which it received the inferior BPDU to expire and allows a...

Page 790: ...ree MST mode Caution Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning tree loops You can globally enable BPDU filtering on all Port Fast enabled interfaces by using the spanning tree portfast bpdufilter default global configuration command You can use the spanning tree bpdufilter interface configuration command to override the setting ...

Page 791: ...elect Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree portfast global configuration Globally enables the BPDU filtering or the BPDU guard feature on Port Fast enabled interface or enables the Port Fast feature on all nontrunking interfaces spanning tree portfast interface configuration Enables the Por...

Page 792: ...nt an interface from being included in the spanning tree topology You can enable the BPDU guard feature when the switch is operating in the per VLAN spanning tree plus PVST rapid PVST or the multiple spanning tree MST mode You can globally enable BPDU guard on all Port Fast enabled interfaces by using the spanning tree portfast bpduguard default global configuration command You can use the spannin...

Page 793: ...lect Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree portfast global configuration Globally enables the BPDU filtering or the BPDU guard feature on Port Fast enabled interfaces or enables the Port Fast feature on all nontrunking interfaces spanning tree portfast interface configuration Enables the Por...

Page 794: ...you configure an interface with both the spanning tree vlan vlan id cost cost command and the spanning tree cost cost command the spanning tree vlan vlan id cost cost command takes effect Examples This example shows how to set the path cost to 250 on a port Switch config interface gigabitethernet2 0 1 Switch config if spanning tree cost 250 This example shows how to set a path cost to 300 for VLAN...

Page 795: ...ning tree cost Related Commands Command Description show spanning tree interface interface id Displays spanning tree information for the specified interface spanning tree port priority Configures an interface priority spanning tree vlan priority Sets the switch priority for the specified spanning tree instance ...

Page 796: ...DISABLE Channel misconfig error detected on chars putting chars in err disable state To show switch ports that are in the misconfigured EtherChannel use the show interfaces status err disabled privileged EXEC command To verify the EtherChannel configuration on a remote device use the show etherchannel summary privileged EXEC command on the remote device When a port is in the error disabled state b...

Page 797: ...mmands Command Description errdisable recovery cause channel misconfig Enables the timer to recover from the EtherChannel misconfiguration error disabled state show etherchannel summary Displays EtherChannel information for a channel as a one line summary per channel group show interfaces status err disabled Displays the interfaces in the error disabled state ...

Page 798: ...spanning tree uses the extended system ID the switch priority and the allocated spanning tree MAC address to make the bridge ID unique for each VLAN or multiple spanning tree instance Because the switch stack appears as a single switch to the rest of the network all switches in the stack use the same bridge ID for a given spanning tree If the stack master fails the stack members recalculate their ...

Page 799: ...d system id Related Commands Command Description show spanning tree summary Displays a summary of spanning tree interface states spanning tree mst root Configures the MST root switch priority and timers based on the network diameter spanning tree vlan priority Sets the switch priority for the specified spanning tree instance ...

Page 800: ...ns to the root inconsistent blocked state to prevent the customer s switch from becoming the root switch or being in the path to the root The root port provides the best path from the switch to the root switch When the no spanning tree guard or the no spanning tree guard none command is entered root guard is disabled for all VLANs on the selected interface If this interface is in the root inconsis...

Page 801: ... loop guard on all the VLANs associated with the specified port Switch config interface gigabitethernet2 0 2 Switch config if spanning tree guard loop You can verify your settings by entering the show running config privileged EXEC command Related Commands Command Description show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fund...

Page 802: ...iguration Command History Usage Guidelines You can override the default setting of the link type by using the spanning tree link type command For example a half duplex link can be physically connected point to point to a single interface on a remote switch running the Multiple Spanning Tree Protocol MSTP or the rapid per VLAN spanning tree plus rapid PVST protocol and be enabled for rapid transiti...

Page 803: ...nning tree detected protocols Restarts the protocol migration process force the renegotiation with neighboring switches on all interfaces or on the specified interface show spanning tree interface interface id Displays spanning tree state information for the specified interface show spanning tree mst interface interface id Displays MST information for the specified interface ...

Page 804: ...st effective when it is configured on the entire switched network When the switch is operating in PVST or rapid PVST mode loop guard prevents alternate and root ports from becoming designated ports and spanning tree does not send bridge protocol data units BPDUs on root or alternate ports When the switch is operating in MST mode BPDUs are not sent on nonboundary interfaces if the interface is bloc...

Page 805: ...ommand Description show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree guard loop Enables the loop guard feature on all the VLANs associated with the specified interface ...

Page 806: ...PVST or all VLANs run MSTP All stack members run the same version of spanning tree When you enable the MST mode RSTP is automatically enabled Caution Changing spanning tree modes can disrupt traffic because all spanning tree instances are stopped for the previous mode and restarted in the new mode Examples This example shows to enable MST and RSTP on the switch Switch config spanning tree mode mst...

Page 807: ...IOS Commands spanning tree mode Related Commands Command Description show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands ...

Page 808: ...n configuration mode without applying configuration changes exit exits the MST region configuration mode and applies all configuration changes instance instance id vlan vlan range maps VLANs to an MST instance The range for the instance id is 1 to 4094 The range for vlan range is 1 to 4094 You can specify a single VLAN identified by VLAN ID number a range of VLANs separated by a hyphen or a series...

Page 809: ... mode map VLANs 10 to 20 to MST instance 1 name the region region1 set the configuration revision to 1 display the pending configuration apply the changes and return to global configuration mode Switch spanning tree mst configuration Switch config mst instance 1 vlan 10 20 Switch config mst name region1 Switch config mst revision 1 Switch config mst show pending Pending MST configuration Name regi...

Page 810: ...lues 1000 Mb s 20000 100 Mb s 200000 10 Mb s 2000000 Command Modes Interface configuration Command History Usage Guidelines When you configure the cost higher values represent higher costs Examples This example shows how to set a path cost of 250 on a port associated with instances 2 and 4 Switch config interface gigabitethernet1 0 2 Switch config if spanning tree mst 2 4 cost 250 You can verify y...

Page 811: ...g tree mst cost Related Commands Command Description show spanning tree mst interface interface id Displays MST information for the specified interface spanning tree mst port priority Configures an interface priority spanning tree mst priority Configures the switch priority for the specified spanning tree instance ...

Page 812: ...ging the spanning tree mst forward time command affects all spanning tree instances Examples This example shows how to set the spanning tree forwarding time to 18 seconds for all MST instances Switch config spanning tree mst forward time 18 You can verify your setting by entering the show spanning tree mst privileged EXEC command Related Commands seconds Length of the listening and learning states...

Page 813: ...es the spanning tree topology The max age setting must be greater than the hello time setting Changing the spanning tree mst hello time command affects all spanning tree instances Examples This example shows how to set the spanning tree hello time to 3 seconds for all multiple spanning tree MST instances Switch config spanning tree mst hello time 3 You can verify your setting by entering the show ...

Page 814: ...he root switch within the specified interval the switch recomputes the spanning tree topology The max age setting must be greater than the hello time setting Changing the spanning tree mst max age command affects all spanning tree instances Examples This example shows how to set the spanning tree max age to 30 seconds for all multiple spanning tree MST instances Switch config spanning tree mst max...

Page 815: ...d with a cost of 0 and the hop count set to the maximum value When a switch receives this BPDU it decrements the received remaining hop count by one and propagates the decremented count as the remaining hop count in the generated M records A switch discards the BPDU and ages the information held for the interface when the count reaches 0 Changing the spanning tree mst max hops command affects all ...

Page 816: ...scription show spanning tree mst Displays MST information spanning tree mst forward time Sets the forward delay time for all MST instances spanning tree mst hello time Sets the interval between hello BPDUs sent by root switch configuration messages spanning tree mst max age Sets the interval between messages that the spanning tree receives from the root switch ...

Page 817: ...t use the spanning tree mst instance id cost cost interface configuration command instead of the spanning tree mst instance vlan id port priority priority interface configuration command to select an interface to put in the forwarding state Assign lower cost values to interfaces that you want selected first and higher cost values to interfaces that you want selected last Examples This example show...

Page 818: ... tree mst port priority Related Commands Command Description show spanning tree mst interface interface id Displays MST information for the specified interface spanning tree mst cost Sets the path cost for MST calculations spanning tree mst priority Sets the switch priority for the specified spanning tree instance ...

Page 819: ...e CIST runs on this interface Note If a switch port is connected to a switch running prestandard Cisco IOS software you must use the spanning tree mst pre standard interface configuration command on the port If you do not configure the port to send only prestandard BPDUs the Multiple STP MSTP performance might diminish When the port is configured to automatically detect prestandard neighbors the p...

Page 820: ...d EXEC command Related Commands instance id Range of spanning tree instances You can specify a single instance a range of instances separated by a hyphen or a series of instances separated by a comma The range is 0 to 4094 priority Set the switch priority for the specified spanning tree instance This setting affects the likelihood that the switch is selected as the root switch A lower value increa...

Page 821: ...xtended system ID support the switch sets the switch priority for the instance to 24576 if this value will cause this switch to become the root for the specified instance If any root switch for the specified instance has a switch priority lower than 24576 the switch sets its own priority to 4096 less than the lowest switch priority 4096 is the value of the least significant bit of a 4 bit switch p...

Page 822: ...fig spanning tree mst 10 root primary diameter 4 This example shows how to configure the switch as the secondary root switch for instance 10 with a network diameter of 4 Switch config spanning tree mst 10 root secondary diameter 4 You can verify your settings by entering the show spanning tree mst instance id privileged EXEC command Related Commands Command Description show spanning tree mst insta...

Page 823: ...e spanning tree vlan vlan id port priority priority command takes effect If your switch is a member of a switch stack you must use the spanning tree vlan vlan id cost cost interface configuration command instead of the spanning tree vlan vlan id port priority priority interface configuration command to select an interface to put in the forwarding state Assign lower cost values to interfaces that y...

Page 824: ...h config if spanning tree vlan 20 25 port priority 0 You can verify your settings by entering the show spanning tree interface interface id privileged EXEC command Related Commands Command Description show spanning tree interface interface id Displays spanning tree information for the specified interface spanning tree cost Sets the path cost for spanning tree calculations spanning tree vlan priori...

Page 825: ...multiple spanning tree MST mode Use the spanning tree portfast bpdufilter default global configuration command to globally enable BPDU filtering on interfaces that are Port Fast enabled the interfaces are in a Port Fast operational state The interfaces still send a few BPDUs at link up before the switch begins to filter outbound BPDUs You should globally enable BPDU filtering on a switch so that h...

Page 826: ...ket loop and disrupt switch and network operation A Port Fast enabled interface moves directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward delay time You can override the spanning tree portfast default global configuration command by using the spanning tree portfast interface configuration command You can use the no spanning tree portfast defau...

Page 827: ...twork operation To enable Port Fast on trunk ports you must use the spanning tree portfast trunk interface configuration command The spanning tree portfast command is not supported on trunk ports You can enable this feature when the switch is operating in the per VLAN spanning tree plus PVST rapid PVST or the multiple spanning tree MST mode This feature affects all VLANs on the interface An interf...

Page 828: ...ption show running config Displays the current operating configuration For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Management Commands spanning tree bpdufilter Prevents an interface from sending or receiving bridge protocol data units BPDUs spanning tree bpduguard Puts an interface in the error disabl...

Page 829: ...age Guidelines Increasing the transmit hold count value can have a significant impact on CPU utilization when the switch is in rapid per VLAN spanning tree plus rapid PVST mode Decreasing this value might slow down convergence We recommend using the default setting Examples This example shows how to set the transmit hold count to 8 Switch config spanning tree transmit hold count 8 You can verify y...

Page 830: ...is automatically enabled or disabled on all nonstack port interfaces CSUF accelerates the choice of a new root port when a link or switch fails or when spanning tree reconfigures itself When UplinkFast is enabled the switch priority of all VLANs is set to 49152 If you change the path cost to a value less than 3000 and you enable UplinkFast or UplinkFast is already enabled the path cost of all inte...

Page 831: ...d in the root inconsistent state blocked and prevented from reaching the forwarding state If you set the max update rate to 0 station learning frames are not generated so the spanning tree topology converges more slowly after a loss of connectivity Examples This example shows how to enable UplinkFast Switch config spanning tree uplinkfast You can verify your setting by entering the show spanning t...

Page 832: ...time specifies how long each of the listening and learning states last before the interface begins forwarding The range is 4 to 30 seconds hello time seconds Optional Set the interval between hello bridge protocol data units BPDUs sent by the root switch configuration messages The range is 1 to 10 seconds max age seconds Optional Set the interval between messages the spanning tree receives from th...

Page 833: ...e spanning tree vlan vlan id root command should be used only on backbone switches When you enter the spanning tree vlan vlan id root command the software checks the switch priority of the current root switch for each VLAN Because of the extended system ID support the switch sets the switch priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the spe...

Page 834: ...iameter 4 This example shows how to configure the switch as the secondary root switch for VLAN 10 with a network diameter of 4 Switch config spanning tree vlan 10 root secondary diameter 4 You can verify your settings by entering the show spanning tree vlan vlan id privileged EXEC command Related Commands Command Description show spanning tree vlan Displays spanning tree information spanning tree ...

Page 835: ...as configured on each end of the link which could result in a duplex setting mismatch If both ends of the line support autonegotiation we highly recommend the default autonegotiation settings If one interface supports autonegotiation and the other end does not do use the auto setting on the supported side but set the duplex and speed on the other side Caution Changing the interface speed and duple...

Page 836: ...witch config if speed 100 This example shows how to set a port to autonegotiate at only 10 Mb s Switch config interface gigabitethernet1 0 1 Switch config if speed auto 10 This example shows how to set a port to autonegotiate at only 10 or 100 Mb s Switch config interface gigabitethernet1 0 1 Switch config if speed auto 10 100 You can verify your settings by entering the show interfaces privileged...

Page 837: ...ps to 80 percent of the connected speed These values are not exact because the hardware adjusts the line rate in increments of six This command is not available on a 10 Gigabit Ethernet interface Note The egress queue default settings are suitable for most situations You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your quali...

Page 838: ...ices Code Point DSCP values to an egress queue or maps DSCP values to a queue and to a threshold ID mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation for the queue set queue set Maps a port to a queue set show mls qos interface queueing Displays QoS information srr queue bandwidth ...

Page 839: ... a smoother output over time The shaped mode overrides the shared mode If you configure a shaped queue weight to 0 by using the srr queue bandwidth shape interface configuration command this queue participates in shared mode The weight specified with the srr queue bandwidth shape command is ignored and the weights specified with the srr queue bandwidth share interface configuration command for a q...

Page 840: ...f srr queue bandwidth share 4 4 4 4 You can verify your settings by entering the show mls qos interface interface id queueing privileged EXEC command Related Commands Command Description mls qos queue set output buffers Allocates buffers to a queue set mls qos srr queue output cos map Maps class of service CoS values to an egress queue or maps CoS values to a queue and to a threshold ID mls qos sr...

Page 841: ...bandwidth is guaranteed at this level but not limited to it For example if a queue empties and does not require a share of the link the remaining queues can expand into the unused bandwidth and share it among themselves If you configure a shaped queue weight to 0 by using the srr queue bandwidth shape interface configuration command this queue participates in SRR shared mode The weight specified w...

Page 842: ...mls qos interface interface id queueing privileged EXEC command Related Commands Command Description mls qos queue set output buffers Allocates buffers to a queue set mls qos srr queue output cos map Maps class of service CoS values to an egress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue output dscp map Maps Differentiated Services Code Point DSCP values to an egre...

Page 843: ...xplicit value for this command Command Modes Global configuration Command History Usage Guidelines The MAC address of the switch stack is determined by the MAC address of the stack master In the default state persistent MAC address disabled if a new switch becomes stack master the stack MAC address changes to the MAC address of the new stack master When persistent MAC address is enabled the stack ...

Page 844: ... stack mac persistent timer WARNING Use of an explicit timer value with the command is recommended WARNING Default value of 4 minutes is being used WARNING The stack continues to use the base MAC of the old Master WARNING as the stack MAC after a master switchover until the MAC WARNING persistency timer expires During this time the Network WARNING Administrators must make sure that the old stack m...

Page 845: ...stency wait time and the number of minutes appears in the output Related Commands Command Description show running config Displays the current operating configuration including stack MAC persistency wait time if persistent MAC address is configured For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configuration File Managemen...

Page 846: ...ntage of total bandwidth of the port level Rising suppression level up to two decimal places The range is 0 00 to 100 00 Block the flooding of storm packets when the value specified for level is reached level low Optional Falling suppression level up to two decimal places The range is 0 00 to 100 00 This value must be less than or equal to the rising suppression value If you do not configure a fal...

Page 847: ...otocol data unit BDPU and Cisco Discovery Protocol CDP frames are blocked However the switch does not differentiate between routing updates such as Open Shortest Path First OSPF and regular multicast data traffic so both types of traffic are blocked The trap and shutdown options are independent of each other level pps pps pps low Specify the rising and falling suppression levels as a rate in packe...

Page 848: ...e to the EtherChannel physical interfaces When a broadcast storm occurs and the action is to filter traffic the switch blocks only broadcast traffic For more information see the software configuration guide for this release Examples This example shows how to enable broadcast storm control with a 75 5 percent rising suppression level Switch config if storm control broadcast level 75 5 This example ...

Page 849: ...are connected through their StackWise ports but some are not in the ready state Some members are not connected through the StackWise ports If you enter the switch stack member number stack port port number disable privileged EXEC command and The stack is in the full ring state you can disable only one StackWise port This message appears Enabling disabling a stack port may cause undesired stack cha...

Page 850: ...t 3750 Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands switch Related Commands Command Description show switch Displays information about the switch stack and the stack members ...

Page 851: ... change the stack master immediately Examples This example shows how to change the priority value of stack member 6 to 9 Switch config switch 6 priority 9 Changing the Switch Priority of Switch Number 6 to 9 Do you want to continue confirm Related Commands stack member number Specify the current stack member number The range is 1 to 9 priority new priority value Specify the new stack member priori...

Page 852: ...if you do not also change the switch type If the switch type of the provisioned switch does not match the switch type in the provisioned configuration on the stack the switch stack applies the default configuration to the provisioned switch and adds it to the stack The switch stack displays a message when it applies the default configuration Provisioned information appears in the running configura...

Page 853: ...ou also can enter the show switch user EXEC command to display the provisioning status of the switch stack This example shows how to delete all configuration information about a stack member 5 when the switch is removed from the stack Switch config no switch 5 provision You can verify that the provisioned switch is added to or removed from the running configuration by entering the show running con...

Page 854: ...ult configuration For more information about stack member numbers and configurations see the software configuration guide Do not use the switch current stack member number renumber new stack member number command on a provisioned switch If you do the command is rejected Use the reload slot current stack member number privileged EXEC to reload the stack member and to apply this configuration change...

Page 855: ...mmands switch renumber Related Commands Command Description reload Reloads the stack member and puts a configuration change into effect session Accesses a specific stack member switch Changes the stack member priority value show switch Displays information about the switch stack and its stack members ...

Page 856: ...Command History Usage Guidelines Entering the no switchport command shuts the port down and then re enables it which might generate messages on the device to which the port is connected In Release 12 2 20 SE and later when you put an interface that is in Layer 2 mode into Layer 3 mode or the reverse the previous configuration information related to the affected interface might be lost and the inte...

Page 857: ... not used on platforms that do not support Cisco routed ports All physical ports on such platforms are assumed to be Layer 2 switched interfaces You can verify the switchport status of an interface by entering the show running config privileged EXEC command Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting p...

Page 858: ...odes Interface configuration Command History Usage Guidelines The no switchport access command resets the access mode VLAN to the appropriate default VLAN for the device The port must be in access mode before the switchport access vlan command can take effect An access port can be assigned to only one VLAN The VMPS server such as a Catalyst 6000 series switch must be configured before a port is co...

Page 859: ...c access ports can only be in one VLAN and do not use VLAN tagging Dynamic access ports cannot be configured as Members of an EtherChannel port group dynamic access ports cannot be grouped with any other port including other dynamic ports Source or destination ports in a static address entry Monitor ports Examples This example shows how to change a switched port interface that is operating in acce...

Page 860: ...e up at least one port in the VLAN must be up and forwarding You can use the switchport autostate exclude command to exclude a port from the SVI interface line state up or down calculation For example you might exclude a monitoring port from the calculations so that the VLAN is not considered up when only the monitoring port is active When you enter the switchport autostate exclude command on a po...

Page 861: ...istrative private vlan trunk normal VLANs none Administrative private vlan trunk associations none Administrative private vlan trunk mappings none Operational private vlan none Trunking VLANs Enabled ALL Pruning VLANs Enabled 2 1001 Capture Mode Disabled Capture VLANs Allowed ALL Autostate mode exclude Related Commands Command Description show interfaces interface id switchport Displays the admini...

Page 862: ...ommand Modes Interface configuration FastEthernet FastEthernet IEEE 802 3 port name Valid range is 0 to 9 GigabitEthernet GigabitEthernet IEEE 802 3z port name Valid range is 0 to 9 Port channel Ethernet Channel of interface Valid range is 0 to 48 TenGigabitEthernet Ten Gigabit Ethernet port name Valid range is 0 to 9 interface id Specify that the Layer 2 interface to act as a backup link to the i...

Page 863: ...ther of the links can be a port that belongs to an EtherChannel However you can configure two port channels EtherChannel logical interfaces as Flex Links and you can configure a port channel and a physical interface as Flex Links with either the port channel or the physical interface as the active link If STP is configured on the switch Flex Links do not participate in STP in all valid VLANs If ST...

Page 864: ...e configured on the switch Switch config interface gigabitEthernet 1 0 6 Switch config if switchport backup interface gigabitEthernet 1 0 8 prefer vlan 60 100 120 When both interfaces are up Gi1 0 6 forwards traffic for VLANs 1 to 50 and Gi1 0 8 forwards traffic for VLANs 60 and 100 to 120 Switch show interfaces switchport backup Switch Backup Interface Pairs Active Interface Backup Interface Stat...

Page 865: ...warding state on the interface that has just come up In this example if interface Gi1 0 6 comes up VLANs preferred on this interface are blocked on the peer interface Gi1 0 8 and forwarded on Gi1 0 6 Switch show interfaces switchport backup Switch Backup Interface Pairs Active Interface Backup Interface State GigabitEthernet1 0 6 GigabitEthernet1 0 8 Active Up Backup Up Vlans Preferred on Active I...

Page 866: ...d You can verify your setting by entering the show interfaces switchport backup detail privileged EXEC command Switch show interfaces switchport backup detail Switch Backup Interface Pairs Active Interface Backup Interface State GigabitEthernet1 0 11 GigabitEthernet1 0 12 Active Up Backup Standby Preemption Mode off Multicast Fast Convergence On Bandwidth 1000000 Kbit Gi1 0 11 1000000 Kbit Gi1 0 1...

Page 867: ...wn multicast or unicast traffic is not blocked on a protected port there could be security issues Blocking unknown multicast or unicast traffic is not automatically enabled on protected ports you must explicitly configure it For more information about blocking packets see the software configuration guide for this release Examples This example shows how to block unknown multicast traffic on an inte...

Page 868: ... Because spanning tree Port Fast is enabled you should enter the switchport host command only on ports that are connected to a single host Connecting other switches hubs concentrators or bridges to a fast start port can cause temporary spanning tree loops Enable the switchport host command to decrease the time that it takes to start up packet forwarding Examples This example shows how to optimize ...

Page 869: ... negotiates to convert the link into a trunk link even if the interface connecting to it does not agree to the change access Set the port to access mode either static access or dynamic access depending on the setting of the switchport access vlan interface configuration command The port is set to access unconditionally and operates as a nontrunking single VLAN interface that sends and receives non...

Page 870: ...e protocol inside the IEEE 802 1Q header This restriction applies to router ACLs port ACLs and VLAN maps Configuring a port as an IEEE 802 1Q tunnel port has these limitations IP routing and fallback bridging are not supported on tunnel ports Tunnel ports do not support IP ACLs If an IP ACL is applied to a trunk port in a VLAN that includes tunnel ports or if a VLAN map is applied to a VLAN that i...

Page 871: ... IEEE 802 1Q tunnel port Switch config interface gigabitethernet2 0 1 Switch config if switchport mode dot1q tunnel You can verify your settings by entering the show interfaces interface id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows Related Commands Command Description show interfaces switchport Displays the administrative and ...

Page 872: ...gure a SPAN destination port as a private VLAN host or promiscuous port the port becomes inactive Do not configure private VLAN on ports with these other features Dynamic access port VLAN membership Dynamic Trunking Protocol DTP Port Aggregation Protocol PAgP Link Aggregation Control Protocol LACP Multicast VLAN Registration MVR Voice VLAN A private VLAN port cannot be a SPAN destination port Whil...

Page 873: ... host port you should also enable BPDU guard and Port Fast by using the spanning tree portfast bpduguard default global configuration command and the spanning tree portfast interface configuration command Switch configure terminal Switch config interface fastethernet 1 0 1 Switch config if switchport mode private vlan host Switch config if switchport private vlan host association 20 501 Switch con...

Page 874: ... using the switchport mode access or the switchport mode trunk interface configuration command This command returns an error if you attempt to execute it in dynamic auto or desirable mode Internetworking devices that do not support DTP might forward DTP frames improperly and cause misconfigurations To avoid this you should turn off DTP by using the switchport no negotiate command to configure the ...

Page 875: ...n the mode set Switch config interface gigabitethernet2 0 1 Switch config if switchport nonegotiate You can verify your setting by entering the show interfaces interface id switchport privileged EXEC command Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection se...

Page 876: ...tional secure MAC addresses up to the maximum value configured vlan vlan id Optional On a trunk port only specify the VLAN ID and the MAC address If no VLAN ID is specified the native VLAN is used vlan access Optional On an access port only specify the VLAN as an access VLAN vlan voice Optional On an access port only specify the VLAN as a voice VLAN Note The voice keyword is available only if voic...

Page 877: ...op below the maximum value or increase the number of maximum allowable addresses You are not notified that a security violation has occurred Note We do not recommend configuring the protect mode on a trunk port The protect mode disables learning when any VLAN reaches its maximum limit even if the port has not reached its maximum limit restrict Set the security violation restrict mode In this mode ...

Page 878: ...viously configured value If the new value is less than the previous value and the number of configured secure addresses on the interface exceeds the new value the command is rejected The switch does not support port security aging of sticky secure MAC addresses A security violation occurs when the maximum number of secure MAC addresses are in the address table and a station whose MAC address is no...

Page 879: ...ey are lost If sticky learning is disabled the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration If you disable sticky learning and enter the switchport port security mac address sticky mac address interface configuration command an error message appears and the sticky secure MAC address is not added to the running configuration Ex...

Page 880: ...ption clear port security Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface show port security address Displays all the secure addresses configured on the switch show port security interface interface id Displays port security configuration for the switch or for the specified interface ...

Page 881: ...ed time access to particular secure addresses set the aging type as absolute When the aging time lapses the secure addresses are deleted To allow continuous access to a limited number of secure addresses set the aging type as inactivity This removes the secure address when it become inactive and other addresses can become secure To allow unlimited access to a secure address configure it as a secur...

Page 882: ...on the port Switch config interface gigabitethernet1 0 2 Switch config if switchport port security aging time 2 Switch config if switchport port security aging type inactivity Switch config if switchport port security aging static This example shows how to disable aging for configured secure addresses Switch config interface gigabitethernet1 0 2 Switch config if no switchport port security aging s...

Page 883: ...the configuration to the Cisco IP Phone CDP is enabled by default globally and on all switch interfaces You should configure voice VLAN on switch access ports You can configure a voice VLAN only on Layer 2 ports Before you enable voice VLAN we recommend that you enable quality of service QoS on the switch by entering the mls qos global configuration command and configure the port trust state to tr...

Page 884: ...50 Switch Cisco IOS Commands switchport priority extend Related Commands Command Description show interfaces Displays the administrative and operational status of a switching nonrouting port switchport voice vlan vlan id dot1p none untagged Configures the voice VLAN on the port ...

Page 885: ...port mode private vlan host promiscuous interface configuration command If the port is in private VLAN host or promiscuous mode but the VLANs do not exist the command is allowed but the port is made inactive The secondary_vlan_list parameter cannot contain spaces It can contain multiple comma separated items Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs The li...

Page 886: ...ost port and associate it with primary VLAN 20 and secondary VLAN 501 Switch configure terminal Switch config interface fastethernet 1 0 1 Switch config if switchport mode private vlan host Switch config if switchport private vlan host association 20 501 Switch config if end This example shows how to configure an interface as a private VLAN promiscuous port and map it to a primary VLAN and seconda...

Page 887: ...d configure a trunk link between the switches A protected port is different from a secure port A protected port does not forward any traffic unicast multicast or broadcast to any other port that is also a protected port Data traffic cannot be forwarded between protected ports at Layer 2 only control traffic such as PIM packets is forwarded because these packets are processed by the CPU and forward...

Page 888: ...ds switchport protected Syntax Description Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection settings switchport block Prevents unknown multicast or unicast traffic on the interface ...

Page 889: ... with a comma use a hyphen to designate a range of IDs remove removes the defined list of VLANs from those currently set instead of replacing the list Valid IDs are from 1 to 1005 extended range VLAN IDs are valid in some cases Note You can remove extended range VLANs from the allowed VLAN list but you cannot remove them from the pruning eligible list allowed vlan vlan list Set the list of allowed...

Page 890: ...Ds except lists the VLANs that should be calculated by inverting the defined list of VLANs VLANs are added except the ones specified Valid IDs are from 1 to 1005 Separate nonconsecutive VLAN IDs with a comma use a hyphen to designate a range of IDs vlan atom is either a single VLAN number from 1 to 4094 or a continuous range of VLANs described by two VLAN numbers the lesser one first separated by ...

Page 891: ... with the native VLAN configured for the port If a packet has a VLAN ID that is the same as the sending port native VLAN ID the packet is sent without a tag otherwise the switch sends the packet with a tag The no form of the native vlan command resets the native mode VLAN to the appropriate default VLAN for the device Allowed VLAN To reduce the risk of spanning tree loops or storms you can disable...

Page 892: ...interface gigabitethernet1 0 2 Switch config if switchport trunk native vlan 3 This example shows how to add VLANs 1 2 5 and 6 to the allowed list Switch config interface gigabitethernet1 0 2 Switch config if switchport trunk allowed vlan add 1 2 5 6 This example shows how to remove VLANs 3 and 10 to 15 from the pruning eligible list Switch config interface gigabitethernet1 0 2 Switch config if sw...

Page 893: ...Cisco IP phone Examples This example shows how to enable switchport voice detect on the switch Switch config interface fastethernet 1 0 1 Switch config if switchport voice detect cisco phone This example shows how to disable switchport voice detect on the switch Switch config interface fastethernet 1 0 1 Switch config if no switchport voice detect cisco phone You can verify your settings by enteri...

Page 894: ... the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command When you enter a VLAN ID the IP phone forwards voice traffic in IEEE 802 1Q frames tagged with the specified VLAN ID The switch puts IEEE 802 1Q voice traffic in the voice VLAN When you select dot1q none or untagged the switch puts the indicated vo...

Page 895: ...bled on the access VLAN dynamic port security is automatically enabled on the voice VLAN You cannot configure static secure MAC addresses in the voice VLAN A voice VLAN port cannot be a private VLAN port The Port Fast feature is automatically enabled when voice VLAN is configured When you disable voice VLAN the Port Fast feature is not automatically disabled Examples This example shows how to conf...

Page 896: ...switches this command is only valid on these switches Catalyst 3750G 48TS Catalyst 3750G 48PS Catalyst 3750G 24TS 1U Catalyst 3750G 24PS You cannot configure the green and red thresholds but can configure the yellow threshold Use the system env temperature threshold yellow value global configuration command to specify the difference between the yellow and red thresholds and to configure the yellow...

Page 897: ... thresholds as 15 by using the system env temperature threshold yellow 15 command Note The internal temperature sensor in the switch measures the internal system temperature and might vary 5 degrees C Examples This example sets 15 as the difference between the yellow and red thresholds Switch config system env temperature threshold yellow 15 Switch config Related Commands Command Description show ...

Page 898: ...witch environmental variable in NVRAM and becomes effective when the switch reloads Unlike the system MTU routing configuration the MTU settings you enter with the system mtu and system mtu jumbo commands are not saved in the switch IOS configuration file even if you enter the copy running config startup config privileged EXEC bytes Set the system MTU for ports that are set to 10 or 100 Mb s The r...

Page 899: ...ort setting the MTU on a per interface basis The size of frames that can be received by the switch CPU is limited to 1998 bytes regardless of the value entered with the system mtu command Although forwarded or routed frames are usually not received by the CPU some packets for example control traffic SNMP Telnet and routing protocols are sent to the CPU Because the switch does not fragment packets ...

Page 900: ... interface interface id privileged EXEC command to display the results Examples This example shows how to run TDR on an interface Switch test cable diagnostics tdr interface gigabitethernet1 0 2 TDR test started on interface Gi1 0 2 A TDR test can take a few seconds to run on an interface Use show cable diagnostics tdr to read the TDR results If you enter the test cable diagnostics tdr interface i...

Page 901: ... the specified source and destination addresses belong to the same VLAN If you specify source and destination addresses that belong to different VLANs the Layer 2 path is not identified and an error message appears If the source or destination MAC address belongs to multiple VLANs you must specify the VLAN to which both the source and destination MAC addresses belong If the VLAN is not specified t...

Page 902: ...2 Layer 2 trace completed This example shows how to display the Layer 2 path by specifying the interfaces on the source and destination switches Switch traceroute mac interface fastethernet0 1 0000 0201 0601 interface fastethernet0 3 0000 0201 0201 Source 0000 0201 0601 found on con6 WS C3750 12T 2 2 6 6 con6 2 2 6 6 Gi0 0 1 Gi0 0 3 con5 2 2 5 5 Gi0 0 3 Gi0 0 1 con1 2 2 1 1 Gi0 0 1 Gi0 0 2 con2 2 ...

Page 903: ...ws the Layer 2 path when the destination MAC address is a multicast address Switch traceroute mac 0000 0201 0601 0100 0201 0201 Invalid destination mac address This example shows the Layer 2 path when source and destination switches belong to multiple VLANs Switch traceroute mac 0000 0201 0601 0000 0201 0201 Error Mac found on multiple vlans Layer2 trace aborted Related Commands Command Descriptio...

Page 904: ...aceroute mac ip command output shows the Layer 2 path when the specified source and destination IP addresses are in the same subnet When you specify the IP addresses the switch uses Address Resolution Protocol ARP to associate the IP addresses with the corresponding MAC addresses and the VLAN IDs If an ARP entry exists for the specified IP address the switch uses the associated MAC address and ide...

Page 905: ... 24 EI 2 2 5 5 Fa0 3 auto auto Gi0 1 auto auto con1 WS C3550 12G 2 2 1 1 Gi0 1 auto auto Gi0 2 auto auto con2 WS C3550 24 2 2 2 2 Gi0 2 auto auto Fa0 1 auto auto Destination 0000 0201 0201 found on con2 WS C3550 24 2 2 2 2 Layer 2 trace completed This example shows how to display the Layer 2 path by specifying the source and destination hostnames Switch traceroute mac ip con6 con2 Translating IP t...

Page 906: ... configuration command within the same policy map If you specify trust cos QoS uses the received or default port CoS value and the CoS to DSCP map to generate a DSCP value for the packet If you specify trust dscp QoS uses the DSCP value from the ingress packet For non IP packets that are tagged QoS uses the received CoS value for non IP packets that are untagged QoS uses the default port CoS value...

Page 907: ...te to trust incoming DSCP values for traffic classified with class1 Switch config policy map policy1 Switch config pmap class class1 Switch config pmap c trust dscp Switch config pmap c police 1000000 20000 exceed action policed dscp transmit Switch config pmap c exit You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description class Def...

Page 908: ...fic on fiber optic and twisted pair links and due to misconnected interfaces on fiber optic links For information about normal and aggressive modes see the Understanding UDLD section in the software configuration guide for this release If you change the message time between probe packets you are making a trade off between the detection speed and the CPU load By decreasing the time you can make the...

Page 909: ...ration command to re enable UDLD on the specified interface The errdisable recovery cause udld and errdisable recovery interval interval global configuration commands to automatically recover from the UDLD error disabled state Examples This example shows how to enable UDLD on all fiber optic interfaces Switch config udld enable You can verify your setting by entering the show udld privileged EXEC ...

Page 910: ...ult and aggressive In normal mode UDLD detects unidirectional links due to misconnected interfaces on fiber optic connections In aggressive mode UDLD also detects unidirectional links due to one way traffic on fiber optic and twisted pair links and due to misconnected interfaces on fiber optic links For information about normal and aggressive modes see the Configuring UDLD chapter in the software ...

Page 911: ...d state Examples This example shows how to enable UDLD on an port Switch config interface gigabitethernet6 0 1 Switch config if udld port This example shows how to disable UDLD on a fiber optic interface despite the setting of the udld global configuration command Switch config interface gigabitethernet6 0 1 Switch config if no udld port You can verify your settings by entering the show running co...

Page 912: ...reason if the problem has not been corrected Examples This example shows how to reset all interfaces disabled by UDLD Switch udld reset 1 ports shutdown by UDLD were reset You can verify your setting by entering the show udld privileged EXEC command Related Commands Release Modification 12 1 11 AX This command was introduced Command Description show running config Displays the running configuratio...

Page 913: ...command to put the switch in VTP transparent mode Extended range VLANs are not learned by VTP and are not added to the VLAN database but when VTP mode is transparent VTP mode and domain name and all VLAN configurations are saved in the running configuration and you can save them in the switch startup configuration file When you save the VLAN and VTP configurations in the startup configuration file...

Page 914: ...F mode for this VLAN disable backup CRF mode for this VLAN the default bridge bridge number type specifies the logical distributed source routing bridge the bridge that interconnects all logical rings having this VLAN as a parent VLAN in FDDI NET Token Ring NET and TrBRF VLANs The range is 0 to 15 The default bridge number is 0 no source routing bridge for FDDI NET TrBRF and Token Ring NET VLANs T...

Page 915: ...e remote span command for more information ring ring number defines the logical ring for an FDDI Token Ring or TrCRF VLAN The range is 1 to 4095 The default for Token Ring VLANs is 0 For FDDI VLANs there is no default said said value specifies the security association identifier SAID as documented in IEEE 802 10 The range is 1 to 4294967294 and the number must be unique within the administrative d...

Page 916: ...ng concentrator relay function TrCRF VTP v2 mode is enabled name vlan name media tokenring state suspend active said said value mtu mtu size ring ring number parent parent vlan id bridge type srb srt are are number ste ste number backupcrf enable disable tb vlan1 tb vlan1 id tb vlan2 tb vlan2 id Token Ring NET VTP v1 mode is enabled name vlan name media tr net state suspend active said said value ...

Page 917: ...fig vtp mode transparent Switch config vlan 2000 Switch config vlan end Switch copy running config startup config You can verify your setting by entering the show vlan privileged EXEC command Related Commands VTP v2 mode is enabled and you are configuring a TrBRF VLAN media type Specify a bridge number Do not leave this field blank VTP v1 mode is enabled No VLAN can have an STP type set to auto Th...

Page 918: ...Switch Cisco IOS Commands vlan global configuration Command Description show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN ID or name is specified in the administrative domain vlan VLAN configuration Configures normal range VLANs in the VLAN database ...

Page 919: ... tb vlan2 id Extended range VLANs with VLAN IDs from 1006 to 4094 cannot be added or modified by using these commands To add extended range VLANs use the vlan global configuration command to enter config vlan mode Note The switch supports only Ethernet ports You configure only FDDI and Token Ring media specific characteristics for VLAN Trunking Protocol VTP global advertisements to other switches ...

Page 920: ...hen defining a TrCRF The range is 0 to 1005 ring ring number Optional Specify the logical ring for an FDDI Token Ring or TrCRF VLAN The range is 1 to 4095 said said value Optional Enter the security association identifier SAID as documented in IEEE 802 10 The range is 1 to 4294967294 and the number must be unique within the administrative domain state suspend active Optional Specify the VLAN state...

Page 921: ... vlan2 tb vlan2 id Token Ring concentrator relay function TrCRF VTP v2 mode is enabled vlan vlan id name vlan name media tokenring state suspend active said said value mtu mtu size ring ring number parent parent vlan id bridge type srb srt are are number ste ste number backupcrf enable disable tb vlan1 tb vlan1 id tb vlan2 tb vlan2 id Token Ring NET VTP v1 mode is enabled vlan vlan id name vlan na...

Page 922: ...s the default is no type specified The tb vlan1 id and tb vlan2 id variables are zero no translational bridging Command Modes VLAN configuration VTP v2 mode is enabled and you are configuring a TrBRF VLAN media type Specify a bridge number Do not leave this field blank VTP v1 mode is enabled No VLAN can have an STP type set to auto This rule applies to Ethernet FDDI FDDI NET Token Ring and Token R...

Page 923: ...leted Deleting VLANs automatically resets to zero any other parent VLANs and translational bridging parameters that see the deleted VLAN When the no vlan vlan id bridge form is used the VLAN source routing bridge number returns to the default 0 The vlan vlan id bridge command is used only for FDDI NET and Token Ring NET VLANs and is ignored in other VLAN types When the no vlan vlan id media form i...

Page 924: ...o add an Ethernet VLAN with default media characteristics The default includes a vlan name of VLANxxx where xxxx represents four numeric digits including leading zeros equal to the VLAN ID number The default media option is ethernet the state option is active The default said value variable is 100000 plus the VLAN ID the mtu size variable is 1500 the stp type option is ieee When you enter the exit...

Page 925: ...or IP or non IP traffic to match and use the action command to set whether a match causes the packet to be forwarded or dropped In VLAN access map configuration mode these commands are available action sets the action to be taken forward or drop default sets a command to its defaults exit exits from VLAN access map configuration mode match sets the values to match IP address or MAC address no nega...

Page 926: ...actions to it If no other entries already exist in the map this will be entry 10 Switch config vlan access map vac1 Switch config access map match ip address acl1 Switch config access map action forward This example shows how to delete VLAN map vac1 Switch config no vlan access map vac1 Related Commands Command Description action Sets the action for the VLAN access map entry match access map confi...

Page 927: ...tion command to enter config vlan mode You can also configure VLAN IDs 1 to 1005 by using the vlan global configuration command To return to the privileged EXEC mode from the VLAN configuration mode enter the exit command Note This command mode is different from other modes because it is session oriented When you add delete or modify VLAN parameters the changes are not applied until you exit the s...

Page 928: ...ch and remains in VLAN configuration mode show displays VLAN database information show changes vlan id displays the differences between the VLAN database on the switch and the proposed VLAN database for all normal range VLAN IDs 1 to 1005 or the specified VLAN ID 1 to 1005 show current vlan id displays the VLAN database on the switch or on a selected VLAN 1 to 1005 show proposed vlan id displays t...

Page 929: ...fied State Suspended This example shows how to display the differences between VLAN 7 in the current database and the proposed database Switch vlan show changes 7 MODIFIED VLAN ISL Id 7 Current State Operational Modified State Suspended This is an example of output from the show current 20 command It displays only VLAN 20 of the current database Switch vlan show current 20 VLAN ISL Id 20 Name VLAN...

Page 930: ...ates on an edge switch of a service provider network and expands VLAN space by using a VLAN in VLAN hierarchy and tagging the tagged packets You must use IEEE 802 1Q trunk ports for sending packets to the service provider network However packets going through the core of the service provider network might also be carried on IEEE 802 1Q trunks If the native VLANs of an IEEE 802 1Q trunks match the ...

Page 931: ... Switch Command Reference OL 8552 07 Chapter 2 Catalyst 3750 Switch Cisco IOS Commands vlan dot1q tag native Related Commands Command Description show vlan dot1q tag native Displays IEEE 802 1Q native VLAN tagging status ...

Page 932: ...n process we recommend that you completely define the VLAN access map before applying it to a VLAN For more information about VLAN map entries see the software configuration guide for this release Examples This example applies VLAN map entry map1 to VLANs 20 and 30 Switch config vlan filter map1 vlan list 20 30 This example shows how to delete VLAN map entry mac1 from VLAN 20 Switch config no vlan...

Page 933: ...ter Related Commands Command Description show vlan access map Displays information about a particular VLAN access map or all VLAN access maps show vlan filter Displays information about all VLAN filters or about a particular VLAN or VLAN access map vlan access map Creates a VLAN map entry for VLAN packet filtering ...

Page 934: ...EXEC Command History Examples This example shows how to immediately send VQP queries to the VMPS Switch vmps reconfirm You can verify your setting by entering the show vmps privileged EXEC command and examining the VMPS Action row of the Reconfirmation Status section The show vmps command shows the result of the last time the assignments were reconfirmed either because the reconfirmation timer exp...

Page 935: ... configuration Command History Examples This example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes Switch config vmps reconfirm 20 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Reconfirm Interval row Related Commands interval Reconfirmation interval for VQP client queries to the VLAN Membership Po...

Page 936: ...ault retry count is 3 Command Modes Global configuration Command History Examples This example shows how to set the retry count to 7 Switch config vmps retry 7 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Server Retry Count row Related Commands count Number of attempts to contact the VLAN Membership Policy Server VMPS by the client ...

Page 937: ...ch proxies the VMPS requests The VMPS server treats the cluster as a single switch and uses the IP address of the command switch to respond to requests When using the no form without specifying the ipaddress all configured servers are deleted If you delete all servers when dynamic access ports are present the switch cannot forward packets from new sources on these ports because it cannot query the...

Page 938: ... Catalyst 3750 Switch Cisco IOS Commands vmps server You can verify your setting by entering the show vmps privileged EXEC command and examining information in the VMPS Domain Server row Related Commands Command Description show vmps Displays VQP and VMPS information ...

Page 939: ...ons You cannot configure VLANs on the switch When a VTP client starts up it does not send VTP advertisements until it receives advertisements to initialize its VLAN database server Place the switch in VTP server mode A switch in VTP server mode is enabled for VTP and sends advertisements You can configure VLANs on the switch The switch can recover all the VLAN information in the current VTP databa...

Page 940: ... configuration for the first 1005 VLANs are selected by VLAN database information and VLANs greater than 1005 are configured from the switch configuration file The vtp file filename cannot be used to load a new database it renames only the file in which the existing database is stored Follow these guidelines when configuring a VTP domain name The switch is in the no management domain state until y...

Page 941: ... If extended range VLANs are configured on the switch and you attempt to set the VTP mode to server or client you receive an error message and the configuration is not allowed VTP can be set to either server or client mode only when dynamic VLAN creation is disabled Follow these guidelines when setting a VTP password Passwords are case sensitive Passwords should match on all switches in the same d...

Page 942: ...e name of the interface providing the VTP updater ID for this device Switch config vtp interface gigabitethernet This example shows how to set the administrative domain for the switch Switch config vtp domain OurDomainName This example shows how to place the switch in VTP transparent mode Switch config vtp mode transparent This example shows how to configure the VTP domain password Switch config v...

Page 943: ...ssword can be an ASCII string from 1 to 32 characters The password is case sensitive pruning Enable pruning in the VTP administrative domain VTP pruning causes information about each pruning eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN v2 mode Enable VLAN Trunking Protocol VTP Version 2 in the administrative domains client Place the switch in VTP cli...

Page 944: ...uration changes on a switch in server mode If the receiving switch is in server mode or transparent mode the switch configuration is not changed Switches in transparent mode do not participate in VTP If you make VTP or VLAN configuration changes on a switch in transparent mode the changes are not propagated to other switches in the network If you make a change to the VTP or VLAN configuration on a...

Page 945: ...s should match on all switches in the same domain When the no vtp password form of the command is used the switch returns to the no password state Follow these guidelines when enabling VTP pruning If you enable pruning on the VTP server it is enabled for the entire management domain Only VLANs included in the pruning eligible list can be pruned Pruning is supported with VTP Version 1 and Version 2...

Page 946: ...ord private Setting device VLAN database password to private This example shows how to enable pruning in the proposed new VLAN database Switch vlan vtp pruning Pruning switched ON This example shows how to enable v2 mode in the proposed new VLAN database Switch vlan vtp v2 mode V2 mode enabled You can verify your settings by entering the show vtp status privileged EXEC command Related Commands Com...

Page 947: ...tup process while the switch is powering up and then entering a new password The password recovery disable feature allows the system administrator to protect access to the switch password by disabling part of this functionality and allowing the user to interrupt the bootup process only by agreeing to set the system back to the default configuration With password recovery disabled the user can stil...

Page 948: ...ion in the BOOT environment variable if any If you supply an image name for the file url variable the boot command attempts to boot up the specified image When you set bootloader boot command options they are executed immediately and apply only to the current bootloader session These settings are not saved for the next bootup operation Filenames and directory names are case sensitive Examples This...

Page 949: ...and Reference OL 8552 07 Appendix A Catalyst 3750 Switch Bootloader Commands boot Related Commands Command Description set Sets the BOOT environment variable to boot a specific image when the BOOT keyword is appended to the command ...

Page 950: ...with sample output switch cat flash new images info flash env_vars version_suffix image version version_directory image name image_name image name bin ios_image_file_size 6398464 total_image_file_size 8133632 image_feature IP LAYER_3 PLUS MIN_DRAM_MEG 128 image_family switch family info_end BAUD 57600 MANUAL_BOOT no Related Commands filesystem Alias for a flash file system Use flash for the system...

Page 951: ...ntrol characters spaces deletes slashes quotes semicolons or colons If you are copying a file to a new directory the directory must already exist Examples This example show how to copy a file at the root switch copy flash test1 text flash test4 text File flash test1 text successfully copied to flash test4 text You can verify that the file was copied by entering the dir filesystem bootloader comman...

Page 952: ...le shows how to delete two files switch delete flash test2 text flash test5 text Are you sure you want to delete flash test2 text y n y File flash test2 text deleted Are you sure you want to delete flash test5 text y n y File flash test2 text deleted You can verify that the files were deleted by entering the dir flash bootloader command Related Commands filesystem Alias for a flash file system Use...

Page 953: ... env_vars 9 drwx 768 Mar 01 2002 23 11 42 html 16 rwx 1037 Mar 01 2002 00 01 11 config text 14 rwx 1099 Mar 01 2002 01 14 05 homepage htm 22 rwx 96 Mar 01 2002 00 01 39 system_env_vars 17 drwx 192 Mar 06 2002 23 22 03 imnage name 15998976 bytes total 6397440 bytes free Table A 1 describes the fields in the display filesystem Alias for a flash file system Use flash for the system board flash device...

Page 954: ...50 Switch Bootloader Commands dir Related Commands 1644045 Size of the file date Last modification date env_vars Filename Table A 1 dir Field Descriptions continued Field Description Command Description mkdir Creates one or more directories rmdir Removes one or more directories ...

Page 955: ... or keywords Defaults The flash file system is automatically initialized during normal system operation Command Modes Bootloader Command History Usage Guidelines During the normal bootup process the flash file system is automatically initialized Use this command to manually initialize the flash file system For example you use this command during the recovery procedure for a lost or forgotten passw...

Page 956: ...m and destroy all data in that file system format filesystem Syntax Description Command Modes Bootloader Command History Usage Guidelines Caution Use this command with care it destroys all data on the file system and renders your system unusable filesystem Alias for a flash file system Use flash for the system board flash device Release Modification 12 1 11 AX This command was introduced ...

Page 957: ... then reconnect the power Examples This example shows how to perform an extensive file system check on flash memory switch fsck test flash test Optional Initialize the file system code and perform extra POST on flash memory An extensive nondestructive memory test is performed on every byte that makes up the file system f Optional Initialize the file system code and perform a fast file consistency ...

Page 958: ...help bootloader command to display the available commands help Syntax Description This command has no arguments or keywords Command Modes Bootloader Command History Usage Guidelines You can also use the question mark to display a list of available bootloader commands Release Modification 12 1 11 AX This command was introduced ...

Page 959: ...m heap utilization is 22 percent Top heap utilization is 0 percent Total heap utilization is 22 percent Total bytes 0xa9068 692328 Bytes used 0x26888 157832 Bytes available 0x827e0 534496 Alternate heap utilization is 0 percent Total alternate heap bytes 0x6fd000 7327744 Alternate heap bytes used 0x0 0 Alternate heap bytes available 0x6fd000 7327744 Table A 2 describes the fields in the display Re...

Page 960: ...Stack Beginning and ending address of the area in memory allocated to the software to store automatic variables return addresses and so forth Heap Beginning and ending address of the area in memory that memory is dynamically allocated to and freed from Table A 2 memory Field Descriptions continued Field Description ...

Page 961: ...ctory called Saved_Configs switch mkdir flash Saved_Configs Directory flash Saved_Configs created This example shows how to make two directories switch mkdir flash Saved_Configs1 flash Test Directory flash Saved_Configs1 created Directory flash Test created You can verify that the directory was created by entering the dir filesystem bootloader command Related Commands filesystem Alias for a flash ...

Page 962: ...les switch more flash new images info flash env_vars version_suffix image version version_directory image name c3750 ipservices mz 122 25 SEB image_name image name bin ios_image_file_size 6398464 total_image_file_size 8133632 image_feature IP LAYER_3 PLUS MIN_DRAM_MEG 128switch family info_end BAUD 57600 MANUAL_BOOT no Related Commands filesystem Alias for a flash file system Use flash for the sys...

Page 963: ...lons or colons Filenames are limited to 45 characters the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Examples This example shows a file named config text being renamed to config1 text switch rename flash config text flash config1 text You can verify that the file was renamed by entering the dir filesystem bootloader command Related Commands filesystem...

Page 964: ... the processor registers and memory reset Syntax Description This command has no arguments or keywords Command Modes Bootloader Command History Examples This example shows how to reset the system switch reset Are you sure you want to reset the system y n y System resetting Related Commands Release Modification 12 1 11 AX This command was introduced Command Description boot Loads and boots up an ex...

Page 965: ...you must first delete all the files in the directory The switch prompts you for confirmation before deleting each directory Examples This example shows how to remove a directory switch rmdir flash Test You can verify that the directory was deleted by entering the dir filesystem bootloader command Related Commands filesystem Alias for a flash file system Use flash for the system board flash device ...

Page 966: ...the Break key on the console Valid values are 1 yes on 0 no and off If it is set to 1 yes or on you can interrupt the automatic bootup process by pressing the Break key on the console after the flash file system has initialized HELPER filesystem file url A semicolon separated list of loadable files to dynamically load during the bootloader initialization Helper files extend or patch the functional...

Page 967: ...alue Many environment variables are predefined and have default values Command Modes Bootloader Command History Usage Guidelines Environment variables are case sensitive and must be entered as documented Environment variables that have values are stored in flash memory outside of the flash file system Under normal circumstances it is not necessary to alter the setting of the environment variables ...

Page 968: ...mber new stack member number global configuration command The SWITCH_PRIORITY environment variable can also be set by using the switch stack member number priority priority number global configuration command The bootloader prompt string PS1 can be up to 120 printable characters except the equal sign Examples This example shows how to change the bootloader prompt switch set PS1 loader loader You c...

Page 969: ...tents of two files switch type flash new images info flash env_vars version_suffix image version version_directory image name image_name image name bin ios_image_file_size 6398464 total_image_file_size 8133632 image_feature IP LAYER_3 PLUS MIN_DRAM_MEG 128switch family info_end BAUD 57600 MANUAL_BOOT no Related Commands filesystem Alias for a flash file system Use flash for the system board flash ...

Page 970: ... up the first bootable file that it can find in the flash file system ENABLE_BREAK Decides whether the automatic bootup process can be interrupted by using the Break key on the console after the flash file system has been initialized HELPER A semicolon separated list of loadable files to dynamically load during the bootloader initialization Helper files extend or patch the functionality of the boo...

Page 971: ...t by using the no boot helper global configuration command The CONFIG_FILE environment variable can also be reset by using the no boot config file global configuration command The HELPER_CONFIG_FILE environment variable can also be reset by using the no boot helper config file global configuration command The bootloader prompt string PS1 can be up to 120 printable characters except the equal sign ...

Page 972: ...ay the bootloader version version Syntax Description This command has no arguments or keywords Command Modes Bootloader Command History Examples This example shows how to display the bootloader version switch version C3750 Boot Loader C3750 HBOOT M Version 12 1 11 AX Compiled Wed 05 Mar 08 10 11 by engineer Release Modification 12 1 11 AX This command was introduced ...

Page 973: ...ed only under the guidance of Cisco technical support staff Caution Because debugging output is assigned high priority in the CPU process it can render the system unusable For this reason use the debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff It is best to use the debug commands during periods of lower network traffic and...

Page 974: ...session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Examples This example shows how to display the QoS ...

Page 975: ...os srr queue input dscp map queue 2 threshold 3 40 41 42 43 44 45 46 47 21 29 47 mls qos srr queue output dscp map queue 1 threshold 3 40 41 42 43 44 45 46 47 21 29 47 mls qos srr queue output dscp map queue 2 threshold 3 24 25 26 27 28 29 30 31 21 29 47 mls qos srr queue output dscp map queue 2 threshold 3 48 49 50 51 52 53 54 55 21 29 48 mls qos srr queue output dscp map queue 2 threshold 3 56 5...

Page 976: ...enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session ...

Page 977: ...ion rpc Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Related Commands all Display all CISP debug messages errors Display CISP debug messages events Display CISP event debug messages packets Display CISP packet debug messages sync Display CISP operational synchronization debug messages Release Modification 12 2 50 SE This command was introduced Com...

Page 978: ...a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session discovery Display cluster discovery debug message...

Page 979: ...ing Displays information about the types of debugging that are enabled show cluster Displays the cluster status and a summary of the cluster to which the switch belongs show cluster candidates Displays a list of candidate switches when entered on the command switch show cluster members Displays information about cluster members when executed on the command switch ...

Page 980: ...r you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session all Display all IEEE 802 1x authe...

Page 981: ...Switch Debug Commands debug dot1x Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show dot1x Displays IEEE 802 1xstatistics administrative status and operational status for the switch or for the specified port ...

Page 982: ...privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands aggregation Display DTP user message aggregation debug messages all Display all DTP debug messages ...

Page 983: ...k master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all Display all EAP debug messages authenticator Displa...

Page 984: ...o not specify a keyword all debug messages appear The undebug etherchannel command is the same as the no debug etherchannel command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of t...

Page 985: ...7 Appendix B Catalyst 3750 Switch Debug Commands debug etherchannel Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show etherchannel Displays EtherChannel information for the channel ...

Page 986: ...witch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands cdp Display PoE Cisco Discovery Protocol CDP debug messages controller Display PoE con...

Page 987: ... on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without f...

Page 988: ... 07 Appendix B Catalyst 3750 Switch Debug Commands debug interface Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show etherchannel Displays EtherChannel information for the channel ...

Page 989: ...nd When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch t...

Page 990: ...ebug ip verify source packet command is the same as the no debug ip verify source packet command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use th...

Page 991: ...e undebug ip igmp filter command is the same as the no debug ip igmp filter command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote comm...

Page 992: ...delines The undebug ip igmp max groups command is the same as the no debug ip igmp max groups command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can u...

Page 993: ...the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands group Optional Display IGMP snooping group acti...

Page 994: ... can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all Optional Display ...

Page 995: ...g lldp packets command is the same as the no debug lldp packets command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack me...

Page 996: ...n command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master s...

Page 997: ...When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to e...

Page 998: ...on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You canalso use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without fir...

Page 999: ... you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session all Display all SPAN debug message...

Page 1000: ... B Catalyst 3750 Switch Debug Commands debug monitor Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show monitor Displays information about all SPAN and remote SPAN RSPAN sessions on the switch ...

Page 1001: ...ing it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a m...

Page 1002: ...nce OL 8552 07 Appendix B Catalyst 3750 Switch Debug Commands debug mvrdbg Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show mvr Displays the current MVR configuration ...

Page 1003: ...EXEC Command History Usage Guidelines The undebug nmsp command is the same as the no debug nmsp command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can...

Page 1004: ...me as the no debug nvram command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC comman...

Page 1005: ...y using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all Optional Display all PAgP debug messages dual active Optional...

Page 1006: ...session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all Display all ACL manager debug ...

Page 1007: ...ory Usage Guidelines The undebug platform backup interface command is the same as the no platform debug backup interface command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the ...

Page 1008: ...o enable debugging on a stack member start a session from the stack master by using the session switch number privileged EXEC command and enter enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number line privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session R...

Page 1009: ... History Usage Guidelines The undebug platform cli redirection main command is the same as the no debug platform cli redirection main command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line p...

Page 1010: ...abled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch...

Page 1011: ...about packets received by the core based tree to shortest path tree cbt to spt queue cpuhub q Display debug messages about packets received by the CPU heartbeat queue host q Display debug messages about packets received by the host queue icmp q Display debug messages about packets received by the Internet Control Message Protocol ICMP queue igmp snooping q Display debug messages about packets rece...

Page 1012: ...le debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Rela...

Page 1013: ...ck master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starti...

Page 1014: ... enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member swi...

Page 1015: ...ing it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a m...

Page 1016: ...dging command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack mast...

Page 1017: ...ging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a ...

Page 1018: ...ommand is the same as the no debug platform frontend controller command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You can also use the remote command stack member num...

Page 1019: ...Related Commands Command Description show platform frontend controller Displays counter and status information for the front end controller manager and subordinate applications and displays the hardware and software information for the front end controller show debugging Displays information about the types of debugging that are enabled ...

Page 1020: ...ebugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related ...

Page 1021: ...k master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all Optional Display all DHCP debug messages error Opti...

Page 1022: ...P snooping destination index di coordination remote procedure call RPC debug messages error Display IGMP snooping error messages event Display IGMP snooping event debug messages group Display IGMP snooping group debug messages mgmt Display IGMP snooping management debug messages pak ip address error ipopt leave query report rx svi tx Display IGMP snooping packet event debug messages The keywords h...

Page 1023: ...command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands rpc cfg l3mm misc vlan Display IGMP snooping remote procedure call RPC event debug messages The keywords have these meanings cfg Optional Display IGMP snooping RPC debug messages l3mm Optional IGMP snooping Layer 3 multicast ro...

Page 1024: ...ade the performance of the switch mdb Display IP multicast debug messages for multicast distributed fast switching MDFS multicast descriptor block mdb events mdfs rp retry Display IP multicast MDFS rendezvous point RP retry event debug messages midb Display IP multicast MDFS multicast interface descriptor block MIDB debug messages mroute rp Display IP multicast RP event debug messages resources Di...

Page 1025: ...nable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session R...

Page 1026: ...tion Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform ip source guard command is the same as the no debug platform ip source guard command Related Commands all Display all IP source guard platform debug messages error Display IP source guard platform error debug messages event Display IP source guard platform event debug messages Re...

Page 1027: ... unicast routing DHCP dynamic address related event debug messages errors Display all IP unicast routing error debug messages including resource allocation failures events Display all IP unicast routing event debug messages including registry and miscellaneous events interface Display IP unicast routing interface event debug messages mpath Display IP unicast routing multi path adjacency programmin...

Page 1028: ...le debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Rela...

Page 1029: ...latform ip wccp command is the same as the no debug platform ip wccp command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command sta...

Page 1030: ...sion from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all Display all platform IPC debug me...

Page 1031: ...ou enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable ...

Page 1032: ...stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session aging Display MAC addr...

Page 1033: ...dix B Catalyst 3750 Switch Debug Commands debug platform matm Related Commands Command Description debug matm Displays information about platform independent MAC address management show debugging Displays information about the types of debugging that are enabled ...

Page 1034: ...nable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debu...

Page 1035: ... messages cablediag Display PHY cable diagnostic debug messages dual purpose Display PHY dual purpose event debug messages flcd configure ipc iter trace Display PHY FLCD debug messages The keywords have these meanings configure Display PHY configure debug messages ipc Display Interprocess Communication Protocol IPC debug messages iter Display iter debug messages trace Display trace debug messages ...

Page 1036: ...ng on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Comman...

Page 1037: ...s exceptions Display system exception debug messages hpm events Display platform port manager event debug messages idb events Display interface descriptor block IDB related events debug messages if numbers Display interface number translation event debug messages ios events Display Cisco IOS event debug messages link status Display interface link detection event debug messages platform Display por...

Page 1038: ...r by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands sync Display operational synchronization and VLAN line state e...

Page 1039: ...ing it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a m...

Page 1040: ... on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without f...

Page 1041: ...stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first sta...

Page 1042: ...debug platform remote commands command is the same as the no debug platform remote commands command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use...

Page 1043: ... stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all ...

Page 1044: ...lines The undebug platform snmp command is the same as the no debug platform snmp command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remot...

Page 1045: ...The undebug platform span command is the same as the no debug platform span command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote comm...

Page 1046: ...nable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session R...

Page 1047: ...r asic command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack mas...

Page 1048: ...able debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debug...

Page 1049: ...g ssram tcam debug platform tcam search debug platform tcam write forw ram reg tcam no debug platform tcam log read search write no debug platform tcam log l2 acl input output local qos no debug platform tcam log l3 acl input output ipv6 acl input output local qos secondary local qos secondary no debug platform tcam read reg ssram tcam no debug platform tcam search no debug platform tcam write for...

Page 1050: ...rds have these meanings acl input output Display input or output ACL look up debug messages ipv6 acl input output local qos secondary Display IPv6 based look up debug messages Options include displaying input or output ACL look up local forwarding look up classification and QoS look up or secondary forwarding look up debug messages local Display local forwarding look up debug messages qos Display ...

Page 1051: ...Switch Command Reference OL 8552 07 Appendix B Catalyst 3750 Switch Debug Commands debug platform tcam Related Commands Command Description show debugging Displays information about the types of debugging that are enabled ...

Page 1052: ... on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without f...

Page 1053: ...ebugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging o...

Page 1054: ...ommand line help strings the scp and pvlan keywords are not supported Defaults Debugging is disabled Command Modes Privileged EXEC Command History all Display all PM debug messages assert Display assert debug messages card Display line card related events debug messages etherchnl Display EtherChannel related events debug messages hatable Display Host Access Table events debug messages messages Dis...

Page 1055: ...ember you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands Command Desc...

Page 1056: ... as the no debug port security command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC ...

Page 1057: ...enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable deb...

Page 1058: ...ssages bpdu opt Display optimized BPDU handling debug messages config Display spanning tree configuration change debug messages csuf csrt Display cross stack UplinkFast and cross stack rapid transition activity debug messages etherchannel Display EtherChannel support debug messages events Display spanning tree topology event debug messages exceptions Display spanning tree exception debug messages ...

Page 1059: ...e session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands Release Modification 12 1 11 AX This command was introduced 12 1 14 EA1 The...

Page 1060: ...fast command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack maste...

Page 1061: ...enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable deb...

Page 1062: ...ommand When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master swit...

Page 1063: ...ing tree MST region and a single spanning tree region running Rapid Spanning Tree Protocol RSTP An MST region and a single spanning tree region running 802 1D An MST region and another MST region with a different configuration bpdu rx Debug the received MST bridge protocol data units BPDUs bpdu tx Debug the sent MST BPDUs errors Debug MSTP errors flush Debug the port flushing mechanism init Debug ...

Page 1064: ...you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands Command Descriptio...

Page 1065: ...ssages for the interface between the spanning tree software module and the port manager software module flush Display debug messages for the shim flush operation general Display general event debug messages helper Display spanning tree helper task debug messages Helper tasks handle bulk spanning tree updates pm Display port manager event debug messages rx Display received bridge protocol data unit...

Page 1066: ...er you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands Command Descrip...

Page 1067: ...ning tree uplinkfast command When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on...

Page 1068: ...he debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session badpmcookies Display debug messages for VLAN manager incidents of bad port manager cookies cfg vlan bootup cli Display config vlan debug messages The ke...

Page 1069: ...mands Command Description show debugging Displays information about the types of debugging that are enabled show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN name or ID is specified in the administrative domain show vtp Displays general information about VTP management domain status and counters ...

Page 1070: ...er the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session When selecting the file read operation Operation 1 reads the file header which contains the header verification word and the file version number Ope...

Page 1071: ... Debug Commands debug sw vlan ifs Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN name or ID is specified in the administrative domain ...

Page 1072: ...ssion from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session accfwdchange Display debug messages for VLAN manager ...

Page 1073: ...ug Commands debug sw vlan notification Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN name or ID is specified in the administrative domain ...

Page 1074: ...d EXEC command on the stack master switch to enable debugging on a member switch without first starting a session events Display debug messages for general purpose logic flow and detailed VTP messages generated by the VTP_LOG_RUNTIME macro in the VTP code packets Display debug messages for the contents of all incoming VTP packets that have been passed into the VTP code from the IOS VTP platform de...

Page 1075: ...ugging messages appear They are generated by the VTP_PRUNING_LOG_NOTICE VTP_PRUNING_LOG_INFO VTP_PRUNING_LOG_DEBUG VTP_PRUNING_LOG_ALERT and VTP_PRUNING_LOG_WARNING macros in the VTP pruning code Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show vtp Displays general information about VTP management domain status and counters...

Page 1076: ...debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session For debug udld events these debugging messages appear General UDLD program logic flow State machine state changes Program actions for the set and clear Err...

Page 1077: ...gth versions TLVs as they are examined by the packet reception code Packet transmission attempts and the outcome For debug udld registries these categories of debugging messages appear Sub block creation Fiber port status changes State change indications from the port manager software MAC address registry calls Related Commands Command Description show debugging Displays information about the type...

Page 1078: ...art a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack master switch to enable debugging on a member switch without first starting a session Related Commands all Optional Display all VQP...

Page 1079: ...ntroller Switch When you enable debugging it is enabled only on the stack master To enable debugging on a stack member you can start a session from the stack master by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EXEC command on the stack ma...

Page 1080: ...B 108 Catalyst 3750 Switch Command Reference OL 8552 07 Appendix B Catalyst 3750 Switch Debug Commands debug platform wireless controller ...

Page 1081: ...nds This appendix describes the show platform privileged EXEC commands that have been created or changed for use with the Catalyst 3750 switch These commands display information helpful in diagnosing and resolving internetworking problems and should be used only under the guidance of Cisco technical support staff ...

Page 1082: ... contain Output appear interface interface id Display per interface ACL manager information for the specified interface The interface can be a physical interface or a VLAN label label number detail Display per label ACL manager information The label number range is 0 to 255 The keyword has this meaning detail Optional Display detailed ACL manager label information statistics asic number Display pe...

Page 1083: ...eshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear interface id Optional Display backup information for all interfaces or the specified interface The interface can be a physical interface or ...

Page 1084: ...pport representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear config output Display the output of the last auto configuration application default Display whether or not the system is running the default configuration running Display a snapshot of the backed up runnin...

Page 1085: ...l support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear flags Display EtherChannel port flags time stamps Display EtherChannel time stamps begin Optional Displ...

Page 1086: ...encapsulation type cos cos Optional Class of service CoS value of the frame The range is 0 to 7 ip src ip dst ip Optional but required for IP packets Source and destination IP addresses in dotted decimal notation frag field Optional The IP fragment field for a fragmented IP packet The range is 0 to 65535 dscp dscp Optional Differentiated Services Code Point DSCP field in the IP header The range is...

Page 1087: ...are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples For examples of the show platform forward command output displays and what they mean see the Troubleshooting chapter of the software configuration guide for this release exclude Optional Display excludes lines that match the expression include Opt...

Page 1088: ...g a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear buffer Display the last 1024 bytes sent from the manager to the subordinate and the reverse generic Display the generic counters that do not specifi...

Page 1089: ...ounters flood vlan vlan id Display IGMP snooping flood information The keyword has this meaning vlan vlan id Optional Display flood information for the specified VLAN The range is 1 to 4094 group ip address Display the IGMP snooping multicast group information where ip address is the IP address of the group hardware Display IGMP snooping information loaded into hardware retry count local count Dis...

Page 1090: ...uld use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear ...

Page 1091: ...ess control list ACL information in particular the number of outgoing VLANs for which router ACLs at the output cannot be applied in hardware counters Display IP multicast counters and statistics groups Display IP multicast routes per group hardware detail Display IP multicast routes loaded into hardware The optional detail keyword is used to show port members in the destination index and route in...

Page 1092: ...p A B C D route Display the hardware resource failures The keywords have these meanings adjacency Display the adjacency entries that failed to be programmed in hardware arp Display the Address Resolution Protocol ARP deletions because of failure and because of retries A B C D Optional Prefix of the ARP entries to display route Display the route entries that failed to be programmed in hardware load...

Page 1093: ... when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Release Modification 12 1 11 AX This command was introduc...

Page 1094: ...ommand Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines that ma...

Page 1095: ...tion Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so begin Optional Display begins with the line that matches the expression exclude Optional Display excludes lines t...

Page 1096: ...use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear detail Display the platform WCCP det...

Page 1097: ...when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear begin Optional Display begins with the line that matches t...

Page 1098: ...kwalk information loadbalance Display backwalk load balance information compress ipv6 prefix prefix length Display IPv6 prefix compression information ipv6 prefix The IPv6 network prefix length The length of the IPv6 network prefix A decimal value from 0 to 128 that shows how many of the high order contiguous bits of the address comprise the prefix the network portion of the address A slash mark m...

Page 1099: ... when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Release Modification 12 2 25 SEA This command was introdu...

Page 1100: ... output the lines that contain output do not appear but the lines that contain Output appear acl Display access control list ACL Layer 4 operators information pacl port asic Display port ACL Layer 4 operators information The keyword has this meaning port asic Optional Port ASIC number qos port asic Display quality of service QoS Layer 4 operators information The keyword has this meaning port asic ...

Page 1101: ... support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear aging array Optional Display the MAC address table aging array hash table Optional Display the MAC address table hash table mac address mac address Optional Display the MAC address table MAC address inf...

Page 1102: ...that contain output do not appear but the lines that contain Output appear application incoming outgoing summary Display application message information The keywords have these meanings incoming Optional Display only information about incoming application messaging requests outgoing Optional Display only information about incoming application messaging requests summary Optional Display summary inf...

Page 1103: ...resentative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear session session number Optional Display SPAN information for the specified SPAN session The range is 1 to 66 begin O...

Page 1104: ...command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear begin Optional Display begins with the line t...

Page 1105: ...splay module counters information group masks Display EtherChannel group masks information idbs active idbs deleted idbs Display interface data block IDB information The keywords have these meanings active idbs Display active IDB information deleted idbs Display deleted and leaked IDB information if numbers Display interface numbers information link status Display local port link status informatio...

Page 1106: ...messages mvid prog parser span stats asic number port number asic number stats drop enqueue miscellaneous supervisor asic number port number asic number transmit port fifo queue supervisor sram asic number port number asic number vct asic number port number asic number version begin exclude include expression Syntax Description cpu queue map table asic number port number asic number Display the CP...

Page 1107: ... cache The keywords have these meanings asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports mac info asic number port number asic number Display the contents of the MAC information register The keywords have these m...

Page 1108: ...for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports receive buffer queue port fifo supervisor sram asic number port number asic number Display receive information The keywords have these meanings buffer queue Display the buffer queue information port fifo Display the port FIFO information supervisor sram Display the supervisor static RAM ...

Page 1109: ... 25 are the ports stats drop enqueue miscellaneous supervisor asic number port number asic number Display raw statistics for the port ASIC The keywords have these meanings drop Display drop statistics enqueue Display enqueue statistics miscellaneous Display miscellaneous statistics supervisor Display supervisor statistics asic number Optional Display information for the specified ASIC The range is...

Page 1110: ...rt number asic number Display the VLAN compression table entries for the specified ASIC or for the specified port and ASIC The keywords have these meanings asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports version...

Page 1111: ...working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear begin Optional Display begins with the line that matches the expr...

Page 1112: ...le if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear label asic number Display QoS label maps for the specified ASIC Optional For asic number the range is 0 to 1 policer parameters asic number port alloc number asic number Display policer information The keywords have these meanings parameters asic number Display parameter information ...

Page 1113: ...is 0 to 65535 med index number Display the multi expansion descriptor table for the specified index The keyword has this meaning index number Optional Display the specified index The range is 0 to 65535 mod Display the resource manager module information msm hash table vlan vlan id mac address mac address vlan vlan id Display the MAC address descriptor table and the station descriptor table inform...

Page 1114: ...ort representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear include Optional Display includes lines that match the specified expression expression Expression in the o...

Page 1115: ...nly when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear begin Optional Display begins with the line that...

Page 1116: ...hnical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear synchronization detail vlan vlan id Display spanning tree state synchronization information The keywords have these meanings detail Optional Display detailed spanning tree information vlan vlan id...

Page 1117: ...rt representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear vlan id Display spanning tree instance information for the specified VLAN The range is 1 to 4094 begin Opti...

Page 1118: ...play all information for the entire switch stack counters Display the stack manager counters trace sdp reverse Display trace information The keywords have these meanings sdp Optional Display Stack Discovery Protocol SDP information reverse Optional Display trace information in reverse chronological order from recent to older chronological sequence trace state reverse Display trace information The ...

Page 1119: ...guration from the stack master and loading it Ready The member has completed loading the system and interface level configurations and can forward traffic Master Re Init The state immediately after a master re election and a different member is elected master The new master is re initializing its configuration This state applies only to the new master Ver Mismatch A switch in version mismatch mode...

Page 1120: ...r Stack Debug Event Data Trace Event type LINK Link status change Event type RAC RAC changes to Not OK Event type SYNC Sync changes to Not OK Event Stack Stack PCS Info Ctrl Status Loopback Cable Count Port IOS HW length Event type LINK OK Stack Port 1 0000000011 1 FF08FF00 860302A5 AA55FFFF FFFFFFFF 1CE61CE6 Yes Yes No cable 0000000011 2 FF08FF00 86031805 55AAFFFF FFFFFFFF 1CE61CE6 Yes Yes No cab...

Page 1121: ... stack ports 0000000013 2 FF08FF00 86031805 55AAFFFF FFFFFFFF 1CE61CE6 Yes Yes No cable This is an example of show platform stack ports history command output Switch show platform stack ports history Switch Lost Sync times Link Changes Port Events Not OK To LinkOK 1 1 0 0 0 1 2 3 4 3 2 1 3 4 3 2 2 0 0 0 3 1 0 0 0 3 2 0 0 0 ...

Page 1122: ...put from the show platform tb command Switch show platform tb Print TB sub block information Fa1 0 2 device Cisco phone current interfaces with TB enabled and the trust device type Current master switch Yes Is this switch the current master switch New elected master No Is the master switch over occurred and this is the new master switch Master ready No Is the Master switch in ready state HULC TB p...

Page 1123: ...mmands show platform tb Print TB residue trust ports information The interfaces with TB enabled right before master switch over Print port CDP neighbor information Is the CDP message still received after switch over HULC TB is not detecting CDP events Currently this switch is not detecting any CDP event ...

Page 1124: ...id num number detail invalid invalid invalid num number detail invalid invalid begin exclude include expression show platform tcam table local asic number detail invalid index number detail invalid invalid num number detail invalid invalid invalid num number detail invalid invalid begin exclude include expression show platform tcam table mac address asic number detail invalid index number detail i...

Page 1125: ...ble mac address Display the MAC address table multicast expansion Display the IPv6 multicast expansion table qos Display the QoS table secondary Display the secondary table station Display the station table vlan list Display the VLAN list table usage Display the CAM and forwarding table usage asic number detail invalid index number detail invalid invalid num number detail invalid invalid invalid n...

Page 1126: ...you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Release Modification 12 1 11 AX This command was introduc...

Page 1127: ...s are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear misc Display miscellaneous VLAN module information mvid Display the mapped VLAN ID MVID allocation information prune Display the stack pruning database refcount Display the VLAN lock module wise reference counts rpc receive transmit Display remote proced...

Page 1128: ...k that contain the integrated wireless LAN controller The command outputs also display the MAC address and IP address of the controller to be used in accessing and configuring the controller This command applies only to the Catalyst 3750G Wireless Controller Switch Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that ...

Page 1129: ... 000b 8540 33e3 Service IP Address 127 0 1 3 Management IP Address 8 8 8 8 Management VLAN 8 Software Version 3 3 0 3 Keepalive Version controller switch 1 1 Keepalives Missed 0 Controller accepts http https 0 1 Controller s Status Line up Watchdog resets of Controller 0 Controller resets total 0 Unacknowledged control messages 0 This is an example of output from the show platform wireless control...

Page 1130: ...C 50 Catalyst 3750 Switch Command Reference OL 8552 07 Appendix C Catalyst 3750 Switch Show Platform Commands show platform wireless controller ...

Page 1131: ...egraph Company or of the Regents of the University of California Permission is granted to anyone to use this software for any purpose on any computer system and to alter it and redistribute it subject to the following restrictions 1 The author is not responsible for the consequences of use of this software no matter how awful even if they arise from flaws in it 2 The origin of this software must n...

Page 1132: ...D 2 Catalyst 3750 Switch Command Reference OL 8552 07 Appendix D Acknowledgments for Open Source Software ...

Page 1133: ...898 archive copy sw command 8 archive download sw command 11 archive tar command 15 archive upload sw command 18 arp access list command 20 authentication control direction command 22 authentication event command 24 authentication failed VLAN See dot1x auth fail vlan authentication fallback command 27 authentication host mode command 29 authentication open command 31 authentication order command 3...

Page 1134: ...settings 20 location of 21 setting 20 unsetting 24 boot loader continued files copying 5 deleting 6 displaying a list of 7 displaying the contents of 4 16 23 renaming 17 file system formatting 10 initializing flash 9 running a consistency check 11 prompt 1 resetting the system 18 boot manual command 57 boot private config file command 58 boot system command 59 BPDU filtering for spanning tree 760 ...

Page 1135: ...36 504 5 36 cluster commander address command 94 cluster discovery hop count command 96 cluster enable command 97 cluster holdtime command 98 cluster member command 99 cluster outside interface command 101 cluster run command 102 clusters adding candidates 99 binding to HSRP group 103 building manually 99 communicating with devices outside the cluster 101 members by using Telnet 452 debug messages...

Page 1136: ... platform fallback bridging command 44 debug platform forw tcam command 45 debug platform ip arp inspection command 48 debug platform ipc command 58 debug platform ip dhcp command 49 debug platform ip igmp snooping command 50 debug platform ip multicast command 52 debug platform ip source guard command 54 debug platform ip unicast command 55 debug platform ip wccp command 57 debug platform led com...

Page 1137: ...eting 109 domain name VTP 909 913 dot1x auth fail max attempts 130 dot1x auth fail vlan 132 dot1x command 128 dot1x control direction command 134 dot1x credentials global configuration command 136 dot1x critical global configuration command 137 dot1x critical interface configuration command 139 dot1x default command 141 dot1x fallback command 142 dot1x guest vlan command 143 dot1x host mode comman...

Page 1138: ...umber to send 152 response time before retransmitting 162 encapsulation methods 859 energywise global configuration command 170 172 energywise domain command 174 energywise query command 176 environment variables displaying 499 errdisable detect cause command 180 errdisable detect cause small frame command 183 errdisable recovery cause small frame 185 errdisable recovery command 186 error conditio...

Page 1139: ...t boot loader command 9 flexible authentication ordering 33 Flex Links configuring 832 configuring preferred VLAN 835 displaying 565 flowcontrol command 192 format boot loader command 10 forwarding packets with ACL matches 6 forwarding results display 6 frame forwarding information displaying 6 front end controller counter and status information 8 fsck boot loader command 11 G global configuration...

Page 1140: ...3 interface speed configuring 805 interface vlan command 198 internal registers displaying 514 524 Internet Group Management Protocol See IGMP invalid GBIC error detection for 180 error recovery timer 186 ip access group command 200 ip address command 203 IP addresses setting 203 IP address matching 349 ip admission command 205 ip admission name proxy http command 206 ip arp inspection filter vlan...

Page 1141: ...ipv6 dhcp ping packets command 276 ipv6 dhcp pool command 278 ipv6 dhcp server command 281 ipv6 mld snooping command 283 ipv6 mld snooping last listener query count command 285 ipv6 mld snooping last listener query interval command 287 ipv6 mld snooping listener message suppression command 289 ipv6 mld snooping robustness variable command 291 ipv6 mld snooping tcn command 293 ipv6 mld snooping vla...

Page 1142: ... 657 static 655 static and dynamic entries 638 dynamic aging time 322 deleting 83 displaying 646 enabling MAC address notification 327 enabling MAC address table move update 325 MAC addresses continued matching 349 persistent stack 813 static adding and removing 329 displaying 655 dropping on an interface 330 tables 640 MAC address notification debugging 24 mac address table aging time 318 349 mac...

Page 1143: ...nput cos map command 376 mls qos srr queue input dscp map command 378 mls qos srr queue input priority queue command 380 mls qos srr queue input threshold command 382 mls qos srr queue output cos map command 384 mls qos srr queue output dscp map command 386 mls qos trust command 388 mls qos vlan based command 390 mode MVR 396 Mode button and password recovery 470 modes commands 2 monitor session c...

Page 1144: ...dress aliasing 397 configuring 396 configuring interfaces 399 debug messages display 29 displaying 676 displaying interface information 678 members displaying 680 mvr global configuration command 396 mvr interface configuration command 399 mvr vlan group command 400 N native VLANs 859 native VLAN tagging 900 Network Admission Control Software Configuration Guide 205 207 network policy global confi...

Page 1145: ...nning tree plus See STP physical port learner 411 PID displaying 579 PIM DVMRP as multicast router learning method 257 PoE configuring the power budget 438 configuring the power management mode 435 displaying controller register values 522 displaying power management information 697 logging of status 315 police aggregate command 428 police command 426 policed DSCP map 362 policy map command 430 po...

Page 1146: ...trust states for QoS 388 port types MVR 399 power information displaying 546 power inline command 435 power inline consumption command 438 Power over Ethernet See PoE priority queue command 440 priority value stack member 716 821 private vlan command 442 private vlan mapping command 445 private VLANs association 855 configuring 442 configuring ports 842 displaying 727 host ports 842 mapping config...

Page 1147: ...eue threshold map 376 defining the DSCP input queue threshold map 378 displaying buffer allocations 663 displaying CoS input queue threshold map 667 displaying DSCP input queue threshold map 667 displaying queueing strategy 663 displaying settings for 661 enabling the priority queue 380 QoS continued mapping CoS values to a queue and threshold 376 mapping DSCP values to a queue and threshold 378 s...

Page 1148: ...anning tree 770 routed ports IP addresses on 204 number supported 204 RSPAN configuring 391 displaying 673 filter RSPAN traffic 391 RSPAN continued remote span command 458 sessions displaying 673 S scheduled switchover disabling 124 enabling 124 SDM mismatch mode 467 717 sdm prefer command 466 SDM templates allowed resources 468 and stacking 467 displaying 700 dual IPv4 and IPv6 466 secure ports l...

Page 1149: ...d 611 show ipv6 dhcp conflict command 613 show ipv6 route updated 622 show ip verify source command 605 show l2protocol tunnel command 624 show lacp command 627 show link state group command 634 show location 631 show mac access group command 636 show mac address table address command 640 show mac address table aging time command 642 show mac address table command 638 show mac address table count ...

Page 1150: ...ng tree command 707 show storm control command 714 show switch command 716 show system mtu command 721 show trust command 876 show udld command 722 show version command 725 show vlan access map command 732 show vlan command 727 show vlan command fields 729 show vlan filter command 734 show vmps command 735 show vtp command 738 shutdown command 743 shutdown threshold Layer 2 protocol tunneling 299 ...

Page 1151: ...linkfast command 800 spanning tree vlan command 802 speed command 805 srr queue bandwidth limit command 807 srr queue bandwidth share command 811 SSH configuring version 264 stack mac persistent timer command 813 stack member access 475 number 716 824 priority value 821 provisioning 822 reloading 454 stacks switch disabling a member 819 enabling a member 819 MAC address 813 provisioning a new memb...

Page 1152: ...mmand 838 switchport mode command 839 switchport mode private vlan command 842 switchport nonegotiate command 844 switchport port security aging command 851 switchport port security command 846 switchport priority extend command 853 switchport private vlan command 855 switchport protected command 857 switchports displaying 565 switchport trunk command 859 switchport voice vlan command 863 864 swit...

Page 1153: ... loader command 26 version mismatch mode 717 39 vlan global configuration command 883 vlan VLAN configuration command 889 vlan access map command 895 VLAN access map configuration mode 895 VLAN access maps actions 6 displaying 732 VLAN based QoS 390 VLAN configuration rules 886 891 saving 883 893 VLAN configuration mode commands VLAN 889 VTP 913 description 5 entering 897 summary 3 vlan database c...

Page 1154: ...s server command 907 voice VLAN configuring 863 864 setting port priority 853 VQP and dynamic access ports 829 clearing client statistics 92 displaying information 735 per server retry count 906 reconfirmation interval 905 reconfirming dynamic VLAN assignments 904 VTP changing characteristics 909 clearing pruning counters 93 configuring domain name 909 913 file name 909 mode 909 913 password 909 9...

Reviews:

No comments

Related manuals for 3750 - Catalyst EMI Switch

D-Link EasySmart DGS-1100-08 Manual preview
EasySmart DGS-1100-08
Brand: D-Link Pages: 44
pathway 7748 Manual preview
7748
Brand: pathway Pages: 28
GE T1000 Technical Manual preview
T1000
Brand: GE Pages: 302
Ubisys S1 Reference Manual preview
S1
Brand: Ubisys Pages: 40
IBM RackSwitch G8332 Product Manual preview
RackSwitch G8332
Brand: IBM Pages: 18
Qlogic SANbox 5802V User Manual preview
SANbox 5802V
Brand: Qlogic Pages: 135
Qlogic SANbox2 SANbox2-64 User Manual preview
SANbox2 SANbox2-64
Brand: Qlogic Pages: 224
ABB eOT Series Installation Instructions Manual preview
eOT Series
Brand: ABB Pages: 10
ATEN CS1922M User Manual preview
CS1922M
Brand: ATEN Pages: 17
Lantech IGS-2206C User Manual preview
IGS-2206C
Brand: Lantech Pages: 118
H3C LS-5500-28C-PWR-SI-OVS Installation Manual preview
LS-5500-28C-PWR-SI-OVS
Brand: H3C Pages: 86
Mach Power NW-SP4-001 Installation Manual preview
NW-SP4-001
Brand: Mach Power Pages: 12
Velleman HQ-Power VMS4 Manual preview
HQ-Power VMS4
Brand: Velleman Pages: 5
Eaton STS 2000A Installation And Operation Manual preview
STS 2000A
Brand: Eaton Pages: 120
Uniclass KLE Series User Manual preview
KLE Series
Brand: Uniclass Pages: 32
A-Neuvideo ANI-MINI601HD Instruction Manual preview
ANI-MINI601HD
Brand: A-Neuvideo Pages: 15
JetNet 5018G Series Quick Installation Manual preview
5018G Series
Brand: JetNet Pages: 20
Scame electrical solutions ROCKER-EXGD Instructions For Installation, Use And Maintenance Manual preview
ROCKER-EXGD
Brand: Scame electrical solutions Pages: 68

Brands by name

Popular brands

Load more brands