manualshive.com logo in svg

Cisco Catalyst 3650 Series, Command Reference Manual

The Cisco Catalyst 3650 Series is an exceptional network switch that provides enhanced performance and flexibility for seamless connectivity. Unlock its full potential by downloading the free Configuration Manual from our website, empowering you with step-by-step instructions and comprehensive insights to optimize your network settings effortlessly.

Share
Download
background image

A secure port cannot be a routed port.

A secure port cannot be a protected port.

A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

A secure port cannot belong to a Gigabit or 10-Gigabit EtherChannel port group.

You cannot configure static secure or sticky secure MAC addresses in the voice VLAN.

When you enable port security on an interface that is also configured with a voice VLAN, set the
maximum allowed secure addresses on the port to two. When the port is connected to a Cisco IP phone,
the IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN,
but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional
MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure
enough secure addresses to allow one for each PC and one for the Cisco IP phone.

Voice VLAN is supported only on access ports and not on trunk ports.

Sticky secure MAC addresses have these characteristics:

When you enable sticky learning on an interface by using the

switchport port-security mac-address

sticky

interface configuration command, the interface converts all the dynamic secure MAC addresses,

including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC
addresses and adds all sticky secure MAC addresses to the running configuration.

If you disable sticky learning by using the

no switchport port-security mac-address sticky

interface

configuration command or the running configuration is removed, the sticky secure MAC addresses
remain part of the running configuration but are removed from the address table. The addresses that
were removed can be dynamically reconfigured and added to the address table as dynamic addresses.

When you configure sticky secure MAC addresses by using the

switchport port-security mac-address

sticky mac-address

interface configuration command, these addresses are added to the address table

and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in
the running configuration.

If you save the sticky secure MAC addresses in the configuration file, when the switch restarts or the
interface shuts down, the interface does not need to relearn these addresses. If you do not save the sticky
secure addresses, they are lost. If sticky learning is disabled, the sticky secure MAC addresses are
converted to dynamic secure addresses and are removed from the running configuration.

If you disable sticky learning and enter the

switchport port-security mac-address sticky mac-address

interface configuration command, an error message appears, and the sticky secure MAC address is not
added to the running configuration.

You can verify your settings by using the

show port-security

privileged EXEC command.

Examples

This example shows how to configure a secure MAC address and a VLAN ID on a port:

Device(config)#

interface gigabitethernet 2/0/2

Device(config-if)#

switchport mode trunk

Device(config-if)#

switchport port-security

Device(config-if)#

switchport port-security mac-address 1000.2000.3000 vlan 3

This example shows how to enable sticky learning and to enter two sticky secure MAC addresses on a port:

Device(config)#

interface gigabitethernet 2/0/2

Device(config-if)#

switchport port-security mac-address sticky

   Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)

834

switchport port-security mac-address

Summary of Contents for Catalyst 3650 Series

Page 1: ... XE Everest 16 5 1a Catalyst 3650 Switches First Published 2017 05 31 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Page 2: ... 2017 Cisco Systems Inc All rights reserved ...

Page 3: ...ands 4 Understanding CLI Error Messages 4 Using Configuration Logging 5 Using Command History 5 Changing the Command History Buffer Size 5 Recalling Commands 5 Disabling the Command History Feature 6 Using Editing Features 6 Enabling and Disabling Editing Features 6 Editing Commands through Keystrokes 7 Editing Command Lines that Wrap 9 Searching and Filtering Output of show and more Commands 9 Ac...

Page 4: ...wer 29 debug interface 31 debug lldp packets 32 debug platform poe 33 duplex 34 errdisable detect cause 36 errdisable recovery cause 38 errdisable recovery interval 41 interface 42 interface range 44 ip mtu 45 ipv6 mtu 47 lldp interface configuration 49 logging event power inline status 51 mdix auto 52 mode power stack configuration 53 network policy 55 network policy profile global configuration ...

Page 5: ...orm mgr poe 96 show network policy profile 97 show platform hardware fed switch forward 98 show platform resources 100 show platform software ilpower 101 show platform software process list 103 show platform software process slot switch 105 show platform software status control processor 107 show processes cpu platform monitor 110 show processes memory platform 112 show power inline 115 show stack...

Page 6: ... balancing 154 glbp name 156 glbp preempt 158 glbp priority 159 glbp timers 160 glbp weighting 162 glbp weighting track 164 ip address dhcp 166 ip address pool DHCP 170 ip address 172 ip nhrp map 175 ip nhrp map multicast 177 ip nhrp network id 179 ip nhrp nhs 180 key chain 183 key string authentication 184 key 185 show glbp 187 show ip nhrp nhs 191 show ip ports all 194 show key chain 196 show tr...

Page 7: ...gmp snooping last member query count 223 ip igmp snooping querier 225 ip igmp snooping report suppression 227 ip igmp snooping vlan mrouter 228 ip igmp snooping vlan static 229 ip multicast auto enable 231 ip pim accept register 232 ip pim bsr candidate 233 ip pim rp candidate 235 ip pim send rp announce 237 ip pim spt threshold 239 match message type 240 match service type 241 match service insta...

Page 8: ...w ip pim tunnel 263 show mdns cache 265 show mdns requests 267 show mdns statistics 268 show platform ip multicast 269 P A R T V IPv6 277 C H A P T E R 6 IPv6 279 ipv6 flow monitor 280 P A R T V I Layer 2 3 281 C H A P T E R 7 Layer 2 3 283 channel group 285 channel protocol 289 clear lacp 291 clear pagp 292 clear spanning tree counters 293 clear spanning tree detected protocols 294 debug ethercha...

Page 9: ...d 322 port channel min links 324 rep admin vlan 326 rep block port 327 rep lsl age timer 329 rep lsl retries 330 rep preempt delay 331 rep preempt segment 332 rep segment 333 rep stcn 335 show etherchannel 336 show interfaces rep detail 339 show lacp 340 show pagp 345 show platform etherchannel 347 show platform pm 348 show rep topology 349 show udld 351 switchport 355 switchport access vlan 357 s...

Page 10: ...ls label range 381 show mpls label range 384 C H A P T E R 9 Multicast VPN 385 ip multicast routing 386 ip multicast mrinfo filter 388 mdt data 390 mdt default 392 mdt log reuse 394 show ip pim mdt bgp 395 show ip pim mdt history 396 show ip pim mdt receive 398 show ip pim mdt send 400 P A R T V I I I Network Management 403 C H A P T E R 1 0 Flexible NetFlow 405 cache 407 clear flow exporter 410 c...

Page 11: ...monitor 433 ipv6 flow monitor 435 match datalink dot1q priority 437 match datalink dot1q vlan 438 match datalink ethertype 439 match datalink mac 440 match datalink vlan 442 match flow cts 443 match flow direction 444 match interface 445 match ipv4 446 match ipv4 destination address 447 match ipv4 source address 448 match ipv4 ttl 449 match ipv6 450 match ipv6 destination address 451 match ipv6 ho...

Page 12: ...79 description ERSPAN 481 destination ERSPAN 482 erspan id 484 filter ERSPAN 485 ip ttl ERSPAN 487 ip wccp 488 monitor capture interface control plane 490 monitor capture buffer 494 monitor capture clear 495 monitor capture export 496 monitor capture file 497 monitor capture limit 499 monitor capture match 500 monitor capture start 501 monitor capture stop 502 monitor session 503 monitor session d...

Page 13: ...nable traps errdisable 541 snmp server enable traps flash 542 snmp server enable traps isis 543 snmp server enable traps license 544 snmp server enable traps mac notification 545 snmp server enable traps ospf 546 snmp server enable traps pim 548 snmp server enable traps port security 549 snmp server enable traps power ethernet 550 snmp server enable traps snmp 551 snmp server enable traps stackwis...

Page 14: ...577 show install 581 dig 583 mlog 585 net debug 586 net dhcp 588 net6 dhcp 589 net show 590 net6 show 591 net tcp bufs 592 net tcp mss 593 ping 594 ping4 596 ping6 597 P A R T X QoS 599 C H A P T E R 1 3 Auto QoS 601 auto qos classify 602 auto qos trust 608 auto qos video 615 auto qos voip 625 debug auto qos 637 show auto qos 638 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switche...

Page 15: ...d switch qos 672 show platform software fed switch qos qsb 673 show policy map 676 trust device 678 P A R T X I Routing 681 C H A P T E R 1 5 Bidirectional Forwarding Detection 683 authentication BFD 684 bfd 685 bfd all interfaces 687 bfd check ctrl plane failure 688 bfd echo 689 bfd slow timers 691 bfd template 693 bfd template 694 ip route static bfd 695 ipv6 route static bfd 697 P A R T X I I S...

Page 16: ...enforcement 731 cts role based l2 vrf 733 cts role based monitor 735 cts role based permissions 737 deny MAC access list configuration 739 device role IPv6 snooping 743 device role IPv6 nd inspection 744 device tracking policy 745 dot1x critical global configuration 747 dot1x pae 748 dot1x supplicant controlled transient 749 dot1x supplicant force multicast 750 dot1x test eapol capable 752 dot1x t...

Page 17: ...p configuration 783 mka pre shared key 785 no authentication logging verbose 786 no dot1x logging verbose 787 no mab logging verbose 788 permit MAC access list configuration 789 propagate sgt cts manual 793 protocol IPv6 snooping 795 sap mode list cts manual 796 security level IPv6 snooping 798 show aaa clients 799 show aaa command handler 800 show aaa local 801 show aaa servers 803 show aaa sessi...

Page 18: ...lan filter 845 vlan group 847 P A R T X I I I Stack Manager and High Availability 849 C H A P T E R 1 7 Stack Manager and High Availability 851 debug platform stack manager 852 main cpu 853 mode sso 854 policy config sync prc reload 855 redundancy 856 redundancy config sync mismatched commands 857 redundancy force switchover 859 redundancy reload 860 reload 861 session 863 show platform stack mana...

Page 19: ...ontrol plane 893 show autonomic device 895 show autonomic interfaces 896 show autonomic intent 898 show autonomic l2 channels 899 show autonomic service 900 show autonomic neighbor 901 C H A P T E R 1 9 System Management 903 arp 905 boot 906 cat 908 clear location 909 clear location statistics 910 copy 911 copy startup config tftp 912 copy tftp startup config 913 debug voice diagnostics mac addres...

Page 20: ... 944 show debug 947 show env 948 show env xps 950 show flow monitor 954 show license right to use 959 show location 961 show location ap detect 962 show mac address table move update 964 show platform integrity 965 show platform sudi certificate 966 show sdm prefer 968 system env temperature threshold yellow 970 test cable diagnostics tdr 972 traceroute mac 973 traceroute mac ip 976 type 979 unset...

Page 21: ...st platform software trace rotate all 998 request platform software trace filter binary 999 P A R T X V VLAN 1001 C H A P T E R 2 1 VLAN 1003 clear l2protocol tunnel counters 1005 clear vmps statistics 1006 clear vtp counters 1007 debug platform vlan 1008 debug sw vlan 1009 debug sw vlan ifs 1011 debug sw vlan notification 1012 debug sw vlan vtp 1014 interface vlan 1016 l2protocol tunnel 1018 l2pr...

Page 22: ...end 1048 switchport trunk 1050 vlan 1053 vlan dot1q tag native 1059 vmps reconfirm global configuration 1061 vmps reconfirm privileged EXEC 1062 vmps retry 1063 vmps server 1064 vtp global configuration 1066 vtp interface configuration 1071 vtp primary 1072 Notices 1075 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches xxii Contents ...

Page 23: ...ear in bold font bold font Document titles new or emphasized terms and arguments for which you supply values are in italic font Italic font Terminal sessions and information the system displays appear in courier font Courier font Bold Courier font indicates text that the user must enter Bold Courier font Elements in square brackets are optional x An ellipsis three consecutive nonbolded periods wit...

Page 24: ... take note Notes contain helpful suggestions or references to material not covered in the manual Note Means the following information will help you solve a problem Tip Means reader be careful In this situation you might do something that could result in equipment damage or loss of data Caution Means the described action saves time You can save time by performing the action described in the paragra...

Page 25: ...on obtaining documentation submitting a service request and gathering additional information see the monthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com c en us td docs general whatsnew whatsnew html Subscribe to the What s New in Cisco Product Documentation as a Really Simple Syndication RSS feed and set conten...

Page 26: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches xxvi Preface Obtaining Documentation and Submitting a Service Request ...

Page 27: ...rent configuration status and clear commands which clear counters or interfaces The user EXEC commands are not saved when the switch reboots To have access to all commands you must enter privileged EXEC mode Normally you must enter a password to enter privileged EXEC mode From this mode you can enter any privileged EXEC command or enter global configuration mode Using the configuration modes globa...

Page 28: ...ration Use this mode to configure VLAN parameters When VTP mode is transparent you can create extended range VLANs VLAN IDs greater than 1005 and save configurations in the switch startup configuration file To exit to global configuration mode enter the exit command To return to privileged EXEC mode press Ctrl Z or enter end Device config vlan While in global configuration mode enter the vlan vlan...

Page 29: ...t of associated keywords and arguments for any command Table 2 Help Summary Purpose Command Obtains a brief description of the help system in any command mode help Obtains a list of commands that begin with a particular character string abbreviated command entry Device di dir disable disconnect Completes a partial command name abbreviated command entry Tab Device sh conf tab Device show configurat...

Page 30: ...bles the command and sets variables to their default values Understanding CLI Error Messages This table lists some error messages that you might encounter while using the CLI to configure your switch Table 3 Common CLI Error Messages How to Get Help Meaning Error Message Re enter the command followed by a question mark with a space between the command and the question mark The possible keywords th...

Page 31: ...ure to suit your needs Changing the Command History Buffer Size By default the switch records ten command lines in its history buffer You can alter this number for a current terminal session or for all sessions on a particular line These procedures are optional Beginning in privileged EXEC mode enter this command to change the number of command lines that the switch records during the current term...

Page 32: ...hese procedures are optional To disable the feature during the current terminal session enter the terminal no history privileged EXEC command To disable command history for the line enter the no history line configuration command Using Editing Features This section describes the editing features that can help you manipulate the command line Enabling and Disabling Editing Features Although enhanced...

Page 33: ... the cursor back one word Press Esc B Moves the cursor forward one word Press Esc F Transposes the character to the left of the cursor with the character located at the cursor Press Ctrl T Recalls the most recent entry in the buffer Press Ctrl Y Recall commands from the buffer and paste them in the command line The switch provides a buffer with the last ten items that you deleted Recalls the next ...

Page 34: ...Press Esc U Press Ctrl V or Esc Q Designate a particular keystroke as an executable command perhaps as a shortcut Scrolls down one line Press the Return key Scroll down a line or screen on displays that are longer than the terminal screen can display The More prompt is used for any output that has more lines than can be displayed on the terminal screen including show command output You can use the...

Page 35: ...llar sign appears at the end of the line to show that the line has been scrolled to the right Device config access list 101 permit tcp 131 108 2 5 255 255 255 0 131 108 1 The software assumes that you have a terminal screen that is 80 columns wide If you have a width other than that use the terminal width privileged EXEC command to set the width of your terminal Use line wrapping with the command ...

Page 36: ...le Connection or through Telnet Before you can access the CLI you must connect a terminal or a PC to the switch console or connect a PC to the Ethernet management port and then power on the switch as described in the hardware installation guide that shipped with your switch CLI access is available before switch setup After your switch is configured you can access the CLI through a remote Telnet se...

Page 37: ...P A R T I Campus Fabric Campus Fabric page 13 ...

Page 38: ......

Page 39: ...plane page 16 domain page 17 debug fabric auto page 18 fabric auto page 19 host pool name page 20 show fabric domain page 22 show fabric context page 23 show fabric host pool page 24 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 13 ...

Page 40: ...reachability and policy VRF and SGT information from one domain to another Fabric border devices correspond to proxy egress tunnel routers in LISP This command auto generates LISP configuration to orchestrate the fabric overlay The show running configuration command shows the fabric domain configuration including the auto generated commands Examples The following configuration is auto generated wh...

Page 41: ... addresses allowing for overlapped address space and traffic separation This command enables the auto generation of LISP Locator ID Separation Protocol and VRF Virtual Routing and Forwarding configuration to orchestrate the fabric overlay The show running configuration command shows the virtual context configuration including the auto generated base line commands Examples Device config fabric auto...

Page 42: ...guration to orchestrate the fabric overlay The show running configuration command shows the fabric domain configuration including the auto generated commands Examples The following configuration is auto generated when this command is run on your device Device config fabric auto domain control plane 2 2 2 2 auth_key examplekey123 router lisp locator set default RLOC ipv4 interface Loopback0 priorit...

Page 43: ... None Command Modes Fabric auto configuration mode Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines We recommend that you use the default domain unless your network requires you to create a new domain This command allows you to enter fabric auto domain configuration mode where you can configure edge control plane and border devices in the...

Page 44: ...bose Command Default None Command Modes Privileged Exec Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Use these debug commands to troubleshoot your fabric domain configuration and trace the commands auto generated by the fabric auto command and display the errors encountered The no debug fabric auto level verbose command disables the d...

Page 45: ...ification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines The fabric auto command allows you to configure all the elements in your fabric domain automatically Additionally this command enables the auto generation LISP VLAN VRF configuration to orchestrate the fabric overlay The show running configuration command shows the fabric domain configuration including the an...

Page 46: ...ic domain into IP pools and identify them with a VLAN ID and an IP subnet This command auto generates LISP configuration to orchestrate the fabric overlay The show running configuration command shows the fabric domain configuration including the auto generated commands Examples This example configures a host pool in your fabric domain device config fabric auto domain host pool name VOICE_DOMAIN de...

Page 47: ... 201 6 no ip redirects ip local proxy arp ip route cache same interface no lisp mobility liveness test lisp mobility example context EID VOICE_DOMAIN router lisp eid table vrf example context dynamic eid example context EID VOICE_DOMAIN database mapping 192 168 1 0 24 locator set default RLOC Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 21 host pool name ...

Page 48: ...omain The following is sample output for an edge device device show fabric domain Fabric Domain default Role Edge Control Plane Service Disabled Number of Control Plane node s 2 IP Address Auth key 192 168 1 4 example key1 192 168 1 5 example key2 Number of Border node s 1 IP Address 192 168 1 6 Number of context s 2 Codes Not Configured Name ID Host pools default 0 example context 10 1 Command Re...

Page 49: ... History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Use the command to display a summary of the context configuration in your fabric domain device show fabric context Fabric domain default Number of context s 2 Name ID Host pools default 0 example context 10 1 Not Configured Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 23 s...

Page 50: ... Guidelines Use the command to display a summary of the specified host pool configuration device show fabric host pool Fabric Domain default context default Number of host pools 0 name vlan prefix gateway use dhcp context example context Number of host pools 1 name vlan prefix gateway use dhcp VOICE_DOMAIN 10 192 168 1 0 24 192 168 1 254 209 65 201 6 Command Reference Cisco IOS XE Everest 16 5 1a ...

Page 51: ...P A R T II Interface and Hardware Components Interface and Hardware Commands page 27 ...

Page 52: ......

Page 53: ... range page 44 ip mtu page 45 ipv6 mtu page 47 lldp interface configuration page 49 logging event power inline status page 51 mdix auto page 52 mode power stack configuration page 53 network policy page 55 network policy profile global configuration page 56 power efficient ethernet auto page 57 power priority page 58 power inline page 60 power inline police page 63 power supply page 65 show eee pa...

Page 54: ...latform resources page 100 show platform software ilpower page 101 show platform software process list page 103 show platform software process slot switch page 105 show platform software status control processor page 107 show processes cpu platform monitor page 110 show processes memory platform page 112 show power inline page 115 show stack power page 121 show system mtu page 123 show tech suppor...

Page 55: ...lability messages ha Displays PoE Inter Process Communication IPC debug messages ipc Displays PoE police debug messages police Displays PoE port manager debug messages port Displays PoE power management debug messages powerman Displays PoE registries debug messages registries Displays PoE SCP debug messages scp Displays PoE sense debug messages sense Displays Cisco UPOE debug messages upoe Command...

Page 56: ...able debugging on a stack member you can start a session from the active switch by using the session switch number EXEC command Then enter the debug command at the command line prompt of the stack member Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 30 debug ilpower ...

Page 57: ...acket and data rate statistics exceptions Displays debug messages for memory operations of protocol counters protocol memory Displays intermediary debug messages when an interface s state transitions states Command Default Debugging is disabled Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines If you do not specify a ...

Page 58: ...disabled Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The undebug lldp packets command is the same as the no debug lldp packets command When you enable debugging on a switch stack it is enabled only on the active switch To enable debugging on a stack member you can start a session from the active switch by using ...

Page 59: ...r debug messages error Optional Displays PoE related information debug messages info Optional Specifies the stack member This keyword is supported only on stacking capable switches switch switch number Command Default Debugging is disabled Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The undebug platform poe comm...

Page 60: ...ernet ports it is always full Duplex options are not supported on the 1000BASE x or 10GBASE x where x is BX CWDM LX SX or ZX small form factor pluggable SFP modules Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines For Gigabit Ethernet ports setting the port to auto has the same effect as specifying full if th...

Page 61: ...value The duplex setting remains as configured on each end of the link which could result in a duplex setting mismatch You can configure the duplex setting when the speed is set to auto Changing the interface speed and duplex mode configuration might shut down and reenable the interface during the reconfiguration Caution You can verify your setting by entering the show interfaces privileged EXEC c...

Page 62: ...r VLAN error disable for BPDU guard bpduguard shutdown vlan Enables error detection for DHCP snooping dhcp rate limit Enables error detection for the Dynamic Trunking Protocol DTP flapping dtp flap Enables error detection for an invalid Gigabit Interface Converter GBIC module This error refers to an invalid small form factor pluggable SFP module Note gbic invalid Enables error detection for the Po...

Page 63: ... set a recovery mechanism for the cause by entering the errdisable recovery global configuration command the interface is brought out of the error disabled state and allowed to retry the operation when all causes have timed out If you do not set a recovery mechanism you must enter the shutdown and then the no shutdown commands to manually recover an interface from the error disabled state To verif...

Page 64: ... arp inspection Enables the timer to recover from the bridge protocol data unit BPDU guard error disabled state bpduguard Enables the timer to recover from the EtherChannel misconfiguration error disabled state channel misconfig Enables the timer to recover from the DHCP snooping error disabled state dhcp rate limit Enables the timer to recover from the Dynamic Trunking Protocol DTP flap error dis...

Page 65: ...Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A cause such as all or BDPU guard is defined as the reason that the error disabled state occurred When a cause is detected on an interface the interface is placed in the error disabled state an operational state similar to link down state When a port is error disabled it is eff...

Page 66: ... can verify your settings by entering the show errdisable recovery privileged EXEC command Examples This example shows how to enable the recovery timer for the BPDU guard error disabled cause Device config errdisable recovery cause bpduguard Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 40 errdisable recovery cause ...

Page 67: ...ult The default recovery interval is 300 seconds Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The error disabled recovery timer is initialized at a random differential from the configured interval value The difference between the actual timeout value and the configured value can be up to 15 percent of the co...

Page 68: ... to configure a Group VI interface The range is from 0 to 9 Group VI Group VI interface number Enables you to configure an internal interface Internal Interface Internal Interface Enables you to configure a loopback interface The range is from 0 to 2147483647 Loopback Loopback Interface number Enables you to configure a null interface The default value is 0 Null Null interface number Enables you t...

Page 69: ...d Cisco IOS XE 3 3SE Usage Guidelines You can not use the no form of this command Examples The following example shows how to configure a tunnel interface Device interface Tunnel 15 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 43 interface ...

Page 70: ...faces Values range from 1 to 128 Port Channel interface number Configures 10 Gigabit Ethernet interfaces Values range from 0 to 9 TenGigabit Ethernet interface number Configures the tunnel interface Values range from 0 to 2147483647 Tunnel interface number Configures the switch VLAN interfaces Values range from 1 to 4095 VLAN interface number Configures the keywords to interfaces Support up to 32 ...

Page 71: ...s see the system mtu global configuration command To return to the default IP MTU setting you can apply the default ip mtu command or the no ip mtu command on the interface You can verify your setting by entering the show ip interface interface id or show interfaces interface id privileged EXEC command Examples The following example sets the maximum IP packet size for VLAN 200 to 1000 bytes Device...

Page 72: ...Address determined by setup command MTU is 1500 bytes Helper address is not set output truncated Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 46 ip mtu ...

Page 73: ... mtu global configuration command To return to the default IPv6 MTU setting you can apply the default ipv6 mtu command or the no ipv6 mtu command on the interface You can verify your setting by entering the show ipv6 interface interface id or show interface interface id privileged EXEC command Examples The following example sets the maximum IPv6 packet size for an interface to 2000 bytes Device co...

Page 74: ...Address determined by setup command MTU is 1500 bytes Helper address is not set output truncated Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 48 ipv6 mtu ...

Page 75: ...ory Management TLV location LLDP MED Location TLV network policy LLDP MED Network Policy TLV power management LLDP MED Power Management TLV tlv Enables the interface to receive LLDP transmissions receive Selects the LLDP TLVs to send tlv select Sends the LLDP Power Management TLV power management Enables LLDP transmission on the interface transmit Command Default LLDP is enabled on supported inter...

Page 76: ...e gigabitethernet1 0 1 Device config if no lldp transmit The following example shows how to enable LLDP transmission on an interface Device config interface gigabitethernet1 0 1 Device config if lldp transmit Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 50 lldp interface configuration ...

Page 77: ...ments or keywords Command Default Logging of PoE events is enabled Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The no form of this command does not disable PoE error events Examples This example shows how to enable logging of PoE events on a port Device config if interface gigabitethernet1 0 1 Device con...

Page 78: ...ired cable connection type straight through or crossover and configures the connection appropriately When you enable auto MDIX on an interface you must also set the interface speed and duplex to auto so that the feature operates correctly When auto MDIX and autonegotiation of speed and duplex is enabled on one or both of the connected interfaces link up occurs even if the cable type straight throu...

Page 79: ...S XE 3 3SE Usage Guidelines This command is available only on switch stacks running the IP Base or IP Services feature set To access power stack configuration mode enter the stack power stack power stack name global configuration command Entering the no mode command sets the switch to the defaults of power shared and non strict mode For stack power available power is the total power available for ...

Page 80: ...edding loads This is normally not a problem because most devices do not run at full power The chances of multiple powered devices in the stack requiring maximum power at the same time is small In both strict and nonstrict modes power is denied when there is no power available in the power budget Examples This is an example of setting the power stack mode for the stack named power1 to power shared ...

Page 81: ... Usage Guidelines Use the network policy profile number interface configuration command to apply a profile to an interface You cannot apply the switchport voice vlan command on an interface if you first configure a network policy profile on it However if switchport voice vlan vlan id is already configured on the interface you can apply a network policy profile on the interface The interface then h...

Page 82: ...Use the network policy profile global configuration command to create a profile and to enter network policy profile configuration mode To return to privileged EXEC mode from the network policy profile configuration mode enter the exit command When you are in network policy profile configuration mode you can create the profile for voice and voice signaling by specifying the values for VLAN class of...

Page 83: ...save power by shutting down certain services EEE provides the protocol needed to transition into and out of LPI mode in a way that is transparent to upper layer protocols and applications The power efficient ethernet auto command is available only if the interface is EEE capable To check if an interface is EEE capable use the show eee capabilities EXEC command When EEE is enabled the device advert...

Page 84: ... Default If no values are configured the power stack randomly determines a default priority The default ranges are 1 to 9 for switches 10 to 18 for high priority ports 19 to 27 for low priority ports On non PoE switches the high and low values for port priority have no effect Command Modes Switch stack power configuration Command History Modification Release This command was introduced Cisco IOS X...

Page 85: ...to 11 and for the low priority ports to 20 Device config stack power switch 1 Device config switch stackpower stack id power_stack_a Device config switch stackpower power priority high 11 Device config switch stackpower power priority low 20 Device config switch stackpower power priority switch 7 Device config switch stackpower exit Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Swit...

Page 86: ...mW If no value is specified the maximum is allowed max max wattage Optional Enable Four pair PoE without L2 negotiation Cisco UPOE switches only four pair forced Disables device detection and disables power to the port never Configures the power priority of the port The default priority is low port Sets the power priority of the port In case of a power supply failure ports configured as low priori...

Page 87: ...DP extensions required for Cisco UPOE Use the max max wattage option to disallow higher power powered devices With this configuration when the powered device sends Cisco Discovery Protocol CDP messages requesting more power than the maximum wattage the switch removes power from the port If the powered device IEEE class maximum is greater than the maximum wattage the switch does not power the devic...

Page 88: ...has a Cisco powered device connected to it you should not use the power inline never command to configure the port A false link up can occur placing the port in an error disabled state Use the power inline port priority high low command to configure the power priority of a PoE port Powered devices connected to ports with low port priority are shut down first in case of a power shortage You can ver...

Page 89: ...supported only on the LAN Base image This command is supported only on Power over Ethernet PoE capable ports If you enter this command on a device or port that does not support PoE an error message appears In a switch stack this command is supported on all switches or ports in the stack that support PoE and real time power consumption monitoring When policing of the real time power consumption is ...

Page 90: ...he real time power consumption to the maximum power allocated on the PoE port If the device uses more than the maximum power allocation or cutoff power on the port the device either turns power off to the port or the device generates a syslog message and updates the LEDs the port LEDs are blinking amber while still providing power to the device To configure the device to turn off power to the port...

Page 91: ...e outer edge of the switch Note B Sets the switch power supply to off off Sets the switch power supply to on on Command Default The switch power supply is on Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The power supply command applies to a switch or to a switch stack where all switches are the same platform In a...

Page 92: ... 56 717 PLATFORM_ENV 1 FAN_NOT_PRESENT Fan is not present This example shows how to set the power supply in slot A to on Device power supply 1 slot B on Jun 10 04 54 39 600 PLATFORM_ENV 6 FRU_PS_OIR FRU Power Supply 1 powered on This example shows the output of the show env power command Device show env power SW PID Serial Status Sys Pwr PoE Pwr Watts 1A PWR 1RUC2 640WAC DCB1705B05B OK Good Good 2...

Page 93: ...power utilization In LPI mode systems on both ends of the link can save power by shutting down certain services EEE provides the protocol needed to transition into and out of LPI mode in a way that is transparent to upper layer protocols and applications To check if an interface is EEE capable use the show eee capabilities command You can enable EEE on an interface that is EEE capable by using the...

Page 94: ...ed Tx LPI Status Received This is an example of output from the show eee status command on an interface where EEE operational and the ports are in low power save mode Device show eee status interface gigabitethernet1 0 3 Gi1 0 3 is up EEE efficient ethernet Operational Rx LPI Status Low Power Tx LPI Status Low Power Wake Error Count 0 This is an example of output from the show eee status command o...

Page 95: ...us for the link partner These fields can have any of the following values N A The port is not capable of EEE Interrupted The link partner is in the process of moving to low power mode Low Power The link partner is in low power mode None EEE is disabled or not capable at the link partner side Received The link partner is in low power mode and there is traffic activity If an interface is configured ...

Page 96: ... internal power supplies for each switch in the stack or for the specified switch This keyword is available only on stacking capable switches switch Optional Number of the stack member for which to display the status of the internal power supplies or the environmental status The range is 1 to 9 stack member number Displays all environmental status for each switch in the stack or for the specified ...

Page 97: ...N PS 1 is NOT PRESENT FAN PS 2 is OK Switch 1 SYSTEM TEMPERATURE is OK SW PID Serial Status Sys Pwr PoE Pwr Watts 1A Not Present 1B PWR C1 715WAC LIT150119Z1 OK Good Good 715 Device show env all Switch 1 FAN 1 is OK Switch 1 FAN 2 is OK Switch 1 FAN 3 is OK FAN PS 1 is OK FAN PS 2 is NOT PRESENT Switch 1 SYSTEM TEMPERATURE is OK SW PID Serial Status Sys Pwr PoE Pwr Watts 1A PWR C2 250WAC LIT16372A...

Page 98: ...ws how to display the temperature value state and the threshold values on a standalone switch The table describes the temperature states in the command output Device show env temperature status Temperature Value 33 Degree Celsius Temperature State GREEN Yellow Threshold 65 Degree Celsius Red Threshold 75 Degree Celsius Table 7 States in the show env temperature status Command Output Description St...

Page 99: ...ection in these modes port mode The entire physical port is error disabled if a violation occurs vlan mode The VLAN is error disabled if a violation occurs port vlan mode The entire physical port is error disabled on some ports and is per VLAN error disabled on other ports Examples This is an example of output from the show errdisable detect command Device show errdisable detect ErrDisable Reason ...

Page 100: ...n Enabled port vlan security violatio Enabled port sfp config mismat Enabled port storm control Enabled port udld Enabled port vmps Enabled port Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 74 show errdisable detect ...

Page 101: ...t flood field is not valid Note Examples This is an example of output from the show errdisable recovery command Device show errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Disabled security violatio Disabled channel misconfig Disabled vmps Disabled pagp flap Disabled dtp flap Disabled link flap Enabled l2ptguard Disabled psecure violation Disabled gbic invalid Disabled d...

Page 102: ... Gi1 0 2 link flap 279 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 76 show errdisable recovery ...

Page 103: ...eatures and options that you can configure on the interface Though visible in the command line help this option is not available for VLAN IDs capabilities Optional Displays capabilities of all interfaces on the switch or specified stack member This option is not available if you entered a specific interface ID module number Optional Displays the administrative status and description set for an int...

Page 104: ... interfaces capabilities with no module number or interface ID to display the capabilities of all interfaces in the stack Examples This is an example of output from the show interfaces command for an interface on stack member 3 Device show interfaces gigabitethernet3 0 2 GigabitEthernet3 0 2 is down line protocol is down notconnect Hardware is Gigabit Ethernet address is 2037 064d 4381 bia 2037 06...

Page 105: ...k of request by neighbor Gi1 0 2 3 4 Port Vlans traffic requested of neighbor Gi1 0 2 1 3 This is an example of output from the show interfaces stats command for a specified VLAN interface Device show interfaces vlan 1 stats Switching path Pkts In Chars In Pkts Out Chars Out Processor 1165354 136205310 570800 91731594 Route cache 0 0 0 0 Total 1165354 136205310 570800 91731594 This is an example o...

Page 106: ...faces interface id trunk command It displays trunking information for the port Device show interfaces gigabitethernet1 0 1 trunk Port Mode Encapsulation Status Native vlan Gi1 0 1 on 802 1q other 10 Port Vlans allowed on trunk Gi1 0 1 none Port Vlans allowed and active in management domain Gi1 0 1 none Port Vlans in spanning tree forwarding state and not pruned Gi1 0 1 none Command Reference Cisco...

Page 107: ...d sent etherchannel Optional Displays counters for the specified stack member In this command the module keyword refers to the stack member number The module number that is part of the interface ID is always zero Note module stack member number Optional Displays the status of protocols enabled on interfaces protocol status Optional Displays trunk counters trunk Though visible in the command line h...

Page 108: ...nters protocol status Protocols allocated Vlan1 Other IP Vlan20 Other IP ARP Vlan30 Other IP ARP Vlan40 Other IP ARP Vlan50 Other IP ARP Vlan60 Other IP ARP Vlan70 Other IP ARP Vlan80 Other IP ARP Vlan90 Other IP ARP Vlan900 Other IP ARP Vlan3000 Other IP Vlan3500 Other IP GigabitEthernet1 0 1 Other IP ARP CDP GigabitEthernet1 0 2 Other IP GigabitEthernet1 0 3 Other IP GigabitEthernet1 0 4 Other I...

Page 109: ...tory Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Use the show interface switchport module number command to display the switch port characteristics of all interfaces on that switch in the stack If there is no switch with that module number in the stack there is no output Examples This is an example of output from the show interfaces switchport command for a...

Page 110: ...Displays the administrative and operational modes Administrative Mode Operational Mode Displays the administrative and operational encapsulation method and whether trunking negotiation is enabled Administrative Trunking Encapsulation Operational Trunking Encapsulation Negotiation of Trunking Displays the VLAN ID to which the port is configured Access Mode VLAN Lists the VLAN ID of the trunk that i...

Page 111: ...iption Field Displays the class of service CoS setting of the data packets of the IP phone Appliance trust Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 85 show interfaces switchport ...

Page 112: ...is 1 to 9 This option is not available if you entered a specific interface ID module number Optional Displays speed duplex and inline power settings on an interface properties Optional Lists all supported transceivers supported list Optional Displays alarm and warning threshold table threshold table Command Modes User EXEC Privileged EXEC Command History Modification Release This command was intro...

Page 113: ...rm High Warn Low Warn Low Alarm Receive Power Threshold Threshold Threshold Threshold Port dBm dBm dBm dBm dBm Gi1 1 1 23 5 5 0 9 0 28 2 32 2 This is an example of output from the show interfaces transceiver threshold table command Device show interfaces transceiver threshold table Optical Tx Optical Rx Temp Laser Bias Voltage current DWDM GBIC Min1 4 00 32 00 4 N A 4 65 Min2 0 00 28 00 0 N A 4 75...

Page 114: ... N A N A 0 N A N A Min2 N A N A 0 N A N A Max2 N A N A 0 N A N A Max1 N A N A 0 N A N A output truncated Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 88 show interfaces transceiver ...

Page 115: ...displayed in the command output was obtained from the underlying Linux kernel This value was not accurate because some memory chunks that was available for use was not considered as free memory In Cisco IOS XE Denali 16 3 1 the free memory is accurately computed and displayed in the Free Memory field of the command output Examples The following is sample output from the show memory platform comman...

Page 116: ...memory platform information Virtual memory 12870438912 Pages resident 626833 Major page faults 2222 Minor page faults 2362455 Architecture mips64 Memory kB Physical 3976852 Total 3976852 Used 2761224 Free 1215628 Active 2128060 Inactive 1584444 Inact dirty 0 Inact clean 0 Dirty 284 AnonPages 1294656 Bounce 0 Cached 1979644 Commit Limit 1988424 Committed As 3342184 High Total 0 High Free 0 Low Tota...

Page 117: ...e Size 2048 Swap kB Total 0 Used 0 Free 0 Cached 0 Buffers kB 438228 Load Average 1 Min 1 54 5 Min 1 27 15 Min 0 99 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 91 show memory platform ...

Page 118: ...num Command Default None Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Denali 16 1 1 Usage Guidelines Entering the show module command without the switch num argument is the same as entering the show module all command Examples This example shows how to display information for all the modules on a Cisco Catalyst 3850 Series sw...

Page 119: ...e power system configuration fo r slot 5 10 23 12 14 05 10 984 UTC 6 3 Initialized inline power system configuration fo r slot 6 10 23 12 14 05 10 984 UTC 7 3 Initialized inline power system configuration fo r slot 7 10 23 12 14 05 10 984 UTC 8 3 Initialized inline power system configuration fo r slot 8 10 23 12 14 05 10 984 UTC 9 3 Initialized inline power system configuration fo r slot 9 10 23 1...

Page 120: ...0 380 UTC 18 3 Interface Gi1 0 24 initialization done 10 23 12 14 05 20 380 UTC 19 3 Slot 1 initialization done 10 23 12 14 05 50 440 UTC 1a 3 Slot 1 PoE initialization for board id 16387 10 23 12 14 05 50 440 UTC 1b 3 Duplicate init event Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 94 show mgmt infra trace messages ilpower ...

Page 121: ...inline power messages within a trace buffer switch stack member number Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This is an output example from the show mgmt infra trace messages ilpower ha command Device show mgmt infra trace messages ilpower ha 10 23 12 14 04 48 087 UTC 1 3 NG3K_ILPOWER_HA Creat...

Page 122: ...PoE Info POE_SHUT sent for port 6 0 5 10 23 12 14 04 06 431 UTC 8 5495 PoE Info POE_SHUT sent for port 7 0 6 10 23 12 14 04 06 431 UTC 9 5495 PoE Info POE_SHUT sent for port 8 0 7 10 23 12 14 04 06 431 UTC a 5495 PoE Info POE_SHUT sent for port 9 0 8 10 23 12 14 04 06 431 UTC b 5495 PoE Info POE_SHUT sent for port 10 0 9 10 23 12 14 04 06 431 UTC c 5495 PoE Info POE_SHUT sent for port 11 0 10 10 2...

Page 123: ...tatistics information detail Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This is an example of output from the show network policy profile command Device show network policy profile Network Policy Profile 10 voice vlan 17 cos 4 Interface none Network Policy Profile 30 voice vlan 30 cos 5 Interface n...

Page 124: ...rding information forward summary Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Do not use this command unless a technical support representative asks you to Use this command only when you are working directly with a technical support representative while troubleshooting a problem Fields displayed in the c...

Page 125: ...src 00 1d 01 85 ba 22 type ARP ARP hwtype 0x1 ptype IPv4 hwlen 6 plen 4 op is at hwsrc 00 1d 01 85 ba 22 psrc 10 10 1 33 hwdst 00 51 0f f2 0e 11 pdst 10 10 1 1 Ingress Switch 1 Port GigabitEthernet1 0 1 Global Port Number 1 Local Port Number 1 Asic Port Number 21 ASIC Number 0 STP state blkLrn31to0 0xffdfffdf blkFwd31to0 0xffdfffdf Vlan 1 Station Descriptor 170 DestIndex 0xF009 DestModIndex 2 Rewr...

Page 126: ...XE Denali 16 1 1 Usage Guidelines The output of this command displays the used memory which is total memory minus the accurate free memory Examples The following is sample output from the show platform resources command Switch show platform resources State Acronym H Healthy W Warning C Critical Resource Usage Max Warning Critical State Control Processor 7 20 100 90 95 H DRAM 2701MB 69 3883MB 90 95...

Page 127: ...etails argument was added Cisco IOS XE Denali 16 3 2 The command was introduced Cisco IOS XE Denali 16 1 1 Examples The following is sample output from the show platform software ilpower details command Device show platform software ilpower details ILP Port Configuration for interface Gi1 0 1 Initialization Done Yes ILP Supported Yes ILP Enabled Yes POST Yes Detect On No Powered Device Detected No...

Page 128: ...hitecture 1 Signal Pair Power allocation in milli watts 0 Spare Pair Power On 0 Powered Device power state 0 Timer Power Good Stopped Power Denied Stopped Cisco Powered Device Detect Stopped Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 102 show platform software ilpower ...

Page 129: ...0 R0 Optional Displays information about the specified process name process name Optional Displays information about the specified process ID process id process ID Optional Displays information sorted according to processes sort Optional Displays information sorted according to memory memory Optional Displays a summary of the process memory of the host device summary Command Modes Privileged EXE C...

Page 130: ...6852 Total 3976852 Used 2766952 Free 1209900 Active 2141344 Inactive 1589672 Inact dirty 0 Inact clean 0 Dirty 4 AnonPages 1306800 Bounce 0 Cached 1984688 Commit Limit 1988424 Committed As 3358528 High Total 0 High Free 0 Low Total 3976852 Low Free 1209900 Mapped 520528 NFS Unstable 0 Page Tables 17328 Slab 0 VMmalloc Chunk 1069542588 VMmalloc Total 1069547512 VMmalloc Used 2588 Writeback 0 HugePa...

Page 131: ...unning processes monitor Optional Sets the number of times to run monitor command Valid values are from 1 to 4294967295 The default is 5 cycles no of tmes Optional Sets a delay after each Valid values are from 0 to 300 The default is 3 interval delay Optional Sets the number of lines of output displayed Valid values are from 0 to 512 The default is 0 lines number Command Modes Privileged EXEC Comm...

Page 132: ...7546 root 20 0 2044m 244m 79m S 7 6 3 186 49 08 fed main event 18662 root 20 0 1806m 678m 263m S 5 17 5 215 32 38 linux_iosd imag 30276 root 20 0 171m 42m 33m S 5 1 1 125 06 77 repm 17835 root 20 0 935m 74m 63m S 4 1 9 82 28 31 sif_mgr 18534 root 20 0 182m 150m 10m S 2 3 9 8 12 08 smand 1 root 20 0 8440 4740 2184 S 0 0 1 0 09 52 systemd 2 root 20 0 0 0 0 S 0 0 0 0 00 00 kthreadd 3 root 20 0 0 0 0 ...

Page 133: ...utput from the show platform memory software status control processor command Switch show platform software status control processor 2 RP0 online statistics updated 7 seconds ago Load Average healthy 1 Min 1 00 status healthy under 5 00 5 Min 1 21 status healthy under 5 00 15 Min 0 90 status healthy under 5 00 Memory kb healthy Total 3976852 Used 2766284 70 status healthy Free 1210568 30 Committed...

Page 134: ...ice 0 00 Idle 97 30 IRQ 0 00 SIRQ 0 00 IOwait 0 00 CPU1 CPU Utilization percentage of time spent User 4 19 System 0 69 Nice 0 00 Idle 95 10 IRQ 0 00 SIRQ 0 00 IOwait 0 00 CPU2 CPU Utilization percentage of time spent User 4 79 System 0 79 Nice 0 00 Idle 94 40 IRQ 0 00 SIRQ 0 00 IOwait 0 00 CPU3 CPU Utilization percentage of time spent User 2 10 System 0 40 Nice 0 00 Idle 97 50 IRQ 0 00 SIRQ 0 00 I...

Page 135: ...U Utilization Slot CPU User System Nice Idle IRQ SIRQ IOwait 2 RP0 0 4 10 2 00 0 00 93 80 0 00 0 10 0 00 1 4 60 1 00 0 00 94 30 0 00 0 10 0 00 2 6 50 1 10 0 00 92 40 0 00 0 00 0 00 3 5 59 1 19 0 00 93 20 0 00 0 00 0 00 3 RP0 0 2 80 1 20 0 00 95 90 0 00 0 10 0 00 1 4 49 1 29 0 00 94 20 0 00 0 00 0 00 2 5 30 1 60 0 00 93 10 0 00 0 00 0 00 3 5 80 1 20 0 00 93 00 0 00 0 00 0 00 4 RP0 0 1 30 0 80 0 00 ...

Page 136: ...The output of the show platform software process slot switch and show processes cpu platform monitor location commands display the output of the Linux top command The output of these commands display Free memory and Used memory as displayed by the Linux top command The values displayed for the Free memory and Used memory by these commands do not match the values displayed by the output of other pl...

Page 137: ... 4 0 1 4 47 03 btrace_rotate s 10 root 20 0 0 0 0 S 2 0 0 0 58 13 rcuc 0 6304 root 20 0 776 12 0 R 2 0 0 0 00 01 ls 17835 root 20 0 935m 74m 63m S 2 1 9 82 34 07 sif_mgr 1 root 20 0 8440 4740 2184 S 0 0 1 0 09 52 systemd 2 root 20 0 0 0 0 S 0 0 0 0 00 00 kthreadd 3 root 20 0 0 0 0 S 0 0 0 0 02 86 ksoftirqd 0 5 root 0 20 0 0 0 S 0 0 0 0 00 00 kworker 0 0H 7 root RT 0 0 0 0 S 0 0 0 0 01 44 migration...

Page 138: ...rocess ID Optional Displays information about the FRU location location Optional Displays memory maps of a process maps Optional Displays smaps of a process smaps Optional Displays the sorted output based on the total memory used by Cisco IOS XE processes sorted Displays information about the device switch switch number Displays information about the active instance of the switch active Displays i...

Page 139: ...68 3976 132 2312 3976 6412 droputil sh 934 968 2140 132 528 2140 4628 oom sh 936 173 936 132 132 936 3068 xinetd 945 968 1472 132 132 1472 4168 libvirtd sh 947 592 43164 132 3096 43164 154716 repm 954 45 932 132 132 932 3132 rpcbind 986 482 3476 132 132 3476 169288 libvirtd 988 66 940 132 132 940 2724 rpc statd 993 968 928 132 132 928 4232 boothelper_evt 1017 21 640 132 132 640 2500 inotifywait 10...

Page 140: ...0 76088 287156 fman_rp The following is sample output from the show processes memory platform sorted location switch active R0 command Switch show processes memory platform sorted location switch active R0 System memory 3976852K total 2763584K used 1213268K free Lowest 1213268K Pid Text Data Stack Dynamic RSS Total Name 9655 3787 264968 136 18004 264968 2675968 wcm 17261 324 249020 132 103908 2490...

Page 141: ...switches module stack member number Optional Displays detailed output of the interface or module detail Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This is an example of output from the show power inline command The table that follows describes the output fields Device show power inline Module Available Used R...

Page 142: ... 864 0 1 0 Interface Admin Oper Power Device Class Max Watts Gi3 0 1 auto power deny 4 0 n a n a 15 4 Gi3 0 2 auto off 0 0 n a n a 15 4 Gi3 0 3 auto off 0 0 n a n a 15 4 Gi3 0 4 auto off 0 0 n a n a 15 4 Gi3 0 5 auto off 0 0 n a n a 15 4 Gi3 0 6 auto off 0 0 n a n a 15 4 Gi3 0 7 auto off 0 0 n a n a 15 4 Gi3 0 8 auto off 0 0 n a n a 15 4 Gi3 0 9 auto off 0 0 n a n a 15 4 Gi3 0 10 auto off 0 0 n a ...

Page 143: ...e powered device in watts when the switch polices the real time power consumption This value is the same as the Max field value AdminPowerMax The power consumption of the powered device in watts when the switch polices the real time power consumption If policing is disabled this value is the same as the AdminPowerMax field value AdminConsumption 1 The configured power is the power that you manuall...

Page 144: ... switch does not apply power to the connected device The Gi1 0 8 port is up and policing is enabled with a policing action to generate a syslog message but the switch does not apply power to the powered device The Gi1 0 9 port is up and connected to a powered device and policing is disabled The Gi1 0 10 port is up and connected to a powered device and policing is enabled with a policing action to ...

Page 145: ...pplied power deny A powered device is detected but no PoE is available or the real time power consumption exceeds the maximum power allocation The operating mode is the current PoE state for the specified PoE port the specified stack member or for all PoE ports on the switch Note Oper State Status of the real time power consumption policing feature errdisable Policing is enabled and the switch shu...

Page 146: ...red policing action Cutoff Power The real time power consumption of the powered device Oper Power 2 The configured power is the power that you manually specify or that the switch specifies by using CDP power negotiation or the IEEE classification which is different than the real time power that is monitored with the power sensing feature This is an example of output from the show power inline prio...

Page 147: ...Optional Displays budget table details or neighbors for all power stacks or the specified power stack This keyword is not available after the load shedding keyword Note stack name Optional Power stack ID for the power stack The stack ID must be 31 characters or less stack id Optional Displays budget table details load shedding or neighbors for all switches or the specified switch switch Optional S...

Page 148: ...ed Num Num Name Mode Topolgy Pwr W Pwr W Pwr W Pwr W SW PS Powerstack 1 SP PS Stndaln 350 150 200 0 1 1 This is an example of output from the show stack power budgeting command Device show stack power budgeting Power Stack Stack Stack Total Rsvd Alloc Unused Num Num Name Mode Topolgy Pwr W Pwr W Pwr W Pwr W SW PS Powerstack 1 SP PS Stndaln 350 150 200 0 1 1 Power Stack PS A PS B Power Alloc Avail ...

Page 149: ...ommand Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines For information about the MTU values and the stack configurations that affect the MTU values see the system mtu command Examples This is an example of output from the show system mtu command Device show system mtu Global Ethernet MTU is 1500 bytes Command Reference Cisc...

Page 150: ...fib Optional Displays NAT related information nat Optional Displays NBAR related information nbar Optional Displays ONEP related information onep Optional Displays OSPF related information ospf Optional Displays the command output on a single page at a time Use the Return key to display the next line of output or use the space bar to display the next page of information If not used the output scro...

Page 151: ...e Guidelines The output from the show tech support command is very long To better manage this output you can redirect the output to a file for example show tech support filename in the local writable storage file system or the remote file system Redirecting the output to a file also makes sending the output to your Cisco Technical Assistance Center TAC representative easier You can use one of the ...

Page 152: ...ns at 5000 Mbps This option is valid and visible only on multi Gigabit supported Ethernet ports 5000 Detects the speed at which the port should run automatically based on the port at the other end of the link If you use the 10 100 1000 1000 2500 or 5000 keyword with the auto keyword the port autonegotiates only at the specified speeds auto Disables autonegotiation and the port runs at 1000 Mbps no...

Page 153: ...nd does not use the auto setting on the supported side but set the duplex and speed on the other side Changing the interface speed and duplex mode configuration might shut down and re enable the interface during the reconfiguration Caution For guidelines on setting the switch speed and duplex parameters see the Configuring Interface Characteristics chapter in the software configuration guide for t...

Page 154: ...nd History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines When you enter the stack power stack power stack name command you enter power stack configuration mode and these commands are available default Returns a command to its default setting exit Exits ARP access list configuration mode mode Sets the power mode for the power stack See the mode command no Nega...

Page 155: ...it the stack parameters The name can be up to 31 characters standalone Forces the switch to operate in standalone power mode This mode shuts down both stack power ports Examples This example removes switch 2 which is connected to the power stack from the power pool and shutting down both power ports Device config stack power switch 2 Device config switch stackpower standalone Device config switch ...

Page 156: ... Usage Guidelines By default all traffic with unknown MAC addresses is sent to all ports You can block unknown multicast or unicast traffic on protected or nonprotected ports If unknown multicast or unicast traffic is not blocked on a protected port there could be security issues With multicast traffic the port blocking feature blocks only pure Layer 2 packets Multicast packets that contain IPv4 o...

Page 157: ...ation Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines You can verify your setting by entering the show system mtu privileged EXEC command The switch does not support the MTU on a per interface basis If you enter a value that is outside the allowed range for the specific type of interface the value is not accepted Examples This example shows how to set the global system MTU ...

Page 158: ...d Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples The following is sample output from the test mcu read register det cls offset command Device test mcu read register det cls offset 1 DETECTION ENABLE BIT SUMMARY Controller port1 port2 port3 port4 register hexadecimal 1 1 0 1 0 5 2 1 0 1 0 5 3 1 0 1 0 5 4 1 0 1 0 5 5 1 0 1 0 5 6 1 0...

Page 159: ...URE ID DEVICE_BCM_PALPATINE reg_val 0x1B Examples The following is sample output from the test mcu read register port mode command PORT MODE SUMMERY Controller port1 port2 port3 port4 register hexadecimal 1 01 00 01 00 22 2 01 00 01 00 22 3 01 00 01 00 22 4 01 00 01 00 22 5 01 00 01 00 22 6 01 00 01 00 22 7 01 00 01 00 22 8 01 00 01 00 22 9 01 00 01 00 22 10 01 00 01 00 22 11 00 00 01 00 20 12 01 ...

Page 160: ...onal Configures the phone to use IEEE 802 1p priority tagging and to use VLAN 0 the native VLAN dot1p Optional Does not instruct the Cisco IP phone about the voice VLAN The phone uses the configuration from the phone key pad none Optional Configures the phone to send untagged voice traffic This is the default for the phone untagged Command Default No network policy profiles for the voice signaling...

Page 161: ...rk policy time length value TLV To return to privileged EXEC mode from the network policy profile configuration mode enter the exit command Examples This example shows how to configure voice signaling for VLAN 200 with a priority 2 CoS Device config network policy profile 1 Device config network policy voice signaling vlan 200 cos 2 This example shows how to configure voice signaling for VLAN 400 ...

Page 162: ...P phone about the voice VLAN The phone uses the configuration from the phone key pad none Optional Configures the phone to send untagged voice traffic This is the default for the phone untagged Command Default No network policy profiles for the voice application type are defined The default CoS value is 5 The default DSCP value is 46 The default tagging mode is untagged Command Modes Network polic...

Page 163: ...and Examples This example shows how to configure the voice application type for VLAN 100 with a priority 4 CoS Device config network policy profile 1 Device config network policy voice vlan 100 cos 4 This example shows how to configure the voice application type for VLAN 100 with a DSCP value of 34 Device config network policy profile 1 Device config network policy voice vlan 100 dscp 34 This exam...

Page 164: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 138 voice vlan network policy configuration ...

Page 165: ...P A R T III IP IP page 141 ...

Page 166: ......

Page 167: ...reempt page 158 glbp priority page 159 glbp timers page 160 glbp weighting page 162 glbp weighting track page 164 ip address dhcp page 166 ip address pool DHCP page 170 ip address page 172 ip nhrp map page 175 ip nhrp map multicast page 177 ip nhrp network id page 179 ip nhrp nhs page 180 key chain page 183 key string authentication page 184 key page 185 Command Reference Cisco IOS XE Everest 16 5...

Page 168: ...94 show key chain page 196 show track page 197 track page 199 vrrp page 201 vrrp description page 202 vrrp preempt page 203 vrrp priority page 205 vrrp timers advertise page 206 vrrs leader page 208 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 142 ...

Page 169: ...e Optional Specifies the global VRF instance global Optional Destination IP address Specifying this argument clears NHRP mapping entries for the specified destination IP address dest ip address Optional Destination network mask dest mask Optional Clears the NHRP counters counters Optional Clears the NHRP mapping entries for all interfaces interface Optional Removes the specified interface from the...

Page 170: ...the NHRP cache Examples The following example shows how to clear all dynamic entries from the NHRP cache for an interface Switch clear ip nhrp Related Commands Description Command Displays NHRP mapping information show ip nhrp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 144 clear ip nhrp ...

Page 171: ...nditional debugging operations condition Optional Enables debugging operations for the tunnel interface interface tunnel number Optional Enables debugging operations for the non broadcast multiple access NBMA network nbma Optional Enables debugging operations based on the IPv4 address of the NBMA network ipv4 nbma address Optional NBMA network name nbma name Optional Enables debugging operations b...

Page 172: ...r keyword argument pair is visible only if the virtual access interface is available on the device Examples The following sample output from the debug nhrp command displays NHRP debugging output for IPv4 Switch debug nhrp Aug 9 13 13 41 486 NHRP Attempting to send packet via DEST 10 1 1 99 Aug 9 13 13 41 486 NHRP Encapsulation succeeded Tunnel IP addr 10 11 11 99 Aug 9 13 13 41 486 NHRP Send Regis...

Page 173: ...ter an interface becomes available minimum Optional Configures the delay period after the device reloads reload Delay period in seconds The range is from 0 to 3600 seconds Command Default None Command Modes Interface configuration config if Examples This example shows how to specify the delay period for the initialization of FHRP clients Device config if fhrp delay minimum 90 Related Commands Desc...

Page 174: ...rsion 2 VRRPv2 is unavailable Examples In the following example a tracking process is configured to track the state of an IPv6 object using a VRRPv3 group VRRP on GigabitEthernet interface 0 0 0 then registers with the tracking process to be informed of any changes to the IPv6 object on the VRRPv3 group If the IPv6 object state on serial interface VRRPv3 goes down then the priority of the VRRP gro...

Page 175: ... authentication The key string cannot exceed 100 characters in length We recommend using at least 16 characters key string key Optional Unencrypted key If no prefix is specified the key is unencrypted 0 Optional Encrypted key 7 Identifies a group of authentication keys key chain name of chain Command Default No authentication of GLBP messages occurs Command Modes Interface configuration config if ...

Page 176: ...and key ID for the specified key chain Device config key chain AuthenticateGLBP Device config keychain key 1 Device config keychain key key string ThisIsASecretKey Device config keychain key exit Device config keychain exit Device config interface GigabitEthernet 1 0 1 Device config if ip address 10 0 0 1 255 255 255 0 Device config if glbp 2 authentication md5 key chain AuthenticateGLBP Related C...

Page 177: ...e role of AVF The range is from 0 to 3600 seconds with a default delay of 30 seconds delay minimum seconds Command Default Forwarder preemption is enabled with a default delay of 30 seconds Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Examples The following example shows a device being configured to preemp...

Page 178: ...ddress is specified the designated address is learned from another device configured to be in the same GLBP group For GLBP to elect an active virtual gateway AVG at least one device on the cable must have been configured with the designated address A device must be configured with or have learned the virtual IP address of the GLBP group before assuming the role of a GLBP gateway or forwarder Confi...

Page 179: ...y the GLBP group is set to 10 21 8 10 Device config interface GigabitEthernet 1 0 1 Device config if ip address 10 21 8 32 255 255 255 0 Device config if glbp 10 ip 10 21 8 10 Related Commands Description Command Displays GLBP information show glbp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 153 glbp ip ...

Page 180: ...ies a load balancing method where each virtual forwarder in turn is included in address resolution replies for the virtual IP address This method is the default round robin Optional Specifies a load balancing method that is dependent on the weighting value advertised by the gateway weighted Command Default The round robin method is the default Command Modes Interface configuration config if Comman...

Page 181: ...BP group 10 Device config interface GigabitEthernet 1 0 1 Device config if glbp 10 ip 10 21 8 10 Device config if glbp 10 load balancing host dependent Related Commands Description Command Displays GLBP information show glbp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 155 glbp load balancing ...

Page 182: ...des Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Usage Guidelines The GLBP redundancy client must be configured with the same GLBP group name so that the redundancy client and the GLBP group can be connected Examples The following example assigns the abccomp name to GLBP group 10 Device config if glbp 10 name abccomp Re...

Page 183: ...warder information is considered valid glbp timers Configures the time during which the AVG for a GLBP group continues to redirect clients to a secondary AVF glbp timers redirect Specifies the initial weighting value of the GLBP gateway glbp weighting Specifies a tracking object where the GLBP weighting changes based on the availability of the object being tracked glbp weighting track Displays GLB...

Page 184: ... seconds Command Default A GLBP device with a higher priority than the current AVG cannot assume the role of AVG The default delay value is 30 seconds Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Examples The following example shows a device being configured to preempt the current AVG when its priority of ...

Page 185: ...onfiguration config if Usage Guidelines Use this command to control which virtual gateway becomes the active virtual gateway AVG After the priorities of several different virtual gateways are compared the gateway with the numerically higher priority is elected as the AVG If two virtual gateways have equal priority the gateway with the higher IP address is selected Examples The following example sh...

Page 186: ...rmation contained in the hello packet is considered invalid The default is 10 seconds 10 000 milliseconds holdtime Specifies time interval during which the active virtual gateway AVG for a Gateway Load Balancing Protocol GLBP group continues to redirect clients to a secondary active virtual forwarder AVF and time out values for failed forwarders redirect The redirect timer interval in the range fr...

Page 187: ...way sends a hello message the information should be considered valid for one holdtime Normally holdtime is greater than three times the value of hello time holdtime 3 hellotime The range of values for holdtime force the holdtime to be greater than the hello time Examples The following example shows the GLBP group 10 on GigabitEthernet interface 1 0 1 timers being configured for an interval of 5 se...

Page 188: ...r Command Default The default gateway weighting value is 100 and the default lower weighting value is 1 Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Usage Guidelines The weighting value of a virtual gateway is a measure of the forwarding capacity of the gateway If a tracked interface on the device fails th...

Page 189: ...ace GigabitEthernet 1 0 1 Device config if ip address 10 21 8 32 255 255 255 0 Device config if glbp 10 weighting 110 lower 95 upper 105 Related Commands Description Command Specifies an object to be tracked that affects the weighting of a GLBP gateway glbp weighting track Configures an interface to be tracked track Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 163 glbp wei...

Page 190: ...s are not tracked for GLBP weighting changes Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Usage Guidelines This command ties the weighting of the GLBP gateway to the availability of its interfaces It is useful for tracking interfaces that are not configured for GLBP When a tracked interface goes down the G...

Page 191: ...mple GigabitEthernet interface 1 0 1 tracks two interfaces represented by the numbers 1 and 2 If interface 1 goes down the GLBP gateway weighting decreases by the default value of 10 If interface 2 goes down the GLBP gateway weighting decreases by 5 Device config interface GigabitEthernet 1 0 1 Device config if ip address 10 21 8 32 255 255 255 0 Device config if glbp 10 weighting track 1 Device c...

Page 192: ...formation about the numbering syntax for your networking device use the question mark online help function number Optional Specifies the hostname hostname Optional Name of the host to be placed in the DHCP option 12 field This name need not be the same as the hostname entered in global configuration mode hostname Command Default The hostname is the globally configured hostname of the device The cl...

Page 193: ...e a specific hostname and client identifier that is the MAC address of the interface The most typical usage of the ip address dhcp client id interface type number hostname hostname command is when interface typeis the Ethernet interface where the command is configured and interface type numberis the hostname provided by the ISP A client identifier DHCP option 61 can be a hexadecimal or an ASCII va...

Page 194: ...nd contains the default hostname of the device in the option 12 field ip address dhcp client id ethernet 1 The DISCOVER message contains the MAC address of the Ethernet 1 interface in the client ID field and contains hostname in the option 12 field ip address dhcp client id ethernet 1 hostname hostname Examples In the examples that follow the command ip address dhcp is entered for Ethernet interfa...

Page 195: ...ace 1 in the client id field and the value def in the option 12 field hostname abc interface Ethernet 1 ip address dhcp client id GigabitEthernet 1 0 1 hostname def Related Commands Description Command Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode ip dhcp pool Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 169 ip address dh...

Page 196: ...ce configuration Command History Modification Release This command was introduced 12 2 8 T Usage Guidelines Use this command to automatically configure the IP address of a LAN interface when there are DHCP clients on the attached LAN that should be serviced by the DHCP pool on the device The DHCP pool obtains its subnet dynamically through IPCP subnet negotiation Examples The following example spe...

Page 197: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 171 ip address pool DHCP ...

Page 198: ...ss interface vrf Command Default No IP address is defined for the interface Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Usage Guidelines An interface can have one primary IP address and multiple secondary IP addresses Packets generated by the Cisco IOS software always use the primary IP address Therefore ...

Page 199: ...n use In these instances the first network is extended or layered on top of the second network using secondary addresses If any device on a network segment uses a secondary address all other devices on that same segment must also use a secondary address from the same network or subnet Inconsistent use of secondary addresses on a network segment can very quickly cause routing loops Note When you ar...

Page 200: ...in a route map for policy based routing VRF selection set vrf Displays the ARP cache in which SLIP addresses appear as permanent ARP table entries show ip arp Displays the usability status of interfaces configured for IP show ip interface Displays static and dynamic route maps show route map Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 174 ip address ...

Page 201: ...at is directly reachable through the NBMA network The address format varies depending on the medium for example ATM has a Network Service Access Point NSAP address Ethernet has a MAC address and Switched Multimegabit Data Service SMDS has an E 164 address This address is mapped to the IP address ip nbma address Destination address mask destination mask IPv6 NBMA address This argument is not suppor...

Page 202: ...on in a multipoint tunnel network is statically configured to be served by two next hop servers 10 0 0 1 and 10 0 1 3 The NBMA address for 10 0 0 1 is statically configured as 192 0 2 1 and the NBMA address for 10 0 1 3 is 198 51 100 1 Switch config interface tunnel 0 Switch config if ip nhrp nhs 10 0 0 1 Switch config if ip nhrp nhs 10 0 1 3 Switch config if ip nhrp map 10 0 0 1 192 0 2 1 Switch ...

Page 203: ...mand Default No NBMA addresses are configured as destinations for broadcast or multicast packets Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines In Cisco IOS XE Denali 16 3 1 this command supports only IPv4 the ipv6 nbma address argument although available on the switch will not work if con...

Page 204: ...0 Switch config if ip nhrp map multicast 10 0 0 1 Switch config if ip nhrp map multicast 10 0 0 2 Related Commands Description Command Enables NHRP debugging debug nhrp Configures an interface and enters interface configuration mode interface Specifies the destination for a tunnel interface tunnel destination Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 178 ip nhrp map mul...

Page 205: ...e Command Modes Interface configuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines In general all NHRP stations within one logical NBMA network must be configured with the same network identifier Examples The following example enables NHRP on the interface Switch config if ip nhrp network id 1 Related Commands Description Com...

Page 206: ...cifies the nonbroadcast multiple access NBMA address or FQDN nbma NBMA address nbma address Next hop server NHS fully qualified domain name FQDN string FQDN string Optional Specifies the use of NBMA mapping for broadcasts and multicasts multicast Optional Assigns a priority to hubs to control the order in which spokes select hubs to establish tunnels The range is from 0 to 255 0 is the highest and...

Page 207: ...sses Examples The following example shows how to register a hub to a spoke using NBMA and FQDN Switch configure terminal Switch config interface tunnel 1 Switch config if ip nhrp nhs 192 0 2 1 nbma examplehub example1 com The following example shows how to configure the desired max connections value Switch configure terminal Switch config interface tunnel 1 Switch config if ip nhrp nhs cluster 5 m...

Page 208: ...Description Command Displays NHRP mapping information show ip nhrp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 182 ip nhrp nhs ...

Page 209: ...ou can identify multiple key chains we recommend using one key chain per interface per routing protocol Upon specifying the key chain command you enter key chain configuration mode Examples The following example shows how to specify key chain Device config keychain key key string chestnut Related Commands Description Command Sets the time period during which the authentication key on a key chain i...

Page 210: ...ommand Modes Key chain key configuration config keychain key Examples The following example shows how to specify the authentication string for a key Device config keychain key key string key1 Related Commands Description Command Sets the time period during which the authentication key on a key chain is received as valid accept lifetime Identifies an authentication key on a key chain key Defines an...

Page 211: ...re set platform and platform hardware 12 2SX Usage Guidelines It is useful to have multiple keys on a key chain so that the software can sequence through the keys as they become invalid after time based on the accept lifetime and send lifetime key chain key command settings Each key has its own key identifier which is stored locally The combination of the key identifier and the interface associate...

Page 212: ...received as valid accept lifetime Defines an authentication key chain needed to enable authentication for routing protocols key chain Specifies the authentication string for a key key string authentication Sets the time period during which an authentication key on a key chain is valid to be sent send lifetime Displays authentication key information show key chain Command Reference Cisco IOS XE Eve...

Page 213: ... EXEC Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Usage Guidelines Use the show glbp command to display information about GLBP groups on a device The brief keyword displays a single line of information about each virtual gateway or virtual forwarder The capability keyword displays all GLBP capable interfaces Examples The following is sample output from...

Page 214: ...e one of the following Active The gateway is the active virtual gateway AVG and is responsible for responding to Address Resolution Protocol ARP requests for the virtual IP address Disabled The virtual IP address has not been configured or learned yet but another GLBP configuration exists Initial The virtual IP address has been configured or learned but virtual gateway configuration is not complet...

Page 215: ...r GLBP gateway preemption is enabled If enabled the minimum delay is the time in seconds for which a higher priority nonactive device will wait before preempting the lower priority active device This field is also displayed under the forwarder section where it indicates GLBP forwarder preemption Preemption The active state of the virtual gateway The value can be local unknown or an IP address The ...

Page 216: ...bp ip Configures the time between hello messages and the time before other devices declare the active GLBP device to be down glbp timers Specifies an object to be tracked that affects the weighting of a GLBP gateway glbp weighting track Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 190 show glbp ...

Page 217: ...ional Displays redundancy cluster information cluster number Optional Displays information about NHS that failed to become active and is preempted preempted Optional Displays NHSs that are currently in Responding or Expecting replies states running Optional Displays NHSs awaiting to be scheduled waiting Command Modes User EXEC Privileged EXEC Command History Modification Release This command was i...

Page 218: ...ion group controller 0 to 0 PROTECTION_GROUP Port channel interface 1 to 128 Port channel TenGigabitEthernet interface 0 to 9 TenGigabitEthernet Tunnel interface 0 to 2147483647 Tunnel MPLS Transport Profile interface 0 to 65535 Tunnel tp VLAN interface 1 to 4094 Vlan Examples The following is sample output from the show ip nhrp nhs detail command Switch show ip nhrp nhs detail Legend E Expecting ...

Page 219: ... is reached Tunnel1 Related Commands Description Command Statically configures the IP to NBMA address mapping of IP destinations connected to an NBMA network ip nhrp map Displays NHRP mapping information show ip nhrp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 193 show ip nhrp nhs ...

Page 220: ...lowing is sample output from the show ip ports all command Device show ip ports all Proto Local Address Foreign Address State PID Program Name TCB Local Address Foreign Address state tcp 4786 LISTEN 224 IOS SMI IBC server process tcp 443 LISTEN 286 IOS HTTP CORE tcp 443 LISTEN 286 IOS HTTP CORE tcp 80 LISTEN 286 IOS HTTP CORE tcp 80 LISTEN 286 IOS HTTP CORE udp 10002 0 IOS Unknown udp 2228 10 0 0 ...

Page 221: ...ate Process ID or name PID Program Name Related Commands Description Command Displays information about TCP connection endpoints show tcp brief all Displays IP sockets information show ip sockets Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 195 show ip ports all ...

Page 222: ...key chain Device show key chain Key chain AuthenticationGLBP key 1 text Thisisasecretkey accept lifetime always valid always valid valid now send lifetime always valid always valid valid now Key chain glbp2 key 100 text abc123 accept lifetime always valid always valid valid now send lifetime always valid always valid valid now Related Commands Description Command Specifies the authentication strin...

Page 223: ...bjects application Optional Displays tracked interface objects interface Optional Displays tracked IP route objects ip route Optional Displays tracked IP SLA objects ip sla Optional Displays tracked IPv6 route objects ipv6 route Optional Displays the list of boolean objects list Optional Displays resolution of tracked parameters resolution Optional Displays the summary of the specified object summ...

Page 224: ...Track 1 Interface GigabitEthernet 1 0 1 ip routing IP routing is Down no IP addr 1 change last change 00 01 08 The table below describes the significant fields shown in the displays Table 15 show track Field Descriptions Description Field Object number that is being tracked Track Interface type interface number and object that is being tracked Interface GigabitEthernet 1 0 1 ip routing State value...

Page 225: ...f the interfaces is not tracked Command Modes Global configuration config Usage Guidelines Use the track command in conjunction with the glbp weighting and glbp weighting track commands to configure parameters for an interface to be tracked If a tracked interface on a GLBP device goes down the weighting for that device is reduced If the weighting falls below a specified minimum the device will los...

Page 226: ... config track 2 interface GigabitEthernet 1 0 3 line protocol Device config track exit Device config interface TenGigabitEthernet 0 0 1 Device config if ip address 10 21 8 32 255 255 255 0 Device config if glbp 10 weighting 110 lower 95 upper 105 Device config if glbp 10 weighting track 1 Device config if glbp 10 weighting track 2 Related Commands Description Command Specifies the initial weightin...

Page 227: ...p id Specifies the address family for this VRRP group address family Optional Specifies IPv4 address ipv4 Optional Specifies IPv6 address ipv6 Command Default None Command Modes Interface configuration config if Usage Guidelines Examples The following example shows how to create a VRRPv3 group and enter VRRP configuration mode Device config if vrrp 3 address family ipv4 Related Commands Descriptio...

Page 228: ...here is no description of the VRRP group Command Modes VRRP configuration config if vrrp Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Examples The following example enables VRRP VRRP group 1 is described as Building A Marketing and Administration Device config if vrrp description Building A Marketing and Administration Related Commands Description Comma...

Page 229: ... Guidelines By default the device being configured with this command will take over as master virtual router for the group if it has a higher priority than the current master virtual router You can configure a delay which will cause the VRRP device to wait the specified number of seconds before issuing an advertisement claiming master ownership The device that is the IP address owner will preempt ...

Page 230: ...ommand Creates a VRRPv3 group and enters VRRPv3 group configuration mode vrrp Sets the priority level of the device within a VRRP group priority Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 204 vrrp preempt ...

Page 231: ...RRP configuration config if vrrp Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Usage Guidelines Use this command to control which device becomes the master virtual router Examples The following example configures the device with a priority of 254 Device config if vrrp priority 254 Related Commands Description Command Creates a VRRPv3 group and enters VRR...

Page 232: ...to 999 milliseconds interval Command Default The default interval of 1 second is configured Command Modes VRRP configuration config if vrrp Command History Modification Release This command was introduced Cisco IOS XE Release 2 1 Usage Guidelines The advertisements being sent by the master virtual router communicate the state and priority of the current master virtual router The vrrp timers advert...

Page 233: ...ated Commands Description Command Creates a VRRPv3 group and enters VRRPv3 group configuration mode vrrp Configures the device when it is acting as backup virtual router for a VRRP group to learn the advertisement interval used by the master virtual router timers learn Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 207 vrrp timers advertise ...

Page 234: ...ult A registered VRRS name is unavailable by default Command Modes VRRP configuration config if vrrp Command History Modification Release This command was integrated into Cisco IOS XE Release 2 1 Cisco IOS XE Release 2 1 Examples The following example specifies a leader s name to be registered with VRRS Device config if vrrp vrrs leader leader 1 Related Commands Description Command Creates a VRRP ...

Page 235: ...P A R T IV IP Multicast Routing IP Multicast Routing page 211 ...

Page 236: ......

Page 237: ...pression page 227 ip igmp snooping vlan mrouter page 228 ip igmp snooping vlan static page 229 ip multicast auto enable page 231 ip pim accept register page 232 ip pim bsr candidate page 233 ip pim rp candidate page 235 ip pim send rp announce page 237 ip pim spt threshold page 239 match message type page 240 match service type page 241 match service instance page 242 mrinfo page 243 redistribute ...

Page 238: ... groups page 255 show ip igmp snooping mrouter page 257 show ip igmp snooping querier page 258 show ip pim autorp page 260 show ip pim bsr router page 261 show ip pim bsr page 262 show ip pim tunnel page 263 show mdns cache page 265 show mdns requests page 267 show mdns statistics page 268 show platform ip multicast page 269 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 212...

Page 239: ...ntroduced Cisco IOS XE 3 3SE Usage Guidelines The number of services learned in a network could be large so there is an upper limit on the amount of cache memory that can be used The memory is set by default to a maximum of 10 percent of the system memory You can override the default value by using this command Note When you try to add new records and the cache is full the records in the cache tha...

Page 240: ...formation base MFIB traffic counters to the indicated host name or source address hostname source address Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines None Examples The following example shows how to reset all active MFIB traffic counters for all multicast tables Device clea...

Page 241: ...ault None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The group address variable specifies one of the following Name of the multicast group as defined in the DNS hosts table or with the ip host command IP address of the multicast group in four part dotted notation If you specify a group name or...

Page 242: ...g to the multicast group 224 2 205 42 from the IP multicast routing table This example shows how to delete all sources on network 228 3 not individual sources Device clear ip mroute 224 2 205 42 228 3 0 0 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 216 clear ip mroute ...

Page 243: ...ber Command Default No IGMP filters are applied Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You can apply IGMP filters only to Layer 2 physical interfaces you cannot apply IGMP filters to routed ports switch virtual interfaces SVIs or ports that belong to an EtherChannel group An IGMP p...

Page 244: ... the IGMP snooping forwarding table action replace Command Default The default maximum number of groups is no limit After the device learns the maximum number of IGMP group entries on an interface the default throttling action is to drop the next IGMP report that the interface receives and to not add an entry for the IGMP group to the interface Command Modes Interface configuration Command History...

Page 245: ...le shows how to limit to 25 the number of IGMP groups that a port can join Device config interface gigabitethernet1 0 2 Device config if ip igmp max groups 25 This example shows how to configure the device to replace the existing group with the new group for which the IGMP report was received when the maximum number of entries is in the forwarding table Device config interface gigabitethernet2 0 1...

Page 246: ... addresses Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines When you are in IGMP profile configuration mode you can create the profile by using these commands deny Specifies that matching addresses are denied this is the default condition exit Exits from igmp profile configuration mode no Negates a command or re...

Page 247: ...addresses Device config ip igmp profile 40 Device config igmp profile permit Device config igmp profile range 233 1 1 1 233 255 255 255 You can verify your settings by using the show ip igmp profile privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 221 ip igmp profile ...

Page 248: ...Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines When IGMP snooping is enabled globally it is enabled in all of the existing VLAN interfaces When IGMP snooping is globally disabled it is disabled on all of the existing VLAN interfaces VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and...

Page 249: ...uery messages are sent when the leave message is seen until the last member query interval timeout period expires If no response to the last member queries are received before the timeout period expires the group record is deleted Use the ip igmp snooping last member query interval command to configure the timeout period When both IGMP snooping immediate leave processing and the query count are co...

Page 250: ...um LMQI value of 100 milliseconds and a count of 1 is from 100 to 200 milliseconds with an average of 150 milliseconds This is done to limit the impact of higher rates of IGMP leave messages Examples The following example sets the last member query count to 5 Device config ip igmp snooping last member query count 5 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 224 ip igmp s...

Page 251: ...s to use the global IP address configured for the IGMP querier address ip address Optional Sets the maximum time to wait for an IGMP querier report The range is 1 to 25 seconds max response time response time Optional Sets the interval between IGMP queriers The range is 1 to 18000 seconds query interval interval count Optional Sets parameters related to Topology Change Notifications TCNs tcn query...

Page 252: ...002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Examples This example shows how to globally enable the IGMP snooping querier feature Device config ip igmp snooping querier This example shows how to set the IGMP snooping querier maximum response time to 25 seconds Device config ip igmp snooping querier max response time 25 This example shows how to set the...

Page 253: ...GMP report suppression is enabled the default the device sends the first IGMP report from all hosts for a group to all the multicast routers The device does not send the remaining IGMP reports for the group to the multicast routers This feature prevents duplicate reports from being sent to the multicast devices If the multicast router query includes requests only for IGMPv1 and IGMPv2 reports the ...

Page 254: ...n Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping The configuration is saved in NVRAM Examples This example shows how to configure a port as a multicast router port Device config ip igmp snooping vlan 1 mrouter interface gigabitethernet1 0 2 You can verify your settings by e...

Page 255: ...up IP address ip address Specifies the interface of the member port The interface id value has these options fastethernet interface number A Fast Ethernet IEEE 802 3 interface gigabitethernet interface number A Gigabit Ethernet IEEE 802 3z interface tengigabitethernet interface number A 10 Gigabit Ethernet IEEE 802 3z interface port channel interface number A channel interface The range is 0 to 12...

Page 256: ...g vlan 1 static 224 2 4 12 interface gigabitEthernet1 0 1 Configuring port gigabitethernet1 0 1 on group 224 2 4 12 You can verify your settings by entering the show ip igmp snooping privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 230 ip igmp snooping vlan static ...

Page 257: ...enable no ip multicast auto enable Syntax Description This command has no arguments or keywords Command Default None Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines None This command is unavailable when using the LAN Base image Examples This example shows how to enable authentication authorization and accountin...

Page 258: ...prevent unauthorized sources from registering with the RP If an unauthorized source sends a register message to the RP the RP will immediately send back a register stop message The access list provided for the ip pim accept register command should only filter on IP source addresses and IP destination addresses Filtering on other fields for example IP protocol or UDP port number will not be effecti...

Page 259: ...with the same seed hash correspond to the same rendezvous point RP For example if this value is 24 only the first 24 bits of the group addresses matter The hash mask length allows one RP to be used for multiple groups The default hash mask length is 0 hash mask length Optional Priority of the candidate BSR C BSR The range is from 0 to 255 The default priority is 0 The C BSR with the highest priori...

Page 260: ... switches perform the following steps to determine which C RP is used for a group A longest match lookup is performed on the group prefix that is announced by the BSR C RPs If more than one BSR learned C RP are found by the longest match lookup the C RP with the lowest priority configured with the ip pim rp candidate command is preferred If more than one BSR learned C RP have the same priority the...

Page 261: ... defines the group prefixes that are advertised in association with the RP address group list access list number Command Default The switch is not configured to announce itself to the BSR as a PIMv2 C RP Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Use this command to configure the switch to send PIMv2 messa...

Page 262: ...omain The standard access list number 4 specifies the group prefix associated with the RP that has the address identified by Gigabit Ethernet interface 1 0 1 Device config ip pim rp candidate GigabitEthernet1 0 1 group list 4 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 236 ip pim rp candidate ...

Page 263: ...pping agents in the network There is no default setting The range is 1 to 255 scope ttl value Optional Specifies the standard IP access list number that defines the group prefixes that are advertised in association with the RP address Enter an IP standard access list number from 1 to 99 If no access list is configured the RP is used for all groups group list access list number Optional Specifies t...

Page 264: ...nts out all Protocol Independent Multicast PIM enabled interfaces for a maximum of 31 hops The IP address by which the switch wants to be identified as RP is the IP address associated with Gigabit Ethernet interface 1 0 1 at an interval of 120 seconds Device config ip pim send rp announce GigabitEthernet1 0 1 scope 31 group list 5 interval 120 Command Reference Cisco IOS XE Everest 16 5 1a Catalys...

Page 265: ...specified group use the shared tree never switching to the source tree infinity Optional Specifies an access list number or a specific access list that you have created by name If the value is 0 or if the group list access list option is not used the threshold applies to all groups group list access list Command Default Switches to the PIM shortest path tree spt Command Modes Global configuration ...

Page 266: ...er Service lists are an ordered sequence of individual statements each one has a permit or deny result Evaluation of service list consists of a list scan in a predetermined order and an evaluation of the criteria of each statement that matches A list scan is stopped once the first statement match is found and an action permit deny associated with the statement match is performed The default action...

Page 267: ...cation Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines It is not possible to use the match command if you have used the service list mdns sd service list name query command The match command can be used only for the permit or deny option Examples This example shows how to set the value of the mDNS service type string to match Device config mdns sd sl match service type _ipp...

Page 268: ...istory Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines It is not possible to use the match command if you have used the service list mdns sd service list name query command The match command can be used only for the permit or deny option Examples This example shows how to set the service instance to match Device config mdns sd sl match service instance servInst...

Page 269: ... is the original tool of the multicast backbone MBONE to determine which neighboring multicast routers or switches are peering with multicast routers or switches Cisco routers have supported responding to mrinfo requests since Cisco IOS Release 10 2 You can query a multicast router or multilayer switch using the mrinfo command The output format is identical to the multicast routed version of the D...

Page 270: ...e the following Note P prune capable M mtrace capable S Simple Network Management Protocol SNMP capable A Auto Rendezvous Point RP capable Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 244 mrinfo ...

Page 271: ... the redistribute mdns sd command This command sends out unsolicited announcements received on one interface to all of the other interfaces The outgoing announcements are filtered as per the out service policy defined for the interface or in absence of a per interface service policy based on the global out service policy In the absence of a redistribute option services can be discovered by queryin...

Page 272: ... Guidelines Service filters are modeled around access lists and route maps Multiple service maps of the same name with different sequence numbers can be created and the evaluation of the filters will be ordered on the sequence number Service lists are an ordered sequence of individual statements each has a permit or deny result Evaluation of a service list consists of a list scan in a predetermine...

Page 273: ...ist and apply a filter on the service list according to the permit or deny option applied to the sequence number Device config service list mdns sd sl1 permit 3 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 247 service list mdns sd ...

Page 274: ...Command Modes mDNS configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines As there are devices that do not send unsolicited announcements and to force learning of services and to keep them refreshed in the cache this command contains an active query feature which ensures that services listed in the active query list will be queried Exampl...

Page 275: ...Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines mDNS gateway functionality can only be enabled or disabled globally not on a per interface basis The service filter policy and redistribution can be configured globally as well as on a per interface basis Any interface specific configuration overrides the global configuration Examples This example shows how to ena...

Page 276: ...oming service discovery information service policy name IN Applies a filter on outgoing service discovery information service policy name OUT Command Default Disabled Command Modes mDNS configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This example applies a filter on incoming service discovery information on a service list Device config mdn...

Page 277: ...e Command Default IGMP filters are enabled by default Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The show ip igmp filter command displays information about all filters defined on the device Examples The following is sample output from the show ip igmp filter command Device show ip igmp filter IGMP filter enable...

Page 278: ...ndefined by default Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines None Examples The following example shows the output of the show ip igmp profile privileged EXEC command for profile number 40 on the device Device show ip igmp profile 40 IGMP Profile 40 permit range 233 1 1 1 233 255 255 255 This example shows the...

Page 279: ... Default None Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Ou...

Page 280: ...oping minimal Enabled Report suppression Enabled TCN solicit query Disabled TCN flood query count 2 Robustness variable 2 Last member query count 2 Last member query interval 1000 Vlan 1 IGMP snooping Enabled IGMPv2 immediate leave Disabled Multicast router learning mode pim dvmrp CGMP interoperability mode IGMP_ONLY Robustness variable 2 Last member query count 2 Last member query interval 1000 V...

Page 281: ...ory Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain Output appear Examples This is an example of output from the show ip igmp snooping groups command without any keywords It displays the multicast table for the device Dev...

Page 282: ...nd It shows the entries for the group with the specified IP address Device show ip igmp snooping groups vlan 104 224 1 4 2 Vlan Group Type Version Port List 104 224 1 4 2 igmp v2 Gi2 0 1 Gi1 0 15 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 256 show ip igmp snooping groups ...

Page 283: ... Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping When multicast VLAN registration MVR is enabled the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the li...

Page 284: ...igmp snooping querier command output also shows the VLAN and the interface on which the querier was detected If the querier is the device the output shows the Port field as Router If the querier is a router the output shows the port number on which the querier is learned in the Port field The show ip igmp snooping querier detail user EXEC command is similar to the show ip igmp snooping querier com...

Page 285: ...atus admin state Enabled admin version 2 source IP address 0 0 0 0 query interval sec 60 max response time sec 10 querier timeout sec 120 tcn query count 2 tcn query interval sec 10 Vlan 1 IGMP device querier status elected querier is 1 1 1 1 on port Fa8 0 1 admin state Enabled admin version 2 source IP address 10 1 1 65 query interval sec 60 max response time sec 10 querier timeout sec 120 tcn qu...

Page 286: ...ation Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines This command displays whether auto rp is enabled or disabled Examples The following command output displays that auto rp is enabled Device show ip pim autorp AutoRP Information AutoRP is enabled RP Discovery packet MTU is 0 224 0 1 40 is joined on GigabitEthernet1 0 1 PIM AutoRP Statistics Sent Received RP Announce 0 0 R...

Page 287: ...e Guidelines In addition to auto rp the BSR RP method can be configured After the BSR RP method is configured this command will display the BSR router information Examples The following is sample output from the show ip pim bsr router command Device show ip pim bsr router PIMv2 Bootstrap information This system is the Bootstrap Router BSR BSR address 172 16 143 28 Uptime 04 37 59 BSR Priority 4 Ha...

Page 288: ...e Guidelines In addition to auto rp the BSR RP method can be configured After the BSR RP method is configured this command will display the BSR router information Examples The following is sample output from the show ip pim bsr command Device show ip pim bsr PIMv2 Bootstrap information This system is the Bootstrap Router BSR BSR address 172 16 143 28 Uptime 04 37 59 BSR Priority 4 Hash mask length...

Page 289: ...nterfaces are used by the IPv4 Multicast Forwarding Information Base MFIB for the PIM sparse mode PIM SM registration process Two types of PIM tunnel interfaces are used by the the IPv4 MFIB A PIM encapsulation tunnel PIM Encap Tunnel A PIM decapsulation tunnel PIM Decap Tunnel The PIM Encap Tunnel is dynamically created whenever a group to rendezvous point RP mapping is learned through auto RP bo...

Page 290: ...unnel taken from an RP The output is used to verify the PIM Encap and Decap Tunnel on the RP Device show ip pim tunnel Tunnel0 Type PIM Encap RP 70 70 70 1 Source 70 70 70 1 Tunnel1 Type PIM Decap RP 70 70 70 1 Source R2 The asterisk indicates that the router is the RP The RP will always have a PIM Encap and Decap Tunnel interface Note Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 S...

Page 291: ...s command was introduced Cisco IOS XE 3 3SE Usage Guidelines Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain output appear Examples This is an example of output from the show mdns cache command without any keywords Device show mdns cache NAME TYPE CLASS TTL Remaining Accessed If name Mac Address RR Record...

Page 292: ...51 EPSON XP 400 Series _ipp _tcp local TXT IN 4500 4465 2 Vl2 2894 0fed 447f 384 txtvers 1 N XP 400 Series usbFG EPSON usb_MDL XP _smb _tcp local PTR IN 4500 4465 2 Vl2 2894 0fed 447f EPSON XP 400 Series _smb _tcp local EPSON XP 400 Series _smb _tcp local SRV IN 120 85 2 Vl2 2894 0fed 447f EPSONC053AA local EPSON XP 400 Series _smb _tcp local TXT IN 4500 4465 2 Vl2 2894 0fed 447f 1 R2 Access1 Comm...

Page 293: ...rd type Command Default None Command Modes Privileged EXEC User EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain output appear Examples This is an example of output from the show mdns requests command ...

Page 294: ...ype number Command Default None Command Modes Privileged EXEC User EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Expressions are case sensitive For example if you enter exclude output the lines that contain output do not appear but the lines that contain output appear Examples This is an example of output from the show mdns statistics all...

Page 295: ...se this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Examples This example shows how to display platform IP multicast routes per group Device show platform ip multicast groups Total Number of entries 3 MROUTE ENTRY vrf 0 224 0 0 0 Token 0x0000001...

Page 296: ...py_seg 0x0 Detailed Resource Information ASIC 1 al_rsc_di RM index 0x51f6 RM pmap 0x0 RM cmi 0x0 RM rcp_pmap 0x0 RM force data copy 0 RM remote cpu copy 0 RM remote data copy 0 RM local cpu copy 0 RM local data copy 0 al_rsc_cmi RM index 0x51f6 RM cti_lo 0 0x0 RM cti_lo 1 0x0 RM cti_lo 2 0x0 RM cpu_q_vpn 0 0x0 RM cpu_q_vpn 1 0x0 RM cpu_q_vpn 2 0x0 RM npu_index 0x0 RM strip_seg 0x0 RM copy_seg 0x0 ...

Page 297: ... afd_label_or_clientid 0 mcast_bridge_frame 0 mcast_rep_frame 0 rpf_valid 1 rpf_le_ptr 0 afd_client_flag 0 dest_mod_bridge 0 dest_mod_route 1 cpp_type 0 dest_mod_index 0 rp_index 0 priority 3 rpf_le 0 station_index 164 capwap_mgid_present 0 mgid 0 MROUTE ENTRY vrf 0 224 0 1 40 Token 0x0000001f8 flags C IC RPF interface Vl121 74238750229529173 SVI Token 0x00000021 flags F IC NS Number of OIF 1 Flag...

Page 298: ... RM npu_index 0x0 RM strip_seg 0x0 RM copy_seg 0x0 RI details SI details RM generic lbl 0x0 RM di_handle 0x51f7 RM fd const lbl 0x8 RM skipid_idx 0x0 RM rcp serviceid 0x0 RM dejavu prechken 0x1 RM local cpu 0x0 RM local data 0x1 RM remote cpu 0x1 RM remote data 0x1 HTM details Handle 0x603d0440 Res Type ASIC_RSC_STP_INDEX Asic Num 255 Feature ID AL_FID_L3_MULTICAST_IPV4 Lkp ftr id LKP_FEAT_IPV4_MC...

Page 299: ...vrf 0 239 255 255 250 Token 0x0000003b7d flags C No RPF interface Number of OIF 1 Flags 0x10 Pkts 95 OIF Details Vl131 F NS DI details Handle 0x606ffba0 Res Type ASIC_RSC_DI Asic Num 255 Feature ID AL_FID_L3_MULTICAST_IPV4 Lkp ftr id LKP_FEAT_INVALID ref_count 1 Hardware Indices Handles index0 0x51f8 index1 0x51f8 Cookie length 56 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x20 0x...

Page 300: ...ion list Total ri 0 start_ri 15 common_ret 0 ASIC 1 Replication list Total ri 6 start_ri 15 common_ret 0 Replication entry rep_ri 0xF elem 1 0 ri 0 50 port 58 dirty 0 ASIC 2 Replication list Total ri 0 start_ri 0 common_ret 0 SI details RM generic lbl 0x0 RM di_handle 0x51f8 RM fd const lbl 0x8 RM skipid_idx 0x0 RM rcp serviceid 0x0 RM dejavu prechken 0x1 RM local cpu 0x0 RM local data 0x1 RM remo...

Page 301: ...valid 1 rpf_le_ptr 0 afd_client_flag 0 dest_mod_bridge 0 dest_mod_route 1 cpp_type 0 dest_mod_index 0 rp_index 0 priority 3 rpf_le 0 station_index 178 capwap_mgid_present 0 mgid 0 Detailed Resource Information ASIC 1 Number of HTM Entries 1 Entry 0 handle 0x606ff378 KEY grp_addr 239 255 255 250 decap_tunnel 0 encap_tunnel 0 vrf_id 0 mtr_id 0 MASK grp_addr 0 0 0 0 decap_tunnel 0 encap_tunnel 0 vrf_...

Page 302: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 276 show platform ip multicast ...

Page 303: ...P A R T V IPv6 IPv6 page 279 ...

Page 304: ......

Page 305: ...IPv6 ipv6 flow monitor page 280 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 279 ...

Page 306: ...es the flow monitor on input traffic input Applies the flow monitor on output traffic output Command Default IPv6 flow monitor is not activated until it is assigned to an interface Command Modes Interface Configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You cannot attach a NetFlow monitor to a port channel interfac...

Page 307: ...P A R T VI Layer 2 3 Layer 2 3 page 283 ...

Page 308: ......

Page 309: ... debug platform udld page 303 debug spanning tree page 304 interface port channel page 306 lacp max bundle page 308 lacp port priority page 309 lacp rate page 311 lacp system priority page 312 pagp learn method page 314 pagp port priority page 316 port channel page 318 port channel auto page 319 port channel load balance page 320 port channel load balance extended page 322 port channel min links p...

Page 310: ...ces rep detail page 339 show lacp page 340 show pagp page 345 show platform etherchannel page 347 show platform pm page 348 show rep topology page 349 show udld page 351 switchport page 355 switchport access vlan page 357 switchport mode page 360 switchport nonegotiate page 363 switchport voice vlan page 365 udld page 368 udld port page 370 udld reset page 372 Command Reference Cisco IOS XE Everes...

Page 311: ...er The range is 1 to 128 channel group number Specifies the EtherChannel mode mode Unconditionally enables Link Aggregation Control Protocol LACP active Enables the Port Aggregation Protocol PAgP only if a PAgP device is detected auto Optional Configures the interface for nonsilent operation when connected to a partner that is PAgP capable Use in PAgP mode with the auto or desirable keyword when t...

Page 312: ...ed silent operation is the default Desirable mode places a port into an active negotiating state in which the port starts negotiations with other ports by sending PAgP packets An EtherChannel is formed with another port group that is in the desirable or auto mode When desirable is enabled silent operation is the default If you do not specify non silent with the auto or desirable mode silent is ass...

Page 313: ... how to configure an EtherChannel on a single device in the stack It assigns two static access ports in VLAN 10 to channel 5 with the LACP mode active Device configure terminal Device config interface range GigabitEthernet 2 0 1 2 Device config if range switchport mode access Device config if range switchport access vlan 10 Device config if range channel group 5 mode active Device config if range ...

Page 314: ...tion for a channel show etherchannel Displays LACP channel group information show lacp Displays Port Aggregation Protocol PAgP channel group information show pagp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 288 channel group ...

Page 315: ...a channel to LACP or PAgP If you set the protocol by using the channel protocol command the setting is not overridden by the channel group interface configuration command You must use the channel group interface configuration command to configure the EtherChannel parameters The channel group command also can set the mode for the EtherChannel You cannot enable both the PAgP and LACP modes on an Eth...

Page 316: ...Ethernet port to an EtherChannel group or enables an EtherChannel mode or both channel group Displays EtherChannel information for a channel show etherchannel Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 290 channel protocol ...

Page 317: ...ters by using the clear lacp counters command or you can clear only the counters for the specified channel group by using the clear lacp channel group number counters command Examples This example shows how to clear all channel group information Device clear lacp counters This example shows how to clear LACP traffic counters for group 4 Device clear lacp 4 counters You can verify that the informat...

Page 318: ...by using the clear pagp counters command or you can clear only the counters for the specified channel group by using the clear pagp channel group number counters command Examples This example shows how to clear all channel group information Device clear pagp counters This example shows how to clear PAgP traffic counters for group 10 Device clear pagp 10 counters You can verify that the information...

Page 319: ...EC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines If the interface id value is not specified spanning tree counters are cleared for all interfaces Examples This example shows how to clear spanning tree counters for all interfaces Device clear spanning tree counters Related Commands Description Command Restarts the protocol mig...

Page 320: ...ables it to interoperate with legacy IEEE 802 1D devices If a rapid PVST or an MSTP device receives a legacy IEEE 802 1D configuration bridge protocol data unit BPDU with the protocol version set to 0 the device sends only IEEE 802 1D BPDUs on that port A multiple spanning tree MST device can also detect that a port is at the boundary of a region when it receives a legacy BPDU an MST BPDU Version ...

Page 321: ...col migration process on the interface clear spanning tree detected protocols Enables debugging of spanning tree activities debug spanning tree Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 295 clear spanning tree detected protocols ...

Page 322: ...roduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The undebug etherchannel command is the same as the no debug etherchannel command Although the linecard keyword is displayed in the command line help it is not supported Note When you enable debugging on a stack it is enabled only on the active switch To enable debugging on the standby switch start a session from the active switch by us...

Page 323: ...ted to EtherChannel events Device debug etherchannel event Related Commands Description Command Displays EtherChannel information for a channel show etherchannel Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 297 debug etherchannel ...

Page 324: ...e This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The undebug etherchannel command is the same as the no debug etherchannel command When you enable debugging on a stack it is enabled only on the active switch To enable debugging on the standby switch start a session from the active switch by using the session switch number command in privileged EXEC mode Enter the...

Page 325: ...Default Debugging is disabled Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The undebug pagp command is the same as the no debug pagp command When you enable debugging on a stack it is enabled only on the active switch To enable debugging on the standby switch start a session from the active swit...

Page 326: ...This example shows how to display debug messages related to PAgP events Device debug pagp event Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 300 debug pagp ...

Page 327: ...s errdisable Displays forwarding equivalence class FEC platform related events debug messages fec Displays interface number translation event debug messages if numbers Displays Layer 2 control infra debug messages l2 control Displays interface link detection event debug messages link status Displays port manager function event debug messages platform Displays port manager stateful packet inspectio...

Page 328: ...ive switch by using the session switch number command in privileged EXEC mode Enter the debug command at the command line prompt of the standby switch To enable debugging on the standby switch without first starting a session on the active switch use the remote command switch number LINE command in privileged EXEC mode Examples This example shows how to display debug messages related to the creati...

Page 329: ...s for the specified stack member switch switch number Command Default Debugging is disabled Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The undebug platform udld command is the same as the no debug platform udld command When you enable debugging on a switch stack it is enabled only on the activ...

Page 330: ...ug messages config Displays EtherChannel support debug messages etherchannel Displays spanning tree topology event debug messages events Displays spanning tree exception debug messages exceptions Displays general spanning tree activity debug messages general Displays high availability spanning tree debug messages ha Debugs Multiple Spanning Tree Protocol MSTP events mstp Displays per VLAN spanning...

Page 331: ...he session switch number command in privileged EXEC mode Enter the debug command at the command line prompt of the standby switch To enable debugging on the standby switch without first starting a session on the active switch use the remote command switch number LINE command in privileged EXEC mode Examples This example shows how to display all spanning tree debug messages Device debug spanning tr...

Page 332: ... you create the port channel interface first the channel group number can be the same as the port channel number or you can use a new number If you use a new number the channel group command dynamically creates a new port channel Only one port channel in a channel group is allowed Follow these guidelines when you use the interface port channel command If you want to use the Cisco Discovery Protoco...

Page 333: ...l privileged EXEC command Related Commands Description Command Assigns an Ethernet port to an EtherChannel group or enables an EtherChannel mode or both channel group Displays EtherChannel information for a channel show etherchannel Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 307 interface port channel ...

Page 334: ...on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot standby mode Port priorities on the other device the noncontrolling end of the link are ignored The lacp max bundle command must specify a number greater than the number specified by the port channel min links command Use the show etherchannel summary privile...

Page 335: ...orts can be in standby mode In port priority comparisons a numerically lower value has a higher priority When there are more than eight ports in an LACP channel group the eight ports with the numerically lowest values highest priority values for LACP port priority are bundled into the channel group and the lower priority ports are put in hot standby mode If two or more ports have the same LACP por...

Page 336: ...show lacp channel group number internal privileged EXEC command Related Commands Description Command Assigns an Ethernet port to an EtherChannel group or enables an EtherChannel mode or both channel group Configures the LACP system priority lacp system priority Displays LACP channel group information show lacp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 310 lacp port prio...

Page 337: ...s 30 seconds after the link is bundled Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 2 1 Usage Guidelines Use this command to modify the duration of LACP timeout The LACP timeout value on Cisco switch is three times the LACP rate configured on the interface Using the lacp ratecommand you can select the LACP t...

Page 338: ...port priorities to determine which ports are bundled into the channel and which ports are put in hot standby mode Port priorities on the other device the noncontrolling end of the link are ignored In priority comparisons numerically lower values have a higher priority Therefore the system with the numerically lower value higher priority value for LACP system priority becomes the controlling system...

Page 339: ... enables an EtherChannel mode or both channel group Configures the port priority for the Link Aggregation Control Protocol LACP lacp port priority Displays LACP channel group information show lacp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 313 lacp system priority ...

Page 340: ...ort channel Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The learn method must be configured the same at both ends of the link The device supports address learning only on aggregate ports even though the physical port keyword is provided in the command line interface CLI The pagp learn m...

Page 341: ...onfig if pagp learn method aggregation port You can verify your settings by entering the show running config privileged EXEC command or the show pagp channel group number internal privileged EXEC command Related Commands Description Command Selects a port over which all traffic through the EtherChannel is sent pagp port priority Displays Port Aggregation Protocol PAgP channel group information sho...

Page 342: ...ysical port keyword is provided in the command line interface CLI The pagp learn method and the pagp port priority interface configuration commands have no effect on the device hardware but they are required for PAgP interoperability with devices that only support address learning by physical ports such as the Catalyst 1900 switch When the link partner to the device is a physical learner we recomm...

Page 343: ...ming packets pagp learn method Sets the load distribution method among the ports in the EtherChannel port channel load balance Displays Port Aggregation Protocol PAgP channel group information show pagp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 317 pagp port priority ...

Page 344: ... a manual channel and allows you to add configuration on the EtherChannel persistent Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 7 2E Usage Guidelines You can use the show etherchannel summary privileged EXEC command to display the EtherChannel information Examples This example shows how to convert the auto crea...

Page 345: ...ult the auto LAG feature is disabled globally and is enabled on all port interfaces Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 7 2E Usage Guidelines You can use the show etherchannel auto privileged EXEC command to verify if the EtherChannel was created automatically Examples This example shows how to enable the auto LAG featu...

Page 346: ...on TCP UDP Layer 4 port number for both IPv4 and IPv6 dst port Sets extended load balance methods among the ports in the EtherChannel See the port channel load balance extended command extended Specifies load distribution based on the source and destination host IP address src dst ip Specifies load distribution based on the source and destination host MAC address src dst mac Specifies load distrib...

Page 347: ...idelines You can verify your setting by entering the show running config privileged EXEC command or the show etherchannel load balance privileged EXEC command Examples This example shows how to set the load distribution method to dst mac Device config port channel load balance dst mac Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 321 port channel load balance ...

Page 348: ...t mac Optional Specifies load distribution based on the destination TCP UDP Layer 4 port number for both IPv4 and IPv6 dst port Optional Specifies load distribution based on the source MAC address and IPv6 flow label ipv6 label Optional Specifies load distribution based on the source MAC address and Layer 3 protocols l3 proto Optional Specifies load distribution based on the source host IP address...

Page 349: ...ng by entering the show running config privileged EXEC command or the show etherchannel load balance privileged EXEC command Examples This example shows how to set the extended load distribution method Device config port channel load balance extended dst ip dst mac src ip Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 323 port channel load balance extended ...

Page 350: ...ight ports can be active and up to eight ports can be in hot standby mode When there are more than eight ports in an LACP channel group the device on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot standby mode Port priorities on the other device the noncontrolling end of the link are ignored The port channel...

Page 351: ...Commands Description Command Specifies the maximum number of LACP ports allowed in a port channel lacp max bundle Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 325 port channel min links ...

Page 352: ...lobal configuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 2 2 Usage Guidelines The range of the REP administrative VLAN is from 2 to 4094 If you do not configure an administrative VLAN the default VLAN is VLAN 1 The default VLAN 1 is always configured There can be only one administrative VLAN on a router and on a segment You can verify your ...

Page 353: ...is invalid neighbor offset Selects the regular segment port previously identified as the preferred alternate port for VLAN load balancing preferred Identifies the VLANs to be blocked vlan VLAN ID or range of VLAN IDs to be displayed Enter a VLAN ID from 1 to 4094 or a range or sequence of VLANs such as 1 3 22 41 44 to be blocked vlan list Blocks all the VLANs all Command Default The default behavi...

Page 354: ...ecovery occurs VLAN load balancing begins after the configured preemption time period elapses without another link failure The alternate port specified in the load balancing configuration blocks the configured VLANs and unblocks all other segment ports If the primary edge port cannot determine the alternate port for VLAN balancing the default action is no preemption Each port in a segment has a un...

Page 355: ...odes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 2 2 Usage Guidelines The rep lsl age timer command is used to configure the REP LSL age out timer value While configuring REP configurable timers we recommend that you configure the REP LSL number of retries first and then configure the REP LSL age out timer value Examples...

Page 356: ...erface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 2 2 Usage Guidelines The rep lsl retries command is used to configure the number of retries before the REP link is disabled While configuring REP configurable timers we recommend that you configure the REP LSL number of retries first and then configure the REP LSL age out timer va...

Page 357: ...elay if you want VLAN load balancing to automatically trigger after a link failure and recovery If VLAN load balancing is configured after a segment port failure and recovery the REP primary edge port starts a delay timer before VLAN load balancing occurs Note that the timer restarts after each link failure When the timer expires the REP primary edge alerts the alternate port to perform VLAN load ...

Page 358: ...s executed because preemption for VLAN load balancing can disrupt the network If you do not enter the rep preempt delay seconds command in interface configuration mode on the primary edge port to configure a preemption time delay the default configuration is to manually trigger VLAN load balancing on the segment Use the show rep topology privileged EXEC command to see which port in the segment is ...

Page 359: ...t for VLAN load balancing Configuring a port as preferred does not guarantee that it becomes the alternate port it merely gives it a slight edge among equal contenders The alternate port is usually a previously failed port Note preferred Command Default REP is disabled on the interface Command Modes Interface configuration config if Command History Modification Release This command was introduced ...

Page 360: ...ort Device config interface TenGigabitEthernet 4 1 Device config if rep segment 100 The following example shows how to enable REP on a port and identify the port as the REP primary edge port Device config interface TenGigabitEthernet 4 1 Device config if rep segment 100 edge primary The following example shows how to enable REP on a port and identify the port as the REP secondary edge port Device ...

Page 361: ...o configure a sequence of segments for example 3 to 5 77 100 segment segment id list Command Default Transmission of STCNs to other interfaces or segments is disabled Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 2 2 Usage Guidelines Enter this command on a segment edge port to send STCNs to one or more segme...

Page 362: ...l load balance Optional Displays EtherChannel port information port Optional Displays port channel information port channel Optional Displays the protocol that is being used in the channel protocol Optional Displays a one line summary per channel group summary Command Default None Command Modes User EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guid...

Page 363: ...e Local information LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi1 0 1 SA bndl 32768 0x1 0x1 0x101 0x3D Gi1 0 2 A bndl 32768 0x0 0x1 0x0 0x3D Age of the port in the current state 01d 20h 06m 04s Port channels in the group Port channel Po1 Primary Aggregator Age of the Port channel 01d 20h 20m 26s Logical slot port 10 1 Number of ports 2 HotStandBy port null Port ...

Page 364: ...rt channel Index Load Port EC state No of bits 0 00 Gi1 0 1 Active 0 0 00 Gi1 0 2 Active 0 Time since last port bundled 01d 20h 24m 44s Gi1 0 2 This is an example of output from show etherchannel protocol command Device show etherchannel protocol Channel group listing Group 1 Protocol LACP Group 2 Protocol PAgP Related Commands Description Command Assigns an Ethernet port to an EtherChannel group ...

Page 365: ...aces rep detail privileged EXEC command Examples The following example shows how to display the REP configuration and status for a specified interface Device show interfaces TenGigabitEthernet4 1 rep detail TenGigabitEthernet4 1 REP enabled Segment id 3 Primary Edge PortID 03010015FA66FF80 Preferred flag No Operational Link Status TWO_WAY Current Key 02040015FA66FF804050 Port Role Open Blocked VLA...

Page 366: ...This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You can enter any show lacp command to display the active channel group information To display specific channel information enter the show lacp command with a channel group number If you do not specify a channel group information for all channel groups appears You can enter the channel group number to specify a chann...

Page 367: ... by LACP for a port LACPDUs Pkts and Err This is an example of output from the show lacp internal command Device show lacp 1 internal Flags S Device is requesting Slow LACPDUs F Device is requesting Fast LACPDUs A Device is in Active mode P Device is in Passive mode Channel group 1 LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi2 0 1 SA bndl 32768 0x3 0x3 0x4 0x3D ...

Page 368: ...iority to put ports in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating LACP Port Priority Administrative key assigned to this port LACP automatically generates an administrative key value as a hexadecimal number The administrative key defines the ability of a port to aggregate with other ports A port s ability to aggregate with other ports is de...

Page 369: ...r Partner Partner Port System ID Port Number Age Flags Gi2 0 1 32768 0007 eb49 5e80 0xC 19s SP LACP Partner Partner Partner Port Priority Oper Key Port State 32768 0x3 0x3C Partner s information Partner Partner Partner Port System ID Port Number Age Flags Gi2 0 2 32768 0007 eb49 5e80 0xD 15s SP LACP Partner Partner Partner Port Priority Oper Key Port State 32768 0x3 0x3C This is an example of outp...

Page 370: ...roup information clear lacp Configures the port priority for the Link Aggregation Control Protocol LACP lacp port priority Configures the LACP system priority lacp system priority Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 344 show lacp ...

Page 371: ...ication Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You can enter any show pagp command to display the active channel group information To display the nonactive information enter the show pagp command with a channel group number Examples This is an example of output from the show pagp 1 counters command Device show pagp 1 counters Information Flush Por...

Page 372: ...ags State Timers Interval Count Priority Method Ifindex Gi1 0 1 SC U6 S7 H 30s 1 128 Any 16 Gi1 0 2 SC U6 S7 H 30s 1 128 Any 16 This is an example of output from the show pagp 1 neighbor command Device show pagp 1 neighbor Flags S Device is sending Slow hello C Device is in Consistent state A Device is in Auto mode P Device learns on physical port Channel group 1 neighbors Partner Partner Partner ...

Page 373: ... addresses mac src mac dst mac Optional Specifies the source and destination IP addresses ip src ip dst ip Optional Specifies the source and destination layer port numbers port src port dst port Optional Specifies the stack member switch switch number Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3...

Page 374: ...r the specified interface port data interface id Displays port state information port state Displays stateful packet inspection SPI information spi info Displays stateful packet inspection SPI maximum wait time for acknowledgment spi req q Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage G...

Page 375: ...detailed REP topology information detail Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Denali 16 2 2 Examples The following is sample output from the show rep topology command Device show rep topology REP Segment 1 BridgeName PortName Edge Role 10 64 106 63 Te5 4 Pri Open 10 64 106 228 Te3 4 Open 10 64 106 228 Te3 3 Open 10 64 106 67 Te...

Page 376: ...e Open Port all vlans forwarding Bridge MAC 0005 9b1b 1f20 Port Number 00E Port Priority 000 Neighbor Number 3 4 10 64 106 67 Te4 3 Intermediate Open Port all vlans forwarding Bridge MAC 0005 9b2e 1800 Port Number 008 Port Priority 000 Neighbor Number 4 3 10 64 106 67 Te4 4 Intermediate Alternate Port some vlans blocked Bridge MAC 0005 9b2e 1800 Port Number 00A Port Priority 000 Neighbor Number 5 ...

Page 377: ...oupVI Optional Displays UDLD operational status of the internal interface The range is from 0 to 9 InternalInterface Optional Displays UDLD operational status of the loopback interface The range is from 0 to 2147483647 Loopback Optional Displays UDLD operational status of the null interface Null Optional Displays UDLD operational status of the Ethernet channel interfaces The range is from 1 to 128...

Page 378: ...ctional Current operational state Advertisement Single Neighbor detected Message interval 60 Time out interval 5 Entry 1 Expiration time 146 Device ID 1 Current neighbor state Bidirectional Device name Switch A Port ID Gi2 0 1 Neighbor echo 1 device Switch B Neighbor echo 1 port Gi2 0 2 Message interval 5 CDP Device name Switch A Table 18 show udld Field Descriptions Description Field The interfac...

Page 379: ... the neighbor Entry 1 The amount of time in seconds remaining before this cache entry is aged out Expiration time The neighbor device identification Device ID The neighbor s current state If both the local and neighbor devices are running UDLD normally the neighbor state and local state should be bidirectional If the link is down or the neighbor is not UDLD capable no cache entries appear Current ...

Page 380: ...Switch A 1 Gi2 0 1 Bidirectional Gi3 0 1 Switch A 2 Gi3 0 1 Bidirectional Related Commands Description Command Enables aggressive or normal mode in UDLD or sets the configurable message timer time udld Enables UDLD on an individual interface or prevents a fiber optic interface from being enabled by the udld global configuration command udld port Resets all interfaces shut down by UDLD and permits ...

Page 381: ... the LAN Base feature set Note Entering the no switchport command shuts the port down and then reenables it which might generate messages on the device to which the port is connected When you put an interface that is in Layer 2 mode into Layer 3 mode or the reverse the previous configuration information related to the affected interface might be lost and the interface is returned to its default co...

Page 382: ...e a Cisco routed port Device config if no switchport This example shows how to cause the port interface to cease operating as a Cisco routed port and convert to a Layer 2 switched interface Device config if switchport Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 356 switchport ...

Page 383: ...ccess mode before the switchport access vlan command can take effect If the switchport mode is set to access vlan vlan id the port operates as a member of the specified VLAN An access port can be assigned to only one VLAN The no switchport access command resets the access mode VLAN to the appropriate default VLAN for the device Examples This example shows how to change a switched port interface th...

Page 384: ...ace switchport Device show interface GigabitEthernet3 1 1 switchport Name Gi3 1 1 Switchport Enabled Administrative Mode static access Operational Mode static access Administrative Trunking Encapsulation dot1q Operational Trunking Encapsulation native Negotiation of Trunking Off Access Mode VLAN 33 test Trunking Native Mode VLAN 1 default Administrative Native VLAN tagging enabled Voice VLAN None ...

Page 385: ...rust none Switch Related Commands Description Command Configures the VLAN membership mode of a port switchport mode Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 359 switchport access vlan ...

Page 386: ...c auto Sets the port trunking mode dynamic parameter to desirable to specify that the interface actively attempt to convert the link to a trunk link dynamic desirable Sets the port to trunk unconditionally The port is a trunking VLAN Layer 2 interface The port sends and receives encapsulated tagged frames that identify the VLAN of origination A trunk is a point to point link between two devices or...

Page 387: ...runk but to not generate DTP frames Access ports and trunk ports are mutually exclusive The IEEE 802 1x feature interacts with switchport modes in these ways If you try to enable IEEE 802 1x on a trunk port an error message appears and IEEE 802 1x is not enabled If you try to change the mode of an IEEE 802 1x enabled port to trunk the port mode is not changed If you try to enable IEEE 802 1x on a ...

Page 388: ...Related Commands Description Command Configures a port as a static access port switchport access vlan Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 362 switchport mode ...

Page 389: ...Internetworking devices that do not support DTP might forward DTP frames improperly and cause misconfigurations To avoid this problem turn off DTP by using the switchport nonegotiate command to configure the interfaces connected to devices that do not support DTP to not forward DTP frames When you enter the switchport nonegotiate command DTP negotiation packets are not sent on the interface The de...

Page 390: ...terfaces interface id switchport privileged EXEC command Related Commands Description Command Configures the VLAN membership mode of a port switchport mode Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 364 switchport nonegotiate ...

Page 391: ... none Configures the telephone to send untagged voice traffic This is the default for the telephone untagged Optional Specifies the VLAN name to be used for voice traffic You can enter up to 128 characters name vlan_name Command Default The default is not to automatically configure the telephone none The telephone default is not to tag frames Command Modes Interface configuration Command History M...

Page 392: ...ss VLAN dynamic port security is automatically enabled on the voice VLAN You cannot configure static secure MAC addresses in the voice VLAN A voice VLAN port cannot be a private VLAN port The Port Fast feature is automatically enabled when voice VLAN is configured When you disable voice VLAN the Port Fast feature is not automatically disabled Examples This example show how to first populate the VL...

Page 393: ...none Administrative private vlan trunk native VLAN none Administrative private vlan trunk Native VLAN tagging enabled Administrative private vlan trunk encapsulation dot1q Administrative private vlan trunk normal VLANs none Administrative private vlan trunk associations none Administrative private vlan trunk mappings none Operational private vlan none Trunking VLANs Enabled ALL Pruning VLANs Enabl...

Page 394: ...S XE 3 3SE Usage Guidelines UDLD supports two modes of operation normal the default and aggressive In normal mode UDLD detects unidirectional links due to misconnected interfaces on fiber optic connections In aggressive mode UDLD also detects unidirectional links due to one way traffic on fiber optic and twisted pair links and due to misconnected interfaces on fiber optic links For information abo...

Page 395: ... automatically recover from the UDLD error disabled state Examples This example shows how to enable UDLD on all fiber optic interfaces Device config udld enable You can verify your setting by entering the show udld privileged EXEC command Related Commands Description Command Displays UDLD administrative and operational status for all ports or the specified port show udld Enables UDLD on an individ...

Page 396: ...orts two modes of operation normal the default and aggressive In normal mode UDLD detects unidirectional links due to misconnected interfaces on fiber optic connections In aggressive mode UDLD also detects unidirectional links due to one way traffic on fiber optic and twisted pair links and due to misconnected interfaces on fiber optic links To enable UDLD in normal mode use the udld port interfac...

Page 397: ...ort Device config interface gigabitethernet6 0 1 Device config if udld port This example shows how to disable UDLD on a fiber optic interface despite the setting of the udld global configuration command Device config interface gigabitethernet6 0 1 Device config if no udld port You can verify your settings by entering the show running config or the show udld interface privileged EXEC command Relate...

Page 398: ...sage Guidelines If the interface configuration is still enabled for UDLD these ports begin to run UDLD again and are disabled for the same reason if the problem has not been corrected Examples This example shows how to reset all interfaces disabled by UDLD Device udld reset 1 ports shutdown by UDLD were reset Related Commands Description Command Displays UDLD administrative and operational status ...

Page 399: ...P A R T VII Multiprotocol Label Switching MPLS MPLS page 375 Multicast VPN page 385 ...

Page 400: ......

Page 401: ... mpls ip interface configuration page 378 mpls label protocol global configuration page 379 mpls label protocol interface configuration page 380 mpls label range page 381 show mpls label range page 384 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 375 ...

Page 402: ...distribution of labels based on routing protocols must be enabled before you can use the mpls ip default route command Examples The following example shows how to enable the distribution of labels associated with the IP default route Switch configure terminal Switch config mpls ip Switch config mpls ip default route Related Commands Description Command Enables MPLS forwarding of IPv4 packets along...

Page 403: ... by this command For a given interface to perform dynamic label switching this switching function must be enabled for the interface and for the platform The no form of this command stops dynamic label switching for all platform interfaces regardless of the interface configuration it also stops distribution of labels for dynamic label switching However the no form of this command does not affect th...

Page 404: ...iodic transmission of neighbor discovery Hello messages on the interface When the outgoing label for a destination routed through the interface is known packets for the destination are labeled with that outgoing label and forwarded through the interface The no form of this command causes packets routed out through the interface to be sent unlabeled this form of the command also terminates label di...

Page 405: ...the default label distribution protocol Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines If neither the global mpls label protocol ldp command nor the interface mpls label protocol ldp command is used all label distribution sessions use LDP Examples The following command establishes LDP as the label dist...

Page 406: ... use the global mpls label protocol command Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines To successfully establish a session for label distribution for a link connecting two label switch routers LSRs the link interfaces on the LSRs must be configured to use the same label distribution pr...

Page 407: ...word and the minimum static value maximum static value arguments no labels are reserved for static assignment static Optional The minimum value for static label assignments There is no default value minimum static value Optional The maximum value for static label assignments There is no default value maximum static value Command Default The platform s default values are used Command Modes Global c...

Page 408: ...e a static range from 16 to 100 If the lower minimum static label space is not available the lower minimum is not displayed in the help line For example Switch config mpls label range 16 100 static 16 100 static label value range Examples The following example shows how to configure the size of the local label space In this example the minimum static value is set to 200 and the maximum static valu...

Page 409: ...bel range Switch config end Related Commands Description Command Displays the range of the MPLS local label space show mpls label range Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 383 mpls label range ...

Page 410: ... the label range currently in use and the label range that will be in use following the next switch reload Examples In the following example the use of the show mpls label range command is shown before and after the mpls label range command is used to configure a label range that does not overlap the starting label range Switch show mpls label range Downstream label pool Min Max label 16 100 Switc...

Page 411: ...r page 388 mdt data page 390 mdt default page 392 mdt log reuse page 394 show ip pim mdt bgp page 395 show ip pim mdt history page 396 show ip pim mdt receive page 398 show ip pim mdt send page 400 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 385 ...

Page 412: ... XE Denali 16 3 2 Usage Guidelines When IP multicast routing is disabled the Cisco IOS software does not forward any multicast packets For IP multicast after enabling IP multicast routing PIM must be configured on all interfaces Disabling IP multicast routing does not remove PIM PIM still must be explicitly removed from the interface configurations Note Examples The following example shows how to ...

Page 413: ...Cisco IOS XE Release 3 3S a specific VRF Switch config ip multicast routing vrf vrf1 Related Commands Description Command Enables PIM on an interface ip pim Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 387 ip multicast routing ...

Page 414: ...nd Default No default behavior or values Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 2 Usage Guidelines The ip multicast mrinfo filtercommand filters the mrinfo request packets from all of the sources denied by the specified access list That is if the access list denies a source that source s mrinfo requests are filte...

Page 415: ... Description Command Queries a multicast device about which neighboring multicast devices are peering with it mrinfo Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 389 ip multicast mrinfo filter ...

Page 416: ...red IP addresses Use the mdt data command to specify a range of addresses to be used in the data MDT pool The threshold is specified in kb s Using the optional list keyword and access list argument you can define the S G MVPN entries to be used in a data MDT pool which would further limit the creation of a data MDT pool to the particular S G MVPN entries defined in the access list specified for th...

Page 417: ...threshold 500 list 101 ip pim ssm default ip pim vrf vrf1 accept rp auto rp Related Commands Description Command Configures a default MDT group for a VPN VRF mdt default Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 391 mdt data ...

Page 418: ... group configured on all PE devices that belong to the same VPN If Source Specific Multicast SSM is used as the protocol for the default MDT the source IP address will be the address used to source the Border Gateway Protocol BGP sessions A tunnel interface is created as a result of this command By default the destination address of the tunnel header is the group address argument You can access th...

Page 419: ...export 1000 1 route target import 1000 1 Related Commands Description Command Configures the multicast group address range for data MDT groups mdt data Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 393 mdt default ...

Page 420: ...ced Cisco IOS XE Denali 16 3 2 Usage Guidelines The mdt log reuse command generates a syslog message whenever a data MDT is reused You can access the mdt log reusecommand by using the ip vrf global configuration command You can also access the mdt log reuse command by using the vrf definition global configuration command followed by the address family ipv4 VRF configuration command Examples The fo...

Page 421: ...dification Release This command was introduced Cisco IOS XE Denali 16 3 2 Usage Guidelines Use this command to show detailed BGP advertisement of the RD for the MDT default group Examples The following is sample output from the show ip pim mdt bgpcommand Device show ip pim mdt bgp MDT default group 232 2 1 4 rid 10 1 1 1 next_hop 10 1 1 1 The table below describes the significant fields shown in t...

Page 422: ...troduced Cisco IOS XE Denali 16 3 2 Usage Guidelines The output of the show ip pim mdt history command displays the history of reused MDT data groups for the interval specified with the interval keyword and minutes argument The interval is from the past to the present that is from the time specified for the minutes argument to the time at which the command is issued Examples The following is sampl...

Page 423: ...Description Field The number of data MDTs that have been reused in this group Number of reuse Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 397 show ip pim mdt history ...

Page 424: ...e group pair and the global multicast address over which the traffic will be sent If the remote router wants to receive this data then it will join this global address multicast group Examples The following is sample output from the show ip pim mdt receivecommand using the detail keyword for further information Device show ip pim vrf vpn8 mdt receive detail Joined MDT data groups for VRF vpn8 grou...

Page 425: ...ectional group D dense C connected F register flag I received source specific host report J join shortest path source tree SPT L local M MSDP created entry P pruned R RP bit set S sparse s Source Specific Multicast SSM group T SPT bit set X proxy join timer running U URL Rendezvous Directory URD Y joined MDT data group y sending to MDT data group Z multicast tunnel flags Command Reference Cisco IO...

Page 426: ...evice show ip pim vrf vpn8 mdt send MDT data send list for VRF vpn8 source group MDT data group ref_count 10 100 8 10 225 1 8 1 232 2 8 0 1 10 100 8 10 225 1 8 2 232 2 8 1 1 10 100 8 10 225 1 8 3 232 2 8 2 1 10 100 8 10 225 1 8 4 232 2 8 3 1 10 100 8 10 225 1 8 5 232 2 8 4 1 10 100 8 10 225 1 8 6 232 2 8 5 1 10 100 8 10 225 1 8 7 232 2 8 6 1 10 100 8 10 225 1 8 8 232 2 8 7 1 10 100 8 10 225 1 8 9 ...

Page 427: ...Description Field Number of S G pairs that are reusing this data MDT ref_count Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 401 show ip pim mdt send ...

Page 428: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 402 show ip pim mdt send ...

Page 429: ...P A R T VIII Network Management Flexible NetFlow page 405 Network Management page 479 ...

Page 430: ......

Page 431: ...age 419 debug flow exporter page 420 debug flow monitor page 421 debug flow record page 422 debug sampler page 423 description page 424 destination page 425 dscp page 427 export protocol netflow v9 page 428 exporter page 429 flow exporter page 430 flow monitor page 431 flow record page 432 ip flow monitor page 433 ipv6 flow monitor page 435 match datalink dot1q priority page 437 Command Reference ...

Page 432: ...v6 destination address page 451 match ipv6 hop limit page 452 match ipv6 source address page 453 match transport page 454 match transport icmp ipv4 page 455 match transport icmp ipv6 page 456 mode random 1 out of page 457 option page 458 record page 460 sampler page 461 show flow exporter page 462 show flow interface page 464 show flow monitor page 466 show flow record page 471 show sampler page 4...

Page 433: ... to 604800 7 days seconds Specifies the type of the flow cache type Configures a normal cache type The entries in the flow cache will be aged out according to the timeout active seconds and timeout inactive seconds settings This is the default cache type normal Configures a permanent cache type This cache type disables flow removal from the flow cache permanent Command Default The default flow mon...

Page 434: ...ly get aged out before they have finished collecting their data increasing this timeout can result in better flow correlation When you change the inactive flow timeout the new timeout value takes effect immediately The cache timeout update command controls the periodic updates sent by the permanent type of cache This behavior is similar to the active timeout except that it does not result in the r...

Page 435: ...onitor FLOW MONITOR 1 Device config flow monitor cache timeout update 5000 The following example shows how to configure a normal cache Device config flow monitor FLOW MONITOR 1 Device config flow monitor cache type normal Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 409 cache ...

Page 436: ...co IOS XE 3 3SE Usage Guidelines The clear flow exporter command removes all statistics from the flow exporter These statistics will not be exported and the data gathered in the cache will be lost You can view the flow exporter statistics by using the show flow exporter statistics privileged EXEC command Examples The following example clears the statistics for all of the flow exporters configured ...

Page 437: ... removes all entries from the flow monitor cache These entries will not be exported and the data gathered in the cache will be lost The statistics for the cleared cache entries are maintained Note The clear flow monitor force export command removes all entries from the flow monitor cache and exports them using all flow exporters assigned to the flow monitor This action can result in a short term i...

Page 438: ...s an export Device clear flow monitor name FLOW MONITOR 1 force export The following example clears the cache for the flow monitor named FLOW MONITOR 1 and forces an export Device clear flow monitor name FLOW MONITOR 1 cache force export The following example clears the statistics for the flow monitor named FLOW MONITOR 1 Device clear flow monitor name FLOW MONITOR 1 statistics Command Reference C...

Page 439: ...ault Non key fields are not configured for the flow monitor record Command Modes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The values in non key fields are added to flows to provide additional information about the traffic in the flows A change in the value of a non key field does not create a new flow In most cas...

Page 440: ...gures the total number of bytes in the flows as a non key field Device config flow record FLOW RECORD 1 Device config flow record collect counter bytes long Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 414 collect ...

Page 441: ...ter packets long Command Default The number of bytes or packets in a flow is not configured as a non key field Command Modes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The collect counter bytes long command configures a 64 bit counter for the number of bytes seen in a flow The collect counter packets long command c...

Page 442: ... Guidelines The Flexible NetFlow collect commands are used to configure non key fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record The values in non key fields are added to flows to provide additional information about the traffic in the flows A change in the value of a non key field does not create a new flow In most cases the ...

Page 443: ... Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The collect commands are used to configure non key fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record The values in non key fields are added to flows to provide additional information about the traffic in the flows A change in the value of a non key field d...

Page 444: ...n from all packets in the flow You cannot specify which TCP flag to collect You can only specify to collect transport TCP flags All TCP flags will be collected with this command The following transport TCP flags are collected ack TCP acknowledgement flag cwr TCP congestion window reduced flag ece TCP ECN echo flag fin TCP finish flag psh TCP push flag rst TCP reset flag syn TCP synchronize flag ur...

Page 445: ...story Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Before you apply a flow monitor to an interface with the datalink flow monitor command you must have already created the flow monitor using the flow monitor global configuration command and the flow sampler using the sampler global configuration command To enable a flow sampler for the flow monitor you must ...

Page 446: ...ptional Enables debugging for flow exporter errors error Optional Enables debugging for flow exporter events event Optional Enables packet level debugging for flow exporters packets Optional The number of packets to debug for packet level debugging of flow exporters The range is 1 to 65535 number Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco I...

Page 447: ... flow monitor that was previously configured monitor name Optional Enables debugging for the flow monitor cache cache Optional Enables debugging for flow monitor cache errors cache error Optional Enables packet level debugging for flow monitors packets Optional Number of packets to debug for packet level debugging of flow monitors The range is 1 to 65535 packets Command Modes Privileged EXEC Comma...

Page 448: ...ptional Name of a user defined flow record that was previously configured record name Optional Includes information on other flow record options options Optional Includes information on the sampler tables sampler table Optional Displays detailed information detailed Optional Displays errors only error Command Modes Privileged EXEC Command History Modification Release This command was introduced Ci...

Page 449: ...onal Name of a sampler that was previously configured sampler name Optional Enables debugging for sampling and specifies the number of samples to debug sampling samples Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples The following sample output shows that the debug process has obtained the ID for the sampler named SAMPLER 1...

Page 450: ...er defined Command Modes The following command modes are supported Flow exporter configuration Flow monitor configuration Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines To return this command to its default setting use the no description or default description command in the appropriate configuration mode Examples The ...

Page 451: ...istory Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Each flow exporter can have only one destination address or hostname When you configure a hostname instead of the IP address for the device the hostname is resolved immediately and the IPv4 address is stored in the running configuration If the hostname to IP address mapping that was used for the original Do...

Page 452: ...ort the Flexible NetFlow cache entry to a destination system using a VRF named VRF 1 Device config flow exporter FLOW EXPORTER 1 Device config flow exporter destination 172 16 0 2 vrf VRF 1 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 426 destination ...

Page 453: ...ommand Default The differentiated services code point DSCP value is 0 Command Modes Flow exporter configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines To return this command to its default setting use the no dscp or default dscp flow exporter configuration command Examples The following example sets 22 as the value of the DSCP field in ...

Page 454: ...odes Flow exporter configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines The device does not support NetFlow v5 export format only NetFlow v9 export format is supported Examples The following example configures NetFlow Version 9 export as the export protocol for a NetFlow exporter Device config flow exporter FLOW EXPORTER 1 Device config...

Page 455: ... History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines You must have already created a flow exporter by using the flow exporter command before you can apply the flow exporter to a flow monitor with the exporter command To return this command to its default settings use the no exporter or default exporter flow monitor configuration command Examples The followi...

Page 456: ...ed Cisco IOS XE 3 3SE Usage Guidelines Flow exporters export the data in the flow monitor cache to a remote system such as a server running NetFlow collector for analysis and storage Flow exporters are created as separate entities in the configuration Flow exporters are assigned to flow monitors to provide data export capability for the flow monitors You can create several flow exporters and assig...

Page 457: ...ow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring Flow monitors consist of a flow record and a cache You add the record to the flow monitor after you create the flow monitor The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface Flow data is collected from the network traffic du...

Page 458: ...ion Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record defines the keys that Flexible NetFlow uses to identify packets in the flow as well as other fields of interest that Flexible NetFlow gathers for the flow You can define a flow record with any combination of keys and fields of interest The supports a rich set of keys A flow record also defines the types of co...

Page 459: ...odification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Before you can apply a flow monitor to an interface with the ip flow monitor command you must have already created the flow monitor using the flow monitor global configuration command When you add a sampler to a flow monitor only packets that are selected by the named sampler will be entered into the cache to form ...

Page 460: ...1 input Device config if exit Device config interface gigabitethernet2 0 3 Device config if ip flow monitor FLOW MONITOR 1 output The following example enables a flow monitor for monitoring input traffic with a sampler to limit the input packets that are sampled Device config interface gigabitethernet1 0 1 Device config if ip flow monitor FLOW MONITOR 1 sampler SAMPLER 1 input The following exampl...

Page 461: ...tion Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Before you can apply a flow monitor to the interface with the ipv6 flow monitor command you must have already created the flow monitor using the flow monitor global configuration command When you add a sampler to a flow monitor only packets that are selected by the named sampler will be entered into the cache to form flow...

Page 462: ...1 input Device config if exit Device config interface gigabitethernet2 0 3 Device config if ipv6 flow monitor FLOW MONITOR 1 output The following example enables a flow monitor for monitoring input traffic with a sampler to limit the input packets that are sampled Device config interface gigabitethernet1 0 1 Device config if ipv6 flow monitor FLOW MONITOR 1 sampler SAMPLER 1 input The following ex...

Page 463: ...nd was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command The observation point of the match datalink dot1q priority command is the interface to which t...

Page 464: ...ase This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command The input and output keywords of the match datalink dot1q vlan command are used ...

Page 465: ...cord using the match datalink ethertype command the traffic flow that is created is based on the type of flow monitor that is assigned to the interface When a datalink flow monitor is assigned to an interface using the datalink flow monitor interface configuration command it creates unique flows for different Layer 2 protocols When an IP flow monitor is assigned to an interface using the ip flow m...

Page 466: ...d as a key field Command Modes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command The inpu...

Page 467: ...fig flow record match datalink mac source address output The following example configures the use of the destination MAC address of packets that are received by the device as a key field for a flow record Device config flow record FLOW RECORD 1 Device config flow record match datalink mac destination address input Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 441 match data...

Page 468: ...n Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command The input and output keywords of the match datalink vlan command are used to specify the obs...

Page 469: ...ommand Modes Flexible NetFlow flow record configuration config flow record Policy inline configuration config if policy inline Command History Modification Release This command was introduced Cisco IOS XE 3 7 3E This command was reintroduced This command was not supported in Cisco IOS XE Denali 16 1 x Cisco IOS XE Denali 16 2 1 Usage Guidelines A flow record requires at least one key field before ...

Page 470: ...flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command The match flow direction command captures the direction of the flow as a key field This feature is most useful when a single flow monitor is configured for input and output flows It can be used to find and eliminate flows that are being mo...

Page 471: ...cord configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command Examples The following example configures the ...

Page 472: ...s the IPv4 ToS as a key field tos Configures the IPv4 time to live TTL field as a key field for a flow record For more information see match ipv4 ttl on page 449 ttl Configures the IP version from IPv4 header as a key field version Command Default The use of one or more of the IPv4 fields as a key field for a user defined flow record is not enabled Command Modes Flow record configuration Command H...

Page 473: ...se This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command To return this command to its default settings use the no match ipv4 destination address or default...

Page 474: ...tion Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command To return this command to its default settings use the no match ipv4 source address or de...

Page 475: ... key field Command Modes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match ipv4 ttl command Examp...

Page 476: ...protocol Configures the IPv4 destination address as a key field For more information see match ipv6 source address on page 453 source address Configures the IPv6 traffic class as a key field traffic class Configures the IPv6 version from IPv6 header as a key field version Command Default The IPv6 fields are not configured as a key field Command Modes Flow record configuration Command History Modif...

Page 477: ...ion Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command To return this command to its default settings use the no match ipv6 destination address o...

Page 478: ...ot enabled by default Command Modes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command Exa...

Page 479: ...ation Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command To return this command to its default settings use the no match ipv6 source address or d...

Page 480: ...ipv6 Configures time stamps based on the system uptime as a key field igmp type Configures the transport source port as a key field source port Command Default The transport fields are not configured as a key field Command Modes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key fiel...

Page 481: ...odes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command Examples The following example con...

Page 482: ...odes Flow record configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A flow record requires at least one key field before it can be used in a flow monitor The key fields distinguish flows with each flow having a unique set of values for the key fields The key fields are defined using the match command Examples The following example con...

Page 483: ...not configured Command Modes Sampler configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A total of four unique samplers are supported on the Packets are chosen in a manner that should eliminate any bias from traffic patterns and counter any attempt by users to avoid monitoring The deterministic keyword is not supported even though it ...

Page 484: ...XE 3 3SE Usage Guidelines The option exporter stats command causes the periodic sending of the exporter statistics including the number of records bytes and packets sent This command allows the collector to estimate packet loss for the export records it receives The optional timeout alters the frequency at which the reports are sent The option interface table command causes the periodic sending of...

Page 485: ...he exporter statistics including the number of records bytes and packets sent Device config flow exporter FLOW EXPORTER 1 Device config flow exporter option exporter stats The following example shows how to enable the periodic sending of an options table which allows the collector to map the interface SNMP indexes provided in the flow records to interface names Device config flow exporter FLOW EXP...

Page 486: ...E 3 3SE Usage Guidelines Each flow monitor requires a record to define the contents and layout of its cache entries The flow monitor can use one of the wide range of predefined record formats or advanced users may create their own record formats You must use the no ip flow monitor command to remove a flow monitor from all of the interfaces to which you have applied it before you can modify the par...

Page 487: ...e to monitor traffic by limiting the number of packets that are analyzed You configure a rate of sampling that is 1 out of a range of 2 1024 packets Flow samplers are applied to interfaces in conjunction with a flow monitor to implement sampled Flexible NetFlow To enable flow sampling you configure the record that you want to use for traffic analysis and assign it to a flow monitor When you apply ...

Page 488: ...xporter name Optional Name of a flow exporter that was previously configured exporter name Optional Displays statistics for all flow exporters or for the specified flow exporter statistics Optional Displays template information for all flow exporters or for the specified flow exporter templates Command Default None Command Modes Privileged EXEC Command History Modification Release This command was...

Page 489: ...layer protocol used by the exported packets Transport Protocol The destination UDP port to which the exported packets are sent Destination Port The source UDP port from which the exported packets are sent Source Port The differentiated services code point DSCP value DSCP The time to live value TTL Specifies whether the output features command which causes the output features to be run on Flexible ...

Page 490: ...OS XE 3 3SE Examples The following example displays the Flexible NetFlow accounting configuration on Ethernet interfaces 0 0 and 0 1 Device show flow interface gigabitethernet1 0 1 Interface Ethernet1 0 monitor FLOW MONITOR 1 direction Output traffic ip on Device show flow interface gigabitethernet1 0 2 Interface Ethernet0 0 monitor FLOW MONITOR 1 direction Input traffic ip sampler SAMPLER 2 The t...

Page 491: ...s being transmitted by the interface direction Indicates if the flow monitor is in normal mode or sampler mode The possible values are on The flow monitor is in normal mode sampler The flow monitor is in sampler mode the name of the sampler will be included in the display traffic ip Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 465 show flow interface ...

Page 492: ...ame Optional Displays the contents of the cache for the flow monitor cache Optional Specifies the use of one of the format options for formatting the display output format Optional Displays the flow monitor cache contents in comma separated variables CSV format csv Optional Displays the flow monitor cache contents in record format record Optional Displays the flow monitor cache contents in table f...

Page 493: ...cs Update Timeout 1800 secs This table describes the significant fields shown in the display Table 25 show flow monitor monitor name Field Descriptions Description Field Name of the flow monitor that you configured Flow Monitor Description that you configured or the monitor or the default description User defined Description Flow record assigned to the flow monitor Flow Record Exporters that are a...

Page 494: ... TRNS SOURCE PORT 1111 TRNS DESTINATION PORT 2222 IP VERSION 6 IP PROTOCOL 6 IP TOS 0x05 IP TTL 11 tcp flags 0x20 counter bytes long 132059538 counter packets long 1158417 This table describes the significant fields shown in the display Table 26 show flow monitor monitor name cache Field Descriptions Description Field Flow monitor cache type The value is always normal as it is the only supported c...

Page 495: ...cs and data for the flow monitor named FLOW MONITOR 1 in a table format Device show flow monitor FLOW MONITOR 1 cache format table Cache type Normal Platform cache Cache size Unknown Current entries 1 Flows added 3 Flows aged 2 Active timeout 300 secs 2 DATALINK MAC SRC ADDR INPUT DATALINK MAC DST ADDR INPUT IPV6 SRC ADDR IPV6 DST ADDR TRNS SRC PORT TRNS DST PORT IP VERSION IP PROT IP TOS IP TTL t...

Page 496: ...PORT 2222 IP VERSION 6 IP PROTOCOL 6 IP TOS 0x05 IP TTL 11 tcp flags 0x20 counter bytes long 132059538 counter packets long 1158417 The following example displays the status and statistics for a flow monitor Device show flow monitor FLOW MONITOR 1 statistics Cache type Normal Platform cache Cache size Unknown Current entries 1 Flows added 3 Flows aged 2 Active timeout 300 secs 2 Command Reference ...

Page 497: ...ifies the name of a flow record name Optional Name of a user defined flow record that was previously configured record name Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples The following example displays the status and statistics for FLOW RECORD 1 Device show flow record FLOW RECORD 1 f...

Page 498: ...e of a sampler that was previously configured sampler name Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples The following example displays the status and statistics for all of the flow samplers configured Device show sampler Sampler SAMPLER 1 ID 2083940135 export ID 0 Description User d...

Page 499: ...et selection that you configured for the flow sampler The range is 2 to 32768 Rate Number of packets sampled since the flow sampler was configured or the device was restarted This is equivalent to the number of times a positive response was received when the sampler was queried to determine if the traffic needed to be sampled See the explanation of the Requests field in this table Samples Number o...

Page 500: ...ine from which device the Flexible NetFlow data is arriving If your network has two or more paths that can be used to send Flexible NetFlow datagrams from the device to the destination system and you do not specify the source interface from which the source IP address is to be obtained the device uses the IP address of the interface over which the datagram is transmitted as the source IP address o...

Page 501: ...xible NetFlow exporter reverts to the default behavior of using the IP address of the interface over which the datagrams are being transmitted as the source IP address for the datagrams To avoid this problem use a loopback interface as the source interface because loopback interfaces are not subject to the transient outages that can occur on physical interfaces Tip To return this command to its de...

Page 502: ...ommand History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Flow exporter template data describes the exported data records Data records cannot be decoded without the corresponding template The template data timeout command controls how often those templates are exported To return this command to its default settings use the no template data timeout or defau...

Page 503: ...port Command Default Flow exporters use UDP on port 9995 Command Modes Flow exporter configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines To return this command to its default settings use the no transport or default transport flow exporter configuration command Examples The following example configures UDP as the transport protocol and...

Page 504: ...lt Flow exporters use a TTL of 255 Command Modes Flow exporter configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines To return this command to its default settings use the no ttl or default ttl flow exporter configuration command Examples The following example specifies a TTL of 15 Device config flow exporter FLOW EXPORTER 1 Device confi...

Page 505: ...nitor capture file page 497 monitor capture limit page 499 monitor capture match page 500 monitor capture start page 501 monitor capture stop page 502 monitor session page 503 monitor session destination page 505 monitor session filter page 509 monitor session source page 511 monitor session type erspan source page 514 origin page 516 show ip sla statistics page 518 show capability feature monitor...

Page 506: ...ps license page 544 snmp server enable traps mac notification page 545 snmp server enable traps ospf page 546 snmp server enable traps pim page 548 snmp server enable traps port security page 549 snmp server enable traps power ethernet page 550 snmp server enable traps snmp page 551 snmp server enable traps stackwise page 552 snmp server enable traps storm control page 554 snmp server enable traps...

Page 507: ...AN monitor source session configuration mode config mon erspan src Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines The description argument can be up to 240 characters Examples The following example shows how to describe an ERSPAN source session Switch config monitor session 2 type erspan source Switch config mon erspan src description s...

Page 508: ...ess for the ERSPAN destination sessions The ERSPAN source session destination IP address which is configured on an interface on the destination switch is the source of traffic that an ERSPAN destination session sends to destination ports Configure the same address in both the source and destination sessions with the ip address command Examples The following example shows how to configure an ERSPAN...

Page 509: ...sion 5 Type ERSPAN Source Session Status Admin Disabled Description session5 Destination IP Address 209 165 200 225 Related Commands Description Command Configures the ID used by the destination session to identify the ERSPAN traffic erspan id Configures TTL values for packets in the ERSPAN traffic ip ttl Configures a local ERSPAN source session monitor session type erspan source Configures an IP ...

Page 510: ...mmand Modes ERSPAN monitor destination session configuration mode config mon erspan src dst Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Examples The following example shows how to configure an ERSPAN ID for a destination session Switch config monitor session 2 type erspan source Switch config mon erspan src destination Switch config mon erspan src ds...

Page 511: ...cifies an access control group access group Standard IP access list standard access list Extended IP access list extended access list Access list name acl name Specifies the IPv6 access control rules ipv6 Specifies the media access control MAC rules mac Specifies the ERSPAN source VLAN Valid values are from 1 to 4094 vlan vlan ID Optional Specifies another VLAN Optional Specifies a range of VLANs ...

Page 512: ...g example shows how to configure source VLAN filtering Switch config monitor session 2 type erspan source Switch config mon erspan src filter vlan 3 Related Commands Description Command Configures a local ERSPAN source session monitor session type erspan source Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 486 filter ERSPAN ...

Page 513: ... session configuration mode config mon erspan src dst Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Examples The following example shows how to configure TTL value for ERSPAN traffic Switch config monitor session 2 type erspan source Switch config mon erspan src destination Switch config mon erspan src dst ip ttl 32 Related Commands Description Command...

Page 514: ...up address used by the devices and the application engines to participate in the service group group address groupaddress Optional If a multicast group address is not used specifies a list of valid IP addresses that correspond to the application engines that are participating in the service group group list access list Optional Specifies the redirect service for specific hosts or specific packets ...

Page 515: ...vice terminates participation in the service group deallocates space if none of the interfaces still have the service configured and terminates the WCCP task if no other services are configured The keywords following the web cache keyword and the service number argument are optional and may be specified in any order but only may be specified once Examples The following example configures a web cac...

Page 516: ...hark capture is not configured Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Once an attachment point has been associated with a capture point using this command the only way to change its direction is to remove the attachment point using the no form of the command and reattach the attachment point with the new di...

Page 517: ...w monitor capture mycap parameter monitor capture mycap interface GigabitEthernet1 0 1 in monitor capture mycap control plane in To remove an attachment point from a capture point defined with multiple attachment points Device show monitor capture mycap parameter monitor capture mycap interface GigabitEthernet1 0 1 in monitor capture mycap control plane in Device no monitor capture mycap control p...

Page 518: ...6 000000 00 00 00 00 00 00 3c ce 73 39 c6 60 IEEE 802 11 Probe Request SN 0 FN 0 Flags 11 8 000000 00 00 00 00 00 00 3c ce 73 39 c6 60 IEEE 802 11 Probe Request SN 0 FN 0 Flags 12 9 225986 10 10 14 2 10 10 14 32 DTLSv1 0 Application Data 13 9 225986 10 10 14 2 10 10 14 32 DTLSv1 0 Application Data 14 9 225986 10 10 14 2 10 10 14 32 DTLSv1 0 Application Data 15 9 231998 10 10 14 2 10 10 14 32 DTLSv...

Page 519: ...ture WireShark monitor capture buffer Configures monitor capture WireShark storage file attributes monitor capture file show monitor capture show monitor capture Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 493 monitor capture interface control plane ...

Page 520: ...ly circular Optional Specifies the size of the buffer The range is from 1 MB to 100 MB size buffer size Command Default A linear buffer is configured Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines When you first configure a WireShark capture a circular buffer of a small size is suggested Examples To configure a cir...

Page 521: ...ter the capture has stopped either because one or more end conditions has been met or you entered the monitor capture stop command If you enter the monitor capture clear command after the capture has stopped the monitor capture export command that is used to store the contents of the captured packets in a file will have no impact because the buffer has no captured packets If you have more than one...

Page 522: ... file may be stored either remotely or locally Use this command either during capture or after the packet capture has stopped The packet capture is stopped when one or more end conditions have been met or you entered the monitor capture stop command When WireShark is used on switches in a stack packet captures can be stored only on the devices specified for file location above that are connected t...

Page 523: ...es that the capture is to be stored in a circular file chain and the number of files in the file ring ring number of ring files Optional Specifies the total size of the capture files size total size Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Use the monitor capture file command only when th...

Page 524: ...itor capture mycap file location flash mycap pcap Related Commands Description Command Configures monitor capture WireShark specifying an attachment point and the packet flow direction monitor capture interface control plane Configures the buffer for monitor capture WireShark monitor capture buffer show monitor capture show monitor capture Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 36...

Page 525: ... seconds Optional Specifies the packet length in bytes If the actual packet is longer than the specified length only the first set of bytes whose number is denoted by the bytes argument is stored packet length size Optional Specifies the number of packets to be processed for capture packets num Command Default Capture limits are not configured Command Modes Privileged EXEC Command History Modifica...

Page 526: ...e capture to be assigned a core filter capture name Specifies all packets any Specifies a Layer 2 packet mac mac match string Specifies IPv4 packets ipv4 Specifies the host host Specifies the protocol protocol Specifies IPv6 packets ipv6 Command Default A core filter is not configured Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE ...

Page 527: ...Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Use the monitor capture clear command to enable the packet data capture after the capture point is defined To stop the capture of packet data use the monitor capture stop command Ensure that system resources such as CPU and memory are available before starting a capture Examples To start capturing ...

Page 528: ...s introduced Cisco IOS XE 3 3SE Usage Guidelines Use the monitor capture stop command to stop the capture of packet data that you started using the monitor capture start command You can configure two types of capture buffers linear and circular When the linear buffer is full data capture stops automatically When the circular buffer is full data capture starts from the beginning and the data is ove...

Page 529: ...tory Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You can verify your settings by entering the show monitor privileged EXEC command You can display SPAN RSPAN FSPAN and FRSPAN configuration on the switch by entering the show running config privileged EXEC command SPAN information appears near the end of the output Examples This example show...

Page 530: ...n Replicate Ingress Disabled Filter VLANs 1281 Related Commands Description Command Configures a FSPAN or FRSPAN destination session monitor session destination Configures a FSPAN or FRSPAN session filter monitor session filter Configures a FSPAN or FRSPAN source session monitor session source Displays information about all SPAN and RSPAN sessions show monitor Command Reference Cisco IOS XE Everes...

Page 531: ...id interface type and the valid range is 1 to 128 interface interface id Optional Specifies a series of interfaces or VLANs or separates a range of interfaces or VLANs from a previous range Enter a space before and after the comma Optional Specifies a range of interfaces or VLANs Enter a space before and after the hyphen Optional Specifies that the destination interface replicates the source inter...

Page 532: ...ion command to clear all SPAN and RSPAN all local SPAN a range or all RSPAN sessions Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You can set a combined maximum of 8 local SPAN sessions and RSPAN source sessions You can have a total of 66 SPAN and RSPAN sessions on a switch or switch stack ...

Page 533: ...ession session_number destination interface interface id ingress egress encapsulation is untagged ingress encapsulation depends on the keywords that follow dot1q or untagged When you enter monitor session session_number destination interface interface id encapsulation replicate with no other keywords egress encapsulation replicates the source interface encapsulation ingress forwarding is not enabl...

Page 534: ...ess traffic replicates the source ingress traffic uses IEEE 802 1Q encapsulation Device config monitor session 2 destination interface gigabitethernet1 0 2 encapsulation dot1q ingress dot1q vlan 5 This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that does not support encapsulation Egress traffic and ingress traffic are untagged Devic...

Page 535: ...ns are configured Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You can monitor traffic on a single VLAN or on a series or range of ports or VLANs You select a series or range of VLANs by using the options If you specify a series of VLANs you must enter a space before and after the comma If ...

Page 536: ...tack member 1 to destination port 2 on stack member 2 and to filter IPv4 traffic using access list number 122 in an FSPAN session Switch config monitor session 1 source interface gigabitethernet1 0 1 both Switch config monitor session 1 destination interface gigabitethernet1 0 2 Switch config monitor session 1 filter ip access group 122 Related Commands Description Command Configures a new SPAN or...

Page 537: ...e id Optional Specifies a series of interfaces or VLANs or separates a range of interfaces or VLANs from a previous range Enter a space before and after the comma Optional Specifies a range of interfaces or VLANs Enter a space before and after the hyphen Optional Specifies the traffic direction to monitor If you do not specify a traffic direction the source interface sends both transmitted and rec...

Page 538: ...orts while they participate in an EtherChannel or you can monitor the entire EtherChannel bundle by specifying the port channel number as the RSPAN source interface A port used as a destination port cannot be a SPAN or RSPAN source nor can a port be a destination port for more than one session at a time You can enable IEEE 802 1x authentication on a SPAN or RSPAN source port You can verify your se...

Page 539: ...res a FSPAN or FRSPAN destination session monitor session destination Configures a FSPAN or FRSPAN session filter monitor session filter Displays information about all SPAN and RSPAN sessions show monitor Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 513 monitor session source ...

Page 540: ... be changed once configured Use the no form of this command to remove the session and then re create the session with a new session ID or a new session type The ERSPAN source session destination IP address which must be configured on an interface on the destination switch is the source of traffic that an ERSPAN destination session sends to the destination ports You can configure the same address i...

Page 541: ...ation mode for the session monitor session type Displays information about monitor features show capability feature monitor Displays information about the ERSPAN SPAN and RSPAN sessions show monitor session Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 515 monitor session type erspan source ...

Page 542: ... Usage Guidelines ERSPAN source session on a switch can use different source IP addresses using the origin command Examples The following example shows how to configure an IP address for an ERSPAN source session Switch config monitor session 2 type erspan source Switch config mon erspan src destination Switch config mon erspan src dst origin ip address 203 0 113 2 The following sample output from ...

Page 543: ...on Command Configures an ERSPAN destination session and specifies destination properties destination Configures a local ERSPAN source session monitor session type erspan source Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 517 origin ...

Page 544: ... 3 3SE Usage Guidelines Use the show ip sla statistics to display the current state of IP SLA operations including how much life the operation has left whether the operation is active and the completion time The output also includes the monitoring data returned for the last most recently completed operation This generated operation ID is displayed when you use the show ip sla configuration command...

Page 545: ...4 Latest Operation Start Time 22 16 43 000 UTC Sun Feb 11 2001 Latest Oper Sense ok Latest Sense Description 200 OK Total RTT 544 DNS RTT 12 TCP Connection RTT 28 HTTP Transaction RTT 504 HTTP Message Size 9707 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 519 show ip sla statistics ...

Page 546: ...itor erspan source command Switch show capability feature monitor erspan source ERSPAN Source Session Supported true No of Rx ERSPAN source session 8 No of Tx ERSPAN source session 8 ERSPAN Header Type supported II ACL filter Supported true Fragmentation Supported true Truncation Supported false Sequence number Supported false QOS Supported true The following is sample output from the show capabil...

Page 547: ... session or a range of sessions described by two numbers the lower one first separated by a hyphen Do not enter any spaces between comma separated parameters or in hyphen specified ranges This keyword is available only in privileged EXEC mode Note range list Optional Displays only remote SPAN sessions remote Optional Displays detailed information about the specified sessions detail Command Modes U...

Page 548: ...i4 0 20 Encapsulation Replicate Ingress Disabled This is an example of output for the show monitor session all user EXEC command when ingress traffic forwarding is enabled Device show monitor session all Session 1 Type Local Session Source Ports Both Gi4 0 2 Destination Ports Gi4 0 3 Encapsulation Native Ingress Enabled default VLAN 5 Ingress encap DOT1Q Session 2 Type Local Session Source Ports B...

Page 549: ... Configures a FSPAN or FRSPAN session filter monitor session filter Configures a FSPAN or FRSPAN source session monitor session source Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 523 show monitor ...

Page 550: ...yed file file location file name Optional Specifies the display content in brief brief Optional Specifies detailed display content detailed Filters the display content according to the display filter string display filter display filter string Command Default Displays all capture content Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3...

Page 551: ...ond 0 no limit Packet sampling rate 0 no sampling Related Commands Description Command Configures monitor capture WireShark specifying an attachment point and the packet flow direction monitor capture interface control plane Configures the buffer for monitor capture WireShark monitor capture buffer Configures monitor capture WireShark storage file attributes monitor capture file Command Reference ...

Page 552: ...e Displays only local SPAN sessions local Displays a range of SPAN sessions where list is the range of valid sessions The range is either a single session or a range of sessions described by two numbers the lower one first separated by a hyphen Do not enter any spaces between comma separated parameters or in hyphen specified ranges This keyword is available only in privileged EXEC mode Note range ...

Page 553: ... Both Gi4 0 2 Destination Ports Gi4 0 3 Encapsulation Native Ingress Enabled default VLAN 5 Ingress encap DOT1Q Session 2 Type Local Session Source Ports Both Gi4 0 8 Destination Ports Gi4 012 Encapsulation Replicate Ingress Enabled default VLAN 4 Ingress encap Untagged The following is sample output from the show monitor session erspan source command Switch show monitor session erspan source Type...

Page 554: ...Use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so This command is available only if your device is running the IP Services feature set Examples The following example displays WCCP interfaces Device show platform ip wccp interfaces WCCP Interf...

Page 555: ...on the RP RP Displays information about the specified destination session destination sess id session ID Displays information about the specified source session source sess id session ID Command Modes Privileged EXEC Command History Modification Release This command was introduced in a release prior to Cisco IOS XE Denali 16 1 1 Cisco IOS XE Denali 16 1 1 Usage Guidelines If the session number doe...

Page 556: ...ection Ingress Filter Enabled No ACL Configured No AOM Object id 578 AOM Object Status Done Parent AOM object Id 70 Parent AOM object Status Done The following is sample output from the show platform software swspan RP active destination command Switch show platform software swspan RP active destination Showing SPAN destination table summary info Sess id IF type IF id Sess type 1 PORT 19 Remote Co...

Page 557: ...er ethernet rep snmp stackwise storm control stpx syslog transceiver tty vlan membership vlancreate vlandelete vstack vtp Syntax Description Optional Enables SNMP CISCO AUTH FRAMEWORK MIB traps auth framework Optional Enables SNMP camSecurityViolationNotif notifications sec violation Optional Enables SNMP STP Bridge MIB traps bridge Optional Enables SNMP CISCO CALLHOME MIB traps call home Optional...

Page 558: ...rm control trap parameters storm control Optional Enables SNMP STPX MIB traps stpx Optional Enables SNMP syslog traps syslog Optional Enables SNMP transceiver traps transceiver Optional Sends TCP connection traps This is enabled by default tty Optional Enables SNMP VLAN membership traps vlan membership Optional Enables SNMP VLAN created traps vlancreate Optional Enables SNMP VLAN deleted traps vla...

Page 559: ...orted in SNMPv1 Note To enable more than one type of trap you must enter a separate snmp server enable traps command for each trap type Examples This example shows how to enable more than one type of SNMP trap Device config snmp server enable traps cluster Device config snmp server enable traps config Device config snmp server enable traps vtp Related Commands Description Command Generates STP bri...

Page 560: ... Enables SNMP traps snmp server enable traps snmp Enables SNMP StackWise traps snmp server enable traps stackwise Enables SNMP storm control trap parameters snmp server enable traps storm control Enables SNMP STPX MIB traps snmp server enable traps stpx Enable SNMP transceiver traps snmp server enable traps transceiver Allows SNMP vrfmib traps snmp server enable traps vrfmib Enables SNMP smart ins...

Page 561: ...raps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one type ...

Page 562: ...is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one type of tr...

Page 563: ... MIB traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one...

Page 564: ...te change Optional Enables SNMP CEF Resource Failure traps resource failure Command Default The sending of SNMP CEF traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no tr...

Page 565: ... History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one type of trap you must enter a separate snmp server enable traps ...

Page 566: ...Enables environmental monitor temperature traps temperature Command Default The sending of environmental SNMP traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap typ...

Page 567: ...of SNMP notifications of error disabling is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv...

Page 568: ...bled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one type of trap you ...

Page 569: ...of IS IS traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than...

Page 570: ...s disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one type of tra...

Page 571: ...AC notification traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable mo...

Page 572: ...s lsa Optional Enables rate limit traps rate limit Optional Specifies window of time in seconds for rate limit traps Accepted values are 2 to 60 rate limit time Optional Specifies maximum number of rate limit traps to be sent in window time max number of traps Optional Enables packet retransmit traps retransmit Optional Enables state change traps state change Command Default The sending of OSPF SN...

Page 573: ...ou must enter a separate snmp server enable traps command for each trap type Examples This example shows how to enable LSA traps Device config snmp server enable traps ospf lsa Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 547 snmp server enable traps ospf ...

Page 574: ...e traps rp mapping change Command Default The sending of PIM SNMP traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Inf...

Page 575: ...ort security SNMP traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable ...

Page 576: ...er over Ethernet SNMP traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To ena...

Page 577: ...armstart traps warmstart Command Default The sending of SNMP traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs ...

Page 578: ...balanced power supplies under budget under voltage Syntax Description Optional Enables StackWise stack power GLS trap GLS Optional Enables StackWise stack power ILS trap ILS Optional Enables StackWise stack power SRLS trap SRLS Optional Enables StackWise stack power unbalanced power supplies trap insufficient power Optional Enables StackWise stack power invalid input current trap invalid input cur...

Page 579: ...ower under voltage trap under voltage Command Default The sending of SNMP StackWise traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap ...

Page 580: ...ters is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one type ...

Page 581: ...aps root inconsistency Command Default The sending of SNMP STPX MIB traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent I...

Page 582: ...on Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported in SNMPv1 Note To enable more than one type of trap you must enter a separate snmp server ena...

Page 583: ...s vrf up Command Default The sending of SNMP vrfmib traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not s...

Page 584: ...Default The sending of SNMP smart install traps is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Specify the host NMS that receives the traps by using the snmp server host global configuration command If no trap types are specified all trap types are sent Informs are not supported i...

Page 585: ...s remain in the value local engineid string Specifies the remote SNMP copy Specify the ip address of the device that contains the remote copy of SNMP remote ip address Optional Specifies the User Datagram Protocol UDP port on the remote device The default is 162 udp port port number Command Default None Command Modes Global configuration Command History Modification Release This command was introd...

Page 586: ... This option is not available with informs 2c SNMPv2C 3 SNMPv3 One of the authorization keywords see next table row must follow the Version 3 keyword version 1 2c 3 auth Optional Enables Message Digest 5 MD5 and Secure Hash Algorithm SHA packet authentication noauth Default The noAuthNoPriv security level This is the default if the auth noauth priv keyword choice is not specified priv Optional Ena...

Page 587: ...Collection MIB Collection notification traps call home Sends SNMP CISCO CALLHOME MIB traps cef Sends SNMP CEF traps config Sends SNMP configuration traps config copy Sends SNMP config copy traps config ctid Sends SNMP config ctid traps copy config Sends SNMP copy configuration traps cpu Sends CPU notification traps cpu threshold Sends CPU threshold notification traps entity Sends SNMP entity traps...

Page 588: ...s SNMP STP extended MIB traps syslog Sends SNMP syslog traps transceiver Sends SNMP transceiver traps tty Sends TCP connection traps vlan membership Sends SNMP VLAN membership traps vlancreate Sends SNMP VLAN created traps vlandelete Sends SNMP VLAN deleted traps vrfmib Sends SNMP vrfmib traps vtp Sends SNMP VLAN Trunking Protocol VTP traps Command Default This command is disabled by default No no...

Page 589: ...can specify multiple notification types in the command for each host If a local user is not associated with a remote host the device does not send informs for the auth authNoPriv and the priv authPriv authentication levels When multiple snmp server host commands are given for the same host and kind of notification trap or inform each succeeding command overwrites the previous command Only the last...

Page 590: ...le shows how to enable the device to send all traps to the host myhost cisco com by using the community string public Device config snmp server enable traps Device config snmp server host myhost cisco com public You can verify your settings by entering the show running config privileged EXEC command Related Commands Description Command Enables the device to send SNMP notifications for various trap...

Page 591: ...f interfaces Optional Monitors both received and transmitted ERSPAN traffic both Optional Monitors only received traffic rx Optional Monitors only transmitted traffic tx Command Default Source interface or VLAN is not configured Command Modes ERSPAN monitor source session configuration mode config mon erspan src Command History Modification Release This command was introduced Cisco IOS XE Denali 1...

Page 592: ...Related Commands Description Command Configures a local ERSPAN source session monitor session type erspan source Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 566 source ERSPAN ...

Page 593: ... as a nontrunking nontagged single VLAN Ethernet interface switchport mode access Command Default An access port can carry traffic in one VLAN only By default an access port carries traffic for VLAN1 Command Modes Template configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This example shows how to set a single VLAN interface Device config te...

Page 594: ...s to forward all voice traffic through the specified VLAN switchport voice vlanvlan_id Command Default You can specify a value from 1 to 4094 Command Modes Template configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This example shows how to specify to forward all voice traffic through the specified VLAN Device config template switchport voic...

Page 595: ...P A R T IX Programmability Programmability page 571 ...

Page 596: ......

Page 597: ...age 577 show install page 581 dig page 583 mlog page 585 net debug page 586 net dhcp page 588 net6 dhcp page 589 net show page 590 net6 show page 591 net tcp bufs page 592 net tcp mss page 593 ping page 594 ping4 page 596 ping6 page 597 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 571 ...

Page 598: ...mand History Modification Release This command was introduced Cisco IOS XE Denali 16 3 2 Usage Guidelines iPXE is an open source implementation of the Preboot eXecution Environment PXE Bootloaders boot an image located on an HTTP FTP or a TFTP server If the forever keyword is configured the switch sends Dynamic Host Configuration Protcol DHCP requests forever If the timeout keyword is configured D...

Page 599: ...figuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 2 Usage Guidelines When manual boot is disabled and the switch reloads the boot process starts automatically When manual boot is disabled the bootloader determines whether to execute a device boot or a network boot based on the configured value of the iPXE ROMMON variable Examples The follow...

Page 600: ...number Command Modes Global configuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 2 Usage Guidelines You can either use an IPv4 or an IPv6 address for the remote FTP HTTP TFTP servers For an IPv6 address you must enter the IPv6 address inside square brackets as per RFC 2732 if not the device will not boot Examples The following example shows...

Page 601: ... http Specifies a TFTP location to boot an image tftp Enables booting for switches in a stack Valid values are from 0 to 9 switch number Command Default Device boot is the default Command Modes Global configuration config Command History Modification Release The command was introduced Cisco IOS XE Denali 16 3 2 Usage Guidelines You can either use the no boot ipxe or the default boot ipxecommand to...

Page 602: ...e shows how to enable the default boot mode Device config default boot ipxe Related Commands Description Command Configures iPXE boot boot ipxe Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 576 default boot ...

Page 603: ... Specifies the package to be activated file Specifies the location of the installed package bootflash flash http https rcp scp tftp webui Optional Prompts the user about installation activities For example the activate keyword automatically triggers a reload for packages that require a reload Before activating the packag a message will prompt users as to whether they want to continue The all keywo...

Page 604: ...st committed version or a known commit ID and restarts Netconf processes rollback Returns to the base image to base Returns to the installation state when the last commit operation was performed committed Returns to the specific install point ID Valid values are from 1 to 4294967295 id install ID Command Default Packages are not installed Command Modes Privileged EXEC Command History Modification ...

Page 605: ...tion to ConfD 45 EOF on socket to ConfD Feb 26 05 59 43 269 DMI 5 SYNC_START SIP0 syncfd External change to running configuration detected The running configuration will be synchronized to the NETCONF running data store Feb 26 05 59 44 624 DMI 5 SYNC_COMPLETE SIP0 syncfd The running configuration has been synchronized to the NETCONF running data store Device The following example shows how to comm...

Page 606: ...s been synchronized to the NETCONF running data store Related Commands Description Command Displays information about install packages show install Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 580 install ...

Page 607: ...l package bootflash flash webui Displays the software set associated with a saved installation rollback Displays information about the list of active inactive committed and superseded packages summmary Displays package activations that are nonpersistent uncommitted Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Everest 16 5 1 Usage Guide...

Page 608: ...r committed changes to the harddisk so that the changes become persistent across reloads Committed Packages Intall package activations that are nonpersistent Uncommitted Packages The following is sample output from the show install log command Device show install log 0 install_op_boot START Fri Feb 24 19 20 19 Universal 2017 0 install_op_boot END SUCCESS Fri Feb 24 19 20 23 Universal 2017 3 instal...

Page 609: ...he following is sample output from the dig hostname command Device dig example org DNS lookup using 2001 DB8 1 addr 2001 DB8 0000 0000 0000 0000 0000 0001 The following is sample output from the dig hostname v4 command Device dig example org v4 DNS lookup using 10 29 27 5 addr 172 16 0 1 The following is sample output from the dig hostname v4 dns server address command Device dig example org v4 10...

Page 610: ...Related Commands Description Command Displays or changes the network debug values net debug Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 584 dig ...

Page 611: ...is command was introduced Cisco IOS XE Everest 16 5 1 Usage Guidelines This command directs protocol log that is all logs controlled by the net debug command messages to a memory buffer instead of the serial port With memory logging log messages are displayed after a test is run For example HTTP debugs can be enabled through memory logging Log messages are displayed in the memory buffer after runn...

Page 612: ...es This command enables or disables log levels for each of the following functional areas Domain Name System DNS Dynamic Host Control Protocol DHCP File Transfer Protocol FTP Hypertext Transfer Protocol HTTP IP TCP UDP Uniform Resource Identifier URI Examples This following is sample output from the net debug command Device net debug ether 0 ip 0 dhcp 0 udp 0 tcp 0 http 0 dns 0 uri 0 t ftp 2 ip6 0...

Page 613: ...Related Commands Description Command Directs log messages to a memory buffer instead of the serial port mlog Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 587 net debug ...

Page 614: ...troduced Cisco IOS XE Everest 16 5 1 Usage Guidelines This command initiates an IPv4 DHCP request and processes the reply Examples The following example shows how to enable the net dhcp command Device net dhcp Related Commands Description Command Displays or changes the network debug values net debug Displays network parameters net show Initiates an IPv6 DHCP request for remote configuration net6 ...

Page 615: ...was introduced Cisco IOS XE Everest 16 5 1 Usage Guidelines You can change the timeout by specifying a time in seconds Examples The following example shows how to enable the net6 dhcp command Device net6 dhcp Related Commands Description Command Displays or changes the network debug values net debug Initiates an IPv4 DHCP request and processes the reply net dhcp Displays network parameters net sho...

Page 616: ...w Network params IPv4 ip addr 10 29 27 150 netmask 255 255 0 0 gateway 10 29 0 1 IPv6 link local addr fe80 366f 90ff feb8 cb80 site local addr fec0 366f 90ff feb8 cb80 DHCP addr 2001 dead beef cafe 9999 router addr fe80 7ada 6eff fe13 8580 SLAAC addr 2001 dead beef cafe 366f 90ff feb8 cb80 64 SLAAC addr f00d 366f 90ff feb8 cb80 64 SLAAC addr feed 366f 90ff feb8 cb80 64 Common macaddr 34 6f 90 b8 c...

Page 617: ...64 SLAAC addr f00d 366f 90ff feb8 cb80 64 SLAAC addr feed 366f 90ff feb8 cb80 64 null addr all nodes addr ff02 1 all routers addr ff02 2 all dhcp addr ff02 1 2 Slct node addr ff02 1 ffb8 cb80 ll mmac addr 33 33 00 00 00 01 sl mmac addr 33 33 00 00 00 02 sn mmac addr 33 33 ff b8 cb 80 dhcp mmac addr 33 33 ff 00 99 99 router mac addr 78 da 6e 13 85 80 IP6 neighbour table 0 ip6 fec0 366f 90ff feb8 cb...

Page 618: ...ification Release This command was introduced Cisco IOS XE Everest 16 5 1 Usage Guidelines You can set the MSS of TCP buffers using the mss argument Examples The following is sample output from the net tcp bufs command Device net tcp bufs tcp_num_buffs 4 Related Commands Description Command View or set the TCP MSS net tcp mss Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 59...

Page 619: ...E Everest 16 5 1 Usage Guidelines Use the mss argument to change the MSS size Examples The following is sample output from the net tcp mss command Device net tcp mss switch net tcp mss tcp_segment_size 1024 The following is sample output from the net tcp mss mss command Device net tcp mss 700 switch net tcp mss 700 tcp_segment_size 700 Related Commands Description Command Displays TCP buffers net ...

Page 620: ...bootloader is downloading a file and thus actively polling for new packets it responds to ping quickly Examples The following is sample output from the ping command Device ping 10 29 27 5 Ping 10 29 27 5 with 32 bytes of data Host 10 29 27 5 is alive The following is sample output from the ping host_ip_address retries command Device ping 10 6 29 27 5 6 Ping 10 29 27 5 with 32 bytes of data reply r...

Page 621: ...Description Command Determines the network connectivity to another device using IPv6 addressing ping6 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 595 ping ...

Page 622: ...that allows the bootloader to poll the TCP stack every 200 ms As a result the bootloader may take up to 200 ms to respond to pings However when the bootloader is downloading a file and thus actively polling for new packets it responds to ping quickly Examples The following is sample output from the ping4 host_ip_address command Device ping4 10 29 27 5 Ping 10 29 27 5 with 32 bytes of data Host 10 ...

Page 623: ...nd to pings However when the bootloader is downloading a file and thus actively polling for new packets it responds to ping quickly Examples The following is sample output from the ping6 host retries len command Device ping6 2001 dead beef cafe 5 6 1000 Ping host 2001 dead beef cafe 5 6 times 1000 bytes Pinging 2001 dead beef cafe 5 reply in 0 ms Pinging 2001 dead beef cafe 5 reply in 1 ms Pinging...

Page 624: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 598 ping6 ...

Page 625: ...P A R T X QoS Auto QoS page 601 QoS page 641 ...

Page 626: ......

Page 627: ...wing auto QoS commands auto qos classify page 602 auto qos trust page 608 auto qos video page 615 auto qos voip page 625 debug auto qos page 637 show auto qos page 638 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 601 ...

Page 628: ...e the QoS for trusted interfaces within the QoS domain The QoS domain includes the device the network interior and edge devices that can classify incoming traffic for QoS When auto QoS is enabled it uses the ingress packet label to categorize traffic to assign packet labels and to configure the ingress and egress queues Table 29 Auto QoS Configuration for the Egress Queues Queue Buffer Size for 10...

Page 629: ...r aggregate policer that includes AutoQoS in its name If you need to modify the policy map or aggregate policer make a copy of it and change the copied policy map or policer To use the new policy map instead of the generated one remove the generated policy map from the interface and apply the new policy map To display the QoS configuration that is automatically generated when auto QoS is enabled e...

Page 630: ...ultimedia Conf Class match any 0 packets Match access group name AutoQos 4 0 Acl MultiEnhanced Conf 0 packets 0 bytes 5 minute rate 0 bps QoS Set dscp af41 police cir 5000000 bps bc 156250 bytes conformed 0 bytes actions transmit exceeded 0 bytes actions drop conformed 0000 bps exceed 0000 bps Class map AutoQos 4 0 Bulk Data Class match any 0 packets Match access group name AutoQos 4 0 Acl Bulk Da...

Page 631: ... 0 bps QoS Set dscp default police cir 10000000 bps bc 312500 bytes conformed 0 bytes actions transmit exceeded 0 bytes actions set dscp transmit dscp table policed dscp conformed 0000 bps exceed 0000 bps Class map class default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps Service policy output AutoQos 4 0 Output Policy queue stats for all priority classes Queueing priority ...

Page 632: ...rans Data Queue match any 0 packets Match dscp af21 18 af22 20 af23 22 0 packets 0 bytes 5 minute rate 0 bps Match cos 2 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Bulk Data Queue match any 0 packets Match dscp af11 10 af12 12 af13 14 0 packets 0 bytes 5 minute rate 0 bps Match cos 1 0 packe...

Page 633: ...g 10 queue buffers ratio 10 Class map class default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 25 queue buffers ratio 25 You can verify your settings by entering the show auto qos interface interface id privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 607 auto qos classif...

Page 634: ...E Usage Guidelines Use this command to configure the QoS for trusted interfaces within the QoS domain The QoS domain includes the device the network interior and edge devices that can classify incoming traffic for QoS When auto QoS is enabled it uses the ingress packet label to categorize traffic to assign packet labels and to configure the ingress and egress queues Table 30 Traffic Types Packet L...

Page 635: ...y user entered configuration that was overridden can be retrieved by reloading the device without saving the current configuration to memory If the generated commands fail to be applied the previous running configuration is restored Note After auto QoS is enabled do not modify a policy map or aggregate policer that includes AutoQoS in its name If you need to modify the policy map or aggregate poli...

Page 636: ...any To disable auto QoS on a port use the no auto qos trust interface configuration command Only the auto QoS generated interface configuration commands for this port are removed If this is the last port on which auto QoS is enabled and you enter the no auto qos trust command auto QoS is considered disabled even though the auto QoS generated global configuration commands remain to avoid disrupting...

Page 637: ...rcent 90 queue limit dscp 48 percent 100 queue limit dscp 56 percent 100 total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Multimedia Conf Queue match any 0 packets Match dscp af41 34 af42 36 af43 38 0 packets 0 bytes 5 minute rate 0 bps Match cos 4 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining ...

Page 638: ...atio 10 Class map class default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 25 queue buffers ratio 25 This example shows how to enable auto QoS for a trusted interface with specific DSCP classification Device config interface GigabitEthernet1 0 18 Device config if auto qos trust dscp Device config if end Device show ...

Page 639: ... 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Multimedia Conf Queue match any 0 packets Match dscp af41 34 af42 36 af43 38 0 packets 0 bytes 5 minute rate 0 bps Match cos 4 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Trans Data Queue match any 0 ...

Page 640: ...ultimedia Strm Queue match any 0 packets Match dscp af31 26 af32 28 af33 30 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map class default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 25 queue buffers ratio 25 You can verify your settin...

Page 641: ...o QoS is enabled it uses the ingress packet label to categorize traffic to assign packet labels and to configure the ingress and egress queues For more information see the queue tables at the end of this section Auto QoS configures the device for video connectivity to a Cisco TelePresence system a Cisco IP camera or a Cisco digital media player To take advantage of the auto QoS defaults you should...

Page 642: ...owing policy maps and class maps are created and applied when running the auto qos video cts command Policy maps AutoQos 4 0 Trust Cos Input Policy AutoQos 4 0 Output Policy Class maps class default match any AutoQos 4 0 Output Priority Queue match any AutoQos 4 0 Output Control Mgmt Queue match any AutoQos 4 0 Output Multimedia Conf Queue match any AutoQos 4 0 Output Trans Data Queue match any Au...

Page 643: ...ation command Only the auto QoS generated interface configuration commands for this port are removed If this is the last port on which auto QoS is enabled and you enter the no auto qos video command auto QoS is considered disabled even though the auto QoS generated global configuration commands remain to avoid disrupting traffic on other ports affected by the global configuration Table 32 Traffic ...

Page 644: ...igabitEthernet1 0 12 GigabitEthernet1 0 12 Service policy input AutoQos 4 0 Trust Cos Input Policy Class map class default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps QoS Set cos cos table AutoQos 4 0 Trust Cos Table Service policy output AutoQos 4 0 Output Policy queue stats for all priority classes Queueing priority level 1 total drops 0 bytes output 0 Class map AutoQos 4...

Page 645: ... 20 af23 22 0 packets 0 bytes 5 minute rate 0 bps Match cos 2 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Bulk Data Queue match any 0 packets Match dscp af11 10 af12 12 af13 14 0 packets 0 bytes 5 minute rate 0 bps Match cos 1 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes...

Page 646: ...os 4 0 Trust Dscp Input Policy Class map class default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps QoS Set dscp dscp table AutoQos 4 0 Trust Dscp Table Service policy output AutoQos 4 0 Output Policy queue stats for all priority classes Queueing priority level 1 total drops 0 bytes output 0 Class map AutoQos 4 0 Output Priority Queue match any 0 packets Match dscp cs4 32 cs...

Page 647: ...2 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Bulk Data Queue match any 0 packets Match dscp af11 10 af12 12 af13 14 0 packets 0 bytes 5 minute rate 0 bps Match cos 1 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 4 queue buffers ratio 10 Class...

Page 648: ... 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps QoS Set dscp dscp table AutoQos 4 0 Trust Dscp Table Service policy output AutoQos 4 0 Output Policy queue stats for all priority classes Queueing priority level 1 total drops 0 bytes output 0 Class map AutoQos 4 0 Output Priority Queue match any 0 packets Match dscp cs4 32 cs5 40 ef 46 0 packets 0 bytes 5 minute rate 0 bps Match cos 5 0 p...

Page 649: ...bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Bulk Data Queue match any 0 packets Match dscp af11 10 af12 12 af13 14 0 packets 0 bytes 5 minute rate 0 bps Match cos 1 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 4 queue buffers ratio 10 Class map AutoQos 4 0 Output Scavenger Qu...

Page 650: ... any 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 25 queue buffers ratio 25 You can verify your settings by entering the show auto qos video interface interface id privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 624 auto qos video ...

Page 651: ...trusted trust Command Default Auto QoS is disabled on the port When auto QoS is enabled it uses the ingress packet label to categorize traffic to assign packet labels and to configure the ingress and egress queues Command Default Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use this command to configu...

Page 652: ...icing is applied to those traffic matching the policy map classification before the device enables the trust boundary feature When you enter the auto qos voip cisco softphone interface configuration command on a port at the edge of the network that is connected to a device running the Cisco SoftPhone the device uses policing to decide whether a packet is in or out of profile and to specify the act...

Page 653: ...Qos 4 0 CiscoSoftPhone Input Policy AutoQos 4 0 Output Policy Class maps AutoQos 4 0 Voip Data Class match any AutoQos 4 0 Voip Signal Class match any AutoQos 4 0 Multimedia Conf Class match any AutoQos 4 0 Bulk Data Class match any AutoQos 4 0 Transaction Class match any AutoQos 4 0 Scavanger Class match any AutoQos 4 0 Signaling Class match any AutoQos 4 0 Default Class match any class default m...

Page 654: ... ports affected by the global configuration The device configures egress queues on the port according to the settings in this table Table 34 Auto QoS Configuration for the Egress Queues Queue Buffer Size for 10 100 Ethernet Ports Queue Buffer Size for Gigabit Capable Ports Queue Weight Bandwidth CoS to Queue Map Queue Number Egress Queue 15 percent 25 percent Up to 100 percent 4 5 1 Priority shape...

Page 655: ...h cos 3 0 packets 0 bytes 5 minute rate 0 bps Queueing queue limit dscp 16 percent 80 queue limit dscp 24 percent 90 queue limit dscp 48 percent 100 queue limit dscp 56 percent 100 total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Multimedia Conf Queue match any 0 packets Match dscp af41 34 af42 36 af43 38 0 packets 0 bytes 5 minute rate 0 bps ...

Page 656: ...kets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map class default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 25 queue buffers ratio 25 The following is an example of the auto qos voip cisco phone command and the applied policies and class map...

Page 657: ... default match any 0 packets Match any 0 packets 0 bytes 5 minute rate 0 bps Service policy output AutoQos 4 0 Output Policy queue stats for all priority classes Queueing priority level 1 total drops 0 bytes output 0 Class map AutoQos 4 0 Output Priority Queue match any 0 packets Match dscp cs4 32 cs5 40 ef 46 0 packets 0 bytes 5 minute rate 0 bps Match cos 5 0 packets 0 bytes 5 minute rate 0 bps ...

Page 658: ...dwidth remaining 10 queue buffers ratio 10 Class map AutoQos 4 0 Output Bulk Data Queue match any 0 packets Match dscp af11 10 af12 12 af13 14 0 packets 0 bytes 5 minute rate 0 bps Match cos 1 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 4 queue buffers ratio 10 Class map AutoQos 4 0 Output Scavenger Queue match any 0 packets Match dscp cs1 8 0 pa...

Page 659: ... Match cos 5 0 packets 0 bytes 5 minute rate 0 bps QoS Set dscp ef police cir 128000 bps bc 8000 bytes conformed 0 bytes actions transmit exceeded 0 bytes actions set dscp transmit dscp table policed dscp conformed 0000 bps exceed 0000 bps Class map AutoQos 4 0 Voip Signal Class match any 0 packets Match dscp cs3 24 0 packets 0 bytes 5 minute rate 0 bps Match cos 3 0 packets 0 bytes 5 minute rate ...

Page 660: ...scp transmit dscp table policed dscp conformed 0000 bps exceed 0000 bps Class map AutoQos 4 0 Scavanger Class match any 0 packets Match access group name AutoQos 4 0 Acl Scavanger 0 packets 0 bytes 5 minute rate 0 bps QoS Set dscp cs1 police cir 10000000 bps bc 312500 bytes conformed 0 bytes actions transmit exceeded 0 bytes actions drop conformed 0000 bps exceed 0000 bps Class map AutoQos 4 0 Sig...

Page 661: ...p AutoQos 4 0 Output Control Mgmt Queue match any 0 packets Match dscp cs2 16 cs3 24 cs6 48 cs7 56 0 packets 0 bytes 5 minute rate 0 bps Match cos 3 0 packets 0 bytes 5 minute rate 0 bps Queueing queue limit dscp 16 percent 80 queue limit dscp 24 percent 90 queue limit dscp 48 percent 100 queue limit dscp 56 percent 100 total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Cla...

Page 662: ...1 8 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 1 queue buffers ratio 10 Class map AutoQos 4 0 Output Multimedia Strm Queue match any 0 packets Match dscp af31 26 af32 28 af33 30 0 packets 0 bytes 5 minute rate 0 bps Queueing total drops 0 bytes output 0 bandwidth remaining 10 queue buffers ratio 10 Class map class default match any 0 packets Mat...

Page 663: ...ebug auto qos command When you enable debugging on a device stack it is enabled only on the active device To enable debugging on a stack member you can start a session from the active device by using the session switch number privileged EXEC command Then enter the debug command at the command line prompt of the stack member You also can use the remote command stack member number LINE privileged EX...

Page 664: ... Use the show running config privileged EXEC command to display the auto QoS configuration and the user modifications Beginning in Cisco IOS Release 12 2 40 SE the show auto qos command output shows the service policy information for the Cisco IP phone Examples This is an example of output from the show auto qos command after the auto qos voip cisco phone and the auto qos voip cisco softphone inte...

Page 665: ...ed Device show auto qos interface gigabitethernet1 0 2 GigabitEthernet1 0 2 auto qos voip cisco phone These are examples of output from the show auto qos interface interface id command when auto QoS is disabled on an interface Device show auto qos interface gigabitethernet3 0 1 AutoQoS is disabled Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 639 show auto qos ...

Page 666: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 640 show auto qos ...

Page 667: ...page 654 queue buffers ratio page 656 queue limit page 658 service policy Wired page 660 set page 662 show class map page 667 show platform hardware fed switch page 668 show platform software fed switch qos page 672 show platform software fed switch qos qsb page 673 show policy map page 676 trust device page 678 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 641 ...

Page 668: ...y a policy for any existing classes in that policy map You attach the policy map to a port by using the service policy interface configuration command After entering the class command you enter the policy map class configuration mode These configuration commands are available admit Admits a request for Call Admission Control CAC bandwidth Specifies the bandwidth allocated to the class exit Exits t...

Page 669: ...icy1 When attached to the ingress direction it matches all the incoming traffic defined in class1 sets the IP Differentiated Services Code Point DSCP to 10 and polices the traffic at an average rate of 1 Mb s and bursts at 20 KB Traffic exceeding the profile is marked down to a DSCP value gotten from the policed DSCP map and then sent Device config policy map policy1 Device config pmap class class...

Page 670: ...me you specify and enters class map configuration mode class map Creates or modifies a policy map that can be attached to multiple physical ports or SVIs and enters policy map configuration mode policy map Displays QoS policy maps show policy map Classifies IP traffic by setting a DSCP or an IP precedence value in the packet set Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches...

Page 671: ... configuration Policy map configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Use this command to specify the name of the class for which you want to create or modify class map match criteria and to enter class map configuration mode The class map command and its subcommands are used to define packet classification marking and aggregat...

Page 672: ...les This example shows how to configure the class map called class1 with one match criterion which is an access list called 103 Device config access list 103 permit ip any any dscp 10 Device config class map class1 Device config cmap match access group 103 Device config cmap exit This example shows how to delete the class map class1 Device config no class map class1 You can verify your settings by...

Page 673: ...o 199 and 2000 to 2699 acl index Uses a traffic class as a classification policy and specifies a traffic class name to use as the match criterion This command is not supported in Cisco IOS XE Everest 16 5 1a Note class map class map name Matches a packet on the basis of a Layer 2 class of service CoS Inter Switch Link ISL marking The cos value is from 0 to 7 You can specify up to four CoS values i...

Page 674: ...up matching to the Ether Type Len are supported If you enter the class map match anyclass map name global configuration command you can enter the following match commands match access group name acl name The ACL must be an extended named ACL Note match ip dscp dscp list match ip precedence ip precedence list The match access group acl index command is not supported To define packet classification ...

Page 675: ...ce config cmap exit This example shows how to delete the IP precedence match criteria and to classify traffic using acl1 Device config class map class2 Device config cmap match ip precedence 5 6 7 Device config cmap no match ip precedence Device config cmap match access group acl1 Device config cmap exit This example shows how to specify a list of physical ports to which an interface level class m...

Page 676: ...ntax Description This command has no arguments or keywords Command Default None Command Modes Class map Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines None Examples This example show how you can configure non client NRT Device config class map test_1000 Device config cmap match non client nrt Command Reference Cisco IOS XE Everest 16 5 1a Catal...

Page 677: ...ibes the policy map up to 200 characters exit Exits policy map configuration mode and returns you to global configuration mode no Removes a previously defined policy map sequence interval Enables sequence number capability To return to global configuration mode use the exit command To return to privileged EXEC mode use the end command Before configuring policies for classes whose match criteria ar...

Page 678: ...c at an average rate of 1 Mb s and bursts at 20 KB Traffic less than the profile is sent Device config policy map policy1 Device config pmap class class1 Device config pmap c set dscp 10 Device config pmap c police 1000000 20000 conform action transmit Device config pmap c exit This example show you how to configure hierarchical polices Switch configure terminal Device config class map c1 Device c...

Page 679: ...or the specified class map name class Creates a class map to be used for matching packets to the class whose name you specify and enters class map configuration mode class map Applies a policy map to a physical port or an SVI service policy Wired Displays QoS policy maps show policy map Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 653 policy map ...

Page 680: ... 000 000 kbps Kb s Optional Burst size in bytes The burst size configures the network to accommodate temporary bursts of traffic The default burst value which is computed as 200 milliseconds of traffic at the configured bandwidth rate is used when the burst argument is not specified The range of the burst is from 32 to 2000000 bytes burst in bytes Optional Assigns priority level Available values f...

Page 681: ...ass policy configurations is attached to the interface to stipulate the service policy for that interface available bandwidth is assessed If a policy map cannot be attached to a particular interface because of insufficient interface bandwidth the policy is removed from all interfaces to which it was successfully attached Examples The following example shows how to configure the priority of the cla...

Page 682: ... of Service Solutions Command Reference available on Cisco com The allows you to allocate buffers to queues If buffers are not allocated then they are divided equally amongst all queues You can use the queue buffer ratio to divide it in a particular ratio The buffers are soft buffers because Dynamic Threshold and Scaling DTS is active on all queues by default The queue buffer ratio is supported on...

Page 683: ...s by entering the show policy map privileged EXEC command Related Commands Description Command Displays QoS policy maps show policy map Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 657 queue buffers ratio ...

Page 684: ... cos value CoS values are from 0 to 7 cos cos value Specifies parameters for each DSCP value You can specify a value in the range 0 to 63 specifying the differentiated services code point value for the type of queue limit dscp dscp value A percentage in the range 1 to 100 specifying the maximum percentage of packets that the queue for this class can accumulate percent percentage of packets Command...

Page 685: ... Each class of service is dropped at a different threshold value to provide for QoS differentiation You can configure the maximum queue thresholds for the different subclasses of traffic that is DSCP and CoS and configure the maximum queue thresholds for each subclass Examples The following example configures a policy map called port queue to contain policy for a class called dscp 1 The policy for...

Page 686: ...uration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A policy map is defined by the policy map command Only one policy map is supported per port per direction In other words only one input policy and one output policy is allowed on any one port You can apply a policy map to incoming traffic on a physical port or on an SVI QoS Configuration Gu...

Page 687: ...ig pmap policy map class vlan100 Device config pmap c police 100000 bc conform action transmit exceed action drop Device config pmap c police end Device configure terminal Device config interface gigabitEthernet1 0 5 Device config if service policy input vlan100 You can verify your settings by entering the show running config privileged EXEC command Related Commands Description Command Creates or ...

Page 688: ...g category to set the CoS value of the packet If you also configure a table map for mapping and converting packet marking values this establishes the map from packet marking category Packet marking category keywords cos Sets a value from the CoS value or user priority dscp Sets a value from packet differentiated services code point DSCP precedence Sets a value from packet precedence qos group Sets...

Page 689: ...tional table table map name Indicates that the values set in a specified table map will be used to set the DSCP value Enter the name of the table map used to specify the DSCP value The table map name can be a maximum of 64 alphanumeric characters If you specify a packet marking category but do not specify the table map the default action is to copy the value associated with the packet marking cate...

Page 690: ...ue from the QoS group Optional table table map name Indicates that the values set in a specified table map will be used to set the precedence value Enter the name of the table map used to specify the precedence value The table map name can be a maximum of 64 alphanumeric characters If you specify a packet marking category but do not specify the table map the default action is to copy the value ass...

Page 691: ...ple if you enter the set qos group precedence command the precedence value packet marking category is copied and used as the QoS group value qos group Command Default No traffic classification is defined Command Modes Policy map class configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE The cos dscp qos group wlantable table map name k...

Page 692: ...ttach the service policy to an interface or ATM virtual circuit VC To return to policy map configuration mode use the exit command To return to privileged EXEC mode use the end command Examples This example shows how to assign DSCP 10 to all FTP traffic without any policers Device config policy map policy_ftp Device config pmap class map ftp_class Device config cmap exit Device config policy polic...

Page 693: ...eged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This is an example of output from the show class map command Device show class map Class Map match any videowizard_10 10 10 10 id 2 Match access group name videowizard_10 10 10 10 Class Map match any class default id 0 Match any Class Map match any dscp5 id 3 Match ip dscp 5 Rel...

Page 694: ...ble asicnumber stats iifd_id id interface type number internal cpu policer port type type asic number asicnumber port_num resource Syntax Description Switch for which you want to display information You have the following options switch_num ID of the switch active Displays information relating to the active switch standby Displays information relating to the standby switch if available switch swit...

Page 695: ...ions under dscp cos counters iif_id id The target interface ID Valid range is from 1 to 4294967295 interface type number Target interface type and ID dscp cos counters iifd_id id interface type number You must choose from the following options under dscp cos counters iif_id id The target interface ID Valid range is from 1 to 4294967295 interface type number Target interface type and ID leinfo Disp...

Page 696: ...id range is from 1 to 4294967295 interface type number Target interface type and ID internal cpu policer port_type port_type asic asic_num port_num port_num Displays internal queue related information queue config iif_id id interface type number internal label2qmap stats Displays hardware resource usage information You must enter the following keyword usage resource Command Modes User EXEC Privile...

Page 697: ...l No 13000 13000 0 16 12 Proto Snooping No 500 500 0 17 16 DHCP Snooping No 1000 1000 0 18 9 Transit Traffic Yes 500 500 0 19 10 RPF Failed Yes 100 100 0 20 15 MCAST END STATION Yes 2000 2000 0 21 13 LOGGING Yes 1000 1000 0 22 7 Punt Webauth No 1000 1000 0 23 10 Crypto Control Yes 100 100 0 24 10 Exception Yes 100 100 0 25 3 General Punt No 500 500 0 26 10 NFL SAMPLED DATA Yes 100 100 0 27 2 SGT C...

Page 698: ...splays information for the standby switch if available switch switch_num active standby Displays QoS software information Choose one the following options avc Displays Application Visibility and Control AVC QoS information internal Displays internal queue related information label2qmap Displays label to queue map table information nflqos Displays NetFlow QoS information policer Displays QoS police...

Page 699: ...nterface_number Loopback interface_number Null interface_number Port channel interface_number TenGigabitEthernet interface_number Tunnel interface_number Vlan interface_number Syntax Description The switch for which you want to display information switch_num Enter the ID of the switch Displays information for the specified switch active Displays information for the active switch standby Displays i...

Page 700: ...ace Internal interface between 0 and 9 Loopback Loopback interface between 0 and 2147483647 Null Null interface 0 0 Port Channel Port channel interface between 1 and 128 TenGigabitEthernet TenGigabitEthernet interface between 0 and 9 Tunnel Tunnel interface between 0 and 2147483647 Vlan VLAN interface between 1 and 4094 qsb brief iif_id interface Command Modes User EXEC Privileged EXEC Command His...

Page 701: ... 0 2 tgt 0x7b OUT level 0 num_tccg 8 num_child 0 status VALID SET_INHW TCG in out 0xffd867ad10 0xffd8685b40 le_label_id in out 2 1 Policer Info num_ag_policers in out 1r2c 2r3c 0 0 0 0 num_mf_policers in out 0 0 num_afd_policers 0 ag_plc_handle in out 0xd8688220 0 mf_plc_handle in out nil nil num_mf_policers 0 0 base 0xffffffff 0xffffffff rc 0 0 Queueing Info def_queuing 0 shape_rate 0 interface_r...

Page 702: ...e of QoS policy and the statistics type control subscriber detail Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE The interface interface id keyword was added Cisco IOS XE 3 3SE Usage Guidelines Policy maps can include policers that specify the bandwidth limitations and the action to take if the limits are exceeded Though ...

Page 703: ... 0 Class map dscp56 match any 191508445 packets Match dscp cs7 56 0 packets 0 bytes 5 minute rate 0 bps Priority Strict Priority Level 1 police cir 10 cir 25000000 bps bc 781250 bytes conformed 0 bytes actions counters not supported transmit exceeded 0 bytes actions drop conformed 0000 bps exceeded 0000 bps counters not supported Related Commands Description Command Creates or modifies a policy ma...

Page 704: ... Digital Media Player DMP media player Command Default Trust disabled Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use the trust device command on the following types of interfaces Auto auto template interface Capwap CAPWAP tunnel interface GigabitEthernet Gigabit Ethernet IEEE 802 Group...

Page 705: ...o IP phone in Interface GigabitEthernet 1 0 1 Device config interface GigabitEthernet1 0 1 Device config if trust device cisco phone You can verify your settings by entering the show interface status privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 679 trust device ...

Page 706: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 680 trust device ...

Page 707: ...P A R T XI Routing Bidirectional Forwarding Detection page 683 ...

Page 708: ......

Page 709: ...all interfaces page 687 bfd check ctrl plane failure page 688 bfd echo page 689 bfd slow timers page 691 bfd template page 693 bfd template page 694 ip route static bfd page 695 ipv6 route static bfd page 697 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 683 ...

Page 710: ...hain name Command Default Authentication in BFD template for single hop sessions is not enabled Command Modes BFD configuration config bfd Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines You can configure authentication in single hop templates We recommend that you configure authentication to enhance security Authentication must be confi...

Page 711: ...onsecutive BFD control packets that must be missed from a BFD peer before BFD declares that the peer is unavailable and the Layer 3 BFD peer is informed of the failure The valid range for the multiplier valueargument is from 3 to 50 multiplier multiplier value Command Default No baseline BFD session parameters are set Command Modes Interface configuration config if Command History Modification Rel...

Page 712: ...o in interface config mode Before using BFD echo mode you must disable sending Internet Control Message Protocol ICMP redirect messages by entering the no ip redirect command in order to avoid high CPU utilization Note Examples The following example shows the BFD session parameters set for Gigabit Ethernet 1 0 3 Device enable Device configuration terminal Device config interface gigabitethernet 1 ...

Page 713: ...Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines To enable BFD for all interfaces enter the bfd all interfaces command in router configuration mode Examples The following example shows how to enable BFD for all Enhanced Interior Gateway Routing Protocol EIGRP neighbors Device enable Device configuration terminal Device config router eigrp 123 Device config router bfd...

Page 714: ...ured for an IS IS routing process only The command is not supported on other protocols When a switch restarts a false BFD session failure can occur where neighboring routers behave as if a true forwarding failure has occurred However if the bfd check ctrl plane failure command is enabled on a switch the router can ignore control plane related BFD session failures We recommend that you add this com...

Page 715: ...red minimum transmit interval values are taken from the bfd interval milliseconds min_rx milliseconds parameters respectively Before using BFD echo mode you must disable sending Internet Control Message Protocol ICMP redirect messages by entering the no ip redirects command in order to avoid high CPU utilization Note Examples The following example configures echo mode between BFD neighbors Device ...

Page 716: ...erval ms min max avg 1 1016 886 last 632 ms ago Registered protocols EIGRP Uptime 00 05 00 Last packet Version 1 Diagnostic 0 State bit Up Demand bit 0 Poll bit 0 Final bit 0 Multiplier 3 Length 24 My Discr 6 Your Discr 1 Min tx interval 1000000 Min rx interval 1000000 Min Echo interval 50000 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 690 bfd echo ...

Page 717: ... the MinTxInt and MinRxInt will correspond to the configured value for the BFD slow timers The relevant command output is shown in bold Device show bfd neighbors details OurAddr NeighAddr LD RD RH RS Holdown mult State Int 172 16 1 2 172 16 1 1 1 6 Up 0 3 Up Fa0 1 Session state is UP and using echo function with 100 ms interval Local Diag 0 Demand mode 0 Poll bit 0 MinTxInt 14000 MinRxInt 14000 Mu...

Page 718: ...cho is enabled then BFD control packets will be sent in negotiated slow timer interval and echo packets will be sent in negotiated configured BFD interval If echo is not enabled then BFD control packets will be sent in negotiated configured interval Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 692 bfd slow timers ...

Page 719: ...istory Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Even if you have not created the template by using the bfd template command you can configure the name of the template under an interface but the template is considered invalid until you define the template You do not have to reconfigure the template name again It becomes valid automatically Example...

Page 720: ...t of BFD interval values BFD interval values specified as part of the BFD template are not specific to a single interface Examples The following example shows how to create a BFD template and specify BFD interval values Device enable Device configuration terminal Device config bfd template single hop node1 Device bfd config interval min tx 100 min rx 100 multiplier 3 Device bfd config echo The fol...

Page 721: ...group name is a character string of up to 32 characters specifying the BFD group name group group name Optional Unassociates the static route configured for a BFD unassociate Command Default No static route BFD neighbors are specified Command Modes Global configuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Use the ip rou...

Page 722: ...n_rx milliseconds multiplier multiplier value command is disabled and enabled on that SVI To enable the static BFD sessions perform the following steps 1 Enable BFD timers on the SVI bfd interval milliseconds min_rx milliseconds multiplier multiplier value 2 Enable BFD for the static IP route ip route static bfd interface type interface number ip address 3 Disable and enable the BFD timers on the ...

Page 723: ...mand Modes Global configuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Use the ipv6 route static bfd command to specify static route neighbors All of the static routes that have the same interface and gateway specified in the configuration share the same BFDv6 session for reachability notification BFDv6 requires that BFDv...

Page 724: ...terminal Device config ipv6 route static bfd ethernet 0 0 2001 1 The following example converts the neighbor to unassociated mode Device configuration terminal Device config ipv6 route static bfd ethernet 0 0 2001 1 unassociated Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 698 ipv6 route static bfd ...

Page 725: ...P A R T XII Security Security page 701 ...

Page 726: ......

Page 727: ... enable page 723 clear errdisable interface vlan page 725 clear mac address table page 727 cts manual page 729 cts role based enforcement page 731 cts role based l2 vrf page 733 cts role based monitor page 735 cts role based permissions page 737 deny MAC access list configuration page 739 device role IPv6 snooping page 743 device role IPv6 nd inspection page 744 device tracking policy page 745 dot...

Page 728: ...page 768 ip http access class page 769 ip source binding page 771 ip verify source page 772 ipv6 access list page 773 ipv6 snooping policy page 775 key chain macsec page 777 limit address count page 779 mab request format attribute 32 page 780 macsec network link page 782 match access map configuration page 783 mka pre shared key page 785 no authentication logging verbose page 786 no dot1x logging...

Page 729: ...cs page 818 show radius server group page 821 show storm control page 823 show vlan access map page 825 show vlan filter page 826 show vlan group page 827 storm control page 828 switchport port security aging page 831 switchport port security mac address page 833 switchport port security maximum page 836 switchport port security violation page 838 tracking IPv6 snooping page 840 trusted port page ...

Page 730: ...connection Runs accounting for all commands at the specified privilege level Valid privilege level entries are integers from 0 through 15 commands level Uses the listed accounting methods that follow this argument as the default list of methods for accounting services default Character string used to name the list of at least one of the accounting methods decribed in list name Sends a start accoun...

Page 731: ...ers Use the aaa group server radius and aaa group server tacacs commands to create a named group of servers Cisco IOS software supports the following two methods of accounting RADIUS The network access server reports user activity to the RADIUS security server in the form of accounting records Each accounting record contains accounting attribute value AV pairs and is stored on the security server ...

Page 732: ... depending on the security method you have implemented The network access server reports these attributes as accounting records which are then stored in an accounting log on the security server For a list of supported RADIUS accounting attributes refer to the appendix RADIUS Attributes in the Cisco IOS Security Configuration Guide For a list of supported TACACS accounting AV pairs refer to the app...

Page 733: ... at the end of a process The start accounting record is sent in the background The requested user process begins regardless of whether or not the start accounting notice was received by the accounting server start stop Enables accounting records to be sent to multiple AAA servers and sends accounting records to the first server in each group If the first server is unavailable the switch uses the l...

Page 734: ...u enter the dot1x reauthentication interface configuration command before configuring IEEE 802 1x RADIUS accounting on an interface Examples This example shows how to configure IEEE 802 1x accounting Device config aaa new model Device config aaa accounting dot1x default start stop group radius Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 708 aaa accounting dot1x ...

Page 735: ...ss The start accounting record is sent in the background The requested user process begins regardless of whether or not the start accounting notice was received by the accounting server start stop Enables accounting records to be sent to multiple AAA servers and send accounting records to the first server in each group If the first server is unavailable the switch uses the list of backup servers t...

Page 736: ...ntered new style configuration the following caveats should be carefully read and understood 1 If you save the config in this mode it will be written to NVRAM in NEW style config and if you subsequently reload the router without reverting to legacy config and saving that you will no longer be able to revert 2 In this and legacy mode Webauth is not IPv6 capable It will only become IPv6 capable once...

Page 737: ...mmand History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The method argument identifies the method that the authentication algorithm tries in the specified sequence to validate the password provided by the client The only method that is IEEE 802 1x compliant is the group radius method in which the client data is validated against a RADIUS...

Page 738: ...tion Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use the aaa authorization network default group radius global configuration command to allow the switch to download IEEE 802 1x authorization parameters from the RADIUS servers in the default authorization list The authorization parameters are used by features such as VLAN assignment to get parameters fr...

Page 739: ...system If the login local command is configured for a virtual terminal line VTY and the aaa new model command is removed you must reload the switch to get the default configuration or the login command If the switch is not reloaded the switch defaults to the login local command under the VTY We do not recommend removing the aaa new model command Note The following example shows this restriction Sw...

Page 740: ... aaa authentication arap Enables AAA authentication to determine if a user can access the privileged command level aaa authentication enable default Sets AAA authentication at login aaa authentication login Specifies one or more AAA authentication method for use on serial interfaces running PPP aaa authentication ppp Sets parameters that restrict user access to a network aaa authorization Command ...

Page 741: ...sco IOS XE 3 3SE Usage Guidelines Single host mode should be configured if only one data host is connected Do not connect a voice device to authenticate on a single host port Voice device authorization fails if no voice VLAN is configured on the port Multi domain mode should be configured if data host is connected through an IP phone to the port Multi domain mode should be configured if the voice ...

Page 742: ...xample shows how to enable multi host mode on a port Device config if authentication host mode multi host This example shows how to enable single host mode on a port Device config if authentication host mode single host You can verify your settings by entering the show authentication sessions interface interface details privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalys...

Page 743: ...3 3SECisco IOS XE 3 3SE Usage Guidelines The command enables authenticated hosts to move between ports on a device For example if there is a device between an authenticated host and port and that host moves to another port the authentication session is deleted from the first port and the host is reauthenticated on the new port If MAC move is disabled and an authenticated host moves to another port...

Page 744: ...Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Ordering sets the order of methods that the switch attempts when trying to authenticate a new device is connected to a port When configuring multiple fallback methods on a port set web authentication webauth last Assigning priorities to different authentication methods allows a higher priority method to inter...

Page 745: ...uthorization and accounting server becomes available authentication event server alive action reinitialize Authorizes Auth Manager sessions when the authentication authorization and accounting server becomes unreachable authentication event server dead action authorize Enables a web authentication fallback method authentication fallback Allows hosts to gain access to a controlled port authenticati...

Page 746: ...es MAC authentication bypass on a port mab Displays information about the authentication methods that are registered with the Auth Manager show authentication registrations Displays information about current Auth Manager sessions show authentication sessions Displays information about the Auth Manager for a given interface show authentication sessions interface Command Reference Cisco IOS XE Evere...

Page 747: ...which an unexpected MAC address occurs shutdown Command Default Authentication violation shutdown mode is enabled Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use the authentication violation command to specify the action to be taken when a security violation occurs on a port Examples Th...

Page 748: ...how to configure an 802 1x enabled port to remove the current session and initiate authentication with a new device when it connects to the port Device config if authentication violation replace You can verify your settings by entering the show authentication privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 722 authentication violation ...

Page 749: ... Denali 16 1 x and Cisco IOS XE Denali 16 2 x Cisco IOS XE Denali 16 3 1 Usage Guidelines The link between the authenticator and supplicant switch is a trunk When you enable VTP on both switches the VTP domain name must be the same and the VTP mode must be server To avoid the MD5 checksum mismatch error when you configure VTP mode verify that VLANs are not configured on two different switches whic...

Page 750: ...s dot1x supplicant force multicast Configures controlled access by 802 1X supplicant dot1x supplicant controlled transient Displays CISP information for a specified interface show cisp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 724 cisp enable ...

Page 751: ...nable a port by using the shutdown and no shutdown interface configuration commands or you can clear error disable for VLANs by using the clear errdisable interface command Examples This example shows how to reenable all VLANs that were error disabled on Gigabit Ethernet port 4 0 2 Device clear errdisable interface gigabitethernet4 0 2 vlan Related Commands Description Command Enables error disabl...

Page 752: ...nd Displays interface status of a list of interfaces in error disabled state show interfaces status err disabled Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 726 clear errdisable interface vlan ...

Page 753: ...ysical port or port channel interface interface id Optional Deletes all dynamic MAC addresses for the specified VLAN The range is 1 to 4094 vlan vlan id Clears the MAC address table move update counters move update Clears the notifications in the history table and reset the counters notification Command Default No default behavior or values Command Modes Privileged EXEC Command History Modificatio...

Page 754: ...ess table Displays the MAC address table move update information on the switch show mac address table move update Displays the MAC address notification settings for all interfaces or on the specified interface when the interface keyword is appended show mac address table notification Enables the SNMP MAC address notification trap on a specific interface snmp trap mac notification change Command Re...

Page 755: ...mmand to define and apply policies on the link By default no policy is applied To configure MACsec link to link encryption the SAP negotiation parameters must be defined By default SAP is not enabled The same SAP Pairwise master key PMK should be configured on both sides of the link that is a shared secret Examples The following example shows how to enter the Cisco TrustSec manual mode Switch conf...

Page 756: ...ion and encryption modes to negotiate MACsec link encryption between two interfaces sap mode list cts manual Displays Cisco TrustSec interface configuration statistics show cts interface Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 730 cts manual ...

Page 757: ...LANs all Optional VLAN ID Valid values are from 1 to 4094 vlan ID Optional Specifies another VLAN separated by a comma Optional Specifies a range of VLANs separated by a hyphen Command Default Role based access control is not enforced Command Modes Global configuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines RBACL and SGAC...

Page 758: ...d packets because no Layer 3 switching is possible within a VLAN without an SVI Examples The following example shows configure an SGACL logging interval Switch config cts role based enforcement logging interval 90 Switch config logging rate limit May 27 10 19 21 509 RBM 6 SGACLHIT ingress_interface GigabitEthernet1 0 2 sgacl_name sgacl2 action Deny protocol icmp src ip 16 16 1 3 src port 8 dest ip...

Page 759: ...lines The vlan list argument can be a single VLAN ID a list of comma separated VLAN IDs or hyphen separated VLAN ID ranges The all keyword is equivalent to the full range of VLANs supported by the network device The all keyword is not preserved in the nonvolatile generation NVGEN process If the cts role based l2 vrf command is issued more than once for the same VRF each successive command entered ...

Page 760: ...ased l2 vrf command Examples The following example shows how to select a list of VLANS to be assigned to a VRF instance Switch config cts role based l2 vrf vrf1 vlan list 20 The following example shows how to configure an SVI interface and associate a VRF instance Switch config interface vlan 101 Switch config if vrf forwarding vrf1 Related Commands Description Command Configures a VLAN interface ...

Page 761: ...GT Valid values are from 2 to 65519 sgt Specifies an unknown source or destination group tag DST unknown Optional Specifies the IPv4 protocol ipv4 Command Default Role based access control monitoring is not enabled Command Modes Global configuration config Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Use the cts role based monitor all...

Page 762: ...Related Commands Description Command Displays the SGACL permission list show cts role based permissions Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 736 cts role based monitor ...

Page 763: ...lues are from 2 to 65519 sgt Specifies an unknown source or destination group tag unknown Role based access control list RBACL or SGACL name Up to 16 SGACLs can be specified in the configuration rbacl name Command Default Permissions from a source group to a destination group is not enabled Command Modes Global configuration config Command History Modification Release This command was introduced C...

Page 764: ...nation group Switch config cts role based permissions from 6 to 6 mon_2 Related Commands Description Command Displays the SGACL permission list show cts role based permissions Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 738 cts role based permissions ...

Page 765: ...net mask If the source address for a packet matches the defined address non IP traffic from that address is denied host src MAC addr src MAC addr mask Defines a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied host dst MAC addr dst MAC addr mask Optional Specifies the EtherType number of a ...

Page 766: ...C MUMPS mumps Optional Specifies EtherType DEC Network Basic Input Output System NetBIOS netbios Optional Specifies EtherType Virtual Integrated Network Service VINES Echo from Banyan Systems vines echo Optional Specifies EtherType VINES IP vines ip Optional Specifies EtherType Xerox Network Systems XNS protocol suite 0 to 65535 an arbitrary EtherType in decimal hexadecimal or octal xns idp Option...

Page 767: ... terminology and Cisco IOS terminology are listed in the table Table 36 IPX Filtering Criteria Filter Criterion IPX Encapsulation Type Novel Name Cisco IOS Name EtherType 0x8137 Ethernet II arpa EtherType 0x8137 Ethernet snap snap LSAP 0xE0E0 Ethernet 802 2 sap LSAP 0xFFFF Ethernet 802 3 novell ether Examples This example shows how to define the named MAC extended access list to deny NETBIOS traff...

Page 768: ... list extended Permits from the MAC access list configuration Permits non IP traffic to be forwarded if conditions are matched permit Displays access control lists configured on a switch show access lists Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 742 deny MAC access list configuration ...

Page 769: ...vice attached to the port By default the device role is node The switch keyword indicates that the remote device is a switch and that the local switch is now operating in multiswitch mode binding entries learned from the port will be marked with trunk_port preference level If the port is configured as a trust port binding entries will be marked with trunk_trusted_port preference level Examples Thi...

Page 770: ...messages router solicitation RS router advertisement RA or redirect are allowed on this port When the router or monitor keyword is used the multicast RS messages are bridged on the port regardless of whether limited broadcast is enabled However the monitor keyword does not allow inbound RA or redirect messages When the monitor keyword is used devices that need these messages will receive them The ...

Page 771: ...hanges to device tracking configuration mode In this mode the administrator can configure the following first hop security commands Optional device role node switch Specifies the role of the device attached to the port Default is node Optional limit address count value Limits the number of addresses allowed per target Optional no Negates a command or sets it to defaults Optional destination glean ...

Page 772: ...ets Bindings learned through a trusted port have preference over bindings learned through any other port A trusted port is given preference in case of a collision while making an entry in the table Examples This example shows how to configure an a device tracking policy Device config device tracking policy policy1 Device config device tracking trusted port Command Reference Cisco IOS XE Everest 16...

Page 773: ...ates the critical port eapol Command Default eapol is disabled Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to specify that the switch sends an EAPOL Success message when the switch successfully authenticates the critical port Device config dot1x critical eapol Command Refere...

Page 774: ...E 3 3SECisco IOS XE 3 3SE This command was reintroduced This command was not supported in Cisco IOS XE Denali 16 1 x and Cisco IOS XE Denali 16 2 x Cisco IOS XE Denali 16 3 1 Usage Guidelines Use the no dot1x pae interface configuration command to disable IEEE 802 1x authentication on the port When you configure IEEE 802 1x authentication on a port such as by entering the dot1x port control interf...

Page 775: ...ee Protocol STP bridge protocol data unit BPDU packets before the supplicant switch has authenticated Beginning with Cisco IOS Release 15 0 1 SE you can control traffic exiting the supplicant port during the authentication period Entering the dot1x supplicant controlled transient global configuration command temporarily blocks the supplicant port during authentication to ensure that the authentica...

Page 776: ...n Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE This command was reintroduced This command was not supported in Cisco IOS XE Denali 16 1 x and Cisco IOS XE Denali 16 2 x Cisco IOS XE Denali 16 3 1 Usage Guidelines Enable this command on the supplicant switch for Network Edge Access Topology NEAT to work in all host modes Examples This example...

Page 777: ...Description Command Configure an interface to act only as a supplicant dot1x pae supplicant Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 751 dot1x supplicant force multicast ...

Page 778: ...ines Use this command to test the IEEE 802 1x capability of the devices connected to all ports or to specific ports on a switch There is not a no form of this command Examples This example shows how to enable the IEEE 802 1x readiness check on a switch to query a port It also shows the response received from the queried port verifying that the device connected to it is IEEE 802 1x capable Device d...

Page 779: ...This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use this command to configure the timeout used to wait for EAPOL response There is not a no form of this command Examples This example shows how to configure the switch to wait 27 seconds for an EAPOL response Device dot1x test timeout 27 You can verify the timeout configuration status by entering the show run privil...

Page 780: ...e is from 1 to 65535 The default is 60 held period seconds Configures the time in seconds that the authenticator server remains quiet in the HELD state following a failed authentication exchange before trying to reauthenticate the client The range is from 1 to 65535 The default is 60 quiet period seconds Throttles the EAP START packets that are sent from misbehaving client PCs for example PCs that...

Page 781: ... reauthentication and periodic rate limiting are done Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication...

Page 782: ...ice config if dot1x timeout auth period 2000 Device config if dot1x timeout held period 2400 Device config if dot1x timeout quiet period 600 Device config if dot1x timeout start period 90 Device config if dot1x timeout supp timeout 300 Device config if dot1x timeout tx period 60 Device config if dot1x timeout server timeout 60 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 7...

Page 783: ...es Use this command to configure an open directive that allows hosts without an authorization policy to access ports configured with a static ACL If you do not configure this command the port applies the policies of the configured ACL to the traffic If no static ACL is configured on a port both the default and open directives allow access to the port You can verify your settings by entering the sh...

Page 784: ...ation Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines For SGACL logging you must configure the permit ip log command Also this command must be configured in Cisco IIdentity Services Engine ISE to enable logging for dynamic SGACLs Examples The following example shows how to define an SGACL that can be applied to IPv4 traffic and enter role based access list configura...

Page 785: ...his command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The ip admission command applies a web authentication rule to a switch port Examples This example shows how to apply a web authentication rule to a switchport Device configure terminal Device config interface gigabitethernet1 0 1 Device config if ip admission rule1 This example shows how to apply a web authentication ...

Page 786: ...psed time in minutes before the external server times out absolute timer minutes Optional Elapsed time in minutes before the external file server is deemed unreachable inactivity time minutes Optional Associates the named rule with an access control list ACL list Applies a standard extended list to a named admission control rule The value ranges from 1 through 199 or from 1300 through 2699 for exp...

Page 787: ...ow to configure IEEE 802 1x authentication with web authentication as a fallback mechanism on a switch port Device configure terminal Device config ip admission name rule2 proxy http Device config fallback profile profile1 Device config ip access group 101 in Device config ip admission name rule2 Device config interface gigabitethernet1 0 1 Device config if dot1x port control auto Device config if...

Page 788: ...Description Command Displays information about NAC cached entries or the NAC configuration show ip admission Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 762 ip admission name ...

Page 789: ...o remove the maximum value use the no ip device tracking maximum command To disable IP device tracking use the ip device tracking maximum 0 command This command enables IPDT wherever its configured Note Examples This example shows how to configure IP device tracking parameters on a Layer 2 access port Device configure terminal Enter configuration commands one per line End with CNTL Z Device config...

Page 790: ... resending the ARP probe The range is from 30 to 1814400 seconds interval seconds Uses the switch virtual interface SVI IP address as source of ARP probes use svi Command Default The count number is 3 There is no delay The interval is 30 seconds The ARP probe default source IP address is the Layer 3 interface and 0 0 0 0 for switchports Command Modes Global configuration Command History Modificati...

Page 791: ...or storing entries using secure HTTP https https url Specifies the database URL for storing entries using remote copy rcp rcp url Specifies the database URL for storing entries using Secure Copy SCP scp url Specifies the database URL for storing entries using TFTP tftp url Specifies the abort timeout interval valid values are from 0 to 86400 seconds timeout seconds Specifies the amount of time bef...

Page 792: ...snooping command to enable DHCP snooping Examples This example shows how to specify the database URL using TFTP Device config ip dhcp snooping database tftp 10 90 90 90 snooping rp2 This example shows how to specify the amount of time before writing DHCP snooping entries to an external server Device config ip dhcp snooping database write delay 15 Command Reference Cisco IOS XE Everest 16 5 1a Cata...

Page 793: ...lobal configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You must globally enable DHCP snooping by using the ip dhcp snooping global configuration command for any DHCP snooping configuration to take effect When the option 82 feature is enabled the default remote ID suboption is the switch MAC address This command all...

Page 794: ... message on an untrusted port is 0 Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines By default the DHCP snooping feature verifies that the relay agent IP address giaddr field in DHCP client message on an untrusted port is 0 the message is dropped if the giaddr field is not 0 Use the ip dhcp sno...

Page 795: ...ipv4 access list number access list name ipv6 access list name Syntax Description Specifies the IPv4 access list to restrict access to the secure HTTP server ipv4 Specifies the IPv6 access list to restrict access to the secure HTTP server ipv6 Standard IP access list number in the range 0 to 99 as configured by the access list global configuration command access list number Name of a standard IPv4...

Page 796: ...evice config std nacl permit 209 165 200 225 0 255 255 255 Device config std nacl exit Device config ip http access class 20 The following example shows how to define an IPv4 named access list as and assign it to the HTTP server Device config ip access list standard Internet_filter Device config std nacl permit 1 2 3 4 Device config std nacl exit Device config ip http access class ipv4 Internet_fi...

Page 797: ...n Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You can use this command to add a static IP source binding entry only The no format deletes the corresponding IP source binding entry It requires the exact match of all required parameter in order for the deletion to be successful Note that each static IP binding entry is keyed by a MAC address and a VLAN n...

Page 798: ...address filtering use the ip verify source interface configuration command To enable IP source guard with source IP address filtering and MAC address verification use the ip verify source mac check interface configuration command Examples This example shows how to enable IP source guard with source IP address filtering on an interface Device config interface gigabitethernet1 0 1 Device config if i...

Page 799: ...erated after the initial packet match threshold in msgs Number of packets generated log update threshold threshold in msgs Creates a role based IPv6 ACL role based list name Command Default No IPv6 access list is defined Command Modes Global configuration Command History Modification Release This command was reintroduced This command was not supported in Cisco IOS XE Denali 16 1 x and Cisco IOS XE...

Page 800: ...rgument to apply an IPv6 ACL to an IPv6 interface Use the ipv6 access class line configuration command with the access list name argument to apply an IPv6 ACL to incoming and outgoing IPv6 virtual terminal connections to and from the device An IPv6 ACL applied to an interface with the ipv6 traffic filter command filters traffic that is forwarded not originated by the device Examples The example co...

Page 801: ... This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use the ipv6 snooping policy command to create an IPv6 snooping policy When the ipv6 snooping policy command is enabled the configuration mode changes to IPv6 snooping configuration mode In this mode the administrator can configure the following IPv6 first hop security commands The device role command specifies the ...

Page 802: ...ample shows how to configure an IPv6 snooping policy Device config ipv6 snooping policy policy1 Device config ipv6 snooping Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 776 ipv6 snooping policy ...

Page 803: ... introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Examples This example shows how to configure MACsec key chain to fetch a 128 bit Pre Shared Key PSK Switch configure terminal Switch config key chain kc1 macsec Switch config keychain macsec key 1000 Switch config keychain macsec cryptographic algorithm aes 128 cmac Switch config keychain macsec key key string fb63e0269e2768c49bab8ee9a5c2258f...

Page 804: ...c865632acb269022447c417504a1bf5db1c296449b52627ba01f2ba2574c2878 Switch config keychain macsec key end Switch Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 778 key chain macsec ...

Page 805: ... command limits the number of IPv6 addresses allowed to be used on the port on which the policy is applied Limiting the number of IPv6 addresses on a port helps limit the binding table size The range is from 1 to 10000 Examples This example shows how to define an NDP policy name as policy1 place the switch in NDP inspection policy configuration mode and limit the number of IPv6 addresses allowed o...

Page 806: ...cate a new user based on the host MAC address and VLAN Use this feature on networks with the Microsoft IAS RADIUS server The Cisco ACS ignores this command Examples This example shows how to enable VLAN ID based MAC authentication on a switch Device config mab request format attribute 32 vlan access vlan Related Commands Description Command Sets the action for specific authentication events authen...

Page 807: ...tication timer Configures the violation modes that occur when a new device connects to a port or when a new device connects to a port with the maximum number of devices already connected to that port authentication violation Enables MAC based authentication on a port mab Configures a port to use the Extensible Authentication Protocol EAP mab eap Displays information about authentication manager ev...

Page 808: ... link Command Default macsec network link is disabled Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Examples This example shows how to configure MACsec MKA on an interface using the EAP TLS authentication protocol Switch configure terminal Switch config int G1 0 20 Switch config if macsec network l...

Page 809: ...ists number Command Default The default action is to have no match parameters applied to a VLAN map Command Modes Access map configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You enter access map configuration mode by using the vlan access map global configuration command You must enter one access list name or numbe...

Page 810: ... exit Device config vlan filter vmap4 vlan list 5 6 You can verify your settings by entering the show vlan access map privileged EXEC command Related Commands Description Command Sets the action for the VLAN access map entry action Displays the VLAN access maps created on the switch show vlan access map Defines a VLAN map and enters access map configuration mode where you can specify a MAC ACL to ...

Page 811: ... interfaces using a PSK mka pre shared key key chain Command Default mka pre shared key is disabled Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Examples This example shows how to configure MKA MACsec on an interface using a PSK Switch Switch config int G1 0 20 Switch config if mka pre shared key ...

Page 812: ...Usage Guidelines This command filters details such as anticipated success from authentication system messages Failure messages are not filtered Examples To filter verbose authentication system messages Device config no authentication logging verbose You can verify your settings by entering the show running config privileged EXEC command Related Commands Description Command Filters details from aut...

Page 813: ...Usage Guidelines This command filters details such as anticipated success from 802 1x system messages Failure messages are not filtered Examples To filter verbose 802 1x system messages Device config no dot1x logging verbose You can verify your settings by entering the show running config privileged EXEC command Related Commands Description Command Filters details from authentication system messag...

Page 814: ...Usage Guidelines This command filters details such as anticipated success from MAC authentication bypass MAB system messages Failure messages are not filtered Examples To filter verbose MAB system messages Device config no mab logging verbose You can verify your settings by entering the show running config privileged EXEC command Related Commands Description Command Filters details from authentica...

Page 815: ...urce address for a packet matches the defined address non IP traffic from that address is denied host src MAC addr src MAC addr mask Specifies a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied host dst MAC addr dst MAC addr mask Optional Specifies the EtherType number of a packet with Ethe...

Page 816: ...Type DEC Network Basic Input Output System NetBIOS netbios Optional Specifies EtherType Virtual Integrated Network Service VINES Echo from Banyan Systems vines echo Optional Specifies EtherType VINES IP vines ip Optional Specifies EtherType Xerox Network Systems XNS protocol suite xns idp Optional Specifies an arbitrary class of service CoS number from 0 to 7 to set priority Filtering on CoS can b...

Page 817: ... Filtering Criteria Filter Criterion IPX Encapsulation Type Novell Name Cisco IOS Name EtherType 0x8137 Ethernet II arpa EtherType 0x8137 Ethernet snap snap LSAP 0xE0E0 Ethernet 802 2 sap LSAP 0xFFFF Ethernet 802 3 novell ether Examples This example shows how to define the MAC named extended access list to allow NetBIOS traffic from any source to MAC address 00c0 00a0 03fa Traffic matching this li...

Page 818: ...sed on MAC addresses for non IP traffic mac access list extended Displays access control lists configured on a switch show access lists Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 792 permit MAC access list configuration ...

Page 819: ... on an interface in situations where a peer device is not capable of receiving an SGT and as a result the SGT tag cannot be put in the L2 header Examples The following example shows how to disable SGT propagation on a manually configured TrustSec capable interface Switch configure terminal Switch config interface gigabitethernet 0 Switch config if cts manual Switch config if cts manual no propagat...

Page 820: ...on Command Enables an interface for CTS cts manual Displays Cisco TrustSec states and statistics per interface show cts interface Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 794 propagate sgt cts manual ...

Page 821: ... introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines If an address does not match the prefix list associated with DHCP or NDP then control packets will be dropped and recovery of the binding table entry will not be attempted with that protocol Using the no protocol dhcp ndp command indicates that a protocol will not be used for snooping or gleaning If the no protocol dhcp command is u...

Page 822: ...null gcm encrypt gmac no encap null Syntax Description Specifies the Hex data PMK without leading 0x enter even number of hex characters or else the last character is prefixed with 0 pmk hex_value Specifies the list of advertised modes prioritized from highest to lowest mode list Specifies GMAC authentication GCM encryption gcm encrypt Specifies GMAC authentication only no encryption gmac Specifie...

Page 823: ...ort from the Cisco Secure Access Control Server If a device is running CTS aware software but the hardware is not CTS capable disallow encapsulation with the sap mode list no encap command Examples The following example shows how to configure SAP on a Gigabit Ethernet interface Switch configure terminal Switch config interface gigabitethernet 2 1 Switch config if cts manual Switch config if cts ma...

Page 824: ...es messages for consistency and conformance in particular address ownership is enforced Invalid messages are dropped inspect Command Default The default security level is guard Command Modes IPv6 snooping configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to define an IPv6 snooping policy name as polic...

Page 825: ...t statistics detailed Command Modes User EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This is an example of output from the show aaa clients command Device show aaa clients Dropped request packets 0 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 799 show aaa clients ...

Page 826: ...Examples This is an example of output from the show aaa command handler command Device show aaa command handler AAA Command Handler Statistics account logon 0 account logoff 0 account query 0 pod 0 service logon 0 service logoff 0 user profile push 0 session state log 0 reauthenticate 0 bounce host port 0 disable host port 0 update rbacl 0 update sgt 0 update cts policies 0 invalid commands 0 asyn...

Page 827: ... introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This is an example of output from the show aaa local statistics command Device show aaa local statistics Local EAP statistics EAP Method Success Fail Unknown 0 0 EAP MD5 0 0 EAP GTC 0 0 LEAP 0 0 PEAP 0 0 EAP TLS 0 0 EAP MSCHAPV2 0 0 EAP FAST 0 0 Requests received from AAA 0 Responses returned from EAP 0 Requests dropped no EAP AVP 0 Request...

Page 828: ...Fail 0 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 802 show aaa local ...

Page 829: ...nse accept 0 reject 0 challenge 0 Response unexpected 0 server error 0 incorrect 0 time 0ms Transaction success 0 failure 0 Throttled transaction 0 timeout 0 failure 0 Author request 0 timeouts 0 failover 0 retransmission 0 Response accept 0 reject 0 challenge 0 Response unexpected 0 server error 0 incorrect 0 time 0ms Transaction success 0 failure 0 Throttled transaction 0 timeout 0 failure 0 Acc...

Page 830: ...story Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This is an example of output from the show aaa sessions command Device show aaa sessions Total sessions since last reload 7 Session Id 4007 Unique Id 4025 User Name not available IP Address 0 0 0 0 Idle Time 0 CT Call Handle 0 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 80...

Page 831: ...articular MAC address for which you want to display information mac mac address Optional Specifies the particular authentication method for which Auth Manager information is to be displayed If you specify a method dot1x mab or webauth you may also specify an interface method method name Optional Specifies the particular session for which Auth Manager information is to be displayed session id sessi...

Page 832: ...switch Device show authentication sessions Interface MAC Address Method Domain Status Session ID Gi1 0 48 0015 63b0 f676 dot1x DATA Authz Success 0A3462B1000000102983C05C Gi1 0 5 000f 23c4 a401 mab DATA Authz Success 0A3462B10000000D24F80B58 Gi1 0 5 0014 bf5d d26d dot1x DATA Authz Success 0A3462B10000000E29811B94 The following example shows how to display all authentication sessions on an interfac...

Page 833: ... Success Domain VOICE Oper host mode multi domain Oper control dir both Authorized By Authentication Server Session timeout N A Idle timeout N A Common Session ID 0A3462C8000000010002A238 Acct Session ID 0x00000003 Handle 0x91000001 Runnable methods list Method State mab Authc Success dot1x Not run Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 807 show authentication sessio...

Page 834: ...istory Modification Release This command was modified with additional options Cisco IOS XE Denali 16 3 1 This command was introduced Cisco IOS XE Denali 16 2 1 Usage Guidelines Use the show cts interface command without keywords to display verbose status for all CTS interfaces Examples The following example displays output without using a keyword verbose status for all CTS interfaces Switch show c...

Page 835: ...nown sa dropped 0 unknown sa bypassed 0 The following example displays output using the brief keyword Device show cts interface brief Global Dot1x feature is Disabled Interface GigabitEthernet0 1 0 CTS is enabled mode MANUAL IFC state OPEN Interface Active for 00 00 40 386 Authentication Status NOT APPLICABLE Peer identity unknown Peer s advertised capabilities Authorization Status NOT APPLICABLE ...

Page 836: ...ies the PMK and the SAP authentication and encryption modes to negotiate MACsec link encryption between two interfaces sap mode list cts manual Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 810 show cts interface ...

Page 837: ...ntroduced Cisco IOS XE Denali 16 3 1 Usage Guidelines This command displays the content of the SGACL permission matrix You can specify the source security group tag SGT by using the from keyword and the destination SGT by using the to keyword When both these keywords are specified RBACLs of a single cell are displayed An entire column is displayed when only the to keyword is used An entire row is ...

Page 838: ...nfigured Policies FALSE IPv4 Role based permissions from group 6 SGT_6 to group 6 SGT_6 configured mon_1 IPv4 Role based permissions from group 10 to group 11 configured mon_2 RBACL Monitor All for Dynamic Policies FALSE RBACL Monitor All for Configured Policies FALSE Related Commands Description Command Enables permissions from a source group to a destination group cts role based permissions Enab...

Page 839: ... introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE This command was reintroduced This command was not supported in Cisco IOS XE Denali 16 1 x and Cisco IOS XE Denali 16 2 x Cisco IOS XE Denali 16 3 1 Examples This example shows output from the show cisp interface command Device show cisp interface fast 0 CISP not enabled on specified interface This example shows output from the show cisp registratio...

Page 840: ...3 Gi3 0 5 Gi3 0 23 Related Commands Description Command Enable Client Information Signalling Protocol CISP cisp enable Configure a profile on a supplicant switch dot1x credentials profile Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 814 show cisp ...

Page 841: ... IEEE 802 1x summary for all interfaces summary Optional Displays the IEEE 802 1x status for the specified port interface type number Command Modes User EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This is an example of output from the show dot1x all command Device show dot1x all Sysauthcontrol Enabled Dot1x Protocol Version 3 ...

Page 842: ...D 0 RxReq 0 RxInvalid 0 RxLenErr 0 RxTotal 0 TxStart 0 TxLogoff 0 TxResp 0 TxReq 0 ReTxReq 0 ReTxReqFail 0 TxReqID 0 ReTxReqID 0 ReTxReqIDFail 0 TxTotal 0 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 816 show dot1x ...

Page 843: ...or keywords Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This is an example of output from the show eap pac peers privileged EXEC command Device show eap pac peers No PACs stored Related Commands Description Command Clears EAP session information for the switch or for the specified port clear eap sessio...

Page 844: ...statistics command Device show ip dhcp snooping statistics Packets Forwarded 0 Packets Dropped 0 Packets Dropped From untrusted ports 0 This is an example of output from the show ip dhcp snooping statistics detail command Device show ip dhcp snooping statistics detail Packets Processed by DHCP Snooping 0 Packets Dropped Because IDB not known 0 Queue full 0 Interface is in errdisabled 0 Rate limit ...

Page 845: ...mes the relay agent address field giaddr in the DHCP packet received on an untrusted port was not zero or the no ip dhcp snooping information option allow untrusted global configuration command is not configured and a packet received on an untrusted port contained option 82 data Nonzero giaddr Number of times the client MAC address field of the DHCP packet chaddr does not match the packet source M...

Page 846: ...f option 82 is not used and the client MAC address has aged out If IPSG is enabled with the port security option and option 82 is not enabled the MAC address of the client is not learned and the reply packets will be dropped Unknown output interface Number of times the output port for a DHCP reply packet is the same as the input port causing a possible loop Indicates a possible network misconfigur...

Page 847: ...rver groups that you defined by using the aaa group server radius command Examples This is an example of output from the show radius server group all command Device show radius server group all Server group radius Sharecount 1 sg_unconfigured FALSE Type standard Memlocks 1 This table describes the significant fields shown in the display Table 41 show radius server group command Field Descriptions ...

Page 848: ...ured with the nonstandard option the type will be shown as nonstandard Type An internal reference count for the server group structure that is in memory The number represents how many internal data structure packets or transactions are holding references to this server group Memlocks is used internally for memory management purposes Memlocks Command Reference Cisco IOS XE Everest 16 5 1a Catalyst ...

Page 849: ...pecified interface If you do not enter an interface ID settings appear for one traffic type for all ports on the switch If you do not enter a traffic type settings appear for broadcast storm control Examples This is an example of a partial output from the show storm control command when no keywords are entered Because no traffic type keyword was entered the broadcast storm control settings appear ...

Page 850: ...level as a percentage of total available bandwidth in packets per second or in bits per second Upper Displays the falling suppression level as a percentage of total available bandwidth in packets per second or in bits per second Lower Displays the bandwidth usage of broadcast traffic or the specified traffic type broadcast multicast or unicast as a percentage of total available bandwidth This fiel...

Page 851: ...e of output from the show vlan access map command Device show vlan access map Vlan access map vmap4 10 Match clauses ip address al2 Action forward Vlan access map vmap4 20 Match clauses ip address al2 Action forward Related Commands Description Command Displays information about all VLAN filters or about a particular VLAN or VLAN access map show vlan filter Defines a VLAN map and enters access map...

Page 852: ...es Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This is an example of output from the show vlan filter command Device show vlan filter VLAN Map map_1 is filtering VLANs 20 22 Related Commands Description Command Displays the VLAN access maps created on the switch show vlan access map Defines a VLAN map and enters acc...

Page 853: ...sage Guidelines The show vlan group command displays the existing VLAN groups and lists the VLANs and VLAN ranges that are members of each VLAN group If you enter the group name keyword only the members of the specified VLAN group are displayed Examples This example shows how to display the members of a specified VLAN group Device show vlan group group name group2 vlan group group1 40 45 This exam...

Page 854: ...l places The range is 0 00 to 100 00 Block the flooding of storm packets when the value specified for level is reached level Optional Falling suppression level up to two decimal places The range is 0 00 to 100 00 This value must be less than or equal to the rising suppression value If you do not configure a falling suppression level it is set to the rising suppression level level low Specifies the...

Page 855: ...s blocked Storm control is enabled only when the rising suppression level is less than 100 percent If no other storm control configuration is specified the default action is to filter the traffic causing the storm and to send no SNMP traps When the storm control threshold for multicast traffic is reached all multicast traffic except control traffic such as bridge protocol data unit BDPU and Cisco ...

Page 856: ...rm control broadcast level 75 5 This example shows how to enable unicast storm control on a port with a 87 percent rising suppression level and a 65 percent falling suppression level Device config if storm control unicast level 87 65 This example shows how to enable multicast storm control on a port with a 2000 packets per second rising suppression level and a 1000 packets per second falling suppr...

Page 857: ... list absolute Sets the inactivity aging type The secure addresses on this port age out only if there is no data traffic from the secure source address for the specified time period inactivity Command Default The port security aging feature is disabled The default time is 0 minutes The default aging type is absolute The default static aging behavior is disabled Command Modes Interface configuratio...

Page 858: ...e 120 This example sets the aging time as 2 minutes for inactivity aging type with aging enabled for configured secure addresses on the port Device config interface gigabitethernet1 0 2 Device config if switchport port security aging time 2 Device config if switchport port security aging type inactivity Device config if switchport port security aging static This example shows how to disable aging ...

Page 859: ...cifies the VLAN as an access VLAN vlan access Optional On an access port only specifies the VLAN as a voice VLAN The voice keyword is available only if voice VLAN is configured on a port and if that port is not the access VLAN Note vlan voice Enables the interface for sticky learning When sticky learning is enabled the interface adds all secure MAC addresses that are dynamically learned to the run...

Page 860: ...onfiguration but are removed from the address table The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses When you configure sticky secure MAC addresses by using the switchport port security mac address sticky mac address interface configuration command these addresses are added to the address table and the running configuration If port...

Page 861: ...rt security mac address sticky 0000 0000 4141 Device config if switchport port security mac address sticky 0000 0000 000f Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 835 switchport port security mac address ...

Page 862: ...ies the VLAN as a voice VLAN The voice keyword is available only if voice VLAN is configured on a port and if that port is not the access VLAN Note voice Command Default When port security is enabled and no keywords are entered the default maximum number of secure MAC addresses is 1 Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE ...

Page 863: ...ed value If the new value is less than the previous value and the number of configured secure addresses on the interface exceeds the new value the command is rejected Setting a maximum number of addresses to one and configuring the MAC address of an attached device ensures that the device has the full bandwidth of the port When you enter a maximum secure address value for an interface this occurs ...

Page 864: ... the maximum limit allowed on the port packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses You are not notified that a security violation has occurred We do not recommend configuring the protect mode on a trunk port The protect mode disables learning when...

Page 865: ... MAC addresses are in the address table and a station whose MAC address is not in the address table attempts to access the interface or when a station whose MAC address is configured as a secure MAC address on another secure port attempts to access the interface When a secure port is in the error disabled state you can bring it out of this state by entering the errdisable recovery cause psecure vi...

Page 866: ...inding reachable lifetime command reachable lifetime Lifetime value in seconds The range is from 1 to 86400 and the default is 300 value Keeps an entry in a reachable or stale state for an infinite amount of time infinite Disables tracking disable Optional Keeps the time entry in a stale state which overwrites the global stale lifetime configuration The stale lifetime is 86 400 seconds The stale l...

Page 867: ...e keyword with the tracking command overrides the global reachable lifetime configured by the ipv6 neighbor binding reachable lifetime command The stale lifetime keyword is the maximum time an entry is kept in the table before it is deleted or the entry is proven to be reachable either directly or indirectly Use of the reachable lifetime keyword with the tracking command overrides the global stale...

Page 868: ... to protect against address spoofing messages are analyzed so that the binding information that they carry can be used to maintain the binding table Bindings discovered from these ports will be considered more trustworthy than bindings received from ports that are not configured to be trusted Examples This example shows how to define an NDP policy name as policy1 place the switch in NDP inspection...

Page 869: ...VLAN access map entry number Command Default There are no VLAN map entries and no VLAN maps applied to a VLAN Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines In global configuration mode use this command to create or modify a VLAN map This entry changes the mode to VLAN access map configuratio...

Page 870: ...create a VLAN map named vac1 and apply matching conditions and actions to it If no other entries already exist in the map this will be entry 10 Device config vlan access map vac1 Device config access map match ip address acl1 Device config access map action forward This example shows how to delete VLAN map vac1 Device config no vlan access map vac1 Related Commands Description Command Sets the act...

Page 871: ...all VLANs all Command Default There are no VLAN filters Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines To avoid accidentally dropping too many packets and disabling connectivity in the middle of the configuration process we recommend that you completely define the VLAN access map before apply...

Page 872: ...he switch show vlan access map Displays information about all VLAN filters or about a particular VLAN or VLAN access map show vlan filter Defines a VLAN map and enters access map configuration mode where you can specify a MAC ACL to match and the action to be taken vlan access map Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 846 vlan filter ...

Page 873: ...on Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines If the named VLAN group does not exist the vlan group command creates the group and maps the specified VLAN list to the group If the named VLAN group exists the specified VLAN list is mapped to the group The no form of the vlan group command removes the specified VLAN list from the VLAN group When you remo...

Page 874: ...Related Commands Description Command Displays the VLANs mapped to VLAN groups show vlan group Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 848 vlan group ...

Page 875: ...P A R T XIII Stack Manager and High Availability Stack Manager and High Availability page 851 ...

Page 876: ......

Page 877: ...9 redundancy reload page 860 reload page 861 session page 863 show platform stack manager page 864 show redundancy page 865 show redundancy config sync page 869 show switch page 871 stack mac persistent timer page 875 stack mac update force page 877 standby console enable page 878 switch stack port page 879 switch priority page 881 switch provision page 882 switch renumber page 884 Command Referen...

Page 878: ...ult Debugging is disabled Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines This command is supported only on stacking capable switches The undebug platform stack manager command is the same as the no debug platform stack manager command When you enable debugging on a switch stack it is enabled only ...

Page 879: ...fication Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines From the redundancy main configuration submode use the standby console enable command to enable the standby switch Examples This example shows how to enter the redundancy main configuration submode and enable the standby switch Device config redundancy Device config red main cpu Device config r mc st...

Page 880: ...ust use identical Cisco IOS images on the switches in the stack to support SSO mode Redundancy may not work due to differences between the Cisco IOS releases If you perform an online insertion and removal OIR of the module the switch resets during the stateful switchover and the port states are restarted only if the module is in a transient state any state other than Ready The forwarding informati...

Page 881: ...x Description Specifies bulk configuration mode bulk Specifies line by line lbl configuration mode lbl Command Default The command is enabled by default Command Modes Redundancy configuration config red Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to specify that the standby switch is not reloaded if a parser ...

Page 882: ...PU submode which is used to enable the standby switch To enter the main CPU submode use the main cpu command while in redundancy configuration mode From the main CPU submode use the standby console enable command to enable the standby switch Use the exit command to exit redundancy configuration mode Examples This example shows how to enter redundancy configuration mode Device config redundancy Dev...

Page 883: ...atched commands command to display the Mismatched Command List MCL on the active switch and to reboot the standby switch The following is a log entry example for mismatched commands 00 06 31 Config Sync Bulk sync failure due to Servicing Incompatibility Please check full list of mismatched commands via show redundancy config sync failures mcl 00 06 31 Config Sync Starting lines from MCL file inter...

Page 884: ...t 3850 switches as a fallback in case of errors It is not configurable Note If you attempt to establish an SSO after removing the offending configuration and rebooting the standby switch with the same image the C3K_REDUNDANCY 2 IOS_VERSION_CHECK_FAIL and ISSU 3 PEER_IMAGE_INCOMPATIBLE messages appear because the peer image is listed as incompatible You can clear the peer image from the incompatibl...

Page 885: ...the Cisco IOS image and the modules are reset to their default settings The old active switch reboots with the new image and joins the stack If you use the redundancy force switchover command on the active switch the switchports on the active switch to go down If you use this command on a switch that is in a partial ring stack the following warning message appears Device redundancy force switchove...

Page 886: ...Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Before using this command see the Performing a Software Upgrade section of the Stacking Configuration Guide Catalyst 3650 Switches for additional information Use the redundancy reload shelf command to reboot all the switches in the stack Examples This example shows how to manually reload all switches in the s...

Page 887: ...ck member and then restarts it slot Optional Stack member number on which to save the changes The range is 1 to 9 stack member number Optional Reloads the standby route processor RP standby cpu Command Default Immediately reloads the stack member and puts a configuration change into effect Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3...

Page 888: ...stack member Device reload slot 6 Proceed with reload confirm y This example shows how to reload a single switch switch stack there is only one member switch Device reload slot 3 System configuration has been modified Save yes no y Proceed to reload the whole Stack confirm y Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 862 reload ...

Page 889: ...is command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines When you access the member its member number is appended to the system prompt Use the session command from the master to access a member Device Use the session command with processor 1 from the master or a standalone switch to access the internal controller A standalone Device is always member 1 Examples This example s...

Page 890: ...es the stack member for which to display stack manager information switch stack member number Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use the show platform stack manager command to collect data and statistics for the switch stack Use this command only when you are worki...

Page 891: ...ncy facility history reload Optional Displays a reverse log of past status and related information for the redundancy facility history reverse Optional Displays all slaves in the redundancy facility slaves Optional The name of the redundancy facility slave to display specific information for Enter additional keywords to display all clients or counters in the specified slave slave name Displays all...

Page 892: ...02 Peer slot 0 information is not available because it is in DISABLED state Device This example shows how to display redundancy facility client information Device show redundancy clients Group ID 1 clientID 20002 clientSeq 4 EICORE HA Client clientID 24100 clientSeq 5 WCM_CAPWAP clientID 24101 clientSeq 6 WCM RRM HA clientID 24103 clientSeq 8 WCM QOS HA clientID 24105 clientSeq 10 WCM_MOBILITY cli...

Page 893: ... seq 11 00 00 07 client added EICORE HA Client 20002 seq 4 00 00 09 client added WCM_MOBILITY 24105 seq 10 00 00 09 client added WCM_NETFLOW 24111 seq 16 00 00 09 client added WCM_APFROGUE 24107 seq 12 00 00 09 client added WCM RRM HA 24101 seq 6 00 00 09 client added WCM_MCAST 24112 seq 17 00 00 09 client added WCM_CIDS 24110 seq 15 00 00 09 client added wcm_comet 24120 seq 18 00 00 22 RF_STATUS_...

Page 894: ...ndancy states my state 13 ACTIVE peer state 1 DISABLED Mode Simplex Unit ID 1 Redundancy Mode Operational SSO Redundancy Mode Configured SSO Redundancy State Non Redundant Manual Swact disabled system is simplex no peer unit Communications Down Reason Simplex mode client count 75 client_notification_TMR 360000 milliseconds keep_alive TMR 9000 milliseconds keep_alive count 0 keep_alive threshold 18...

Page 895: ...EC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines When two versions of Cisco IOS images are involved the command sets supported by two images might differ If any of those mismatched commands are executed on the active switch the standby switch might not recognize those commands which causes a configuration mismatch condition I...

Page 896: ...back to the active switch A PRC failure occurs if these two PRCs do not match If a PRC error occurs at the standby switch either during bulk synchronization or line by line LBL synchronization the standby switch is reset To display all PRC failures use the show redundancy config sync failures prc command To display best effort method BEM errors use the show redundancy config sync failures bem comm...

Page 897: ...ry Command Default None Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines This command displays these states Initializing A switch has been just added to the stack and it has not completed the basic initialization to go to the ready state HA Sync in Progress After the standby is elected the...

Page 898: ...You can use the show switch command to identify whether the provisioned switch exists in the switch stack The show running config and the show startup config privileged EXEC commands do not provide this information The display also includes stack MAC persistency wait time if persistent MAC address is enabled Examples This example shows how to display summary stack information Device show switch Sw...

Page 899: ...etected but either no connected neighbor is up or the stack port is disabled OK A cable is detected and the connected neighbor is up Stack Port Status Switch number of the active member at the other end of the stack cable Neighbor Valid lengths are 50 cm 1 m or 3 m If the switch cannot detect the cable length the value is no cable The cable might not be connected or the link might be unreliable Ca...

Page 900: ...does not send valid protocol messages to the stack port Yes The link partner sends valid protocol messages to the port Sync OK The relative stability of the link If a large number of changes occur in a short period of time link flapping can occur Changes to LinkOK Whether a stack cable is attached to a stack port on the member No At least one stack port on the member has an attached stack cable Ye...

Page 901: ...even if a new active switch takes over The same behavior occurs when you enter the stack mac persistent timer command or the stack mac persistent timer 0 command When you enter the stack mac persistent timer command with a time value the stack MAC address will change to that of the new active switch after the period of time that you entered whenever a new switch becomes the active switch If the pr...

Page 902: ...ig stack mac persistent timer You can verify your settings by entering the show running config privileged EXEC command If enabled stack mac persistent timer is shown in the output Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 876 stack mac persistent timer ...

Page 903: ... of the stack the stack mac update force command has no effect It does not change the stack MAC address to the MAC address of the active switch If you do not change the stack MAC address Layer 3 interface flapping does not occur It also means that a foreign MAC address a MAC address that does not belong to any of the switches in the stack could be the stack MAC address If the switch with this fore...

Page 904: ...ubmode Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines This command is used to collect and review specific data about the standby console The command is useful primarily for Cisco technical support representatives troubleshooting the switch Examples This example shows how to enter the redundancy main configuration submode and e...

Page 905: ... in the full ring state when all members are connected through the stack ports and are in the ready state The stack is in the partial ring state when the following occurs All members are connected through their stack ports but some are not in the ready state Some members are not connected through the stack ports Be careful when using the switch stack member number stack port port number disable co...

Page 906: ...tial ring state you cannot disable the port This message appears Disabling stack port not allowed with current stack configuration Examples This example shows how to disable stack port 2 on member 4 Device switch 4 stack port 2 disable Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 880 switch stack port ...

Page 907: ...and Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The new priority value is a factor when a new active switch is elected When you change the priority value the active switch is not changed immediately Examples This example shows how to change the priority value of stack member 6 to 8 Device swi...

Page 908: ...avoid receiving an error message you must remove the specified switch from the switch stack before using the no form of this command to delete a provisioned configuration To change the switch type you must also remove the specified switch from the switch stack You can change the stack member number of a provisioned switch that is physically present in the switch stack if you do not also change the...

Page 909: ...switch Device config switch 2 provision WS xxxx Device config end Device show running config include switch 2 interface GigabitEthernet2 0 1 interface GigabitEthernet2 0 2 interface GigabitEthernet2 0 3 output truncated You also can enter the show switch user EXEC command to display the provisioning status of the switch stack This example shows how to delete all configuration information about sta...

Page 910: ...e stack member If you change the number of a stack member and no configuration is associated with the new stack member number that stack member loses its current configuration and resets to its default configuration Note Do not use the switch current stack member number renumber new stack member number command on a provisioned switch If you do the command is rejected Use the reload slot current st...

Page 911: ...P A R T XIV System Management Autonomic Networking page 887 System Management page 903 Tracing page 983 ...

Page 912: ......

Page 913: ...nomic page 892 show autonomic control plane page 893 show autonomic device page 895 show autonomic interfaces page 896 show autonomic intent page 898 show autonomic l2 channels page 899 show autonomic service page 900 show autonomic neighbor page 901 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 887 ...

Page 914: ...discovery no autonomic adjacency discovery Command Default Adjacency discovery is not enabled Command Modes Interface configuration config if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Examples To enable adjacency discovery Device config interface Tunnel100 Device config if autonomic adjacency discovery Command Reference Cisco IOS XE Everest 16 5 1a...

Page 915: ...ig if Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines You need to configure no switchport on the interface before configuring the autonomic connect command Examples To connect a non autonomic device to autonomic domain Device enable Device configure terminal Device config int gig 1 0 1 Device config if no switchport Device config if auto...

Page 916: ...ar accepted device clears the public key stored for each device enrolled by the registrar Examples To clear all device specific autonomic information Device clear autonomic device invoke syslog_an_delete_host vrf cisco_autonomic discriminator Device Jul 15 05 55 53 987 SYS 5 CONFIG_I Configured from console by console Jul 15 05 55 53 988 PKI 4 NOCONFIGAUTOSAVE Configuration was modified Issue writ...

Page 917: ...S PKI configuration Jul 15 05 57 05 841 SYS 5 CONFIG_I Configured from console by console Jul 15 05 57 06 308 PKI 4 NOCONFIGAUTOSAVE Configuration was modified Issue write memory to save new IOS PKI configuration Jul 15 05 57 06 311 SYS 5 CONFIG_I Configured from console by console Jul 15 05 57 06 313 SYS 5 CONFIG_I Configured from console by console Jul 15 05 57 06 314 SYS 5 CONFIG_I Configured f...

Page 918: ...ables debugging of infra information Infra Enables debugging of intent information Intent Enables debugging of neighbor information Neighbor Discovery Enables debugging of registrar information Registrar Enables debugging of autonomic services information Services Enables debugging authentication authorization and accounting information aaa Enables all debugging all Provides information about auto...

Page 919: ...ity PID WS C3850 24U SN FCW1934D05Z Tunnel100002 DIKE To display information about the autonomic control plane in detail Device show autonomic control plane detail VRF Name cisco_autonomic Device Address FD08 2EEF C2EE 0 E865 493B ACFB 7 RPL grounded node Dag id FD08 2EEF C2EE 0 E865 493B ACFB 1 Neighbor PID WS C3850 24U SN FCW1934D05Z Uptime Created Time 00 12 16 2016 07 15 05 38 53 UTC Supported...

Page 920: ...de details RPL Unique Device Identifier UDI of the neighbor Neighbor Tunnel name Tunnel Name IP address of the source tunnel interface Tunnel Source Interface IP address of the tunnel source Tunnel Source IP address of the destination Tunnel Destination Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 894 show autonomic control plane ...

Page 921: ...S XE Denali 16 3 1 Examples To display the autonomic device information Device show autonomic device Status Enabled Type Autonomic Node UDI PID WS C3650 24TD SN FDO1942E1YK Device ID e865 493b acfb 7 Domain ID cisco com Domain Certificate sub ou cisco com serialNumber PID WS C3650 24TD SN FDO1942E1YK cn e865 493b acfb 7 Certificate Serial Number 09 Device Address FD08 2EEF C2EE 0 E865 493B ACFB 7 ...

Page 922: ...rnet1 0 9 None No L2 untagged If GigabitEthernet1 0 10 None No L2 untagged If GigabitEthernet1 0 11 None No L2 untagged If GigabitEthernet1 0 12 None No L2 untagged If GigabitEthernet1 0 13 None No L2 untagged If GigabitEthernet1 0 14 None No L2 untagged If GigabitEthernet1 0 15 None No L2 untagged If GigabitEthernet1 0 16 None No L2 untagged If GigabitEthernet1 0 17 None No L2 untagged If Gigabit...

Page 923: ...own in the display Table 45 show autonomic interface Field Descriptions Description Field Interface name Interface Channel discovery Channel Disc AD Enabled Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 897 show autonomic interfaces ...

Page 924: ...as introduced Cisco IOS XE Denali 16 3 1 Usage Guidelines Intent is automatically sent to all nodes in an autonomic domain So every node should show the same intent Examples To display information about the configured intent range Device show autonomic intent Intent File Available Version Num 1443520505 Parsed Version Time 2015 09 29 09 55 05 UTC Outer Vlans 30 35 40 45 Outer Vlans count 8 Command...

Page 925: ...isplay the results of Channel Discovery Device show autonomic l2 channels AN L2 Channel Discovery Info Nbr UDI Encap Our Intf State Retry PID WS C3850 24U SN FCW1934D05Z 4018 Gi1 0 3 Active 1 To display more detailed information Device show autonomic l2 channels detail AN L2 Channel Discovery Info Nbr UDI PID WS C3850 24U SN FCW1934D05Z ANI Intf ANI1 Encap 0 Nbr Intf GigabitEthernet1 0 3 Our Intf ...

Page 926: ...EXEC Command History Modification Release This command was introduced Cisco IOS XE Denali 16 3 1 Examples To display information about the services Device show autonomic service Service IP Addr Syslog 5000 100 AAA 5000 100 AAA Accounting Port 1813 AAA Authorization Port 1812 Autonomic registrar FD08 2EEF C2EE 0 E865 493B ACFB 1 ANR type IOS CA Config Server Address 5000 100 Auto IP Server UNKNOWN ...

Page 927: ...om the show autonomic neighbor detail command Device show autonomic neighbor detail UDI PID WS C3850 24U SN FCW1934D05Z Device ID e865 493b acfb 5 Domain ID cisco com Address FD08 2EEF C2EE 0 E865 493B ACFB 5 State Nbr inside the Domain Credential Domain Cert Credential Validation Passed Last Validated Time 2016 07 15 05 48 37 UTC Certificate Expiry Date 2017 07 15 05 30 39 UTC Certificate Expire ...

Page 928: ...de an autonomic domain it must have a valid domain certificate State Detection method Credential Detection validation Credential Validation Number of neighbors detected Number of Links connected Interface from which the neighbor is connected Local Interface Interface to which the neighbor is connected Remote Interface IPv6 address of the neighbor IP Address Command Reference Cisco IOS XE Everest 1...

Page 929: ...agnostics mac address page 914 delete page 915 dir page 916 emergency install page 918 exit page 920 flash_init page 921 help page 922 license right to use page 923 location page 925 location plm calibrating page 929 mac address table move update page 930 mgmt_init page 932 mkdir page 933 more page 934 no debug all page 935 rename page 936 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 36...

Page 930: ...ow location page 961 show location ap detect page 962 show mac address table move update page 964 show platform integrity page 965 show platform sudi certificate page 966 show sdm prefer page 968 system env temperature threshold yellow page 970 test cable diagnostics tdr page 972 traceroute mac page 973 traceroute mac ip page 976 type page 979 unset page 980 version page 982 Command Reference Cisc...

Page 931: ...loader Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The ARP table contains the IP address to MAC address mappings Examples This example shows how to display the ARP table Device arp 172 20 136 8 arp ing 172 20 136 8 172 20 136 8 is at 00 1b 78 d1 25 ae via port 0 Related Commands Description Command Sets or displays environm...

Page 932: ...fault behavior or values Command Modes Boot loader Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines When you enter the boot command without any arguments the device attempts to automatically boot the system by using the information in the BOOT environment variable if any If you supply an image name for the file url variable the ...

Page 933: ...After entering this command you are prompted to start the setup program Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 907 boot ...

Page 934: ...elines Filenames and directory names are case sensitive If you specify a list of files the contents of each file appears sequentially Examples This example shows how to display the contents of an image file Device cat flash image_file_name version_suffix universal 122 xx SEx version_directory image_file_name image_system_type_id 0x00000002 image_name image_file_name bin ios_image_file_size 8919552...

Page 935: ... mac address mac address Specifies all of the RFID tags in the database rfid Command Default No default behavior or values Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to clear information about all of the RFID tags in the database Device clear location rfid Command Refe...

Page 936: ...nd Default No default behavior or values Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples The following is sample output from the clear location rfid command and shows how to clear RFID statistics Device clear location statistics Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switche...

Page 937: ...ilenames and directory names are case sensitive Directory names are limited to 127 characters between the slashes the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Filenames are limited to 127 characters the name cannot contain control characters spaces deletes slashes quotes semicolons or colons If you are copying a file to a new directory the directory...

Page 938: ...troduced Cisco IOS XE Release 16 1 Usage Guidelines To copy your current configurations from the switch run the command copy startup config tftp and follow the instructions The configurations are copied onto the TFTP server Then login to another switch and run the command copy tftp startup config and follow the instructions The configurations are now copied onto the other switch Examples This exam...

Page 939: ...d Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Release 16 1 Usage Guidelines After the configurations are copied to save your configurations use write memory command and then either reload the switch or run the copy startup config running config command Examples This example shows how to copy the configuration settings from the TFTP server ont...

Page 940: ...ifies MAC addresses of the voice clients mac address mac address1 mac address mac address2 Enables verbose mode for voice diagnostics verbose Command Default No default behavior or values Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples The following is sample output from the debug voice diagnostics mac add...

Page 941: ...duced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Filenames and directory names are case sensitive The device prompts you for confirmation before deleting each file Examples This example shows how to delete two files Device delete usbflash0 test2 text usbflash0 test5 text Are you sure you want to delete usbflash0 test2 text y n y File usbflash0 test2 text deleted Are you sure you want to...

Page 942: ...oduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Directory names are case sensitive Examples This example shows how to display the files in flash memory Device dir flash Directory of flash 2 rwx 561 Mar 01 2013 00 48 15 express_setup debug 3 rwx 2160256 Mar 01 2013 04 18 48 c2960x dmon mz 150 2r EX 4 rwx 1048 Mar 01 2013 00 01 39 multiple fs 6 drwx 512 Mar 01 2013 23 11 42 c2960x unive...

Page 943: ...Size of the file 1644045 Last modification date date Filename env_vars Related Commands Description Command Creates one or more directories on the specified file system mkdir Removes one or more empty directories from the specified file system rmdir Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 917 dir ...

Page 944: ...evice emergency install tftp url The bootflash will be erased during install operation continue y n y Starting emergency recovery tftp url Reading full image into memory done Nova Bundle Image Kernel Address 0x6042d5c8 Kernel Size 0x317ccc 3243212 Initramfs Address 0x60745294 Initramfs Size 0xdc6774 14444404 Compression Format mzip Bootable image at ram 0x6042d5c8 Bootable image segment 0 address ...

Page 945: ...gned Preparing flash Syncing device Emergency Install successful Rebooting Restarting system ufffd Booting use DDR clock 667 MHz Initializing and Testing RAM done Memory Test Pass Base ethernet MAC Address 20 37 06 ce 25 80 Initializing Flash flashfs 7 0 files 1 directories flashfs 7 0 orphaned files 0 orphaned directories flashfs 7 Total bytes 6784000 flashfs 7 Bytes used 1024 flashfs 7 Bytes ava...

Page 946: ...nd Default No default behavior or values Command Modes Privileged EXEC Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to exit the configuration mode Device config exit Device Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 920 exit ...

Page 947: ...mmand Modes Boot loader Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines During the normal boot process the flash file system is automatically initialized Use this command to manually initialize the flash file system For example you use this command during the recovery procedure for a lost or forgotten password Command Reference...

Page 948: ...SE Examples This example shows how to display a list of available boot loader commands Device help Present list of available commands arp Show arp table or arp resolve an address boot Load and boot an executable image cat Concatenate type file s copy Copy a file delete Delete file s dir List files in directories emergency install Initiate Disaster Recovery unset Unset one or more environment varia...

Page 949: ...om 5 to 50 apcount count Activates ipbase licenses on the switch ipbase count Activates ipservices licenses on the switch ipservices count Activates lanbase licenses on the switch lanbase count Syntax Description This command has no arguments or keywords Command Default No default behavior or values Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisc...

Page 950: ...icense right to use deactivate apcount evaluation Device end This example shows how to add a new ap count license Device license right to use activate apcount 500 slot 1 Device end Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 924 license right to use ...

Page 951: ...anumeric format admin tagstring Configures civic location information civic location Specifies the name of the civic location emergency or geographical location identifier Defines the host civic or geo spatial location host Name of the civic emergency or geographical location The identifier for the civic location in the LLDP MED switch TLV is limited to 250 bytes or less To avoid error messages ab...

Page 952: ...ion code additional location information Sets additional civic location information branch road name Sets the branch road name building Sets building information city Sets the city name country Sets the two letter ISO 3166 country code county Sets the county name default Sets a command to its defaults division Sets the city division name exit Exits from the civic location configuration mode floor ...

Page 953: ...d to latitude and longitude resolution parameters For latitude and longitude the resolution unit is measured in meters The resolution value can also be a fraction default Sets the geographical location to its default attribute exit Exits from geographical location configuration mode no Negates the specified geographical parameters and sets the default value Use the no lldp med tlv select location ...

Page 954: ...onfig location geo location identifier host Device config geo latitude 12 34 Device config geo longitude 37 23 Device config geo altitude 5 floor Device config geo resolution 12 34 You can use the show location geo location identifier command to display the configured geo spatial location details Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 928 location ...

Page 955: ...fault behavior or values Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The uniband is useful for single radio clients even if the radio is a dual band and can operate in the 2 4 GHz and the 5 GHz bands The multiband is useful for multiple radio clients Examples This example shows how to conf...

Page 956: ...duced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The MAC address table move update feature allows the switch to provide rapid bidirectional convergence if a primary forwarding link goes down and the standby link begins forwarding traffic You can configure the access switch to send the MAC address table move update messages if the primary link goes down and the standby link comes up You ...

Page 957: ...u can verify your setting by entering the show mac address table move update privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 931 mac address table move update ...

Page 958: ...r values Command Modes Boot loader Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use the mgmt_init command only during debugging of the Ethernet management port Examples This example shows how to initialize the Ethernet management port Device mgmt_init Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 932 ...

Page 959: ...o IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Directory names are case sensitive Directory names are limited to 127 characters between the slashes the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Examples This example shows how to make a directory called Saved_Configs Device mkdir usbflash0 Saved_Configs Directory usbflash0 Saved_Configs created Rel...

Page 960: ...XE 3 3SE Usage Guidelines Filenames and directory names are case sensitive If you specify a list of files the contents of each file appears sequentially Examples This example shows how to display the contents of a file Device more flash image_file_name version_suffix universal 122 xx SEx version_directory image_file_name image_system_type_id 0x00000002 image_name image_file_name bin ios_image_file...

Page 961: ...r or values Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Release 16 1 Examples This example shows how to disable debugging on a switch Device no debug all All possible debugging has been turned off Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 935 no debug all ...

Page 962: ...o IOS XE 3 3SE Usage Guidelines Filenames and directory names are case sensitive Directory names are limited to 127 characters between the slashes the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Filenames are limited to 127 characters the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Examples This example sho...

Page 963: ...er Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to reset the system Device reset Are you sure you want to reset the system y n y System resetting Related Commands Description Command Performs a hard reset on the system reset Performs a hard reset on the system reset Runs the Time Domain Reflector TDR feature o...

Page 964: ...are case sensitive and limited to 45 characters between the slashes the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Before removing a directory you must first delete all of the files in the directory The device prompts you for confirmation before deleting each directory Examples This example shows how to remove a directory Device rmdir usbflash0 Test Y...

Page 965: ... 3 3SE Usage Guidelines In a device stack all stack members must use the same SDM template that is stored on the active device When a new device is added to a stack the SDM configuration that is stored on the active device overrides the template configured on an individual device Examples This example shows how to configure the advanced template Device config sdm prefer advanced Device config exit...

Page 966: ...Break key on the console Valid values are 1 Yes On 0 No and Off If set to 1 Yes or On you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system has initialized HELPER filesystem file url Identifies a semicolon separated list of loadable files to dynamically load during the boot loader initialization Helper files extend or patch the functional...

Page 967: ...es are predefined and have default values Note Command Modes Boot loader Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Environment variables are case sensitive and must be entered as documented Environment variables that have values are stored in flash memory outside of the flash file system Under typical circumstances it is ...

Page 968: ...e device stack member number priority priority number global configuration command The boot loader prompt string PS1 can be up to 120 printable characters not including the equal sign Examples This example shows how to set the SWITCH_PRIORITY environment variable Device set SWITCH_PRIORITY 2 You can verify your setting by using the set boot loader command Related Commands Description Command Perfo...

Page 969: ...ed EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples The following is sample output from the show avc client command Device sh avc client 0040 96ae 65ec top 10 application aggregate Cumulative Stats No AppName Packet Count Byte Count AvgPkt Size usage 1 skinny 7343 449860 61 94 2 unknown 99 13631 137 3 3 dhcp 18 8752 486 2 4 http 18 3264 181 1 5 tftp...

Page 970: ...e SFP module ports Examples This example shows the output from the show cable diagnostics tdr interface interface id command on a device Device show cable diagnostics tdr interface gigabitethernet1 0 23 TDR test last run on March 01 00 04 08 Interface Speed Local pair Pair length Remote pair Pair status Gi1 0 23 1000M Pair A 1 1 meters Pair A Normal Pair B 1 1 meters Pair B Normal Pair C 1 1 meter...

Page 971: ... The interface does not support TDR Open The pair of wires is open Shorted The pair of wires is shorted ImpedanceMis The impedance is mismatched Short Impedance Mismatched The impedance mismatched or the cable is short InProgress The diagnostic test is in progress Pair status This example shows the output from the show interface interface id command when TDR is running Device show interface gigabi...

Page 972: ...DR test is not supported on device 1 Related Commands Description Command Runs the Time Domain Reflector TDR feature on an interface test cable diagnostics tdr Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 946 show cable diagnostics tdr ...

Page 973: ...lease 16 1 Usage Guidelines Because debugging output is assigned high priority in the CPU process it can render the system unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff Moreover it is best to use debug commands during periods of lower network traffic and fewer users Debugging during these per...

Page 974: ... for each switch in the stack or for a specified switch The range is 1 to 9 depending on the switch member numbers in the stack stack switch number Displays the switch temperature status temperature Optional Displays the temperature status and threshold values status Command Default No default behavior or values Command Modes User EXEC Privileged EXEC Command History Modification Release This comm...

Page 975: ... state and threshold values Device show env temperature status Temperature Value 32 Degree Celsius Temperature State GREEN Yellow Threshold 41 Degree Celsius Red Threshold 56 Degree Celsius Device Table 49 States in the show env temperature status Command Output Description State The switch temperature is in the normal operating range Green The temperature is in the warning range You should check ...

Page 976: ...to retrieve the non default configuration configuration Displays the configuration and status of all ports or the specified XPS port Port numbers are from 1 to 9 port all number Displays the status of the XPS power supplies power Displays the XPS system status system Displays the XPS thermal status thermal Displays the XPS upgrade status upgrade Displays the XPS version details version Command Mod...

Page 977: ... name Connected Yes Mode Enabled On Priority 1 Data stack switch Configured role Auto SP Run mode SP PS Stack Power Power Sharing Mode Cable faults 0x0 XPS 0101 0100 0000 Port 2 Port name Connected Yes Mode Enabled On Priority 2 Data stack switch Configured role Auto SP Run mode SP PS Stack Power Power Sharing Mode Cable faults 0x0 XPS 0101 0100 0000 Port 3 Port name Connected No Mode Enabled On P...

Page 978: ...how env xps upgrade command when no upgrade is occurring Switch show env xps upgrade No XPS is connected and upgrading These are examples of output from the show env xps upgrade command when an upgrade is in process Switch show env xps upgrade XPS Upgrade Xfer SW Status Prog 1 Waiting 0 Switch Mar 22 03 12 46 723 PLATFORM_XPS 6 UPGRADE_START XPS 0022 bdd7 9b14 upgrade has started through the Servi...

Page 979: ...UT Hardware Version 8 Bootloader Version 7 Software Version 18 Table 50 Related Commands Description Command Configures XPS and XPS port names power xps global configuration command Configures the XPS ports and system power xps privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 953 show env xps ...

Page 980: ...ame Optional Displays the contents of the cache for the flow monitor cache Optional Specifies the use of one of the format options for formatting the display output format Optional Displays the flow monitor cache contents in comma separated variables CSV format csv Optional Displays the flow monitor cache contents in record format record Optional Displays the flow monitor cache contents in table f...

Page 981: ...cs Update Timeout 1800 secs This table describes the significant fields shown in the display Table 51 show flow monitor monitor name Field Descriptions Description Field Name of the flow monitor that you configured Flow Monitor Description that you configured or the monitor or the default description User defined Description Flow record assigned to the flow monitor Flow Record Exporters that are a...

Page 982: ... TRNS SOURCE PORT 1111 TRNS DESTINATION PORT 2222 IP VERSION 6 IP PROTOCOL 6 IP TOS 0x05 IP TTL 11 tcp flags 0x20 counter bytes long 132059538 counter packets long 1158417 This table describes the significant fields shown in the display Table 52 show flow monitor monitor name cache Field Descriptions Description Field Flow monitor cache type The value is always normal as it is the only supported c...

Page 983: ...cs and data for the flow monitor named FLOW MONITOR 1 in a table format Device show flow monitor FLOW MONITOR 1 cache format table Cache type Normal Platform cache Cache size Unknown Current entries 1 Flows added 3 Flows aged 2 Active timeout 300 secs 2 DATALINK MAC SRC ADDR INPUT DATALINK MAC DST ADDR INPUT IPV6 SRC ADDR IPV6 DST ADDR TRNS SRC PORT TRNS DST PORT IP VERSION IP PROT IP TOS IP TTL t...

Page 984: ...PORT 2222 IP VERSION 6 IP PROTOCOL 6 IP TOS 0x05 IP TTL 11 tcp flags 0x20 counter bytes long 132059538 counter packets long 1158417 The following example displays the status and statistics for a flow monitor Device show flow monitor FLOW MONITOR 1 statistics Cache type Normal Platform cache Cache size Unknown Current entries 1 Flows added 3 Flows aged 2 Active timeout 300 secs 2 Command Reference ...

Page 985: ...ses usage Command Default No default behavior or values Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples The following is sample output from the show license right to use usage command and displays all the detailed information Device show license right to use usage Slot License Name Type usage dur...

Page 986: ...sample output from the show license right to use summary command when the evaluation license is active Device show license right to use summary License Name Type Count Period left apcount evaluation 1000 50 Evaluation AP Count Enabled Total AP Count Licenses 1000 AP Count Licenses In use 100 AP Count Licenses Remaining 900 The following is sample output from the show license right to use summary c...

Page 987: ...n rfid Displays the summary of RFID tags that are clients client Displays the configuration options for RFID tag tracking config Displays the detailed information for one rfid tag detail MAC addr Displays summary information for all known rfid tags summary Command Default No default behavior or values Command Modes Privileged EXEC Command History Modification Release This command was introduced Ci...

Page 988: ...nt information rogue client Specified access point name ap name Command Default No default behavior or values Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples The following is sample output from the show location ap detect client command Device show location ap detect client AP02 Clients MAC Address Status ...

Page 989: ...Rogue Clients MAC Address State Slot Rssi 0040 96b3 bce6 Alert 1 58 586d 8ff0 891a Alert 1 72 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 963 show location ap detect ...

Page 990: ... move update command Device show mac address table move update Switch ID 010b 4630 1780 Dst mac address 0180 c200 0010 Vlans Macs supported 1023 8320 Default Current settings Rcv Off On Xmt Off On Max packets per min Rcv 40 Xmt 60 Rcv packet count 10 Rcv conforming packet count 5 Rcv invalid packet count 0 Rcv packet count this min 0 Rcv threshold exceed count 0 Rcv last sequence this min 0 Rcv la...

Page 991: ...8C50C7C9AB PCR8 E7B61EC32AFA43DA1FF4D77F108CA266848B32924834F5E41A9F6893A9CB7A38 Signature version 1 Signature 816C5A29741BBAC1961C109FFC36DA5459A44DBF211025F539AFB4868EF91834C05789 5DAFBC7474F301916B7D0D08ABE5E05E66598426A73E921024C21504383228B6787B74 8526A305B17DAD3CF8705BACFD51A2D55A333415CABC73DAFDEEFD8777AA77F482EC4B 731A09826A41FB3EFFC46DC02FBA666534DBEC7DCC0C029298DB8462A70DBA26833C2A 1472D...

Page 992: ...RQgYCUTOG rksc35LtLgXfAgED o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH BAUwAwEB zAdBgNVHQ4EFgQUJ PI FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW Yqpao2TB9k5UM8Z3 sUcuuVdJcr18JOagxEu5sv4dEX 5wW4q ffy0vhN4TauYuX cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz Bvt9YAretIpjsJyp8qS5UwGH0GikJ3 r n6yUA4iGe0OcaEb...

Page 993: ...tMTJYNDhVWiBTTjpG RE8xOTMyWDAwQzEOMAwGA1UEChMFQ2lzY28xGDAWBgNVBAsTD0FDVC0yIExpdGUg U1VESTEZMBcGA1UEAxMQV1MtQzM2NTAtMTJYNDhVWjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBANZxOGYI0eUl4HcSwjL4HO75qTjl9C2BHG3ufce9ikkN xwGXi8qg8vKxuB9tRYRaJC5bP1WMoq7 ZJtQA079xE4X14soNbkq5NaUhh7RB1wD iRUJvTfCOzVICbNfbzvtB30I75tCarFNmpd0K6AFrIa41U988QGqaCj7R1JrYNaj nC73UXXM hC0HtNR5mhyqer5Y2qjjzo6tHZYqrrx2eS1XOa262ZSQriAx...

Page 994: ...ate The numbers displayed for each template represent an approximate maximum number for each feature resource The actual number might vary depending on the actual number of other features configured For example in the default template if your device had more than 16 routed interfaces subnet VLANs the number of possible unicast MAC addresses might be less than 6000 Examples The following is sample ...

Page 995: ...GT Overflow entries 512 These numbers are typical for L2 and IPv4 features Some features such as IPv6 use up double the entry size so only half as many entries can be created Device Related Commands Description Command Specifies the SDM template to be used on the switch sdm prefer Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 969 show sdm prefer ...

Page 996: ... Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines You cannot configure the green and red thresholds but can configure the yellow threshold Use the system env temperature threshold yellow value global configuration command to specify the difference between the yellow and red thresholds and to configure the ye...

Page 997: ...ht vary 5 degrees C Note Examples This example sets 15 as the difference between the yellow and red thresholds Device config system env temperature threshold yellow 15 Device config Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 971 system env temperature threshold yellow ...

Page 998: ...erface id privileged EXEC command to display the results Examples This example shows how to run TDR on an interface Device test cable diagnostics tdr interface gigabitethernet1 0 2 TDR test started on interface Gi1 0 2 A TDR test can take a few seconds to run on an interface Use show cable diagnostics tdr to read the TDR results If you enter the test cable diagnostics tdr interface interface id co...

Page 999: ... or values Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines For Layer 2 traceroute to function properly Cisco Discovery Protocol CDP must be enabled on all of the devicees in the network Do not disable CDP When the device detects a device in the Layer 2 path that does not support Layer 2 traceroute ...

Page 1000: ...0000 0201 0601 found on con6 WS C3750E 24PD 2 2 6 6 con6 WS C3750E 24PD 2 2 6 6 Gi0 0 2 auto auto Gi0 0 3 auto auto con5 WS C2950G 24 EI 2 2 5 5 Fa0 3 auto auto Gi0 1 auto auto con1 WS C3550 12G 2 2 1 1 Gi0 1 auto auto Gi0 2 auto auto con2 WS C3550 24 2 2 2 2 Gi0 2 auto auto Fa0 1 auto auto Destination 0000 0201 0201 found on con2 WS C3550 24 2 2 2 2 Layer 2 trace completed This example shows how ...

Page 1001: ...acs are on different vlans Layer2 trace aborted This example shows the Layer 2 path when the destination MAC address is a multicast address Device traceroute mac 0000 0201 0601 0100 0201 0201 Invalid destination mac address This example shows the Layer 2 path when source and destination devicees belong to multiple VLANs Device traceroute mac 0000 0201 0601 0000 0201 0201 Error Mac found on multipl...

Page 1002: ...EC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines For Layer 2 traceroute to function properly Cisco Discovery Protocol CDP must be enabled on each device in the network Do not disable CDP When the device detects a device in the Layer 2 path that does not support Layer 2 traceroute the device continues to send Layer 2 trace que...

Page 1003: ...2950G 24 EI 2 2 6 6 con6 WS C3750E 24TD 2 2 6 6 Gi0 0 1 auto auto Gi0 0 3 auto auto con5 WS C2950G 24 EI 2 2 5 5 Fa0 3 auto auto Gi0 1 auto auto con1 WS C3550 12G 2 2 1 1 Gi0 1 auto auto Gi0 2 auto auto con2 WS C3550 24 2 2 2 2 Gi0 2 auto auto Fa0 1 auto auto Destination 0000 0201 0201 found on con2 WS C3550 24 2 2 2 2 Layer 2 trace completed This example shows how to display the Layer 2 path by s...

Page 1004: ...nd Displays the Layer 2 path taken by the packets from the specified source MAC address to the specified destination MAC address traceroute mac Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 978 traceroute mac ip ...

Page 1005: ...XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Filenames and directory names are case sensitive If you specify a list of files the contents of each file appear sequentially Examples This example shows how to display the contents of a file Device type flash image_file_name version_suffix universal 122 xx SEx version_directory image_file_name image_system_type_id 0x00000002 image_name image_file_name b...

Page 1006: ...lash file system has been initialized HELPER Identifies the semicolon separated list of loadable files to dynamically load during the boot loader initialization Helper files extend or patch the functionality of the boot loader PS1 Specifies the string that is used as the command line prompt in boot loader mode CONFIG_FILE Resets the filename that Cisco IOS uses to read and write a nonvolatile copy...

Page 1007: ... The HELPER environment variable can also be reset by using the no boot helper global configuration command The CONFIG_FILE environment variable can also be reset by using the no boot config file global configuration command Examples This example shows how to unset the SWITCH_PRIORITY environment variable Device unset SWITCH_PRIORITY Related Commands Description Command Sets or displays environmen...

Page 1008: ...Modes Boot loader Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to display the boot loader version on a device Device version CAT3K_CAA Boot Loader CAT3K_CAA HBOOT M Version 1 2 RELEASE SOFTWARE P Compiled Sun Jul 14 20 22 00 PDT 2013 by rel Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches ...

Page 1009: ...e files are useful for the following purposes Troubleshooting If a switch has an issue the trace file output may provide information that can be used for locating and solving the issue Debugging The trace file outputs helps users get a more detailed view of system actions and operations To view the most recent trace information for a specific module use the show platform software trace message com...

Page 1010: ...es that are maintained for a process is 25 Rotation and Throttling Policy Initially all the tracelog files are moved from the initial tmp FRU trace directory to the tmp FRU trace stage staging directory The btrace_rotate script then moves these tracelogs from the staging directory to the crashinfo tracelogs directory When the number of files stored in the crashinfo tracelogs directory per process ...

Page 1011: ...essage is regarding a system warning Warning The message is regarding a significant issue but the switch is still working normally Notice The message is useful for informational purposes only Informational The message provides debug level output Debug All possible trace messages are sent Verbose All possible trace messages for the module are logged The noise level is always equal to the highest po...

Page 1012: ...Engine Driver process forwarding manager The Forwarding Manager process host manager The Host Manager process iomd The Input Output Module daemon IOMd process ios The IOS process license manager The License Manager process logger The Logging Manager process platform mgr The Platform Manager process pluggable services The Pluggable Services process replication mgr The Replication Manager process sh...

Page 1013: ... that SIP For instance if you want to specify the SPA in bay 2 of the SIP in switch slot 3 enter 3 2 F0 The Embedded Service Processor in slot 0 FP active The active Embedded Service Processor R0 The route processor in slot 0 RP active The active route processor switch number The switch with its number specified switch active The active switch switch standby The standby switch slot Module within t...

Page 1014: ...ible for a module even if future enhancements to this command introduce options that allow users to set higher tracing levels notice The message is regarding a significant issue but the switch is still working normally verbose Verbose level tracing All possible tracing messages are sent when the trace level is set to verbose warning Warning messages trace level Command Default The default tracing ...

Page 1015: ... for debugging The trace level is a setting that determines how much information should be stored in trace files about a module Examples This example shows how to set the trace level for all the modules in dbm process Device set platform software trace dbm R0 all modules debug Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 989 set platform software trace ...

Page 1016: ...r argument based on which a trace is tagged contextmac address Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Denali 16 1 1 Usage Guidelines This command collates and sorts all the logs present in the tmp across all the processes relevant to the module The trace logs of all the processes relevant to the specified module are pri...

Page 1017: ...t manager The Host Manager process interface manager The Interface Manager process iomd The Input Output Module daemon IOMd process ios The IOS process license manager The License Manager process logger The Logging Manager process platform mgr The Platform Manager process pluggable services The Pluggable Services process replication mgr The Replication Manager process shell manager The Shell Manag...

Page 1018: ...rocessor switch number The switch with its number specified switch active The active switch switch standby The standby switch number Number of the SIP slot of the hardware module where the trace level is set For instance if you want to specify the SIP in SIP slot 2 of the switch enter 2 SIP slot SPA bay Number of the SIP switch slot and the number of the shared port adapter SPA bay of that SIP For...

Page 1019: ...uplink to slot 1 fd 1 10 29 13 26 36 581 bipc 8974 note Pending connection to server 10 129 1 0 10 29 13 26 26 581 evutil 8974 ERR Connection attempt for sman ui serv uipeer uplink to slot 1 failed invoking disconnect Device show platform software trace message fed switch active 11 02 10 55 01 832 btrace 11310 UUID 0 ra 0 note Successfully registered module 86 uiutil 11 02 10 55 01 848 btrace 1131...

Page 1020: ... Manager process host manager The Host Manager process interface manager The Interface Manager process iomd The Input Output Module daemon IOMd process ios The IOS process license manager The License Manager process logger The Logging Manager process platform mgr The Platform Manager process pluggable services The Pluggable Services process replication mgr The Replication Manager process shell man...

Page 1021: ...r The switch with its number specified switch active The active switch switch standby The standby switch number Number of the SIP slot of the hardware module where the trace level is set For instance if you want to specify the SIP in SIP slot 2 of the switch enter 2 SIP slot SPA bay Number of the SIP switch slot and the number of the shared port adapter SPA bay of that SIP For instance if you want...

Page 1022: ... bump_ptr_alloc Notice cdllib Notice chasfs Notice dbal Informational dbm Debug evlib Notice evutil Notice file_alloc Notice green be Notice ios avl Notice klib Debug services Notice sw_wdog Notice syshw Notice tdl_cdlcore_message Notice tdl_dbal_root_message Notice tdl_dbal_root_type Notice Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 996 show platform software trace leve...

Page 1023: ...iles have to be archived last number of days Specifies the location and name of the archive file target location Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Denali 16 1 1 Usage Guidelines This archive file can be copied from the system using the tftp or scp commands Examples This example shows how to archive all the trace lo...

Page 1024: ...ed Cisco IOS XE Denali 16 1 1 Usage Guidelines The trace log files are for read only purpose Do not edit the contents of the file If there is a requirement to delete the contents of the file to view certain set of logs use this command to start a new trace log file Examples This example shows how to rotate all the in memory trace logs of the processes running on the switch since the last one day D...

Page 1025: ...rd accepts either a MAC address or any other argument based on which a trace is tagged context mac address Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE Denali 16 1 1 Usage Guidelines This command collates and sorts all the archived logs present in the tracelogs subdirectory across all the processes relevant to the module This...

Page 1026: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1000 request platform software trace filter binary ...

Page 1027: ...P A R T XV VLAN VLAN page 1003 ...

Page 1028: ......

Page 1029: ... tunnel page 1018 l2protocol tunnel cos page 1021 private vlan page 1022 private vlan mapping page 1025 show dot1q tunnel page 1027 show interfaces private vlan mapping page 1028 show l2protocol tunnel page 1029 show platform vlan page 1031 show vlan page 1032 show vmps page 1036 show vtp page 1039 switchport mode private vlan page 1046 switchport priority extend page 1048 switchport trunk page 10...

Page 1030: ...ion page 1061 vmps reconfirm privileged EXEC page 1062 vmps retry page 1063 vmps server page 1064 vtp global configuration page 1066 vtp interface configuration page 1071 vtp primary page 1072 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1004 ...

Page 1031: ...leared interface id Command Default None Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Use this command to clear protocol tunnel counters on the switch or on the specified interface Examples This example shows how to clear Layer 2 protocol tunnel counters on an interface Device clear l2protocol tunnel counters gig...

Page 1032: ...dification Release This command was introduced Cisco IOS XE 3 3SE Examples This example shows how to clear VLAN Membership Policy Server VMPS statistics Device clear vmps statistics You can verify that information was deleted by entering the show vmps statistics privileged EXEC command Related Commands Description Command Displays the VQP version reconfirmation interval retry count VMPS IP address...

Page 1033: ...Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Examples This example shows how to clear the VTP counters Device clear vtp counters You can verify that information was deleted by entering the show vtp counters privileged EXEC command Related Commands Description Command Displays general information about VTP management domain status and counters show vtp Comma...

Page 1034: ...fies the stack member number on which to enable debugging of the VLAN manager software This keyword is supported only on stacking capable switches switch switch number Command Default Debugging is disabled Command Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The undebug platform vlan command is the same...

Page 1035: ... Displays debug messages for VLAN manager events events Displays debug messages for the VLAN manager IOS file system IFS See debug sw vlan ifs on page 1011 for more information ifs Displays debug messages for VLAN manager management of internal VLANs management Displays debug messages for VLAN mapping mapping Displays debug messages for VLAN manager notifications See debug sw vlan notification on ...

Page 1036: ...ommand Enables debugging of the VLAN manager IOS file system IFS error tests debug sw vlan ifs Enables debugging of VLAN manager notifications debug sw vlan notification Enables debugging of the VTP code debug sw vlan vtp Displays the parameters for all configured VLANs or one VLAN if the VLAN ID or name is specified in the administrative domain show vlan Displays general information about VTP man...

Page 1037: ...ry Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The undebug sw vlan ifs command is the same as the no debug sw vlan ifs command When selecting the file read operation Operation 1 reads the file header which contains the header verification word and the file version number Operation 2 reads the main body of the file which contains most of th...

Page 1038: ...wedvlancfgchange Displays debug messages for VLAN manager notification of spanning tree forwarding changes fwdchange Displays debug messages for VLAN manager notification of interface link state changes linkchange Displays debug messages for VLAN manager notification of interface mode changes modechange Displays debug messages for VLAN manager notification of changes to the pruning configuration p...

Page 1039: ...ges Device debug sw vlan notification Related Commands Description Command Displays the parameters for all configured VLANs or one VLAN if the VLAN ID or name is specified in the administrative domain show vlan Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1013 debug sw vlan notification ...

Page 1040: ...e pruning Optional Displays debug messages for the contents of all incoming VTP pruning packets that have been passed into the VTP code from the Cisco IOS VTP platform dependent layer packets Optional Displays debug messages for the contents of all outgoing VTP packets that the VTP code requests the Cisco IOS VTP platform dependent layer to send xmit Displays debug messages for VTP redundancy redu...

Page 1041: ...UNING_LOG_ALERT and VTP_PRUNING_LOG_WARNING macros in the VTP pruning code Examples This example shows how to display debug messages for VTP redundancy Device debug sw vlan vtp redundancy Related Commands Description Command Displays general information about VTP management domain status and counters show vtp Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1015 debug sw vlan ...

Page 1042: ...eate an SVI it does not become active until it is associated with a physical port Note If you delete an SVI using the no interface vlan vlan id command it is no longer visible in the output from the show interfaces privileged EXEC command You cannot delete the VLAN 1 interface Note You can reinstate a deleted SVI by entering the interface vlan vlan id command for the deleted interface The interfac...

Page 1043: ...ration mode Device config interface vlan 23 Device config if Related Commands Description Command Displays the administrative and operational status of all interfaces or a specified interface show interfaces Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1017 interface vlan ...

Page 1044: ...packets The range is 1 to 4096 The default is no threshold value Optional Enables tunneling of CDP specifies a shutdown threshold for CDP or specifies a drop threshold for CDP cdp Optional Enables tunneling of STP specifies a shutdown threshold for STP or specifies a drop threshold for STP stp Optional Enables tunneling or VTP specifies a shutdown threshold for VTP or specifies a drop threshold fo...

Page 1045: ...hannels To enable tunneling of PAgP LACP and UDLD packets you must have a point to point network topology To decrease the link down detection time you should also enable UDLD on the interface when you enable tunneling of PAgP or LACP packets You can enable point to point protocol tunneling for PAgP LACP and UDLD individually or for all three protocols PAgP LACP and UDLD tunneling is only intended ...

Page 1046: ...reshold as 50 packets per second Device config if l2protocol tunnel cdp Device config if l2protocol tunnel shutdown threshold cdp 50 This example shows how to enable protocol tunneling for STP packets and to configure the drop threshold as 400 packets per second Device config if l2protocol tunnel stp Device config if l2protocol tunnel drop threshold stp 400 This example shows how to enable point t...

Page 1047: ...he default is 5 The range is 0 to 7 with 7 being the highest priority value Command Default The default is to use the CoS value configured for data on the interface If no CoS value is configured the default is 5 for all tunneled Layer 2 protocol packets Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines When enabl...

Page 1048: ...esignates the VLAN as a community VLAN community Designates the VLAN as an isolated VLAN isolated Designates the VLAN as a primary VLAN primary Command Default The default is to have no private VLANs configured Command Modes VLAN configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines Before configuring private VLANs you must disable VTP V...

Page 1049: ... VLAN configuration mode Do not configure private VLAN ports as EtherChannels While a port is part of the private VLAN configuration any EtherChannel configuration for it is inactive Do not configure a private VLAN as a Remote Switched Port Analyzer RSPAN VLAN Do not configure a private VLAN as a voice VLAN Do not configure fallback bridging on switches with private VLANs Although a private VLAN c...

Page 1050: ...ou can verify your setting by entering the show vlan private vlan or show interfaces status privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1024 private vlan ...

Page 1051: ...ust be in VTP transparent mode when you configure private VLANs The SVI of the primary VLAN is created at Layer 3 Configure Layer 3 VLAN interfaces SVIs only for primary VLANs You cannot configure Layer 3 VLAN interfaces for secondary VLANs SVIs for secondary VLANs are inactive while the VLAN is configured as a secondary VLAN The secondary vlan list argument cannot contain spaces It can contain mu...

Page 1052: ...7 through VLAN 20 SVI Device configure terminal Device interface vlan 20 Device config if private vlan mapping 303 305 307 Device config vlan end You can verify your settings by entering the show interfaces private vlan mapping privileged EXEC command Related Commands Description Command Displays private VLAN mapping information for the VLAN switch virtual interfaces SVIs show interfaces private v...

Page 1053: ...erface interface id Command Default None Command Modes User EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples The following are examples of output from the show dot1q tunnel command Device show dot1q tunnel dot1q tunnel mode LAN Port s Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 6 Po2 Device show dot1q tunnel interface gigabitethernet1 0 1 dot1q tu...

Page 1054: ...r EXEC Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This example shows how to display the information about the private VLAN mapping Device show interfaces private vlan mapping Interface Secondary VLAN Type vlan2 301 community vlan3 302 community Related Commands Description Command Creates a mapping between the primary and the second...

Page 1055: ... 802 1Q tunnel port by using the l2protocol tunnel interface configuration command you can configure some or all of these parameters Protocol type to be tunneled Shutdown threshold Drop threshold If you enter the show l2protocol tunnel interface command only information about the active ports on which all the parameters are configured appears If you enter the show l2protocol tunnel summary command...

Page 1056: ... an example of output from the show l2protocol tunnel summary command Switch show l2protocol tunnel summary COS for Encapsulated Packets 5 Drop Threshold for Encapsulated Packets 0 Port Protocol Shutdown Drop Status Threshold Threshold cdp stp vtp cdp stp vtp pagp lacp udld pagp lacp udld Gi3 0 2 pagp lacp udld up Gi4 0 3 pagp lacp udld 1000 500 up Gi9 0 1 pagp 1000 down Gi9 0 2 pagp 1000 down Com...

Page 1057: ...d Modes Privileged EXEC Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines Use this command only when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Examples This example shows how to display ...

Page 1058: ...imum and maximum transmission unit MTU sizes configured on ports in the VLAN mtu Optional Displays information about a single VLAN identified by the VLAN name The VLAN name is an ASCII string from 1 to 32 characters name vlan name Optional Displays information about configured private VLANs including primary and secondary VLAN IDs type community isolated or primary and ports belonging to the priva...

Page 1059: ...Ns and then delete the secondary VLAN configuration without removing the association from the primary VLAN the VLAN that was the secondary VLAN is shown as normal in the display In the show vlan private vlan output the primary and secondary VLAN pair is shown as nonoperational Examples This is an example of output from the show vlan command See the table that follows for descriptions of the fields...

Page 1060: ...nit size for the VLAN MTU Parent VLAN if one exists Parent Ring number for the VLAN if applicable RingNo Bridge number for the VLAN if applicable BrdgNo Spanning Tree Protocol type used on the VLAN Stp Bridging mode for this VLAN possible values are source route bridging SRB and source route transparent SRT the default is SRB BrdgMode Translation bridge 1 Trans1 Translation bridge 2 Trans2 Identif...

Page 1061: ...Gi1 0 10 Gi2 0 5 Gi2 0 10 Gi2 0 15 This is an example of output from the show vlan private vlan type command Device show vlan private vlan type Vlan Type 10 primary 501 isolated 502 community 503 normal This is an example of output from the show vlan summary command Device show vlan summary Number of existing VLANs 45 Number of existing VTP VLANs 45 Number of existing extended VLANS 0 This is an e...

Page 1062: ...ed Cisco IOS XE 3 3SE Examples This is an example of output from the show vmps command Device show vmps VQP Client Status VMPS VQP Version 1 Reconfirm Interval 60 min Server Retry Count 3 VMPS domain server Reconfirmation status VMPS Action other This is an example of output from the show vmps statistics command The table that follows describes each field in the display Device show vmps statistics...

Page 1063: ...t to the VMPS for each new packet received from this workstation The client ages the address if no new packets are received from this workstation on this port within the aging time period VQP Denied Number of times the management domain in the request does not match the one for the VMPS Any previous VLAN assignments of the port are not changed This response means that the server and the client hav...

Page 1064: ...e reconfirmation interval for the VQP client vmps reconfirm global configuration Configures the per server retry count for the VLAN Query Protocol VQP client vmps retry Configures the primary VLAN Membership Policy Server VMPS and up to three secondary servers vmps server Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1038 show vmps ...

Page 1065: ...es or the specified interface interface Optional Interface for which to display VTP status and configuration This can be a physical interface or a port channel interface id Displays the configured VTP password available in privileged EXEC mode only password Displays general information about the VTP management domain status status Command Default None Command Modes User EXEC Privileged EXEC Comman...

Page 1066: ...n the display Device show vtp counters VTP statistics Summary advertisements received 0 Subset advertisements received 0 Request advertisements received 0 Summary advertisements transmitted 0 Subset advertisements transmitted 0 Request advertisements transmitted 0 Number of config revision errors 0 Number of config digest errors 0 Number of V1 summary errors 0 VTP pruning statistics Trunk Join Tra...

Page 1067: ...y this device on its trunk ports Advertisement requests normally request information on all VLANs They can also request information on a subset of VLANs Request advertisements transmitted Number of revision errors Whenever you define a new VLAN delete an existing one suspend or resume an existing VLAN or modify the parameters on an existing VLAN the configuration revision number of the device incr...

Page 1068: ...TP V2 mode to disabled Number of V1 summary errors Number of VTP pruning messages sent on the trunk Join Transmitted Number of VTP pruning messages received on the trunk Join Received Number of VTP summary messages received on the trunk from devices that do not support pruning Summary Advts Received from non pruning capable device This is an example of output from the show vtp status command The t...

Page 1069: ...g pruning on a VTP server enables pruning for the entire management domain Pruning restricts flooded traffic to those trunk links that the traffic must use to access the appropriate network devices VTP Pruning Mode Displays whether VTP traps are sent to a network management station VTP Traps Generation Displays the MAC address of the local device Device ID Displays the date and time of the last co...

Page 1070: ...nitialize its VLAN database Transparent A device in VTP transparent mode is disabled for VTP does not send or learn from advertisements sent by other devices and cannot affect VLAN configurations on other devices in the network The device receives VTP advertisements and forwards them on all trunk ports except the one on which the advertisement was received VTP Operating Mode Maximum number of VLAN...

Page 1071: ... MST VTP Operating Mode Client Configuration Revision 0 Primary ID 0000 0000 0000 Primary Description MD5 digest 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Feature UNKNOWN Related Commands Description Command Clears the VLAN Trunking Protocol VTP and pruning counters clear vtp counters Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1045 s...

Page 1072: ...cuous Command Default None Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines A private VLAN host or promiscuous port cannot be a Switched Port Analyzer SPAN destination port If you configure a SPAN destination port as a private VLAN host or promiscuous port the port becomes inactive Do not configure private VL...

Page 1073: ...and the interface becomes inactive Examples This example shows how to configure an interface as a private VLAN host port and associate it to primary VLAN 20 The interface is a member of secondary isolated VLAN 501 and primary VLAN 20 Device config interface gigabitethernet2 0 1 Device config if switchport mode private vlan host Device config if switchport private vlan host association 20 501 Devic...

Page 1074: ...d Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines When voice VLAN is enabled you can configure the device to send the Cisco Discovery Protocol CDP packets to instruct the IP phone how to send data packets from the device attached to the access port on the Cisco IP Phone You must enable CDP on the device port connected to the Cisco IP Phone to send the configuration to the Cisco IP Phone CDP ...

Page 1075: ...can verify your settings by entering the show interfaces interface id switchport privileged EXEC command Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1049 switchport priority extend ...

Page 1076: ...unking mode See the Usage Guidelines for the vlan list choices pruning vlan vlan list Command Default VLAN 1 is the default native VLAN ID on the port The default for all VLAN lists is to include all VLANs Command Modes Interface configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SECisco IOS XE 3 3SE Usage Guidelines The vlan list format is all none add ...

Page 1077: ... has a VLAN ID that is the same as the sending port native VLAN ID the packet is sent without a tag otherwise the switch sends the packet with a tag The no form of the native vlan command resets the native mode VLAN to the appropriate default VLAN for the device Allowed VLAN To reduce the risk of spanning tree loops or storms you can disable VLAN 1 on any individual VLAN trunk port by removing VLA...

Page 1078: ...shows how to remove VLANs 3 and 10 to 15 from the pruning eligible list Device config interface gigabitethernet1 0 2 Device config if switchport trunk pruning vlan remove 3 10 15 You can verify your settings by entering the show interfaces interface id switchport privileged EXEC command Related Commands Description Command Displays the administrative and operational status of all interfaces or a s...

Page 1079: ...extended range VLANs you must use the vtp transparent global configuration command to put the device in VTP transparent mode When VTP mode is transparent VTP mode and domain name and all VLAN configurations are saved in the running configuration and you can save them in the device startup configuration file VTP version 3 supports propagation of extended range VLANs and you can create them in VTP s...

Page 1080: ...lies only to TrCRF VLANs The range is 0 to 13 The default is 7 If no value is entered 0 is assumed to be the maximum backupcrf Specifies the backup CRF mode This keyword applies only to TrCRF VLANs enable Backup CRF mode for this VLAN disable Backup CRF mode for this VLAN the default bridge bridge number type Specifies the logical distributed source routing bridge the bridge that interconnects all...

Page 1081: ...on between private VLAN primary and secondary VLANs For more information see the private vlan command remote span Configures the VLAN as a Remote SPAN RSPAN VLAN When the RSPAN feature is added to an existing VLAN the VLAN is first deleted and is then recreated with the RSPAN feature Any access ports are deactivated until the RSPAN feature is removed If VTP is enabled the new RSPAN VLAN is propaga...

Page 1082: ...pend active said said value mtu mtu size remote span tb vlan1 tb vlan1 id tb vlan2 tb vlan2 id Ethernet name vlan name media fddi state suspend active said said value mtu mtu size ring ring number parent parent vlan id tb vlan1 tb vlan1 id tb vlan2 tb vlan2 id FDDI name vlan name media fd net state suspend active said said value mtu mtu size bridge bridge number stp type ieee ibm auto tb vlan1 tb ...

Page 1083: ...ent VLAN ID of a TrBRF that already exists in the database Specify a ring number Do not leave this field blank Specify unique ring numbers when TrCRF VLANs have the same parent VLAN ID Only one backup concentrator relay function CRF can be enabled VTP v2 mode is enabled and you are configuring a TrCRF VLAN media type Do not specify a backup CRF VTP v2 mode is enabled and you are configuring VLANs ...

Page 1084: ...al to the VLAN ID number The default media is ethernet the state is active The default said value is 100000 plus the VLAN ID the mtu size variable is 1500 the stp type is ieee When you enter the exit VLAN configuration command the VLAN is added if it did not already exist otherwise this command does nothing This example shows how to create a new VLAN with all default characteristics and enter VLAN...

Page 1085: ...ure operates on an edge device of a service provider network and expands VLAN space by using a VLAN in VLAN hierarchy and tagging the tagged packets You must use IEEE 802 1Q trunk ports for sending packets to the service provider network However packets going through the core of the service provider network might also be carried on IEEE 802 1Q trunks If the native VLANs of an IEEE 802 1Q trunks ma...

Page 1086: ...nd Displays the parameters for all configured VLANs or one VLAN if the VLAN ID or name is specified in the administrative domain show vlan Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1060 vlan dot1q tag native ...

Page 1087: ...ommand History Modification Release This command was introduced Cisco IOS XE 3 3SE Usage Guidelines You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Reconfirm Interval row Examples This example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes Device config vmps reconfirm 20 Related Commands Description ...

Page 1088: ...mand and examining the VMPS Action row of the Reconfirmation Status section The show vmps command shows the result of the last time the assignments were reconfirmed either because the reconfirmation timer expired or because the vmps reconfirm command was entered Examples This example shows how to immediately send VQP queries to the VMPS Device vmps reconfirm Related Commands Description Command Di...

Page 1089: ...Default The default retry count is 3 Command Modes Global configuration Command History Modification Release This command was introduced Cisco IOS XE 3 3SE Examples This example shows how to set the retry count to 7 Device config vmps retry 7 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Server Retry Count row Related Commands Descri...

Page 1090: ...entered The first server address can be overridden by using primary in a subsequent command If a member device in a cluster configuration does not have an IP address the cluster does not use the VMPS server configured for that member device Instead the cluster uses the VMPS server on the command device and the command device proxies the VMPS requests The VMPS server treats the cluster as a single ...

Page 1091: ...y your setting by entering the show vmps privileged EXEC command and examining information in the VMPS Domain Server row Related Commands Description Command Displays the VQP version reconfirmation interval retry count VMPS IP addresses and the current and primary servers show vmps Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1065 vmps server ...

Page 1092: ...onfigurations You cannot configure VLANs on a VTP client VLANs are configured on another device in the domain that is in server mode When a VTP client starts up it does not send VTP advertisements until it receives advertisements to initialize its VLAN database client Places the device in VTP off mode A device in VTP off mode functions the same as a VTP transparent device except that it does not f...

Page 1093: ...ommand in the domain This keyword is supported only in VTP Version 3 hidden Optional Allows the user to directly configure the password secret key only VTP Version 3 secret Enables VTP pruning on the device pruning Sets the VTP Version to Version 1 Version 2 or Version 3 version number Command Default The default filename is flash vlan dat The default mode is server mode and the default database i...

Page 1094: ...eturns the device to VTP server mode The vtp mode server command is the same as no vtp mode except that it does not return an error if the device is not in client or transparent mode If the receiving device is in client mode the client device changes its configuration to duplicate the configuration of the server If you have devices in client mode be sure to make all VTP or VLAN configuration chang...

Page 1095: ...eters of certain default VLANs Each VTP device automatically detects the capabilities of all the other VTP devices To use Version 2 all VTP devices in the network must support Version 2 otherwise you must configure them to operate in VTP Version 1 mode If all devices in a domain are VTP Version 2 capable you only need to configure Version 2 on one device the version number is then propagated to th...

Page 1096: ...This example shows how to configure the VTP domain password Device config vtp password ThisIsOurDomainsPassword This example shows how to enable pruning in the VLAN database Device config vtp pruning Pruning switched ON This example shows how to enable Version 2 mode in the VLAN database Device config vtp version 2 You can verify your settings by entering the show vtp status privileged EXEC comman...

Page 1097: ...Usage Guidelines Enter this command only on interfaces that are in trunking mode This command is supported only when the device is running VTP Version 3 Examples This example shows how to enable VTP on an interface Device config if vtp This example shows how to disable VTP on an interface Device config if no vtp Related Commands Description Command Configures the trunk characteristics when an inte...

Page 1098: ...se information and sends updates that are honored by all devices in the system A VTP secondary server can only back up the updated VTP configurations received from the primary server to NVRAM By default all devices come up as secondary servers Primary server status is needed only for database updates when the administrator issues a takeover message in the domain You can have a working VTP domain w...

Page 1099: ...al information about VTP management domain status and counters show vtp Globally configures VTP domain name password pruning version and mode vtp global configuration Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1073 vtp primary ...

Page 1100: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1074 vtp primary ...

Page 1101: ...TANDING ANY OTHERWARRANTYHEREIN ALL DOCUMENTFILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS CISCO AND THE ABOVE NAMEDSUPPLIERSDISCLAIMALLWARRANTIES EXPRESSEDORIMPLIED INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS ...

Page 1102: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches 1076 Notices ...

Page 1103: ... counters command 1007 collect command 413 collect counter command 415 collect interface command 416 collect timestamp absolute command 417 collect transport tcp flags command 418 consumed power 53 copy command 911 D datalink flow monitor command 419 debug auto qos command 637 debug etherchannel command 296 debug flow exporter command 420 debug flow monitor command 421 debug ilpower command 29 deb...

Page 1104: ...tribute 32 command 780 mac address table move update command 930 main cpu command 853 match access map configuration command 783 match class map configuration command 647 match datalink dot1q priority command 437 match datalink dot1q vlan command 438 match datalink ethertype command 439 match datalink mac command 440 match datalink vlan command 442 match flow direction command 444 match interface ...

Page 1105: ... set platform software trace 986 990 show auto qos command 638 show avc client command 943 show cable diagnostics tdr command 944 show cisp command 813 show class map command 667 show dot1q tunnel command 1027 show eap command 817 show eee command 67 show env command 70 948 show env xps command 950 show errdisable detect command 73 show errdisable recovery command 75 show etherchannel command 336 ...

Page 1106: ...ver command 556 snmp server enable traps vrfmib command 557 snmp server enable traps vstack command 558 snmp server engineID command 559 snmp server host command 560 speed command 126 stack member number 884 stack member priority 881 stack mac persistent timer command 875 stack mac update force command 877 stack power command 128 StackPower 121 128 standby console enable command 878 storm control ...

Page 1107: ...3 vmps server command 1064 voice vlan command 136 voice signaling vlan command 134 vtp global configuration command 1066 vtp interface configuration command 1071 vtp primary command 1072 Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches IN 5 Index ...

Page 1108: ...Command Reference Cisco IOS XE Everest 16 5 1a Catalyst 3650 Switches IN 6 Index ...

Reviews:

No comments

Related manuals for Catalyst 3650 Series

Perel EMS113 User Manual preview
EMS113
Brand: Perel Pages: 4
4B M800 Elite Series Operation Manual preview
M800 Elite Series
Brand: 4B Pages: 12
BERNSTEIN KFM Operating Instructions preview
KFM
Brand: BERNSTEIN Pages: 3
SMART-AVI RDU-8P Quick Start Manual preview
RDU-8P
Brand: SMART-AVI Pages: 2
Digitronic CamCon DC30 User Manual preview
CamCon DC30
Brand: Digitronic Pages: 24
3Com 3C16987 User Manual preview
3C16987
Brand: 3Com Pages: 62
B&B Electronics Elinx EIR510-2MC-T User Manual preview
Elinx EIR510-2MC-T
Brand: B&B Electronics Pages: 107
Abseco AFI-2M0S1B Installation Manual preview
AFI-2M0S1B
Brand: Abseco Pages: 10
H3C LSW1GP16P0 User Manual preview
LSW1GP16P0
Brand: H3C Pages: 26
ADDER ADDERView Secure AVS-4128 User Manual preview
ADDERView Secure AVS-4128
Brand: ADDER Pages: 24
Konig CMP-KVMSWIT50 Manual preview
CMP-KVMSWIT50
Brand: Konig Pages: 40
Broadcast Pix Flint LE 1000 Operator'S Manual preview
Flint LE 1000
Brand: Broadcast Pix Pages: 478
Black Box IC445A Specifications preview
IC445A
Brand: Black Box Pages: 4
Evidence Cross-8/HPoE-10G User Manual preview
Cross-8/HPoE-10G
Brand: Evidence Pages: 321
Yacoub Automation GmbH SM 4TX2FX User Manual preview
SM 4TX2FX
Brand: Yacoub Automation GmbH Pages: 45
C4i HDP-MXB88DA User Manual preview
HDP-MXB88DA
Brand: C4i Pages: 22
StarTech.com ST3504USB Specifications preview
ST3504USB
Brand: StarTech.com Pages: 2
Kramer VS-2516 User Manual preview
VS-2516
Brand: Kramer Pages: 22

Brands by name

Popular brands

Load more brands