Home
/
Cisco
/
Catalyst 3750 Metro
/
Command Reference Manual

Cisco Catalyst 3750 Metro, Command Reference Manual

Share

Page: 742 / 985

Cisco Catalyst 3750 Metro Command Reference Manual Download Page 742

2-714

Catalyst 3750 Metro Switch Command Reference

OL-9645-10

Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands

switchport port-security

switchport port-security

Use the

switchport port-security

interface configuration command without keywords to enable port

security on the interface. Use the keywords to configure secure MAC addresses, sticky MAC address
learning, a maximum number of secure MAC addresses, or the violation mode. Use the

no

form of this

command to disable port security or to set the parameters to their default states.

switchport port-security

[

aging

]

[

mac-address

mac-address

[

vlan

vlan-id

] |

mac-address sticky

[

mac-address

]] [

maximum

value

[

vlan

vlan-list

]] [

violation

{

protect | restrict | shutdown

}]

no switchport port-security

[

aging

]

[

mac-address

mac-address

[

vlan

vlan-id

] |

mac-address

sticky

[

mac-address

]] [

maximum

[

vlan

vlan-list

]] [

violation

{

protect | restrict | shutdown

}]

Syntax Description

aging

(Optional) See the

switchport port-security aging

mac-address

mac-address

(Optional) Specify a secure MAC address for the interface by entering
a 48-bit MAC address. You can add additional secure MAC addresses
up to the maximum value configured.

vlan

vlan-id

(Optional) On a trunk port only, specify the VLAN ID and the MAC
address. If no VLAN ID is specified, the native VLAN is used.

mac-address sticky

[

mac-address

]

(Optional) Enable the interface for

sticky learning

by entering only the

mac-address sticky

keywords. When sticky learning is enabled, the

interface adds all secure MAC addresses that are dynamically learned to
the running configuration and converts these addresses to sticky secure
MAC addresses.

(Optional) Enter a

mac-address

to specify a sticky secure MAC address.

maximum

value

(Optional) Set the maximum number of secure MAC addresses for the
interface.The maximum number of secure MAC addresses that you can
configure on a switch is determined by the maximum number of
available MAC addresses allowed in the system.

This number is

determined by the active Switch Database Management (SDM)
template.

command. This number represents the total

of available MAC addresses, including those used for other Layer 2
functions and any other secure MAC addresses configured on interfaces.

The default setting is 1.

vlan

[

vlan-list

]

(Optional) For trunk ports, you can set the maximum number of secure
MAC addresses on a VLAN. If the

vlan

keyword is not entered, the

default value is used.

•

vlan

—set a per-VLAN maximum value.

•

vlan

vlan-list

—set a per-VLAN maximum value on a range of

VLANs separated by a hyphen or a series of VLANs separated by
commas. For nonspecified VLANs, the per-VLAN maximum value
is used.

violation

(Optional) Set the security violation mode or the action to be taken if
port security is violated. The default is

shutdown

.

«
...
740
741
742
743
744
...
»

Summary of Contents for Catalyst 3750 Metro

Page 1: ... Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 Catalyst 3750 Metro Switch Command Reference Cisco IOS Release 12 2 58 SE April 2011 Text Part Number OL 9645 10 ...

Page 2: ...SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Cisco and the Cisco Logo are trademarks of Cisco Systems Inc and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship ...

Page 3: ...ode 1 2 Privileged EXEC Mode 1 3 Global Configuration Mode 1 3 Interface Configuration Mode 1 4 VLAN Configuration Mode 1 4 Line Configuration Mode 1 4 Commands Changed in Cisco IOS 12 2 25 EY 1 5 C H A P T E R 2 Catalyst 3750 Metro Switch Cisco IOS Commands 2 1 aaa accounting dot1x 2 1 aaa authentication dot1x 2 3 action 2 5 archive download sw 2 7 archive tar 2 9 archive upload sw 2 12 arp acces...

Page 4: ...ble 2 49 clear mac address table move update 2 50 clear pagp 2 51 clear rep counters 2 52 clear spanning tree counters 2 53 clear spanning tree detected protocols 2 54 clear vmps statistics 2 55 clear vtp counters 2 56 cpu traffic qos cos 2 57 cpu traffic qos dscp 2 59 cpu traffic qos precedence 2 61 define interface range 2 63 delete 2 65 deny ARP access list configuration 2 66 deny IPv6 access l...

Page 5: ...sable detect cause small frame 2 104 errdisable recovery cause small frame 2 106 errdisable recovery 2 107 ethernet evc 2 109 ethernet lmi 2 110 ethernet lmi ce vlan map 2 112 ethernet oam remote failure 2 114 ethernet uni 2 116 ethernet uni id 2 118 flowcontrol 2 119 interface port channel 2 121 interface range 2 123 interface vlan 2 125 ip access group 2 127 ip address 2 130 ip arp inspection fi...

Page 6: ...n 2 162 ip dhcp snooping vlan information option format type circuit id string 2 163 ip igmp filter 2 165 ip igmp max groups 2 167 ip igmp profile 2 169 ip igmp snooping 2 171 ip igmp snooping querier 2 173 ip igmp snooping report suppression 2 175 ip igmp snooping vlan immediate leave 2 177 ip igmp snooping vlan mrouter 2 178 ip igmp snooping vlan static 2 180 ip sla responder twamp 2 182 ip sla ...

Page 7: ... tunnel 2 225 l2protocol tunnel cos 2 229 lacp port priority 2 230 lacp system priority 2 232 link state group 2 234 link state track 2 236 location global configuration 2 237 location interface configuration 2 239 logging event 2 241 logging file 2 242 mac access group 2 244 mac access list extended 2 246 mac address table aging time 2 248 mac address table learning 2 249 mac address table move u...

Page 8: ...ap 2 298 mls qos srr queue input dscp map 2 300 mls qos srr queue input priority queue 2 302 mls qos srr queue input threshold 2 304 mls qos srr queue output cos map 2 306 mls qos srr queue output cpu queue 2 308 mls qos srr queue output dscp map 2 310 mls qos trust 2 312 mls qos vlan based 2 315 monitor session 2 316 mpls l2transport route 2 320 mpls ldp holdtime 2 322 mpls mtu 2 323 mvr global c...

Page 9: ... random detect exponential weighting constant 2 382 random detect precedence 2 385 remote span 2 388 renew ip dhcp snooping database 2 390 rep admin vlan 2 391 rep block port 2 392 rep lsl age timer 2 396 rep preempt delay 2 398 rep preempt segment 2 400 rep segment 2 401 rep stcn 2 404 reserved only 2 406 rmon collection stats 2 407 sdm prefer 2 408 service instance 2 411 service password recover...

Page 10: ... 2 456 show errdisable flap values 2 458 show errdisable recovery 2 460 show etherchannel 2 462 show ethernet service evc 2 465 show ethernet service instance 2 466 show ethernet service interface 2 468 show interfaces 2 470 show interfaces counters 2 477 show interfaces rep 2 480 show interfaces transceiver 2 482 show inventory 2 485 show ip arp inspection 2 486 show ip dhcp snooping 2 490 show i...

Page 11: ...2 526 show link state group 2 530 show location 2 532 show mac access group 2 534 show mac address table 2 535 show mac address table address 2 537 show mac address table aging time 2 538 show mac address table count 2 540 show mac address table dynamic 2 542 show mac address table interface 2 544 show mac address table learning 2 545 show mac address table move update 2 546 show mac address table...

Page 12: ...5 show spanning tree 2 596 show storm control 2 602 show system mtu 2 604 show udld 2 605 show version 2 608 show vlan 2 610 show vlan access map 2 615 show vlan filter 2 616 show vmps 2 617 show vtp 2 620 shutdown 2 625 shutdown vlan 2 626 small frame violation rate 2 627 snmp mib rep trap rate 2 629 snmp server enable traps 2 630 snmp server host 2 634 snmp trap mac notification change 2 639 spa...

Page 13: ... mst port priority 2 669 spanning tree mst priority 2 671 spanning tree mst root 2 672 spanning tree port priority 2 674 spanning tree portfast global configuration 2 676 spanning tree portfast interface configuration 2 678 spanning tree uplinkfast 2 680 spanning tree vlan 2 682 speed 2 685 srr queue bandwidth limit 2 687 srr queue bandwidth shape 2 689 srr queue bandwidth share 2 691 storm contro...

Page 14: ...0 trust 2 742 udld global configuration 2 744 udld interface configuration 2 746 udld reset 2 748 uni count 2 749 vlan 2 751 vlan access map 2 756 vlan filter 2 758 vmps reconfirm privileged EXEC 2 760 vmps reconfirm global configuration 2 761 vmps retry 2 762 vmps server 2 763 vrf upgrade cli multi af mode 2 765 vtp 2 767 xconnect 2 771 A P P E N D I X A Catalyst 3750 Metro Switch Boot Loader Com...

Page 15: ... debug ip dhcp snooping B 11 debug ip igmp filter B 12 debug ip igmp max groups B 13 debug ip igmp snooping B 14 debug ip sla error twamp connection B 15 debug ip sla error twamp control reflector B 17 debug ip sla error twamp control server B 19 debug ip sla error twamp session B 21 debug ip sla trace twamp connection B 23 debug ip sla trace twamp control reflector B 25 debug ip sla trace twamp c...

Page 16: ...ug platform forw tcam B 51 debug platform ip arp inspection B 52 debug platform ip igmp snooping B 53 debug platform ip multicast B 55 debug platform ip unicast B 57 debug platform led B 59 debug platform matm B 60 debug platform messaging application B 61 debug platform mpls B 62 debug platform phy B 63 debug platform pm B 64 debug platform port asic B 66 debug platform port security B 67 debug p...

Page 17: ... debug spanning tree uplinkfast B 94 debug sw vlan B 95 debug sw vlan ifs B 97 debug sw vlan notification B 98 debug sw vlan vtp B 99 debug udld B 101 debug vqpc B 103 debug xconnect B 104 A P P E N D I X C Catalyst 3750 Metro Switch Show Platform Commands C 1 show platform acl C 2 show platform cfm C 3 show platform configuration C 4 show platform etherchannel C 5 show platform forward C 6 show p...

Page 18: ... pm C 18 show platform port asic C 19 show platform port security C 23 show platform qos C 24 show platform resource manager C 25 show platform snmp counters C 26 show platform spanning tree C 27 show platform stp instance C 28 show platform tb C 29 show platform tcam C 30 show platform vlan C 32 A P P E N D I X D Acknowledgments for Open Source Software D 1 I N D E X ...

Page 19: ... EoMPLS hierarchical QoS and 802 1Q tunneling This guide provides the information you need about the commands that have been created or changed for use with the Catalyst 3750 Metro switches For information about the standard Cisco IOS Release 12 2 commands see the Cisco IOS documentation set available from the Cisco com home page by selecting Service and Support Technical Documents On the Cisco Pr...

Page 20: ... Note Means reader take note Notes contain helpful suggestions or references to materials not contained in this manual Caution Means reader be careful In this situation you might do something that could result in equipment damage or loss of data Filtering show Command Output The show commands have optional output modifiers to filter the command output begin Display begins with the line that matche...

Page 21: ... Form Factor Pluggable Modules Installation Notes These compatibility matrix documents are available from this Cisco com site http www cisco com en US products hw modules ps5455 products_device_support_tables_list html Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix Cisco 100 Megabit Ethernet SFP Modules Compatibility Matrix Cisco Small Form Factor Pluggable Modules Compatibility M...

Page 22: ...xxii Catalyst 3750 Metro Switch Command Reference OL 9645 10 Preface ...

Page 23: ... on the show platform commands see Appendix C Catalyst 3750 Metro Switch Show Platform Commands For more information on Cisco IOS Release 12 2 see the Cisco IOS Release 12 2 Command Summary For task oriented configuration steps see the software configuration guide for this release CLI Command Modes This section describes the CLI command mode structure Command modes support specific Cisco IOS comma...

Page 24: ... enable command Switch To exit to user EXEC mode enter the disable command To enter global configuration mode enter the configure command Global configuration From privileged EXEC mode enter the configure command Switch config To exit to privileged EXEC mode enter the exit or end command or press Ctrl Z To enter interface configuration mode enter the interface configuration command Interface confi...

Page 25: ...e To view a comprehensive list of commands enter a question mark at the prompt Switch To return to user EXEC mode enter the disable privileged EXEC command Global Configuration Mode Global configuration commands apply to features that affect the device as a whole Use the configure privileged EXEC command to enter global configuration mode The default is to enter commands from the management consol...

Page 26: ...ile by using the copy running config startup config privileged EXEC command The configurations of VLAN IDs 1 to 1005 are saved in the VLAN database if VTP is in transparent or server mode The extended range VLAN configurations are not saved in the VLAN database Enter the vlan vlan id global configuration command to access config vlan mode Switch config vlan 2000 Switch config vlan The supported ke...

Page 27: ...turn to privileged EXEC mode enter the end command or press Ctrl Z Commands Changed in Cisco IOS 12 2 25 EY Table 1 2 lists describes the commands that have the same function but different syntax than they did in software releases before Cisco IOS Release 12 2 25 EY Table 1 2 Commands Changed Releases earlier than Cisco IOS Release 12 2 25 EY Cisco IOS Release 12 2 25 EY or later Description debug...

Page 28: ...1 6 Catalyst 3750 Metro Switch Command Reference OL 9645 10 Chapter 1 Using the Command Line Interface Commands Changed in Cisco IOS 12 2 25 EY ...

Page 29: ...llow as the default list for accounting services start stop Send a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process The start accounting record is sent in the background The requested user process begins regardless of whether or not the start accounting notice was received by the accounting server broadcast Enable accounting records to be s...

Page 30: ...face Examples This example shows how to configure 802 1x accounting Switch config aaa accounting dot1x default start stop group radius Switch config Note The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client Related Commands Release Modification 12 2 25 EY This command was introduced Command Description aaa accounting dot1x Sp...

Page 31: ... the client data is validated against a RADIUS authentication server The remaining methods enable AAA to authenticate the client by using locally configured data For example the local and local case methods use the username and password that are saved in the configuration file The enable and line methods use the enable and line passwords for authentication If you specify group radius you must conf...

Page 32: ... contact a RADIUS server If this action returns an error the user is allowed access with no authentication Switch config aaa new model Switch config aaa authentication dot1x default group radius none You can verify your settings by entering the show running config privileged EXEC command Related Commands Command Description aaa new model Enables the AAA access control model For syntax information ...

Page 33: ...ped In access map configuration mode use the match access map configuration command to define the match conditions for a VLAN map Use the action command to set the action that occurs when a packet matches the conditions The drop and forward parameters are not used in the no form of the command Examples This example shows how to identify and apply a VLAN access map vmap4 to VLANs 5 and 6 that cause...

Page 34: ...f 3 Addressing and Services Release 12 2 IP Services Commands ip access list Creates a named access list For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands mac access list extended Creates a named MAC address access list match access map configuration Defines the match conditions for a VLAN map show vlan access map D...

Page 35: ...e image imageonly Download only the Cisco IOS software image leave old sw Keep the old software version after a successful download no set boot Do not alter the setting of the BOOT environment variable to point to the new software image after it is successfully downloaded overwrite Overwrite the software image in flash memory with the downloaded one reload Reload the system after successfully down...

Page 36: ... the download does not occur If the images are different the old image is deleted and the new one is downloaded After downloading a new image enter the reload privileged EXEC command to begin using the new image or specify the reload or force reload option in the archive download sw command Examples This example shows how to download a new image from a TFTP server at 172 20 129 10 and overwrite th...

Page 37: ... or network file system and the name of the tar file to create These options are supported The syntax for the local flash filesystem flash The syntax for the FTP ftp username password location directory tar filename tar The syntax for the Remote Copy Protocol RCP is rcp username location directory tar filename tar The syntax for the TFTP tftp location directory tar filename tar The tar filename ta...

Page 38: ...ename tar The tar filename tar is the tar file to display xtract source url flash file url dir file Extract files from a tar file to the local file system For source url specify the source URL alias for the local file system These options are supported The syntax for the local flash file system flash The syntax for the FTP ftp username password location directory tar filename tar The syntax for th...

Page 39: ...rectory image tv0 mz 121 html foo html 0 bytes image tv0 mz 121 image tv0 mz 121 bin 610856 bytes image tv0 mz 121 info 219 bytes info ver 219 bytes This example shows how to display only the image tv0 mz 121 html directory and its contents Switch archive tar table flash image tv0 m tar image tv0 mz 121 html image tv0 mz 121 html directory image tv0 mz 121 html foo html 0 bytes This example shows ...

Page 40: ... to upload the currently running image to a TFTP server at 172 20 140 2 Switch archive upload sw tftp 172 20 140 2 test image tar Related Commands destination url The destination URL alias for a local or network file system These options are supported The syntax for the local flash file system flash The syntax for the FTP ftp username password location directory image name tar The syntax for the R...

Page 41: ... deny ARP access list configuration section on page 2 66 exit exits ARP access list configuration mode no negates a command or returns to default settings permit specifies packets to forward For more information see the permit ARP access list configuration section on page 2 337 Use the permit and deny access list configuration commands to forward and to drop ARP packets based on the specified matc...

Page 42: ... host 1 1 1 1 mac host 00001 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Command Description deny ARP access list configuration Denies an ARP packet based on matches compared against the DHCP bindings ip arp inspection filter vlan Permits ARP requests and responses from a host configured with a stat...

Page 43: ...P phone and automatically configure QoS for VoIP The QoS labels of inbound packets are trusted only when the phone is detected cisco softphone Identify this port as connected to a device running the Cisco SoftPhone and automatically configure QoS for VoIP trust Identify this port as connected to a trusted switch or router and automatically configure QoS for VoIP The QoS labels of inbound packets a...

Page 44: ... Manager Version 4 or later To take advantage of the auto QoS defaults you should enable auto QoS before you configure other QoS commands You can fine tune the auto QoS configuration after you enable auto QoS Table 2 2 Auto QoS Configuration for the Ingress Queues Ingress Queue Queue Number CoS to Queue Map Queue Weight Bandwidth Queue Buffer Size SRR1 shared 1 SRR shaped round robin Ingress queue...

Page 45: ...t The switch configures ingress queues and the egress queue set on the port according to the settings in Table 2 2 and Table 2 3 When you enter the auto qos voip cisco softphone interface configuration command on a port at the edge of the network that is connected to a device running the Cisco SoftPhone the switch uses policing to decide whether a packet is in or out of profile and to specify the ...

Page 46: ... in inbound packets when the switch or router connected to a port is a trusted device Switch config interface gigabitethernet1 0 1 Switch config if auto qos voip trust You can verify your settings by entering the show auto qos interface interface id privileged EXEC command Related Commands Command Description debug auto qos Enables debugging of the auto QoS feature mls qos cos Defines the default ...

Page 47: ...s qos interface Displays QoS information at the port level srr queue bandwidth shape Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a standard port srr queue bandwidth share Assigns the shared weights and enables bandwidth sharing on the four egress queues mapped to a port Command Description ...

Page 48: ...traffic congestion in the switch If the switch is not congested the class receives more bandwidth than you specify with this command Class based weighted fair queueing CBWFQ derives the weight for packets belonging to the class from the bandwidth allocated to the class CBWFQ then uses the weight to ensure that the queue for the class is serviced fairly Note It is important to remember that hard ba...

Page 49: ...ndwidth or the shape policy map class configuration command before you configure either the queue limit or the random detect policy map class configuration command in a class policy You cannot use the bandwidth queue limit random detect and the shape policy map class configuration commands with the priority policy map class configuration command in the same class within the same policy map However...

Page 50: ...y map privileged EXEC command Related Commands Command Description class Specifies the name of the class whose traffic policy you want to create or change policy map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy priority Enables the strict priority queue and gives priority to a class of traffic belonging to a policy map attached to an ES port q...

Page 51: ...rl no boot config file Syntax Description Defaults The default configuration file is flash config text Command Modes Global configuration Command History Usage Guidelines Filenames and directory names are case sensitive This command changes the setting of the CONFIG_FILE environment variable For more information see Appendix A Catalyst 3750 Metro Switch Boot Loader Commands Related Commands flash ...

Page 52: ...ey on the console Command Modes Global configuration Command History Usage Guidelines When you enter this command you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized Note Despite the setting of this command you can interrupt the automatic boot process at any time by pressing the MODE button on the switch front panel This ...

Page 53: ...ion Command History Usage Guidelines This variable is used only for internal development and testing Filenames and directory names are case sensitive This command changes the setting of the HELPER environment variable For more information see Appendix A Catalyst 3750 Metro Switch Boot Loader Commands Related Commands filesystem Alias for a flash file system Use flash for the system board flash dev...

Page 54: ...t helper config file Syntax Description Defaults No helper configuration file is specified Command Modes Global configuration Command History Usage Guidelines This variable is used only for internal development and testing Filenames and directory names are case sensitive This command changes the setting of the HELPER_CONFIG_FILE environment variable For more information see Appendix A Catalyst 375...

Page 55: ...s Manual booting is disabled Command Modes Global configuration Command History Usage Guidelines The next time you reboot the system the switch is in boot loader mode which is shown by the switch prompt To boot the system use the boot boot loader command and specify the name of the bootable image This command changes the setting of the MANUAL_BOOT environment variable For more information see Appe...

Page 56: ...ing boot private config file filename no boot private config file Syntax Description Defaults The default configuration file is private config Command Modes Global configuration Command History Usage Guidelines Filenames are case sensitive Examples This example shows how to specify the name of the private configuration file to be pconfig Switch config boot private config file pconfig Related Comma...

Page 57: ...tered subdirectory is completely searched before continuing the search in the original directory Command Modes Global configuration Command History Usage Guidelines Filenames and directory names are case sensitive If you are using the archive download sw privileged EXEC command to maintain system images you never need to use the boot system command The boot system command is automatically manipula...

Page 58: ...with another port group in either the active or passive mode auto Enable the Port Aggregation Protocol PAgP only if a PAgP device is detected Auto mode places a port into a passive negotiating state in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation A channel is formed only with another port group in desirable mode When auto is enabled silent operatio...

Page 59: ... you configure an EtherChannel configuration changes that you make on the port channel apply to all the physical ports assigned to the port channel Configuration changes applied to the physical port affect only the port where you apply the configuration To change the parameters of all ports in an EtherChannel apply configuration commands to the port channel for example spanning tree commands or co...

Page 60: ...n Do not enable Layer 3 addresses on the physical EtherChannel ports Do not assign bridge groups on the physical EtherChannel ports because it creates loops Examples This example shows how to configure EtherChannel It assigns ports as static access ports in VLAN 10 to channel 5 with the PAgP mode desirable Switch configure terminal Switch config interface range fastethernet1 0 4 5 Switch config if...

Page 61: ...l group information show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_ command_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command Command Description ...

Page 62: ... use the channel group interface configuration command to configure the EtherChannel parameters The channel group command also can set the mode for the EtherChannel You cannot enable both the PAgP and LACP modes on an EtherChannel group PAgP and LACP are not compatible both ends of a channel must use the same protocol Examples This example shows how to specify LACP as the protocol that manages the...

Page 63: ...d You attach the policy map to a port by using the service policy interface configuration command After you enter the class command the switch enters policy map class configuration mode and these configuration commands are available bandwidth specifies or modifies the minimum bandwidth provided to a class belonging to a policy map For more information see the bandwidth command This command is effe...

Page 64: ...ault as the class name in the class policy map class configuration command You can manipulate the default traffic class for example set policies to police or to shape it just like any other traffic class but you cannot delete it Within a policy map the class default applies to all traffic that is not explicitly matched within the policy map but that does match the parent policy If no parent policy...

Page 65: ... cmap exit Switch config policy map policy1 Switch config pmap class class1 Switch config pmap c bandwidth 2000 Switch config pmap c queue limit 40 Switch config pmap c exit Switch config pmap exit Switch config interface gigabitethernet1 1 1 Switch config if service policy output policy1 For class1 a minimum of 2000 kbps of bandwidth is expected to be delivered to this class in the event of conge...

Page 66: ...l QoS example the first traffic class has only one match statement However hierarchical policy maps can support multiple match statements This example shows how to configure a default traffic class to a policy map Switch configure terminal Switch config class map cm 3 Switch config cmap match ip dscp 30 Switch config cmap match protocol ipv6 Switch config cmap exit Switch config class map cm 4 Swi...

Page 67: ...olicy map that can be attached to multiple ports to specify a service policy priority Enables the strict priority queue and gives priority to a class of traffic belonging to a policy map attached to an ES port queue limit Configures the maximum threshold for tail drop in a policy map attached to an ES port random detect Configures WRED in a policy map attached to an ES port service policy Applies ...

Page 68: ...ches the specified criteria the packet is considered a member of the class and is forwarded according to the quality of service QoS specifications set in the traffic policy You can create up to 4093 class maps After you enter the class map command the switch enters class map configuration mode and these configuration commands are available description describes the class map up to 200 characters T...

Page 69: ...on which is an access list called 103 Switch config access list 103 permit ip any any dscp 10 Switch config class map class1 Switch config cmap match access group 103 Switch config cmap exit This example shows how to delete the class1 class map Switch config no class map class1 You can verify your settings by entering the show class map privileged EXEC command Related Commands Command Description ...

Page 70: ...ults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear the contents of the log buffer Switch clear ip arp inspection log You can verify that the log was cleared by entering the show ip arp inspection log privileged command Related Commands Release Modification 12 2 25 EY This command was introduced Command Description arp access list Defin...

Page 71: ...C Command History Examples This example shows how to clear the statistics for VLAN 1 Switch clear ip arp inspection statistics vlan 1 You can verify that the statistics were deleted by entering the show ip arp inspection statistics vlan 1 privileged EXEC command Related Commands vlan vlan range Optional Clear statistics for the specified VLAN or VLANs You can specify a single VLAN identified by VL...

Page 72: ...ar the DHCP snooping binding database agent statistics Switch clear ip dhcp snooping database statistics You can verify that the statistics were cleared by entering the show ip dhcp snooping database privileged EXEC command This example shows how to clear the DHCP snooping statistics counters Switch clear ip dhcp snooping statistics You can verify that the statistics were cleared by entering the s...

Page 73: ...p snooping Enables DHCP snooping on a VLAN ip dhcp snooping database Configures the DHCP snooping binding database agent or the binding file show ip dhcp snooping binding Displays the status of DHCP snooping database agent show ip dhcp snooping database Displays the DHCP snooping binding database agent statistics show ip dhcp snooping statistics Displays the DHCP snooping statistics ...

Page 74: ...bal configuration command and reload the switch When you configure the DHCPv6 server to detect conflicts it uses ping The client uses neighbor discovery to detect clients and reports to the server through a DECLINE message If an address conflict is detected the address is removed from the pool and is not assigned until the administrator removes the address from the conflict list If you use the ast...

Page 75: ...and to clear protocol tunnel counters on the switch or on the specified interface Examples This example shows how to clear Layer 2 protocol tunnel counters on a port Switch clear l2protocol tunnel counters gigabitethernet1 0 2 You can verify that the information was deleted by entering the show l2protocol tunnel privileged EXEC command Related Commands interface id Optional Specify interface for w...

Page 76: ...clear only the counters for the specified channel group by using the clear lacp channel group number counters command Examples This example shows how to clear all channel group information Switch clear lacp counters This example shows how to clear LACP traffic counters for group 4 Switch clear lacp 4 counters You can verify that the information was deleted by entering the show lacp counters or the...

Page 77: ...y that the information was deleted by entering the show mac address table privileged EXEC command Related Commands dynamic Delete all dynamic MAC addresses dynamic address mac addr Optional Delete the specified dynamic MAC address dynamic interface interface id Optional Delete all dynamic MAC addresses on the specified physical port or port channel dynamic vlan vlan id Optional Delete all dynamic ...

Page 78: ...aults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear the mac address table move update related counters Switch clear mac address table move update You can verify that the information was cleared by entering the show mac address table move update privileged EXEC command Related Commands Release Modification 12 2 25 SED This command was i...

Page 79: ...mmand or you can clear only the counters for the specified channel group by using the clear pagp channel group number counters command Examples This example shows how to clear all channel group information Switch clear pagp counters This example shows how to clear PAgP traffic counters for group 10 Switch clear pagp 10 counters You can verify that information was deleted by entering the show pagp ...

Page 80: ...the interface by using the clear rep counters interface interface id command When you enter the clear rep counters command only the counters visible in the output of the show interface rep detail command are cleared SNMP visible counters are not cleared as they are read only Examples This example shows how to clear all REP counters for all REP interfaces Switch clear rep counters You can verify th...

Page 81: ...d History Usage Guidelines If the interface id is not specified spanning tree counters are cleared for all interfaces Examples This example shows how to clear spanning tree counters for all interfaces Switch clear spanning tree counters Related Commands interface interface id Optional Clear all spanning tree counters on the specified interface Valid interfaces include physical ports VLANs and port...

Page 82: ...panning tree MST switch can also detect that an interface is at the boundary of a region when it receives a legacy BPDU an MST BPDU version 3 associated with a different region or a rapid spanning tree RST BPDU version 2 However the switch does not automatically revert to the rapid PVST or the MSTP mode if it no longer receives 802 1D BPDUs It cannot detect whether the legacy switch has been remov...

Page 83: ...s no arguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear VLAN Membership Policy Server VMPS statistics Switch clear vmps statistics You can verify that information was deleted by entering the show vmps statistics privileged EXEC command Related Commands Release Modification 12 1 14 AX This command was introduce...

Page 84: ...ription This command has no arguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This example shows how to clear the VTP counters Switch clear vtp counters You can verify that information was deleted by entering the show vtp counters privileged EXEC command Related Commands Release Modification 12 1 14 AX This command was introduced Command De...

Page 85: ...onfiguration applies to both IP and non IP traffic When you configure the switch to trust or change DSCP or precedence but not CoS the configuration applies only to IP traffic When you configure the switch to trust CoS and trust or change DSCP or precedence then trust CoS applies to non IP traffic and trust or change DSCP or precedence applies to IP traffic The cpu traffic qos cos global configura...

Page 86: ...generated traffic cpu traffic qos precedence Configures the precedence for CPU generated traffic mls qos map Configures a global map to set CoS DSCP and precedence values for CPU generated traffic show cpu traffic qos Displays the QoS marking values configured for CPU generated traffic show mls qos maps Displays information for all global maps show running config Displays the configured global map...

Page 87: ...ng to the global mutation map configuration When you configure the switch to trust CoS the configuration applies to both IP and non IP traffic When you configure the switch to trust or change DSCP or precedence but not CoS the configuration applies only to IP traffic When you configure the switch to trust CoS and trust or change DSCP or precedence then trust CoS applies to non IP traffic and trust...

Page 88: ...lues af41 34 af42 36 and af43 38 are assigned DSCP value 48 All other IP and non IP traffic is processed by the default configuration Maps Switch config mls qos Switch config mls qos map dscp mutation mapname 0 to 30 Switch config mls qos map dscp mutation mapname 34 36 38 to 48 CPU QoS Switch config cpu traffic qos dscp dscp mutation mapname Related Commands Command Description cpu traffic qos co...

Page 89: ...s feature must be configured globally for a switch it cannot be configured per port or per protocol Enter each cpu traffic qos marking action on a separate line The trust keyword configures the switch to trust the incoming CoS DSCP or precedence value and mark the packet according to the global map configuration precedence value Configure the precedence value The range is from 0 to 7 If no precede...

Page 90: ...traffic Switch config cpu traffic qos precedence 2 This example shows how to configure the switch to trust the precedence value of incoming CPU generated packets Switch config cpu traffic qos precedence trust This example shows how to mark the precedence of CPU generated IP traffic including IP SLA and TWAMP based on the precedence value in the packet The example has these results All CPU generate...

Page 91: ...nge use this format type first interface last interface You must add a space between the first interface number and the hyphen when entering an interface range For example fastethernet1 0 1 5 is a valid range fastethernet1 0 1 5 is not a valid range Valid values for type and interface vlan vlan id where vlan id is from 1 to 4094 VLAN interfaces must have been configured with the interface vlan com...

Page 92: ...y before the comma The space after the comma is optional for example fastethernet1 0 3 gigabitethernet1 0 1 2 fastethernet1 0 3 4 gigabitethernet1 0 1 2 Examples This example shows how to create a multiple interface macro Switch config define interface range macro1 fastethernet1 0 1 2 fastethernet1 0 5 Related Commands Command Description interface range Executes a command on multiple ports at the...

Page 93: ...firmation on destructive file operations For more information about this command see the Cisco IOS Command Reference for Release 12 2 Examples This example shows how to remove the directory that contains the old software image after a successful download of a new image Switch delete force recursive flash old image You can verify that the directory was removed by entering the dir filesystem privile...

Page 94: ... host target mac target mac target mac mask log This command is available only if your switch is running the enhanced multilayer image EMI Syntax Description Defaults There are no default settings However at the end of the ARP access list there is an implicit deny ip any mac any command Command Modes ARP access list configuration request Optional Define a match for the ARP request When request is ...

Page 95: ...ig arp access list static hosts Switch config arp nacl deny ip host 1 1 1 1 mac host 0000 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Release Modification 12 2 25 EY This command was introduced Command Description arp access list Defines an ARP access control list ACL ip arp inspection filter vlan P...

Page 96: ...log log input routing sequence value time range name Transmission Control Protocol deny tcp source ipv6 prefix prefix length any host source ipv6 address operator port number destination ipv6 prefix prefix length any host destination ipv6 address operator port number ack dscp value established fin log log input neq port protocol psh range port protocol rst routing sequence value syn time range nam...

Page 97: ...in hexadecimal using 16 bit values between colons host destination ipv6 address The destination IPv6 host address for which to set deny conditions This destination ipv6 address argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16 bit values between colons dscp value Optional Match a differentiated services code point value against the traffic c...

Page 98: ...s that are filtered by ICMP message type can also be filtered by the ICMP message code The code is a number from 0 to 255 icmp message Optional Specify an ICMP message name for filtering ICMP packets ICMP packets can be filtered by an ICMP message name or an ICMP message type and code The possible names are listed in the Usage Guidelines section ack Optional Only for the TCP protocol Acknowledgmen...

Page 99: ...nd to deny icmp any any nd na or icmp any any nd ns there must be an explicit deny entry in the ACL For the three implicit statements to take effect an IPv6 ACL must contain at least one entry The IPv6 neighbor discovery process uses the IPv6 network layer service Therefore by default IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface In IPv4 the Add...

Page 100: ... The second permit entry is necessary because an implicit deny all condition is at the end of each IPv6 access list Switch config ipv6 access list CISCO Switch config ipv6 acl deny tcp any any gt 5000 Switch config ipv6 acl deny 0 lt 5000 0 log Switch config ipv6 acl permit icmp any any Switch config ipv6 acl permit any any Switch config ipv6 acl exit Switch config interface gigabitethernet0 2 Swi...

Page 101: ...source address for a packet matches the defined address non IP traffic from that address is denied host dst MAC addr dst MAC addr mask Define a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied type mask Optional Use the Ethertype number of a packet with Ethernet II or SNAP encapsulation to ...

Page 102: ...y the protocol of the packet mask is a mask of don t care bits applied to the LSAP number before testing for a match mop console Optional Select EtherType DEC MOP Remote Console mop dump Optional Select EtherType DEC MOP Dump msdos Optional Select EtherType DEC MSDOS mumps Optional Select EtherType DEC MUMPS netbios Optional Select EtherType DEC Network Basic Input Output System NETBIOS vines echo...

Page 103: ...ftware configuration guide for this release Examples This example shows how to define the named MAC extended access list to deny NETBIOS traffic from any source to MAC address 00c0 00a0 03fa Traffic matching this list is denied Switch config ext macl deny any host 00c0 00a0 03fa netbios This example shows how to remove the deny condition from the named MAC extended access list Switch config ext ma...

Page 104: ...e the maximum number of authentication attempts allowed by the VLAN the change takes effect after the re authentication timer expires Examples This example shows how to set 2 as the maximum number of authentication attempts allowed before the port is moved to the restricted VLAN on port 3 Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gi...

Page 105: ...ted Commands Command Description dot1x auth fail vlan vlan id Enables the optional restricted VLAN feature dot1x max reauth req count Sets the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 106: ... might not detect any new hosts until the next re authentication attempt occurs If the supplicant fails authentication the port is moved to a restricted VLAN and an EAP success message is sent to the supplicant Because the supplicant is not notified of the actual authentication failure there might be confusion about this restricted network access An EAP success message is sent for these reasons If...

Page 107: ...he restricted VLAN is inactive all authentication attempts are counted so that when the restricted VLAN becomes active the port is immediately placed in the restricted VLAN The restricted VLAN is supported only in single host mode the default port mode For this reason when a port is placed in a restricted VLAN the supplicant s MAC address is added to the MAC address table and any other MAC address...

Page 108: ...s The periodic re authentication is disabled The quiet period is 60 seconds The retransmission time is 30 seconds The maximum retransmission number is 2 times The host mode is single host The client timeout period is 30 seconds The authentication server timeout period is 30 seconds Command Modes Interface configuration Command History Examples This example shows how to reset the configurable 802 1...

Page 109: ...during the lifetime of the link the guest VLAN feature is disabled If the port is already in the guest VLAN state the port is returned to the unauthorized state and authentication is restarted The EAPOL history is reset upon loss of link Entering the dot1x guest vlan supplicant global configuration command disables this behavior Any number of non IEEE 802 1x capable clients are allowed access when...

Page 110: ...yst 3750 Metro Switch Cisco IOS Commands dot1x guest vlan You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands Command Description show dot1x interface interface id Displays 802 1x status for the specified port ...

Page 111: ...s mode only one of the attached hosts must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized re authentication fails or an Extensible Authentication Protocol over LAN EAPOL logoff message is received all attached clients are denied access to the network Before entering this command make sure that the dot1x port control interface configuration co...

Page 112: ...lyst 3750 Metro Switch Cisco IOS Commands dot1x host mode You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands Command Description show dot1x interface interface id Displays 802 1x status for the specified port ...

Page 113: ...ge Guidelines Use this command to initialize the 802 1x state machines and to set up a fresh environment for authentication After you enter this command the port status becomes unauthorized There is no no form of this command Examples This example shows how to manually initialize a port Switch dot1x initialize interface gigabitethernet1 0 2 You can verify the unauthorized port status by entering t...

Page 114: ... This example shows how to set 4 as the number of times that the switch restarts the authentication process before the port transitions to the unauthorized state Switch config if dot1x max reauth req 4 You can verify your settings by entering the show dot1x interface interface id privileged EXEC command Related Commands count Number of times that the switch restarts the authentication process befo...

Page 115: ...st for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Examples This example shows how to set 5 as the number of times that the switch sends an EAP frame before restarting the authentication process Switch config if dot1x max req 5 You can verify your settings by entering the show dot1x interface interface id privileged...

Page 116: ...A port in dynamic mode can negotiate with its neighbor to become a trunk port If you try to enable 802 1x on a dynamic port an error message appears and 802 1x is not enabled If you try to change the mode of an 802 1x enabled port to dynamic an error message appears and the port mode is not changed Dynamic access ports If you try to enable 802 1x on a dynamic access VLAN Query Protocol VQP port an...

Page 117: ... 802 1x on a port that is a SPAN or RSPAN destination port However 802 1x is disabled until the port is removed as a SPAN or RSPAN destination You can enable 802 1x on a SPAN or RSPAN source port To globally disable 802 1x on the switch use the no dot1x system auth control global configuration command To disable 802 1x on a specific port use the no dot1x port control interface configuration comman...

Page 118: ...cription Defaults There is no default setting Command Modes Privileged EXEC Command History Usage Guidelines You can use this command to re authenticate a client without waiting for the configured number of seconds between re authentication attempts re authperiod and automatic re authentication Examples This example shows how to manually re authenticate the device connected to a port Switch dot1x ...

Page 119: ...tication attempts by using the dot1x timeout reauth period interface configuration command Examples This example shows how to disable periodic re authentication of the client Switch config if no dot1x reauthentication This example shows how to enable periodic re authentication and to set the number of seconds between re authentication attempts to 4000 seconds Switch config if dot1x reauthenticatio...

Page 120: ...cast EAPoL packets when it receives unicast EAPOL packets Similarly it sends multicast EAPOL packets when it receives multicast EAPOL packets Command Modes Global configuration Command History Usage Guidelines Enable this command on the supplicant switch for Network Edge Access Topology NEAT to work in all host modes Examples This example shows how force a supplicant switch to send multicast EAPOL...

Page 121: ...e Guidelines You must enable authentication authorization and accounting AAA and specify the authentication method list before globally enabling 802 1x A method list describes the sequence and authentication methods to be queried to authenticate a user Examples This example shows how to globally enable 802 1x on a switch Switch config dot1x system auth control You can verify your settings by enter...

Page 122: ...IEEE 802 1x capability of the devices connected to all ports or to specific ports on a switch There is not a no form of this command Examples This example shows how to enable the IEEE 802 1x readiness check on a switch to query a port It also shows the response received from the queried port verifying that the device connected to it is IEEE 802 1x capable switch dot1x test eapol capable interface ...

Page 123: ...s Use this command to configure the timeout used to wait for EAPOL response There is not a no form of this command Examples This example shows how to configure the switch to wait 27 seconds for an EAPOL response Switch dot1x test timeout 27 You can verify the timeout configuration status by entering the show run privileged EXEC command Related Commands timeout Time in seconds to wait for an EAPOL ...

Page 124: ...s unreliable links or specific behavioral problems with certain clients and authentication servers quiet period seconds Number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client The range is 1 to 65535 reauth period seconds Number of seconds between re authentication attempts The range is 1to 65535 server timeout seconds Number of secon...

Page 125: ...ws how to set 30 seconds as the quiet time on the switch Switch config if dot1x timeout quiet period 30 This example shows how to set 25 seconds as the switch to authentication server retransmission time Switch config dot1x timeout server timeout 25 This example shows how to set 25 seconds as the switch to client retransmission time for the EAP request frame Switch config if dot1x timeout supp tim...

Page 126: ...nd to shut down when a new device connects to the port Switch config if dot1x violation mode shutdown This example shows how to configure an IEEE 802 1x enabled port to generate a system error message and change the port to restricted mode when a new device connects to the port Switch config if dot1x violation mode restrict This example shows how to configure an IEEE 802 1x enabled port to ignore ...

Page 127: ...ch Command Reference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands dot1x violation mode Related Commands Command Description show dot1x interface interface id Displays IEEE 802 1x status for the specified port ...

Page 128: ...ends on the device to which the switch is attached If both ends of the line support autonegotiation we highly recommend using the default autonegotiation settings If one interface supports autonegotiation and the other end does not configure duplex and speed on both interfaces do use the auto setting on the supported side If the speed is set to auto the switch negotiates with the device at the oth...

Page 129: ...erface in half duplex mode the default because the 100BASE FX SFP module does not support autonegotiation Note The 100BASE FX SFP modules are not supported on the ES ports Caution Changing the interface speed and duplex mode configuration might shut down and reenable the interface during the reconfiguration For guidelines on setting the switch speed and duplex parameters see the Configuring Interf...

Page 130: ...nterface is placed in an error disabled state an operational state that is similar to link down state When a port is error disabled it is effectively shut down and no traffic is sent or received on the port If you set a recovery mechanism for the cause by entering the errdisable recovery global configuration command for the cause the interface is brought out of the error disabled state and allowed...

Page 131: ...etection for the link flap error disabled cause Switch config errdisable detect cause link flap You can verify your setting by entering the show errdisable detect privileged EXEC command Related Commands Command Description show errdisable detect Displays errdisable detection information show interfaces status err disabled Displays interface status or a list of interfaces in the error disabled sta...

Page 132: ...s This feature is disabled Command Modes Global configuration Command History Usage Guidelines This command globally enables the small frame arrival feature Use the small violation rate interface configuration command to set the threshold for each port You can configure the port to be automatically re enabled by using the errdisable recovery cause small frame global configuration command You confi...

Page 133: ... recovery cause small frame Enables the recovery timer errdisable recovery interval interval Specifies the time to recover from the specified error disabled state show interfaces Displays the interface settings on the switch including input and output flow control small frame violation rate Configures the rate threshold for incoming small frames to cause a port to be put into the error disabled st...

Page 134: ...elines This command enables the recovery timer for error disabled ports You configure the recovery time by using the errdisable recovery interval interval interface configuration command Examples This example shows how to set the recovery timer Switch config errdisable recovery cause small frame You can verify your setting by entering the show interfaces user EXEC command Related Commands Release ...

Page 135: ...imer to recover from the Dynamic Trunking Protocol DTP flap error disable state gbic invalid Enable the timer to recover from an invalid GBIC error disable state This error refers to an invalid small form factor pluggable SFP interface state l2ptguard Enable the timer to recover from a Layer 2 protocol tunnel error disable state link flap Enable the timer to recover from the link flap error disabl...

Page 136: ...led state until you enter a shutdown and no shutdown interface configuration command If you enable the recovery for a cause the interface is brought out of the error disabled state and allowed to retry the operation again when all the causes have timed out Otherwise you must enter the shutdown then no shutdown commands to manually recover an interface from the error disabled state Examples This ex...

Page 137: ...figuration mode and returns to global configuration mode no negates a command or returns a command to its default setting oam protocol cfm svlan configures the Ethernet operation administration and maintenance OAM protocol as IEEE 802 1ag Connectivity Fault Management CFM and sets parameters See the oam protocol cfm svlan command uni count configures a UNI count for the EVC See the uni count comma...

Page 138: ...an entire device The benefit of this command is that you can enable Ethernet LMI on all interfaces with one command instead of enabling Ethernet LMI separately on each interface To enable the interface in CE mode you must also enter the ethernet lmi ce global configuration command To disable Ethernet LMI on a specific interface after you have entered the ethernet lmi global command enter the no et...

Page 139: ...er edge mode unless you also enter the ethernet lmi ce command When the switch is configured as an Ethernet LMI CE device these interface configuration commands and keywords are visible but not supported service instance ethernet uni ethernet lmi t392 Examples This example shows how to configure the switch as an Ethernet LMI CE device Switch config ethernet lmi global Switch config ethernet lmi ce...

Page 140: ...ltiplex interface configuration command Using the default UNI attribute bundling and multiplexing supports multiple EVCs and multiple VLANs Entering the ethernet uni bundle command supports only one EVC with one or more VLANs Entering the ethernet uni bundle all to one command supports multiple VLANs but only one EVC If you use the ethernet lmi ce vlan map any Ethernet service configuration comman...

Page 141: ...o map EVC test to customer VLAN 101 in service instance 333 on the interface Switch config if service instance 333 ethernet test Switch config if srv ethernet lmi ce vlan map 101 Related Commands Command Description service instance id ethernet Defines an Ethernet service instance and enters Ethernet service configuration mode show ethernet service instance Displays information about configured Et...

Page 142: ...vice disables Ethernet OAM on the interface The Catalyst 3750 Metro switch does not generate Link Fault or Critical Event OAM PDUs However if these PDUs are received from a link partner they are processed The switch supports generating and receiving Dying Gasp OAM PDUs when Ethernet OAM is disabled the interface is shut down the interface enters the error disabled state or the switch is reloading ...

Page 143: ... error disable interface Switch config template exit Switch config interface gigabitethernet 0 1 Switch config if source template oam1 Switch config if exit This example shows how to configure an Ethernet OAM remote failure indication on one interface for unrecoverable errors Switch config interface gigabitethernet 0 1 Switch config if ethernet oam remote failure dying gasp action error disable in...

Page 144: ...opriately When you configure change or remove a UNI service type the EVC and CE VLAN ID configurations are checked to ensure that the configurations and the UNI service types match If the configurations do not match the command is rejected If you intend to use the ethernet lmi ce vlan map any service configuration command you must first configure all to one bundling on the interface See the ethern...

Page 145: ...rence OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands ethernet uni Related Commands Command Description show ethernet service interface Displays information about Ethernet service instances on an interface including service type ...

Page 146: ...efault name for all maintenance end points MEPs configured on the port You must enter the ethernet uni id name command on all ports that are directly connected to customer edge CE devices If the specified ID is not unique on the device an error message appears Examples This example shows how to identify a unique UNI Switch config if ethernet uni id test2 Related Commands name Identify an Ethernet ...

Page 147: ... rates during congestion you are setting flow control on a port to one of these conditions receive on or desired The port cannot send out pause frames but can operate with an attached device that is required to or is able to send pause frames the port is able to receive pause frames receive off Flow control does not operate in either direction In case of congestion no indication is given to the li...

Page 148: ...eive on send desired receive off send off receive on send off receive off Receives only Receives only Receives only Receives only Receives only Does not send or receive Sends and receives Sends only Sends and receives Sends only Receives only Does not send or receive send off receive off send on receive on send on receive off send desired receive on send desired receive off send off receive on sen...

Page 149: ... the channel group command dynamically creates a new port channel You create Layer 3 port channels by using the interface port channel command followed by the no switchport interface configuration command You should manually configure the port channel logical interface before putting the interface into the channel group Only one port channel in a channel group is allowed Caution When using a port ...

Page 150: ...g the show running config privileged EXEC or show etherchannel channel group number detail privileged EXEC command Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group show etherchannel Displays EtherChannel information for a channel show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release...

Page 151: ... command VLANs not displayed cannot be used in the interface range command The commands entered under interface range command are applied to all existing VLAN SVIs in the range All configuration changes made to an interface range are saved to NVRAM but the interface range itself is not saved to NVRAM You can enter the interface range in two ways Specifying up to five interface ranges Specifying a ...

Page 152: ...macro and an interface range in the same command A single interface can also be specified in port range this would make the command similar to the interface interface id global configuration command Note For more information about configuring interface ranges see the software configuration guide for this release Examples This example shows how to use the interface range command to enter interface ...

Page 153: ...al port If you delete an SVI by entering the no interface vlan vlan id command the deleted interface is no longer visible in the output from the show interfaces privileged EXEC command You can reinstate a deleted SVI by entering the interface vlan vlan id command for the deleted interface The interface comes back up but much of the previous configuration will be gone The interrelationship between ...

Page 154: ...erence OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands interface vlan Related Commands Command Description show interfaces vlan vlan id Displays the administrative and operational status of all interfaces or the specified VLAN ...

Page 155: ...dard access lists ranging from 1 to 99 and 1300 to 1999 or extended access lists ranging from 100 to 199 and 2000 to 2699 You can use this command to apply an access list to a Layer 2 or Layer 3 interface However note these limitations for Layer 2 interfaces port ACLs You can only apply ACLs in the inbound direction the out keyword is not supported for Layer 2 interfaces You can only apply one IP ...

Page 156: ... routed IP packets are filtered by both the VLAN map and the router ACL Other packets are filtered only by the VLAN map You can apply IP ACLs to both outbound or inbound Layer 3 interfaces A Layer 3 interface can have one IP ACL applied in each direction You can configure only one VLAN map and one router ACL in each direction input output on a VLAN interface For standard inbound access lists after...

Page 157: ...ax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands show access lists Displays ACLs configured on the switch show ip access lists Displays IP ACLs configured on the switch For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands show ip interface Disp...

Page 158: ...p address command If the switch detects another host using one of its IP addresses it will send an error message to the console You can use the optional keyword secondary to specify an unlimited number of secondary addresses Secondary addresses are treated like primary addresses except the system never generates datagrams other than routing updates with secondary source addresses IP broadcasts and...

Page 159: ... resources based on templates and feature tables For more information see the sdm prefer command Examples This example shows how to configure the IP address for the Layer 2 switch on a subnetted network Switch config interface vlan 1 Switch config if ip address 172 20 128 2 255 255 255 0 This example shows how to configure the IP address for a port on the Layer 3 switch Switch config ip multicast ...

Page 160: ...l other packet types are bridged in the ingress VLAN without validation If the switch denies a packet because of an explicit deny statement in the ACL the packet is dropped If the switch denies a packet because of an implicit deny statement the packet is then compared against the list of DHCP bindings unless the ACL is static which means that packets are not compared against the bindings Use the a...

Page 161: ...ring the show ip arp inspection vlan 1 privileged EXEC command Related Commands Command Description arp access list Defines an ARP ACL deny ARP access list configuration Denies an ARP packet based on matches against the DHCP bindings permit MAC access list configuration Permits an ARP packet based on matches against the DHCP bindings show arp access list Displays detailed information about ARP acc...

Page 162: ...plies to both trusted and untrusted interfaces Configure appropriate rates on trunks to process packets across multiple dynamic ARP inspection enabled VLANs or use the none keyword to make the rate unlimited After a switch receives more than the configured rate of packets every second consecutively over a number of burst seconds the interface is placed into an error disabled state Unless you expli...

Page 163: ...the incoming rate of ARP packets from all channel members Configure the rate limit for EtherChannel ports only after examining the rate of incoming ARP packets on all the channel members Examples This example shows how to limit the rate of incoming ARP requests on a port to 25 pps and to set the interface monitoring interval to 5 consecutive seconds Switch config interface gigabitethernet1 0 1 Swi...

Page 164: ...he interval seconds is 4 the switch generates system messages for five entries every second while there are entries in the log buffer A log buffer entry can represent more than one packet For example if an interface receives many packets on the same VLAN with the same ARP parameters the switch combines the packets as one entry in the log buffer and generates a system message as a single entry If t...

Page 165: ...enerates system messages for five entries every second while there are entries in the log buffer Switch config ip arp inspection log buffer logs 20 interval 4 You can verify your settings by entering the show ip arp inspection log privileged EXEC command Related Commands Command Description arp access list Defines an ARP access control list ACL clear ip arp inspection log Clears the dynamic ARP in...

Page 166: ...n Command History Usage Guidelines The switch does not check ARP packets that it receives on the trusted interface it simply forwards the packets For untrusted interfaces the switch intercepts all ARP requests and responses It verifies that the intercepted packets have valid IP to MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination T...

Page 167: ...mands Command Description ip arp inspection log buffer Configures the dynamic ARP inspection logging buffer show ip arp inspection interfaces Displays the trust state and the rate limit of ARP packets for the specified interface or all interfaces show ip arp inspection log Displays the configuration and contents of the dynamic ARP inspection log buffer ...

Page 168: ... MAC address in the ARP body This check is performed on both ARP requests and responses When enabled packets with different MAC addresses are classified as invalid and are dropped dst mac Compare the destination MAC address in the Ethernet header against the target MAC address in ARP body This check is performed for ARP responses When enabled packets with different MAC addresses are classified as ...

Page 169: ... deny ARP probes they are dropped even if the allow zero keyword is specified If you configure an ARP ACL that specifically permits ARP probes and configure the ip arp inspection validate ip command ARP probes are dropped unless you enter the allow zeros keyword The no form of the command disables only the specified checks If none of the options are enabled all checks are disabled Examples This ex...

Page 170: ... You must specify the VLANs on which to enable dynamic ARP inspection Dynamic ARP inspection is supported on access ports trunk ports EtherChannel ports and private VLAN ports Examples This example shows how to enable dynamic ARP inspection on VLAN 1 Switch config ip arp inspection vlan 1 You can verify your setting by entering the show ip arp inspection vlan vlan range privileged EXEC command Rel...

Page 171: ...u can specify a single VLAN identified by VLAN ID number a range of VLANs separated by a hyphen or a series of VLANs separated by a comma The range is 1 to 4094 acl match matchlog none Specify that the logging of packets is based on access control list ACL matches The keywords have these meanings matchlog Log packets based on the logging configuration specified in the access control entry ACE If y...

Page 172: ... overrides the DHCP bindings Some denied packets might not be logged unless you explicitly specify the deny ip any mac any log ACE at the end of the ARP ACL Examples This example shows how to configure ARP inspection on VLAN 1 to log packets that match the permit commands in the ACL Switch config arp access list test1 Switch config arp nacl permit request ip any mac any log Switch config arp nacl ...

Page 173: ...ce tracking is enabled you can set the IP device tracking probe interval count and configure the ARP probe address with the ip device tracking probe command Use the show ip device tracking all command to display information about entries in the IP device tracking table For more information about this command see the Cisco IOS Security Command Reference Release 12 4T Examples This example shows how...

Page 174: ...ration commands one per line End with CNTL Z Switch config ip device tracking Switch config interface gigabitethernet1 0 3 Switch config if switchport mode access Switch config if switchport access vlan 1 Switch config if ip device tracking maximum 5 Switch config if switchport port security Switch config if switchport port security maximum 5 Switch config if ip verify source tracking port securit...

Page 175: ...t the switch waits for a response before resending the ARP probe The range is from 30 to 1814400 seconds Use the use svi keyword option to configure the IP device tracking table to use the SVI IP address for ARP probes in cases when the default source ip address 0 0 0 0 for switch ports is used and the ARP probes drop Use the show ip device tracking all command to display information about entries...

Page 176: ...nd Reference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands ip device tracking probe Related Commands Command Description show ip device tracking all Displays information about the entries in the IP device tracking table ...

Page 177: ...lines For any DHCP snooping configuration to take effect you must globally enable DHCP snooping DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan vlan id global configuration command Examples This example shows how to enable DHCP snooping Switch config ip dhcp snooping You can verify your settings by entering the show ip dhcp snooping privileged EXE...

Page 178: ...nterface to which the binding applies and the VLAN to which the interface belongs The database can have up to 512 bindings Use the show ip dhcp snooping binding privileged EXEC command to display only the dynamically configured bindings Use the show ip source binding privileged EXEC command to display the dynamically and statically configured bindings Examples This example shows how to generate a ...

Page 179: ... Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN show ip dhcp snooping binding Displays the dynamically configured bindings in the DHCP snooping binding database and the configuration information show ip igmp snooping groups Displays the dynamically and statically configured bindings in the DHCP snooping binding database ...

Page 180: ...have up to 512 bindings To ensure that the lease time in the database is accurate we recommend that Network Time Protocol NTP is enabled and configured for these features NTP authentication NTP peer and server associations flash filename Specify that the database agent or the binding file is in the flash memory ftp user password host filename Specify that the database agent or the binding file is ...

Page 181: ...switch NVRAM Use the no ip dhcp snooping database command to disable the agent Use the no ip dhcp snooping database timeout command to reset the timeout value Use the no ip dhcp snooping database write delay command to reset the write delay value Examples This example shows how to store a binding file at an IP address of 10 1 1 1 that is in a directory called directory A file named file must be pr...

Page 182: ...port identifier vlan mod port from which the packet is received circuit ID suboption The switch forwards the DHCP request that includes the option 82 field to the DHCP server When the DHCP server receives the packet it can use the remote ID the circuit ID or both to assign IP addresses and implement policies such as restricting the number of IP addresses that can be assigned to a single remote ID ...

Page 183: ...apter 2 Catalyst 3750 Metro Switch Cisco IOS Commands ip dhcp snooping information option Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration show ip dhcp snooping binding Displays the DHCP snooping binding information ...

Page 184: ... of your network You might also want to enable DHCP security features such as DHCP snooping IP source guard or dynamic Address Resolution Protocol ARP inspection on an aggregation switch However if DHCP snooping is enabled on the aggregation switch the switch drops packets with option 82 information that are received on an untrusted port and does not learn DHCP snooping bindings for connected devi...

Page 185: ...not check the option 82 information in untrusted packets from an edge switch and to accept the packets Switch config ip dhcp snooping information option allowed untrusted You can verify your settings by entering the show ip dhcp snooping privileged EXEC command Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration show ip dhcp snooping binding Displays...

Page 186: ...ooping configuration to take effect When the option 82 feature is enabled the default remote ID suboption is the switch MAC address This command allows you to configure either the switch hostname or a string of up to 63 ASCII characters but no spaces to be the remote ID Note If the hostname exceeds 63 characters it will be truncated to 63 characters in the remote ID configuration Examples This exa...

Page 187: ...ace rate limits to a higher value If the rate limit is exceeded the interface is error disabled If you enabled error recovery by entering the errdisable recovery dhcp rate limit global configuration command the interface retries the operation again when all the causes have timed out If the error recovery mechanism is not enabled the interface stays in the error disabled state until you enter the s...

Page 188: ...s disabled Command Modes Interface configuration Command History Usage Guidelines Configure as trusted ports those that are connected to a DHCP server or to other switches or routers Configure as untrusted ports those that are connected to DHCP clients Examples This example shows how to enable DHCP snooping trust on a port Switch config if ip dhcp snooping trust You can verify your settings by ent...

Page 189: ...P packet that is received on untrusted ports matches the client hardware address in the packet Command Modes Global configuration Command History Usage Guidelines In a service provider network when a switch receives a packet from a DHCP client on an untrusted port it automatically verifies that the source MAC address and the DHCP client hardware address match If the addresses match the switch forw...

Page 190: ...ing on a VLAN Examples This example shows how to enable DHCP snooping on VLAN 10 Switch config ip dhcp snooping vlan 10 You can verify your settings by entering the show ip dhcp snooping privileged EXEC command Related Commands vlan vlan range Specify a VLAN ID or a range of VLANs on which to enable DHCP snooping The range is 1 to 4094 You can enter a single VLAN ID identified by VLAN ID number a ...

Page 191: ... enable DHCP snooping by using the ip dhcp snooping global configuration command for any DHCP snooping configuration to take effect When the option 82 feature is enabled the default circuit ID suboption is the switch VLAN and port identifier in the format vlan mod port This command allows you to configure a string of ASCII characters to be the circuit ID When you want to override the vlan mod port...

Page 192: ...cuit ID override suboption Switch config if ip dhcp snooping vlan 250 information option format type circuit id override string testcustomer You can verify your settings by entering the show ip dhcp snooping user EXEC command Note The show ip dhcp snooping command only displays the global command output including a remote ID configuration It does not display any per interface per VLAN string that ...

Page 193: ...d Modes Interface configuration Command History Usage Guidelines You can apply IGMP filters only to Layer 2 physical interfaces you cannot apply IGMP filters to routed ports switch virtual interfaces SVIs or ports that belong to an EtherChannel group An IGMP profile can be applied to one or more switch port interfaces but one port can have only one profile applied to it Examples This example shows...

Page 194: ...umber show ip dhcp snooping statistics Displays the characteristics of the specified IGMP profile show running config interface interface id Displays the running configuration on the switch interface including the IGMP profile if any that is applied to an interface For syntax information select Cisco IOS Configuration Fundamentals Command Reference Release 12 2 File Management Commands Configurati...

Page 195: ...tion Command History Usage Guidelines You can use this command only on Layer 2 physical interfaces and on logical EtherChannel interfaces You cannot set IGMP maximum groups for routed ports switch virtual interfaces SVIs or ports that belong to an EtherChannel group Follow these guidelines when configuring the IGMP throttling action If you configure the throttling action as deny and set the maximu...

Page 196: ...fig interface gigabitethernet1 0 2 Switch config if ip igmp max groups 25 This example shows how to configure the switch to replace the existing group with the new group for which the IGMP report was received when the maximum number of entries is in the forwarding table Switch config interface gigabitethernet2 0 1 Switch config if ip igmp max groups action replace You can verify your setting by us...

Page 197: ...ese commands deny specifies that matching addresses are denied this is the default condition exit exits from igmp profile configuration mode no negates a command or resets to its defaults permit specifies that matching addresses are permitted range specifies a range of IP addresses for the profile This can be a single IP address or a range with a start and an end address When entering a range ente...

Page 198: ...st 3750 Metro Switch Cisco IOS Commands ip igmp profile Related Commands Command Description ip igmp filter Applies the IGMP profile to the specified interface show ip dhcp snooping statistics Displays the characteristics of all IGMP profiles or the specified IGMP profile number ...

Page 199: ...he existing VLAN interfaces When IGMP snooping is globally disabled it is disabled on all the existing VLAN interfaces VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping Examples This example shows how to globally enable IGMP snooping Switch config ip igmp snooping This example shows how to enable IGMP snooping on VLAN 1 Switch config ip igmp snoop...

Page 200: ...talyst 3750 Metro Switch Cisco IOS Commands ip igmp snooping show ip igmp snooping groups Displays the IGMP snooping router ports show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch Command Description ...

Page 201: ...m a multicast enabled device Command Modes Global configuration Command History vlan vlan id Optional Enable IGMP snooping and the IGMP querier function on the specified VLAN The range is 1 to 1001 and 1006 to 4094 address ip address Optional Specify a source IP address If you do not specify an IP address the querier tries to use the global IP address configured for the IGMP querier max response t...

Page 202: ...IGMP snooping Examples This example shows how to globally enable the IGMP snooping querier feature Switch config ip igmp snooping querier This example shows how to set the IGMP snooping querier maximum response time to 25 seconds Switch config ip igmp snooping querier max response time 25 This example shows how to set the IGMP snooping querier interval time to 60 seconds Switch config ip igmp snoo...

Page 203: ...st router query to multicast devices When IGMP router suppression is enabled the default the switch sends the first IGMP report from all hosts for a group to all the multicast routers The switch does not send the remaining IGMP reports for the group to the multicast routers This feature prevents duplicate reports from being sent to the multicast devices If the multicast router query includes reque...

Page 204: ...Catalyst 3750 Metro Switch Cisco IOS Commands ip igmp snooping report suppression Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN ...

Page 205: ...nly when there is a maximum of one receiver on every port in the VLAN The configuration is saved in NVRAM The Immediate Leave feature is supported only with IGMP Version 2 hosts Examples This example shows how to enable IGMP immediate leave processing on VLAN 1 Switch config ip igmp snooping vlan 1 immediate leave You can verify your settings by entering the show ip igmp snooping privileged EXEC c...

Page 206: ...and cannot be used in IGMP snooping The CGMP learn method is useful for reducing control traffic The configuration is saved in NVRAM vlan id Enable IGMP snooping and add the port in the specified VLAN as the multicast router port The range is 1 to 1001 and 1006 to 4094 interface interface id Specify the next hop interface to the multicast router The keywords have these meanings fastethernet interf...

Page 207: ...P Switch config ip igmp snooping vlan 1 mrouter learn cgmp You can verify your settings by entering the show ip igmp snooping privileged EXEC command Related Commands Command Description ip igmp snooping report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp ...

Page 208: ...to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping The configuration is saved in NVRAM Examples This example shows how to statically configure a host on an interface Switch config ip igmp snooping vlan 1 static 0100 5e02 0203 interface gigabitethernet1 0 1 Configuring port gigabitethernet1 0 1 on group 0100 5e02 0203 You can verify your settings by entering the ...

Page 209: ...mp snooping report suppression Enables IGMP report suppression show ip igmp snooping Displays the snooping configuration show ip igmp snooping groups Displays IGMP snooping multicast information show ip igmp snooping groups Displays the IGMP snooping router ports show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch ...

Page 210: ...ration commands are available default sets a command to its defaults exit exits from IP SLA TWAMP reflector configuration mode no negates a command or resets to its defaults timeout seconds specifies the maximum time the session can be inactive before the session ends The range is 1 604800 seconds The default is 900 seconds For the TWAMP server and reflector to function you must also configure a T...

Page 211: ...ervice Level Agreements SLAs responder for general IP SLAs operations ip sla server twamp Configures the switch as a Two Way Active Measurement Protocol TWAMP server show ip sla standards Optional Display the IP SLAs standards configured on the switch show ip sla twamp connection detail requests Optional Displays the current Cisco IOS IP Service Level Agreements SLAs Two Way Active Measurement Pro...

Page 212: ...ng the ip sla server twamp command you enter IP SLA TWAMP server configuration mode and these configuration commands are available default sets a command to its defaults exit exits from IP SLA TWAMP server configuration mode no negates a command or resets to its defaults port port number specifies the source port for TWAMP control traffic Valid port numbers are from 1 to 65535 timer inactivity sec...

Page 213: ...ctivity 540 Related Commands Command Description ip sla responder Enables the Cisco IOS IP Service Level Agreements SLAs responder for general IP SLAs operations ip sla responder twamp Configures the switch as a Two Way Active Measurement Protocol TWAMP responder show ip sla standards Optional Displays the IP SLAs standards configured on the switch show ip sla twamp connection detail requests Opti...

Page 214: ...ess and the VLAN number If you modify an entry by changing only the IP address the switch updates the entry instead creating a new one Examples This example shows how to add a static IP source binding Switch config ip source binding 0001 1234 1234 vlan 1 172 20 50 5 interface gigabitethernet1 0 1 This example shows how to add a static binding and then modify the IP address for it Switch config ip ...

Page 215: ... IOS Commands ip source binding Related Commands Command Description ip verify source Enables IP source guard on an interface show ip igmp snooping groups Displays the IP source bindings on the switch show ip verify source Displays the IP source guard configuration on the switch or on a specific interface ...

Page 216: ...do not specify a keyword the SSH server selects the latest SSH version supported by the SSH client For example if the SSH client supports SSHv1 and SSHv2 the SSH server selects SSHv2 The switch supports an SSHv1 or an SSHv2 server It also supports an SSHv1 client For more information about the SSH server and the SSH client see the software configuration guide for this release A Rivest Shamir and A...

Page 217: ...ormation for the SSH server For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Security Command Reference Release 12 2 Other Security Features Secure Shell Commands show ssh Displays the status of the SSH server For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Security Command Referenc...

Page 218: ...VLAN sticky ARP is enabled on the switch the default If you enter the ip sticky arp interface configuration command it does not take effect If you enter the no ip sticky arp interface configuration command you do not disable sticky ARP on an interface Note We recommend that you use the show arp privileged EXEC command to display and verify private VLAN interface ARP entries If you disconnect the s...

Page 219: ...rface when sticky ARP is disabled on the switch Examples To disable sticky ARP Switch config no ip sticky arp You can verify your settings by using the show arp privileged EXEC command Related Commands Command Description arp Adds a permanent entry in the ARP table For syntax information see the Cisco IOS IP Addressing Services Command Reference Release 12 4 ARP Commands show arp Displays the entr...

Page 220: ...arned on SVIs and Layer 3 interfaces These entries do not age out The ip sticky arp interface configuration command is only supported on Layer 3 interfaces SVIs belonging to normal VLANs SVIs belonging to private VLANs On a Layer 3 interface or on an SVI belonging to a normal VLAN Use the sticky arp interface configuration command to enable sticky ARP Use the no sticky arp interface configuration ...

Page 221: ...ess hardware address type global configuration command to add a private VLAN ARP entry Use the no sticky arp global configuration command to disable sticky ARP on the switch Use the no sticky arp interface configuration command to disable sticky ARP on an interface Examples To enable sticky ARP on a normal SVI Switch config if ip sticky arp To disable sticky ARP on a Layer 3 interface or an SVI Sw...

Page 222: ...port security on the interface Examples This example shows how to enable IP source guard on VLANs 10 through 20 on a per port basis Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config ip dhcp snooping Switch config ip dhcp snooping vlan 10 20 Switch config interface gigabitethernet1 0 1 Switch config if switchport trunk encapsulation dot1q Switch confi...

Page 223: ...port port security Switch config if switchport port security maximum 5 Switch config if ip verify source tracking port security Switch config if end Verify your settings by entering the show ip verify source privileged EXEC command Related Commands Command Description ip device tracking maximum Enable IP port security binding tracking on a Layer 2 port ip dhcp snooping Globally enable DHCP snoopin...

Page 224: ... enables the VRF configuration mode These configuration commands are available default sets a command description export import maximum route target to its default description describes the VRF up to 80 characters exit exits VRF configuration mode and returns you to global configuration mode export map route map sets a route map to be used as an export route map for the VRF import map route map se...

Page 225: ...tes An RD creates routing and forwarding tables and specifies the default route distinguisher for a VPN You must configure a route distinguisher for a VRF to be functional The RD is added to the beginning of the customer s IPv4 prefixes to change them into globally unique VPN IPv4 prefixes The route target specifies a target VPN extended community Like a route distinguisher an extended community i...

Page 226: ... Command Modes Interface configuration Command History Usage Guidelines Use the ip vrf forwarding command to associate an interface with a VRF Executing this command on an interface removes the IP address You should then reconfigure the IP address Examples This example shows how to link the VRF named vpn1 to a port Switch config interface gigabitethernet1 0 2 Switch config if ip vrf forwarding vpn...

Page 227: ...VRF For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Switching Services Command Reference Release 12 2 show ip vrf Displays display the set of defined VRFs and associated interfaces For syntax information select Cisco IOS Release 12 2 Configuration Guides and Command References Cisco IOS Switching Services Command Reference Release 12 2 Com...

Page 228: ...p access list command but it is IPv6 specific IPv6 ACLs are defined by a unique name IPv6 does not support numbered ACLs An IPv4 ACL and an IPv6 ACL cannot share the same name See the deny IPv6 access list configuration and permit IPv6 access list configuration commands for more information on filtering IPv6 traffic based on IPv6 option headers and optional upper layer protocol type information Se...

Page 229: ...fic on an interface The first ACL entry prevents all packets from the network FE80 0 0 2 64 packets that have the link local prefix FE80 0 0 2 as the first 64 bits of their source IPv6 address from leaving the interface The second entry in the ACL permits all other traffic to leave the interface The second entry is necessary because an implicit deny all condition is at the end of each IPv6 ACL Swi...

Page 230: ...ate enter the sdm prefer dual ipv4 and ipv6 default routing vlan global configuration command and reload the switch The ipv6 address dhcp interface configuration command allows any interface to dynamically learn its IPv6 address by using DHCP The rapid commit keyword enables the use of the two message exchange for address allocation and other configuration If it is enabled the client includes the ...

Page 231: ...nd Modes Interface configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default routing vlan global configuration command and reload the switch Use the ipv6 dhcp client request vendor interface configuration to request a vendor specific option When enabled the command is verified only when an IPv6 address is acquired fr...

Page 232: ...ual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 default vlan global configuration command and reload the switch The DHCPv6 server pings a pool address before assigning it to a requesting client An unanswered ping indicates that the address is not in use and the server assigns the address to the requesting client Setting the number argument to 0 turns off the DHCPv6 server ping o...

Page 233: ...s assignment This address must be in hexadecimal using 16 bit values between colons lifetime t1 t2 sets a valid and a preferred time interval in seconds for the IPv6 address The range is 5 to 4294967295 seconds The valid default is 2 days The preferred default is 1 day The valid lifetime must be greater than or equal to the preferred lifetime Specify infinite for no time interval link address IPv6...

Page 234: ...uration commands inside a pool Because a longest match is performed on either the address pool information or the link information you can configure one pool to allocate addresses and another pool on a subprefix that only returns configured options Examples This example shows how to configure a pool called engineering with an IPv6 address prefix Switch configure terminal Switch config ipv6 dhcp po...

Page 235: ...IPv6 DHCP packet the server determines if it was received from a DHCP relay or if it was directly received from the client If the packet was received from a relay the server verifies the link address field inside the packet associated with the first relay that is closest to the client The server matches this link address against all address prefix and link address configurations in IPv6 DHCP pools...

Page 236: ...e value for the advertise messages This action affects the selection of a server by the client Any advertise message that does not include a preference option is considered to have a preference value of 0 If the client receives an advertise message with a preference value of 255 the client immediately sends a request message to the server from which the message was received Entering the rapid comm...

Page 237: ...configuration command and reload the switch When MLD snooping is globally disabled it is disabled on all the existing VLAN interfaces When you globally enable MLD snooping it is enabled on all VLAN interfaces that are in the default state enabled VLAN configuration will override global configuration on interfaces on which MLD snooping has been disabled If MLD snooping is globally disabled you cann...

Page 238: ...onfig ipv6 mld snooping This example shows how to disable MLD snooping on a VLAN Switch config no ipv6 mld snooping vlan 11 You can verify your settings by entering the show ipv6 mld snooping user EXEC command Related Commands Command Description sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping con...

Page 239: ...nfigure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch In MLD snooping the IPv6 multicast router periodically sends out queries to hosts belonging to the multicast group If a host wants to leave a multicast group it can silently leave or it can respond to the query with a Multicast Listener Done message equivalent to an IG...

Page 240: ... to set the last listener query count for VLAN 10 Switch config ipv6 mld snooping vlan 10 last listener query count 3 You can verify your settings by entering the show ipv6 mld snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query interval Sets IPv6 MLD snooping last listener query interval sdm prefer Configures an SDM template to optimi...

Page 241: ...s 0 the global count is used Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch In MLD snooping when the IPv6 multicast router receives an MLD leave message it sends out queries to hosts belonging to the multicast group If there are no responses f...

Page 242: ...set the last listener query interval for VLAN 1 to 5 5 seconds Switch config ipv6 mld snooping vlan 1 last listener query interval 5500 You can verify your settings by entering the show ipv6 MLD snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query count Sets IPv6 MLD snooping last listener query count sdm prefer Configures an SDM templa...

Page 243: ... listener message suppression to be disabled Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch MLD snooping listener message suppression is equivalent to IGMP snooping report suppression When enabled received MLDv1 reports to a group are forwarde...

Page 244: ... IOS Commands ipv6 mld snooping listener message suppression Related Commands Command Description ipv6 mld snooping Enables IPv6 MLD snooping sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configuration ...

Page 245: ... a multicast address is 0 which means that the system uses the global robustness variable for aging out the listener Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch Robustness is measured in terms of the number of MLDv1 queries sent with no res...

Page 246: ...3 This example shows how to configure the robustness variable for VLAN 1 This value overrides the global configuration for the VLAN Switch config ipv6 mld snooping vlan 1 robustness variable 1 You can verify your settings by entering the show ipv6 MLD snooping vlan vlan id user EXEC command Related Commands Command Description ipv6 mld snooping last listener query count Sets IPv6 MLD snooping last...

Page 247: ...is disabled When enabled the default flood query count is 2 Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch Examples This example shows how to enable TCN query soliciting Switch config ipv6 mld snooping tcn query solicit This example shows how ...

Page 248: ... Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands ipv6 mld snooping tcn Command Description sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used show ipv6 mld snooping Displays MLD snooping configuration ...

Page 249: ...here are no multicast router ports Command Modes Global configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch You should only configure the Immediate Leave feature when there is only one receiver on every port in the VLAN The configuration is saved in NVRAM The static ke...

Page 250: ...MLD Immediate Leave processing on VLAN 1 Switch config ipv6 mld snooping vlan 1 immediate leave This example shows how to disable MLD Immediate Leave processing on VLAN 1 Switch config no ipv6 mld snooping vlan 1 immediate leave This example shows how to configure a port as a multicast router port Switch config ipv6 mld snooping vlan 1 mrouter interface gigabitethernet1 01 2 This example shows how...

Page 251: ...terface is not configured Command Modes Interface configuration Command History Usage Guidelines To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch You can use the ipv6 traffic filter command on physical interfaces Layer 2 or Layer 3 ports Layer 3 port channels or switch virtual interfaces SVIs You can apply an AC...

Page 252: ...ch config interface gigabitethernet1 1 1 Switch config if no switchport Switch config if ipv6 address 2001 64 eui 64 Switch config if ipv6 traffic filter cisco in Related Commands Command Description ipv6 access list Defines an IPv6 access list and sets deny or permit conditions for the defined access list show ipv6 access list Displays the contents of all current IPv6 access lists show ipv6 inter...

Page 253: ... visible in the command line help strings the point to point pagp lacp udld keywords are not supported cdp Optional Enable tunneling of CDP specify a shutdown threshold for CDP or specify a drop threshold for CDP lldp Optional Enables tunneling of LLDP specify a shutdown threshold for LLDP or specify a drop threshold for LLDP stp Optional Enable tunneling of STP specify a shutdown threshold for ST...

Page 254: ...ol data units PDUs without any processing or modification The Layer 2 protocol tunnel bypass feature can provide interoperability with third party vendors Bypass mode transparently forwards control PDUs to vendor switches that have different ways of controlling protocol tunneling You can enable Layer 2 protocol tunneling individually for CDP LLDP STP VTP or for all these protocols You can enable L...

Page 255: ...configuration command the interface is brought out of the error disabled state and allowed to retry the operation when all the causes have timed out If the error recovery mechanism is not enabled for l2ptguard the interface stays in the error disabled state until you enter the shutdown and no shutdown interface configuration commands Enter the drop threshold keyword to control the number of protoc...

Page 256: ...l2protocol tunnel drop threshold point to point pagp 1000 Related Commands Command Description l2protocol tunnel cos Configures a class of service CoS value for all tunneled Layer 2 protocol packets show errdisable recovery Displays errdisable recovery timer information show l2protocol tunnel Displays information about ports configured for Layer 2 protocol tunneling including port protocol CoS and...

Page 257: ... packets Command Modes Global configuration Command History Usage Guidelines When enabled the tunneled Layer 2 protocol packets use the configured CoS value The value is saved in NVRAM Examples This example shows how to configure a Layer 2 protocol tunnel CoS value of 7 Switch config l2protocol tunnel cos 7 Related Commands value Specify CoS priority value for tunneled Layer 2 protocol packets If ...

Page 258: ... comparisons a numerically lower value has a higher priority When there are more than eight ports in an LACP channel group the eight ports with the numerically lowest values highest priority values for LACP port priority are bundled into the channel group and the lower priority ports are put in hot standby mode If two or more ports have the same LACP port priority for example they are configured w...

Page 259: ...thernet1 0 1 Switch config if lacp port priority 1000 You can verify your settings by entering the show lacp channel group number internal privileged EXEC command Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group lacp system priority Configures the LACP system priority show lacp channel group number internal Displays internal information for all c...

Page 260: ...y mode Port priorities on the other switch the noncontrolling end of the link are ignored In priority comparisons numerically lower values have higher priority Therefore the system with the numerically lower value higher priority value for LACP system priority becomes the controlling system If both switches have the same LACP system priority for example they are both configured with the default se...

Page 261: ...750 Metro Switch Cisco IOS Commands lacp system priority Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group lacp port priority Configures the LACP port priority show lacp sys id Display the system identifier that is being used by LACP ...

Page 262: ...be associated with a single group consisting of multiple upstream interfaces referred to as link state groups The link state of the downstream interfaces are dependent on the link state of the upstream interfaces in the associated link state group If all of the upstream interfaces in a link state group are in a link down state the associated downstream interfaces are forced into a link down state ...

Page 263: ...Switch config if end You can verify your settings by entering the show running config privileged EXEC command Related Commands Command Description link state track Enables a link state group show link state group Displays the link state group information show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference lis...

Page 264: ... link state group 2 Switch config link state track 2 You can verify your settings by entering the show running config privileged EXEC command Related Commands number Optional Specify the link state group number The group number can be 1 to 10 The default is 1 Release Modification 12 2 25 SEE This command was introduced Command Description link state group Configures an interface as a member of a l...

Page 265: ...ion information The civic location identifier must not exceed 250 bytes Use the no lldp med tlv select location information interface configuration command to disable the location TLV The location TLV is enabled by default For more information see the Configuring LLDP and LLDP MED chapter of the software configuration guide for this release admin tag Configure administrative tag or site informatio...

Page 266: ...ng 19 Switch config civic room C6 Switch config civic county Santa Clara Switch config civic country US Switch config civic end You can verify your settings by entering the show location civic location privileged EXEC command This example shows how to configure the emergency location information location on the switch Switch config location elin location 14085553881 identifier 1 You can verify you...

Page 267: ...nd you enter civic location configuration mode In this mode you can enter the additional location information The civic location identifier must not exceed 250 bytes additional location information Configure additional information for a location or place word Specify a word or phrase that provides additional location information civic location id Configure global civic location information for an ...

Page 268: ...vic location id 1 Switch config if end You can verify your settings by entering the show location civic interface privileged EXEC command This example shows how to enter emergency location information for an interface Switch config int g2 0 2 Switch config if location elin location id 1 Switch config if end You can verify your settings by entering the show location elin interface privileged EXEC c...

Page 269: ... spanning tree status trunk status Syntax Description Defaults Event logging is disabled Command Modes Interface configuration Command History Examples This example shows how to enable spanning tree logging Switch config if logging event spanning tree bundle status Enable notification of BUNDLE and UNBUNDLE messages link status Enable notification of interface data link status changes spanning tre...

Page 270: ...le system Contains the path and name of the file that contains the log messages The syntax for the local flash file system flash max file size Optional Specify the maximum logging file size The range is 4096 to 2147483647 min file size Optional Specify the minimum logging file size The range is 1024 to 2147483647 severity level number Optional Specify the logging severity level The range is 0 to 7...

Page 271: ...command to display its contents The command rejects the minimum file size if it is greater than the maximum file size minus 1024 the minimum file size then becomes the maximum file size minus 1024 Specifying a level causes messages at that level and numerically lower levels to be displayed Examples This example shows how to save informational log messages to a file in flash memory Switch config lo...

Page 272: ...h an IP ACL and a MAC ACL to the interface You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface If a MAC ACL is already configured on a Layer 2 interface and you apply a new MAC ACL to the interface the new ACL replaces the previously configured one If you apply an ACL to a Layer 2 interface on a switch and the switch has an input Layer 3 ACL or a VLA...

Page 273: ...mand You can view configured ACLs on the switch by entering the show access lists privileged EXEC command Related Commands Command Description show access lists Displays the ACLs configured on the switch show mac access group Displays the MAC ACLs configured on the switch show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Com...

Page 274: ... extended lists are used with VLAN maps and class maps You can apply named MAC extended ACLs to VLAN maps or to Layer 2 interfaces you cannot apply named MAC extended ACLs to Layer 3 interfaces Entering the mac access list extended command enables the MAC access list configuration mode These configuration commands are available default sets a command to its default deny specifies packets to reject...

Page 275: ...ow to delete MAC named extended access list mac1 Switch config no mac access list extended mac1 You can verify your settings by entering the show access lists privileged EXEC command Related Commands Command Description deny MAC access list configuration permit MAC access list configuration Configures the MAC ACL in extended MAC access list configuration mode show access lists Displays the access ...

Page 276: ...usly increase the aging time to record the dynamic entries for a longer time Increasing the time can reduce the possibility of flooding when the hosts send again If you do not specify a specific VLAN this command sets the aging time for all VLANs Examples This example shows how to set the aging time to 200 seconds for all VLANs Switch config mac address table aging time 200 You can verify your set...

Page 277: ...ddress learning on a single VLAN for example no mac address table learning vlan 223 or on a range of VLANs for example no mac address table learning vlan 1 10 15 Before you disable MAC address learning be sure that you are familiar with the network topology and the switch configuration Disabling MAC address learning on a VLAN could cause flooding in the network For example if you disable MAC addre...

Page 278: ...earning vlan vlan id command Follow these guidelines for MAC address learning on Layer 3 ports Note Do not use this command on interfaces other than Layer 3 interfaces used in port based EoMPLS MAC address learning is disabled by default on physical interfaces You should enable it only on a Layer 3 interface in a port based EoMPLS session For port based EoMPLS the default disabled state does not a...

Page 279: ...itch to send the MAC address table move update messages if the primary link goes down and the standby link comes up You can configure the uplink switches to receive and process the MAC address table move update messages Examples This example shows how to configure an access switch to send MAC address table move update messages Switch configure terminal Switch conf mac address table move update tra...

Page 280: ...able move update Related Commands Command Description clear mac address table move update Clears the MAC address table move update global counters show mac address table move update Displays the MAC address table move update information on the switch debug matm move update Debugs the MAC address table move update message processing ...

Page 281: ...1 The default MAC utilization threshold is 50 percent The default time between MAC threshold notifications is 120 seconds Command Modes Global configuration Command History change Enable or disable the MAC notification on the switch history size value Optional Configure the maximum number of entries in the MAC notification history table The range is 0 to 500 entries interval value Optional Set the...

Page 282: ...t to another in the same VLAN by entering the mac address table notification mac move command and the snmp server enable traps mac notification move global configuration command To generate traps whenever the MAC address table threshold limit is reached or exceeded enter the mac address table notification threshold limit percentage interval time command and the snmp server enable traps mac notific...

Page 283: ...acket is received in VLAN 4 with this MAC address as its destination the packet is forwarded to the specified interface Switch config mac address table static c2f3 220a 12f4 vlan 4 interface gigabitethernet1 0 1 You can verify your setting by entering the show mac address table privileged EXEC command Related Commands mac addr Destination MAC address unicast or multicast to add to the address tabl...

Page 284: ...e CPU are also not supported If you add a unicast MAC address as a static address and configure unicast MAC address filtering the switch either adds the MAC address as a static address or drops packets with that MAC address depending on which command was entered last The second command that you entered overrides the first command For example if you enter the mac address table static mac addr vlan ...

Page 285: ... 12f4 When a packet is received in VLAN 4 with this MAC address as its source or destination the packet is dropped Switch config mac address table static c2f3 220a 12f4 vlan 4 drop This example shows how to disable unicast MAC address filtering Switch config no mac address table static c2f3 220a 12f4 vlan 4 You can verify your setting by entering the show mac address table static privileged EXEC c...

Page 286: ...e Keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a larger string is considered a match and is replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro apply macro name command to display a list of any required val...

Page 287: ... can delete a macro applied configuration on an interface by entering the default interface interface id interface configuration command Examples After you have created a macro by using the macro name global configuration command you can apply it to an interface This example shows how to apply a user created macro called duplex to an interface Switch config if macro apply duplex To debug a macro u...

Page 288: ...astethernet1 0 4 Switch config if macro apply cisco desktop AVID 25 Related Commands Command Description macro description Adds a description about the macros that are applied to an interface macro global Applies a macro on a switch or applies and traces a macro on a switch macro global description Adds a description about the macros that are applied to the switch macro name Creates a macro show p...

Page 289: ...gle interface the description text will be from the last applied macro This example shows how to add a description to an interface Switch config if macro description duplex settings You can verify your settings by entering the show parser macro description privileged EXEC command Related Commands description text Enter a description about the macros that are applied to the specified interface Rele...

Page 290: ... Keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a larger string is considered a match and is replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro global apply macro name command to display a list of any requir...

Page 291: ...tch This example shows how see the snmp macro and how to apply the macro and set the hostname to test server and set the IP precedence value to 7 Switch show parser macro name snmp Macro name snmp Macro type customizable enable port security linkup and linkdown traps snmp server enable traps port security snmp server enable traps linkup snmp server enable traps linkdown set snmp server host snmp s...

Page 292: ...t 3750 Metro Switch Cisco IOS Commands macro global macro global description Adds a description about the macros that are applied to the switch macro name Creates a macro show parser macro Displays the macro definition for all macros or for the specified macro Command Description ...

Page 293: ...are applied on a switch the description text will be from the last applied macro This example shows how to add a description to a switch Switch config macro global description udld aggressive mode enabled You can verify your settings by entering the show parser macro description privileged EXEC command Related Commands description text Enter a description about the macros that are applied to the s...

Page 294: ...Macro names are case sensitive For example the commands macro name Sample Macro and macro name sample macro will result in two separate macros When creating a macro do not use the exit or end commands or change the command mode by using interface interface id This could cause commands that follow exit end or interface interface id to execute in a different command mode The no form of this command ...

Page 295: ... fa1 0 1 switch config if macro apply test WORD keyword to replace with a value e g VLANID MAX cr Switch config if macro apply test VLANID WORD Value of first keyword to replace Switch config if macro apply test VLANID 2 WORD keyword to replace with a value e g VLANID MAX cr Switch config if macro apply test VLANID 2 MAX WORD Value of second keyword to replace Related Commands Command Description ...

Page 296: ...use the match command to define the match conditions for a VLAN map applied to a VLAN Use the action command to set the action that occurs when the packet matches the conditions Packets are matched only against access lists of the same protocol type IP packets are matched against IP access lists and all other packets are matched against MAC access lists Both IP and MAC addresses can be specified f...

Page 297: ...sco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands action Specifies the action to be taken if the packet matches an entry in an access control list ACL ip access list Creates a named access list For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands mac access list extend...

Page 298: ... a hierarchical dual level policy map applies This command can only be used in the child level policy map and must be the only match condition in the child level policy map You can specify up to six entries in the list by specifying a port counts as one entry a list of ports separated by a space each port counts as an entry or a range of ports separated by a hyphen counts as two entries ip dscp ds...

Page 299: ...match ip precedence ip precedence list match mpls experimental exp list or the match vlan command in a class map within a policy map attached to an enhanced services ES port The match access group acl index or name command is not supported in an egress policy attached to an ES port or in a hierarchical ingress policy attached to an ES port You can configure only the match access group acl index or...

Page 300: ...tch config class map match all dot1q Switch config cmap match vlan 5 Switch config cmap match vlan inner 3 8 Switch config cmap exit This example shows how to delete the IP precedence match criteria and to classify traffic using acl1 Switch config class map class2 Switch config cmap match ip precedence 5 6 7 Switch config cmap no match ip precedence Switch config cmap match access group acl1 Switc...

Page 301: ...ected interfaces link up occurs even if the cable type straight through or crossover is incorrect Auto MDIX is supported on all 10 100 interfaces and on 10 100 1000BASE T TX small form factor pluggable SFP module interfaces It is not supported on 1000BASE SX or LX SFP module interfaces Caution ES ports do not support 10 or 100 Mbps operation If a 1000BASE T SFP module is inserted in an ES module p...

Page 302: ...ter 2 Catalyst 3750 Metro Switch Cisco IOS Commands mdix auto Related Commands Command Description show controllers ethernet controller interface id phy Displays general information about internal registers of an interface including the operational state of Auto MDIX ...

Page 303: ...g No policy maps are configured The default port trust state on all ports is untrusted The default ingress queue egress queue set and hierarchical egress queue settings are in effect Command Modes Global configuration Command History Usage Guidelines QoS must be globally enabled to use QoS classification policing mark down or drop queueing and traffic shaping features You can create a policy map a...

Page 304: ...3750 Metro Switch Cisco IOS Commands mls qos Examples This example shows how to enable QoS on the switch Switch config mls qos You can verify your settings by entering the show mls qos privileged EXEC command Related Commands Command Description show mls qos Displays QoS information ...

Page 305: ...gated for policing purposes For standard port and enhanced services ES ports the port ASIC device that controls the ports supports 256 policers on the switch 255 user configurable policers plus 1 policer reserved for system internal use The maximum number of policers that can be configured per port is 63 Policers are allocated on demand by the software and are constrained by the hardware and ASIC ...

Page 306: ...iguration command or the mls qos aggregate policer global configuration command For more information see the software configuration guide for this release Examples This example shows how to define the aggregate policer parameters and how to apply the policer to multiple classes in a policy map Switch config mls qos aggregate policer agg_policer1 10000 1000000 exceed action drop Switch config polic...

Page 307: ...bound packets by using the override keyword Use the override keyword when all inbound packets on certain ports deserve higher or lower priority than packets entering from other ports Even if a port is previously set to trust DSCP CoS or IP precedence this command overrides the previously configured trust state and all the inbound CoS values are assigned the default CoS value configured with the ml...

Page 308: ...ring a port to the default port CoS value of 4 on a port Switch config interface gigabitethernet1 0 1 Switch config if mls qos cos 4 Switch config if mls qos cos override You can verify your settings by entering the show mls qos interface privileged EXEC command Related Commands Command Description show mls qos interface Displays quality of service QoS information at the port level ...

Page 309: ...tation map to the receiving port ingress mutation at the boundary of a QoS administrative domain With ingress mutation the new DSCP value overwrites the one in the packet and QoS handles the packet with this new value The switch sends the packet out the port with the new DSCP value You can configure multiple DSCP to DSCP mutation maps on ingress ports You apply the map only to DSCP trusted ports I...

Page 310: ...rnet1 0 1 Switch config if mls qos trust dscp Switch config if mls qos dscp mutation dscpmutation1 This example show how to remove the DSCP to DSCP mutation map name dscpmutation1 from the port and to reset the map to the default Switch config if no mls qos dscp mutation dscpmutation1 You can verify your settings by entering the show mls qos maps privileged EXEC command Related Commands Command De...

Page 311: ...Applying the bandwidth to only a single ES port enables the existing quality of service QoS features to function more effectively Before applying this command to an ES port disable the other ES port by using the shutdown interface configuration command As long as the enhanced QoS functionality is applied to one ES port the other ES port cannot be brought back up When you configure an ES port with ...

Page 312: ...ands Command Description show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_co mmand_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command ...

Page 313: ...ate each DSCP value with a space The range is 0 to 63 dscp cos dscp list to cos Define the DSCP to CoS map For dscp list enter up to eight DSCP values with each value separated by a space The range is 0 to 63 Then enter the to keyword For cos enter a single CoS value to which the DSCP values correspond The range is 0 to 7 dscp mutation dscp mutation name in dscp to out dscp Define the DSCP to DSCP...

Page 314: ...The default DSCP to DSCP mutation map is a null map which maps an inbound DSCP value to the same DSCP value Table 2 6 Default CoS to DSCP Map CoS Value DSCP Value 0 0 1 8 2 16 3 24 4 32 5 40 6 48 7 56 Table 2 7 Default DSCP to CoS Map DSCP Value CoS Value 0 7 0 8 15 1 16 23 2 24 31 3 32 39 4 40 47 5 48 55 6 56 63 7 Table 2 8 Default IP Precedence to DSCP Map IP Precedence Value DSCP Value 0 0 1 8 ...

Page 315: ...alues 20 21 22 23 and 24 are mapped to CoS 1 DSCP values 10 11 12 13 14 15 16 and 17 are mapped to CoS 0 Switch config mls qos map dscp cos 20 21 22 23 24 to 1 Switch config mls qos map dscp cos 10 11 12 13 14 15 16 17 to 0 This example shows how to define the CoS to DSCP map CoS values 0 to 7 are mapped to DSCP values 0 5 10 15 20 25 30 and 35 Switch config mls qos map cos dscp 0 5 10 15 20 25 30...

Page 316: ...ueue set output qset id threshold global configuration command Note The egress queue set default settings are suitable for most situations You should change them only when you have a thorough understanding of the queues and if these settings do not meet your quality of service QoS solution Examples This example shows how to map a port to queue set 2 It allocates 40 percent of the buffer space to e...

Page 317: ... or the show mls qos queue set privileged EXEC command Related Commands Command Description mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation to a queue set queue set Maps a port to a queue set show mls qos interface buffers Displays buffer allocation information show mls qos queue...

Page 318: ...a queue set which defines all the characteristics of the four egress queues per port The range is 1 to 2 queue id Specific queue in the queue set on which the command is performed The range is 1 to 4 drop threshold1 drop threshold2 Two WTD thresholds expressed as a percentage of the allocated queue memory The range is 1 to 400 percent reserved threshold Amount of memory to be guaranteed reserved f...

Page 319: ...ether it has consumed all of its maximum buffers over limit and whether the common pool is empty no free buffers or not empty free buffers If the queue is not over limit the switch can allocate buffer space from the reserved pool or from the common pool if it is not empty If there are no free buffers in the common pool or if the queue is over limit the switch drops the frame Examples This example ...

Page 320: ...te If a hierarchical service policy is applied to an enhanced services ES port and includes a policy map to modify the DSCP value of the packet the switch modifies the DSCP value regardless of the DSCP transparency configuration By default DSCP transparency is disabled The switch modifies the DSCP field in an incoming packet and the DSCP field in the outgoing packet is based on the quality of serv...

Page 321: ...tch config no mls qos rewrite ip dscp Switch config if end This example shows how to disable DSCP transparency and configure the switch to change the DSCP value of the incoming IP packet Switch config mls qos Switch config mls qos rewrite ip dscp Switch config if end You can verify your settings by entering the show mls qos interface interface id privileged EXEC command Related Commands Command De...

Page 322: ...ut bandwidth weight1 weight2 global configuration command You specify which ingress queue is the priority queue by using the mls qos srr queue input priority queue global configuration command Examples This example shows how to assign the ingress bandwidth for the queues Priority queueing is disabled and the shared bandwidth ratio allocated to queue 1 is 25 25 75 and to queue 2 is 75 25 75 Switch ...

Page 323: ...ers Allocates the buffers between the ingress queues mls qos srr queue input cos map Maps class of service CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps Differentiated Services Code Point DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures th...

Page 324: ... the buffer space to ingress queue 2 Switch config mls qos srr queue input buffers 60 40 You can verify your settings by entering the show mls qos interface interface id buffers or the show mls qos input queue privileged EXEC command Related Commands percentage1 percentage2 Percentage of buffers allocated to ingress queues 1 and 2 The range is 0 to 100 Separate each value with a space Release Modi...

Page 325: ...nce OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands mls qos srr queue input buffers show mls qos input queue Displays ingress queue settings show mls qos interface buffers Displays buffer allocation information Command Description ...

Page 326: ...e CoS assigned at the ingress port selects an ingress queue and a threshold The drop threshold percentage for threshold 3 is predefined It is set to the queue full state You can assign two weighted tail drop WTD threshold percentages to an ingress queue by using the mls qos srr queue input threshold global configuration command queue queue id Specify a queue number For queue id the range is 1 to 2...

Page 327: ...eue input cos map queue 1 threshold 2 4 5 Switch config mls qos srr queue input threshold 1 50 70 You can verify your settings by entering the show mls qos maps privileged EXEC command Related Commands Command Description mls qos srr queue input bandwidth Assigns shaped round robin SRR weights to an ingress queue mls qos srr queue input buffers Allocates the buffers between the ingress queues mls ...

Page 328: ...s The DSCP assigned at the ingress port selects an ingress queue and a threshold The drop threshold percentage for threshold 3 is predefined It is set to the queue full state You can assign two weighted tail drop WTD threshold percentages to an ingress queue by using the mls qos srr queue input threshold global configuration command queue queue id Specify a queue number For queue id the range is 1...

Page 329: ...6 Switch config mls qos srr queue input dscp map queue 1 threshold 2 20 21 22 23 24 25 26 Switch config mls qos srr queue input threshold 1 50 70 You can verify your settings by entering the show mls qos maps privileged EXEC command Related Commands Command Description mls qos srr queue input bandwidth Assigns shaped round robin SRR weights to an ingress queue mls qos srr queue input buffers Alloc...

Page 330: ...are full and dropping frames Shaped round robin SRR services the priority queue for its configured weight as specified by the bandwidth keyword in the mls qos srr queue input priority queue queue id bandwidth weight global configuration command Then SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr queue input ...

Page 331: ...ue mls qos srr queue input buffers Allocates the buffers between the ingress queues mls qos srr queue input cos map Maps class of service CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps Differentiated Services Code Point DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID mls qos srr queue inp...

Page 332: ...ded However packets assigned to threshold 2 continue to be queued and sent as long as the second threshold is not exceeded Each queue has two configurable explicit drop threshold and one preset implicit drop threshold full You configure the CoS to threshold map by using the mls qos srr queue input cos map global configuration command You configure the DSCP to threshold map by using the mls qos srr...

Page 333: ...locates the buffers between the ingress queues mls qos srr queue input cos map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures the ingress priority queue and guarantees bandwidth show mls...

Page 334: ... the default CoS output queue threshold map Command Modes Global configuration Command History Usage Guidelines The drop threshold percentage for threshold 3 is predefined It is set to the queue full state queue queue id Specify a queue number For queue id the range is 1 to 4 cos1 cos8 Map CoS values to an egress queue For cos1 cos8 enter up to eight values and separate each value with a space The...

Page 335: ...ntees reserves 100 percent of the allocated memory and configures 200 percent as the maximum memory that this queue can have before packets are dropped Switch config mls qos srr queue output cos map queue 1 threshold 1 0 1 2 3 Switch config mls qos queue set output 1 threshold 1 50 70 100 200 Switch config interface fastethernet1 0 1 Switch config if queue set 1 You can verify your settings by ent...

Page 336: ...os srr queue output dscp map queue queue id dscp1 dscp8 threshold threshold id dscp1 dscp8 or the mls qos srr queue output cos map queue queue id cos1 cos8 threshold threshold id cos1 cos8 global configuration command When you mark a CPU generated control plane packet with a DSCP or CoS value you can map traffic to any of the four egress queues Examples This example shows how to specify an egress ...

Page 337: ...s to a queue and to a threshold ID mls qos queue set output threshold Configures the WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation to a queue set mls qos srr queue output dscp map Maps Differentiated Services Code Point DSCP values to an egress queue or maps DSCP values to a queue and to a threshold ID queue set Maps a port to a queue set show m...

Page 338: ...s the default DSCP output queue threshold map Command Modes Global configuration Command History Usage Guidelines The drop threshold percentage for threshold 3 is predefined It is set to the queue full state queue queue id Specify a queue number For queue id the range is 1 to 4 dscp1 dscp8 Map DSCP values to an egress queue For dscp1 dscp8 enter up to eight values and separate each value with a sp...

Page 339: ...nt of the allocated memory guarantees reserves 100 percent of the allocated memory and configures 200 percent as the maximum memory that this queue can have before packets are dropped Switch config mls qos srr queue output dscp map queue 1 threshold 1 0 1 2 3 Switch config mls qos queue set output 1 threshold 1 50 70 100 200 Switch config interface fastethernet1 0 1 Switch config if queue set 1 Yo...

Page 340: ...igured with trust DSCP or trust IP precedence and the inbound packet is a non IP packet the CoS to DSCP map is used to derive the corresponding DSCP value from the CoS value The CoS can be the packet CoS for trunk ports or the port default CoS for nontrunk ports If the DSCP is trusted the DSCP field of the IP packet is not modified However it is still possible that the CoS value of the packet is m...

Page 341: ...onfigured on a standard port the switch does not copy the inner CoS value to the outer CoS value If the trust CoS state is configured on a standard port the switch classifies inbound traffic by using the packet CoS value For an untagged packet the switch uses the CoS value configured on that port If no CoS value is configured the switch uses the default CoS value 0 The switch copies the inner CoS ...

Page 342: ...in the inbound packet Switch config interface gigabitethernet1 0 1 Switch config if mls qos trust ip precedence This example shows how to specify that the Cisco IP phone connected on a port is a trusted device Switch config interface gigabitethernet1 0 1 Switch config if mls qos trust device cisco phone You can verify your settings by entering the show mls qos interface privileged EXEC command Rel...

Page 343: ...n the secondary interface level of the dual level policy map When you configure dual level policing the dual level policy map is attached to the SVI and affects all traffic belonging to the VLAN The individual policer in the interface level traffic classification only affects the physical ports specified for that classification For detailed instructions about configuring dual level policy maps see...

Page 344: ... interface id encapsulation replicate ingress dot1q vlan vlan id isl untagged vlan vlan id vlan vlan id remote vlan vlan id no monitor session session_number filter vlan vlan id no monitor session session_number source interface interface id both rx tx remote vlan vlan id vlan vlan id both rx tx Syntax Description session_number Specify the session number identified with the SPAN or RSPAN session ...

Page 345: ...nly the ingress keyword set default VLAN for ingress traffic remote vlan vlan id Specify the remote VLAN for an RSPAN source or destination session The range is 2 to 1001 and 1006 to 4094 Note The RSPAN VLAN cannot be VLAN 1 the default VLAN or VLAN IDs 1002 to 1005 reserved for Token Ring and FDDI VLANs Optional Specify a series of interfaces or VLANs or separate a range of interfaces or VLANs fr...

Page 346: ...s disabled until the port is removed as a SPAN destination If 802 1x is not available on the port the switch returns an error message You can enable 802 1x on a SPAN or RSPAN source port VLAN filtering refers to analyzing network traffic on a selected set of VLANs on trunk source ports By default all VLANs are monitored on trunk source ports You can use the monitor session session_number filter vl...

Page 347: ...ored traffic Switch config monitor session 10 source remote vlan 900 Switch config monitor session 10 destination interface fastethernet1 0 10 This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports 802 1Q encapsulation Egress traffic replicates the source ingress traffic uses 802 1Q encapsulation Switch config monitor session...

Page 348: ...interface on the device at each edge of the service provider network to establish a bidirectional virtual connection which is made of two unidirectional label switched paths LSPs A VC is not established if not properly defined from both ends For the destination parameter specify the LDP IP address of the other PE edge device do not specify the IP address of the device on which you are entering the...

Page 349: ...routing and PE2 has IP address 20 0 0 1 32 that PE1 discovers through routing At the PE1 interface Switch config interface vlan 3 Switch config if mpls l2transport route 20 0 0 1 123 At the PE2 interface Switch config interface vlan 4 Switch config if mpls l2transport route 10 0 0 1 123 You can verify your setting by entering the show mpls l2transport vc privileged EXEC command Related Commands Co...

Page 350: ... the holdtime used for the session is the lower of the values configured on the two LSRs Note For information about LDP configuration and commands see the MPLS Label Distribution Protocol feature module Examples This example shows how to set the holdtime for LDP sessions for 30 seconds Switch config mpls ldp holdtime 30 You can verify your setting by entering the show mpls ldp parameters privilege...

Page 351: ...or MPLS to operate between the devices If the mpls mtu bytes command is not used to configure an interface MTU the MTU for labeled packets is the system MTU for the interface Because labeling a packet makes it larger we recommend making the system MTU the same size as the MPLS MTU to prevent dropping of labeled packets We recommend using the system mtu routing global configuration command to set a...

Page 352: ... 3750 Metro Switch Cisco IOS Commands mpls mtu Related Commands Command Description system mtu jumbo Set the system jumbo frame size MTU for Gigabit Ethernet ports The range is 1500 to 9000 bytes system mtu routing Set the system MTU for routed ports The range is 1500 to 1600 bytes ...

Page 353: ...sses The range is 1 to 2000 However if the mode is compatible the switch allows only 512 groups even if you enter a value greater than 512 Dynamic mode supports 2000 groups The default is 1 mode Optional Specify the MVR mode of operation The default is compatible mode compatible Set MVR mode to provide compatibility with Catalyst 2900 XL and 3500 XL switches This mode does not allow dynamic member...

Page 354: ...in a group by entering the mvr vlan vlan id group ip address interface configuration command MVR supports aliased IP multicast addresses on the switch However if the switch is interacting with Catalyst 3550 or 3500 XL switches you should not configure IP addresses that alias between themselves or with the reserved IP multicast addresses in the range 224 0 0 xxx The mvr querytime command applies on...

Page 355: ...st addresses Switch config no mvr group Use the show mvr members privileged EXEC command to display the configured IP multicast group addresses This example shows how to set the maximum query response time as 1 second 10 tenths Switch config mvr querytime 10 This example shows how to return the maximum query response time to the default setting of one half second Switch config no mvr querytime Thi...

Page 356: ...feature of MVR on a port Use the no mvr immediate command to disable the feature type Optional Configure the port as an MVR receiver port or source port The default port type is neither an MVR source nor receiver port The no mvr type command resets the port as neither a source or receiver port receiver Configure the port as a subscriber port that can only receive multicast data Receiver ports cann...

Page 357: ...re should be enabled only on receiver ports to which a single receiver device is connected The mvr vlan group command statically configures ports to receive multicast traffic sent to the IP multicast address A port statically configured as a member of a group remains a member of the group until statically removed In compatible mode this command applies only to receiver ports in dynamic mode it can...

Page 358: ...ic member of IP multicast group 239 1 1 1 In this example the receiver port is a trunk port Switch config interface fastethernet0 5 Switch config if mvr vlan 100 group 239 1 1 1 receiver vlan 201 This example shows how to remove this port from membership Switch config interface gigabitethernet1 0 1 Switch config if no mvr vlan5 group 228 1 23 4 This example shows how to remove this port from all I...

Page 359: ...tion Enables and configures multicast VLAN registration on the switch show mvr Displays MVR global parameters or port parameters show mvr interface Displays the configured MVR interfaces or displays the multicast groups to which a receiver port belongs Also displays all MVR groups of which the interface is a member show mvr members Displays all receiver ports that are members of an MVR multicast g...

Page 360: ...age Guidelines When you enter domain domain name the CFM domain must have already been created by entering the ethernet cfm domain domain name level level id global configuration command If the CFM domain does not exist the command is rejected and an error message appears Examples This example shows how to enter EVC configuration mode and to configure the OAM protocol as CFM Switch config ethernet...

Page 361: ...h devices that only support address learning by physical ports such as the Catalyst 1900 switch When the link partner to the Catalyst 3750 Metro switch is a physical learner we recommend that you configure the switch as a physical port learner by using the pagp learn method physical port interface configuration command and to set the load distribution method based on the source MAC address by usin...

Page 362: ...ion port You can verify your settings by entering the show running config privileged EXEC command or the show pagp channel group number internal privileged EXEC command Related Commands Command Description pagp port priority Selects a port over which all traffic through the EtherChannel is sent show pagp Displays PAgP channel group information show running config Displays the operating configurati...

Page 363: ...cal port keyword is provided in the command line interface CLI The pagp learn method and the pagp port priority interface configuration commands have no effect on the switch hardware but they are required for PAgP interoperability with devices that only support address learning by physical ports such as the Catalyst 1900 switch When the link partner to the switch is a physical learner we recommend...

Page 364: ...learn the source address of inbound packets show pagp Displays PAgP channel group information show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_command_r eference_list html Select the Cisco IOS Commands Master List Release 12 2 to naviga...

Page 365: ...k any host target mac target mac target mac mask log Syntax Description Defaults There are no default settings Command Modes ARP access list configuration request Optional Requests a match for the ARP request When request is not specified matching is performed against all ARP packets ip Specify the sender IP address any Accept any IP or MAC address host sender ip Accept the specified sender IP add...

Page 366: ...0 abcd Switch config arp access list static hosts Switch config arp nacl permit ip host 1 1 1 1 mac host 0000 0000 abcd Switch config arp nacl end You can verify your settings by entering the show arp access list privileged EXEC command Related Commands Release Modification 12 2 25 EY This command was introduced Command Description arp access list Defines an ARP ACL deny ARP access list configurat...

Page 367: ...h database management SDM dual IPv4 and IPv6 template configured Internet Control Message Protocol permit icmp source ipv6 prefix prefix length any host source ipv6 address operator port number destination ipv6 prefix prefix length any host destination ipv6 address operator port number icmp type icmp code icmp message dscp value log log input routing sequence value time range name Transmission Con...

Page 368: ...the source port If the operator is positioned after the destination ipv6 prefix prefix length argument it must match the destination port The range operator requires two port numbers All other operators require one port number The optional port number argument is a decimal number or the name of a TCP or a UDP port A port number is a number from 0 to 65535 TCP port names can be used only when filte...

Page 369: ...ange and its restrictions are specified by the time range and absolute or periodic commands respectively icmp type Optional Specify an ICMP message type for filtering ICMP packets ICMP packets can be filtered by the ICMP message type The type is a number from 0 to 255 icmp code Optional Specify an ICMP message code for filtering ICMP packets ICMP packets that are filtered by the ICMP message type ...

Page 370: ... ICMPv6 neighbor discovery To disallow ICMPv6 neighbor discovery and to deny icmp any any nd na or icmp any any nd ns there must be an explicit deny entry in the ACL For the three implicit statements to take effect an IPv6 ACL must contain at least one entry The IPv6 neighbor discovery process uses the IPv6 network layer service Therefore by default IPv6 ACLs implicitly allow IPv6 neighbor discove...

Page 371: ...64 any Switch config ipv6 acl deny FE80 0 0 0201 64 any Switch config ipv6 acl permit icmp any any Switch config ipv6 acl exit Switch config ipv6 access list INBOUND Switch config ipv6 acl permit icmp any any Switch config ipv6 acl exit Switch config interface gigabitethernet0 3 Switch config if no switchport Switch config if ipv6 address 2001 64 eui 64 Switch config if ipv6 traffic filter OUTBOUN...

Page 372: ...Define a host MAC address and optional subnet mask If the source address for a packet matches the defined address non IP traffic from that address is denied host dst MAC addr dst MAC addr mask Define a destination MAC address and optional subnet mask If the destination address for a packet matches the defined address non IP traffic to that address is denied type mask Optional Use the Ethertype num...

Page 373: ...sk lsap lsap number mask Optional Use the LSAP number 0 to 65535 of a packet with 802 2 encapsulation to identify the protocol of the packet The mask is a mask of don t care bits applied to the LSAP number before testing for a match mop console Optional Select EtherType DEC MOP Remote Console mop dump Optional Select EtherType DEC MOP Dump msdos Optional Select EtherType DEC MSDOS mumps Optional S...

Page 374: ...NETBIOS traffic from any source to MAC address 00c0 00a0 03fa Traffic matching this list is allowed Switch config ext macl permit any host 00c0 00a0 03fa netbios This example shows how to remove the permit condition from the MAC name extended access list Switch config ext macl no permit any 00c0 00a0 03fa 0000 0000 0000 netbios This example permits all packets with Ethertype 0x4321 Switch config e...

Page 375: ...policer These limitations do not apply to policers configured in a hierarchical policy attached to an ES port In Cisco IOS Release 12 2 25 EY or later when configuring hierarchical dual level policy maps you can only use the police policy map command in a secondary interface level policy map To return to policy map configuration mode use the exit command To return to privileged EXEC mode use the e...

Page 376: ...ap class class1 Switch config pmap c set ip dscp 45 Switch config pmap c police 1000000 20000 exceed action drop Switch config pmap c exit This example shows how to configure a policer which marks down the DSCP values with the values defined in policed DSCP map and sends the packet Switch config policy map policy2 Switch config pmap class class2 Switch config pmap c police 1000000 20000 exceed act...

Page 377: ... by the hardware and ASIC boundaries You cannot reserve policers per port There is no guarantee that a port will be assigned to any policer These limitations do not apply to policers configured in a hierarchical policy attached to an ES port You set aggregate policer parameters by using the mls qos aggregate policer global configuration command You apply an aggregate policer to multiple classes in...

Page 378: ...nfig pmap c trust dscp Switch config pmap c police aggregate agg_policer2 Switch config pmap c exit You can verify your settings by entering the show mls qos aggregate policer privileged EXEC command Related Commands Command Description mls qos aggregate policer Defines policer parameters which can be shared by multiple classes within the same policy map show mls qos aggregate policer Displays the...

Page 379: ...burst Optional Conform burst size used by the first token bucket for policing The range is 1536 to 16776960 bytes pir pir PIR at which the second token bucket for policing is updated The range is 64000 to 990000000 bps be peak burst Optional Peak burst size used by the second token bucket The range is 1536 to 16776960 bytes conform action Optional Action to perform on packets that conform to the C...

Page 380: ... stage Otherwise the exceed action associated with the bucket is applied to the packet The packet might be dropped or its priority value might be marked down In this token bucket example if the CIR rate is 2 kbps 2000 tokens are added to the bucket every second for this example consider each token to represent a single bit of information If a 1500 byte packet arrives 12000 tokens 1500 bytes x 8 bi...

Page 381: ...onform action transmit exceed action set prec transmit 2 violate action drop Switch config pmap c exit Switch config pmap exit Switch config pmap c interface gigabitethernet1 1 1 Switch config if service policy output policy1 Switch config if end Traffic marked as conforming to the average committed rate 500 kbps is sent as is Traffic marked as exceeding 500 kbps but not exceeding 1 Mbps is marked...

Page 382: ...m 1 to 99 bc conform burst ms Optional Conform burst size used by the first token bucket for policing The range is 1 to 128 ms pir percent percent Percentage of the available bandwidth assigned to the parent class This value is used for calculating the PIR the rate at which the second token bucket for policing is updated The range is 1 to 99 be peak burst ms Optional Peak burst size used by the se...

Page 383: ...ation see the Examples section The calculated CIR and PIR bps rates must be in the range of 8000 and 2000000000 bps If the rates are outside this range the switch does not attach the policy map to the port If the port bandwidth changes for example more is added the switch recalculates the bps values of the CIR and the PIR based on the revised amount of bandwidth If the CIR and PIR percentages are ...

Page 384: ...hild_policy Switch config pmap class normal_type Switch config pmap c police cir percent 30 Switch config pmap exit Switch config policy map parent_policy Switch config pmap class parent Switch config pmap c shape average 512000 Switch config pmap c service policy child_policy Switch config pmap c exit This example shows how to create two hierarchical policies one called child_policy and one calle...

Page 385: ...r a class of traffic policy map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy show policy map Displays quality of service QoS policy maps show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 ...

Page 386: ... created or modified After you enter the policy map command the switch enters policy map configuration mode You can configure or modify the class policies for that policy map and decide how to treat the classified traffic These configuration commands are available in policy map configuration mode class defines the classification match criteria for the specified class map For more information see t...

Page 387: ...the VLAN level specifies the actions to be taken against a traffic flow on an SVI The second level the interface level specifies the actions to be taken against the traffic on the physical ports that belong to the SVI and are specified in the interface level policy map In a primary VLAN level policy map you can only configure the trust state or set a new DSCP or IP precedence value in the packet I...

Page 388: ...0 exceed action drop Switch config pmap c exit Switch config pmap exit Switch config policy map pm test pm 2 Switch config pmap class cm non int Switch config pmap c set dscp 7 Switch config pmap c service policy pm test int Switch config pmap class cm non int 2 Switch config pmap c set dscp 15 Switch config pmap c service policy pm test int Switch config pmap c end Switch config cmap exit Switch ...

Page 389: ...g port channel load balance dst mac You can verify your setting by entering the show running config privileged EXEC command or the show etherchannel load balance privileged EXEC command Related Commands dst ip Load distribution is based on the destination host IP address dst mac Load distribution is based on the destination host MAC address Packets to the same destination are sent on the same port...

Page 390: ...Channel information for a channel show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_comman d_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command Command Description ...

Page 391: ...e priority queue is serviced first until it is empty You cannot use the bandwidth queue limit random detect and the shape policy map class configuration commands with the priority policy map class configuration command in the same class within the same policy map However you can use these commands in the same policy map Within a policy map you can give priority status to only one class When you at...

Page 392: ... a policy map attached to an ES port class Specifies the name of the class whose traffic policy you want to create or change policy map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy priority queue Enables the egress priority queue on a port queue limit Configures the maximum threshold for tail drop in a policy map attached to an ES port random ...

Page 393: ... queue is enabled otherwise the egress queues are serviced based on their SRR weights If the egress priority queue is enabled it overrides the SRR shaped and shared weights for queue 1 If the egress priority queue is disabled and the SRR shaped and shared weights are configured the shaped mode overrides the shared mode for queue 1 and SRR services this queue in shaped mode If the egress priority q...

Page 394: ...ped mode overrides the shared mode Switch config interface gigabitethernet1 0 2 Switch config if srr queue bandwidth shape 25 0 0 0 Switch config if srr queue bandwidth share 30 20 25 25 Switch config if no priority queue out You can verify your settings by entering the show mls qos interface interface id queueing or the show running config privileged EXEC command Related Commands Command Descript...

Page 395: ...server VTP does not propagate private VLAN configuration You must manually configure private VLANs on all switches in the Layer 2 network to merge their Layer 2 databases and to prevent flooding of private VLAN traffic You cannot include VLAN 1 or VLANs 1002 to 1005 in the private VLAN configuration Extended VLANs VLAN IDs 1006 to 4094 can be configured in private VLANs You can associate a seconda...

Page 396: ...s as EtherChannels While a port is part of the private VLAN configuration any EtherChannel configuration for it is inactive Do not configure a private VLAN as a Remote Switched Port Analyzer RSPAN VLAN Do not configure a private VLAN as a voice VLAN Do not configure fallback bridging on switches with private VLANs Although a private VLAN contains more than one VLAN only one STP instance runs for t...

Page 397: ...rivate vlan or show interfaces status privileged EXEC command Related Commands Command Description show interfaces status Displays the status of interfaces including the VLANs to which they belong show vlan private vlan Displays the private VLANs and VLAN associations configured on the switch switchport mode private vlan Configures a private VLAN port as a host port or promiscuous port ...

Page 398: ...u cannot configure Layer 3 VLAN interfaces for secondary VLANs SVIs for secondary VLANs are inactive while the VLAN is configured as a secondary VLAN The secondary_vlan_list parameter cannot contain spaces It can contain multiple comma separated items Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs The list can contain one isolated VLAN and multiple community VL...

Page 399: ... 20 Switch config vlan end This example shows how to permit routing of secondary VLAN traffic from secondary VLANs 303 to 305 and 307 through VLAN 20 SVI Switch configure terminal Switch interface vlan 20 Switch config if private vlan mapping 303 305 307 Switch config vlan end You can verify your setting by entering the show interfaces private vlan mapping privileged EXEC command Related Commands ...

Page 400: ...ued until the maximum threshold is exceeded and then all the packets are dropped Use the queue limit command only in a hierarchical policy map attached to an ES port You can use this command only in class level classes You must configure the bandwidth or the shape policy map class configuration command before you configure either the queue limit or the random detect policy map class configuration ...

Page 401: ...EC command Related Commands Command Description bandwidth Specifies or modifies the minimum bandwidth provided to a class belonging to a policy map attached to an ES port class Specifies the name of the class whose traffic policy you want to create or change policy map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy priority Enables the strict pr...

Page 402: ...s This example shows how to map a port to queue set 2 Switch config interface fastethernet1 0 1 Switch config if queue set 2 You can verify your settings by entering the show mls qos interface interface id buffers privileged EXEC command Related Commands qset id ID of the queue set Each port belongs to a queue set which defines all the characteristics of the four egress queues per port The range i...

Page 403: ...l WRED does not drop large numbers of packets at once Use the random detect command only in a hierarchical policy map attached to an ES port You can use this command only in class level classes You must configure the bandwidth or the shape policy map class configuration command before you configure either the queue limit or the random detect policy map class configuration command in a class policy...

Page 404: ...his example shows how to configure the policy map called policy1 that contains a policy specification for the class called class1 During times of congestion IP precedence based WRED packet drop is used instead of tail drop Switch config policy map policy1 Switch config pmap class class1 Switch config pmap c bandwidth 1000 Switch config pmap c random detect This example shows how to enable DSCP bas...

Page 405: ... DSCP based WRED settings in a policy map attached to an ES port random detect exponential weighting constant Configures WRED exponential weight factor for the average queue size calculation for the queue in a policy map attached to an ES port random detect precedence Configures IP precedence based WRED settings in a policy map attached to an ES port service policy policy map class Creates a servi...

Page 406: ...and mark probability values for a DSCP value Specify these options dscp DSCP value The range is 0 to 63 You also can enter a mnemonic name for a commonly used value For more information see the Usage Guidelines section min threshold the minimum threshold in packets The range is 1 to 32768 When the average queue size reaches the minimum threshold WRED randomly drops some packets with the specified ...

Page 407: ...0 command For a list of supported mnemonics enter the random detect dscp command to see the command line help strings The AF code points enables a domain to offer four different levels four different AF classes of forwarding assurances for IP packets received from other such as customer domains Each one of the four AF classes is allocated a certain amount of forwarding services buffer space and ba...

Page 408: ...ndwidth 48 Switch config pmap c random detect dscp based Switch config pmap c random detect dscp 8 24 40 512 Switch config pmap c exit Switch config pmap end Switch config interface gigabitethernet1 1 1 Switch config if service policy input p1 You can verify your settings by entering the show policy map privileged EXEC command Table 2 15 random detect dscp Default Settings DSCP Precedence Minimum ...

Page 409: ...priority Enables the strict priority queue and gives priority to a class of traffic belonging to a policy map attached to an ES port queue limit Configures the maximum threshold for tail drop in a policy map attached to an ES port random detect Enables WRED in a policy map attached to an ES port random detect exponential weighting constant Configures WRED exponential weight factor for the average ...

Page 410: ...large numbers of packets at once Use the random detect exponential weighting constant command only in a hierarchical policy map attached to an ES port You can use this command only in class level classes You must configure the bandwidth or the shape policy map class configuration command before you configure either the queue limit or the random detect policy map class configuration command in a cl...

Page 411: ...it command To return to privileged EXEC mode use the end command Examples This example shows how to configure policy for a class called acl10 included in the policy map called policy10 Class acl101 has these characteristics a minimum of 2000 kbps of bandwidth are expected to be delivered to this class in the event of congestion and a weight factor of 10 is used to calculate the average queue size ...

Page 412: ... priority Enables the strict priority queue and gives priority to a class of traffic belonging to a policy map attached to an ES port queue limit Configures the maximum threshold for tail drop in a policy map attached to an ES port random detect Enables WRED in a policy map attached to an ES port random detect dscp Configures DSCP based WRED settings in a policy map attached to an ES port random d...

Page 413: ...at evenly spaced intervals Command Modes Policy map class configuration Command History ip precedence min threshold max threshold mark prob denominator Specify WRED settings such as packet threshold and mark probability values for an IP precedence value Specify these options ip precedence IP precedence value The range is 0 to 7 min threshold the minimum threshold in packets The range is 1 to 32768...

Page 414: ...map class configuration commands with the priority policy map class configuration command in the same class within the same policy map However you can use these commands in the same policy map You must enter the random detect precedence based command before specifying the values with the random detect precedence ip precedence min threshold max threshold mark prob denominator command If you want WR...

Page 415: ... end Switch config interface gigabitethernet1 1 1 Switch config if service policy output p1 You can verify your settings by entering the show policy map privileged EXEC command Related Commands Command Description bandwidth Specifies or modifies the minimum bandwidth provided to a class belonging to a policy map attached to an ES port class Specifies the name of the class whose traffic policy you ...

Page 416: ...feature is propagated by VLAN Trunking Protocol VTP for VLAN IDs that are lower than 1005 If the RSPAN VLAN ID is in the extended range you must manually configure intermediate switches those in the RSPAN VLAN between the source switch and the destination switch Before you configure the RSPAN remote span command use the vlan global configuration command to create the VLAN The RSPAN VLAN has these ...

Page 417: ...LAN Switch config vlan 901 Switch config vlan no remote span You can verify your settings by entering the show vlan remote span user EXEC command Related Commands Command Description monitor session Enables Switched Port Analyzer SPAN and RSPAN monitoring on a port and configures a port as a source or destination port vtp Changes to config vlan mode where you can configure VLANs 1 to 4094 ...

Page 418: ...e show ip dhcp snooping database privileged EXEC command Related Commands flash filename Optional Specify that the database agent or the binding file is in the flash memory ftp user password host filename Optional Specify that the database agent or the binding file is on an FTP server nvram filename Optional Specify that the database agent or the binding file is in the NVRAM rcp user host file nam...

Page 419: ...are flood layer HFL to a regular multicast address These messages are flooded to the whole network not just the REP segment Switches that do not belong to the segment treat them as data traffic Configuring an administrative VLAN for the whole domain can control flooding of these messages If no REP administrative VLAN is configured the default is VLAN 1 There can be only one administrative VLAN on ...

Page 420: ... id port id Identify the VLAN blocking alternate port by entering the unique port ID that is automatically generated when REP is enabled The REP port ID is a 16 character hexadecimal value You can view the port ID for an interface by entering the show interface interface id rep detail command neighbor_offset Identify the VLAN blocking alternate port by entering the offset number of a neighbor The ...

Page 421: ...he primary edge port cannot determine the alternate port for VLAN balancing the default action is no preemption Each port in a segment has a unique port ID The port ID format is similar to the one used by the spanning tree algorithm a port number unique on the bridge associated to a MAC address unique in the network To determine the port ID of a port enter the show interface interface id rep detai...

Page 422: ...DU rx 107122 tx 192493 Switch B config t Switch config interface gigabitethernet1 0 1 Switch config if rep block port id 0080001647FB1780 vlan 1 100 Switch config if exit This example shows how to configure VLAN load balancing by using a neighbor offset number and how to verify the configuration by entering the show interfaces rep detail privileged EXEC command Switch config t Switch config interf...

Page 423: ...p preempt delay Configures a waiting period after a segment port failure and recovery before REP VLAN load balancing is triggered rep preempt segment Manually starts REP VLAN load balancing on a segment show interfaces rep detail Displays REP detailed configuration and status for all interfaces or the specified interface including the administrative VLAN ...

Page 424: ...sco IOS Release 12 2 52 SE the LSL age timer range changed from 3000 to 10000 ms in 500 ms increments to 120 to 10000 ms in 40 ms increments If the REP neighbor device is not running Cisco IOS Release 12 2 52 SE or later you must use the shorter time range because the device does not accept values out of the earlier range EtherChannel port channel interfaces do not support LSL age timer values les...

Page 425: ...pter 2 Catalyst 3750 Metro Switch Cisco IOS Commands rep lsl age timer Related Commands Command Description show interfaces rep detail Displays REP configuration and status for all interfaces or the specified interface including the configured LSL age out timer value ...

Page 426: ...a segment port failure and recovery the REP primary edge port starts a delay timer before VLAN load balancing occurs Note that the timer restarts after each link failure When the timer expires the REP primary edge alerts the alternate port to perform VLAN load balancing configured by using the rep block port interface configuration command and prepares the segment for the new topology The configur...

Page 427: ...apter 2 Catalyst 3750 Metro Switch Cisco IOS Commands rep preempt delay Related Commands Command Description rep block port Configures VLAN load balancing show interfaces rep detail Displays REP configuration and status for all interfaces or the specified interface ...

Page 428: ...re VLAN load balancing entering this command results in the default behavior the primary edge port blocks all VLANs You configure VLAN load balancing by entering the rep block port id port id neighbor_offset preferred vlan vlan list all interface configuration command on the REP primary edge port before you manually start preemption There is not a no version of this command Examples This example s...

Page 429: ... port Tunnel port segment id Assign a segment ID to the interface The range is from 1 to 1024 edge Optional Identify the interface as one of the two REP edge ports Entering the edge keyword without the primary keyword configures the port as the secondary edge port no neighbor Optional Configure a segment edge with no external REP neighbor primary Optional On an edge port specify that the port is t...

Page 430: ...Enter the show rep topology privileged EXEC command on a port in the segment to verify which port is the segment primary edge port REP interfaces come up in a blocked state and remain in a blocked state until notified that it is safe to unblock You need to be aware of this to avoid sudden connection losses You should configure REP only in networks with redundancy Configuring REP in a network witho...

Page 431: ...mand To verify which port in the segment is the primary edge port enter the show rep topology privileged EXEC command Related Commands Command Description show interfaces rep detail Displays REP configuration and status for all interfaces or the specified interface show rep topology detail Displays information about all ports in the segment including which one was configured and selected as the pr...

Page 432: ...elines Enter this command on a segment edge port You use this command to notify other portions of the Layer 2 network of topology changes that occur in the local REP segment This removes obsolete entries in the Layer 2 forwarding table in other parts of the network which allows faster network convergence Examples This example shows how to configure a REP edge port to send STCNs to segments 25 to 5...

Page 433: ...mand Reference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands rep stcn Related Commands Command Description show interfaces rep detail Displays REP configuration and status for all interfaces or the specified interface ...

Page 434: ... Unreserved addresses that are part of the network or on pool ranges are not offered to the client and other clients are not served by the pool By entering this command users can configure a group of switches with DHCP pools that share a common IP subnet and that ignore requests from clients of other switches To access DHCP pool configuration mode enter the ip dhcp pool name global configuration c...

Page 435: ...upported Defaults The RMON statistics collection is disabled Command Modes Interface configuration Command History Usage Guidelines The RMON statistics collection command is based on hardware counters Examples This example shows how to collect RMON statistics for the owner root on a port Switch config interface gigabitethernet1 0 1 Switch config if rmon collection stats 2 owner root You can verify...

Page 436: ...ting When you use the VLAN template no system resources are reserved for routing entries and any routing is done through software This overloads the CPU and severely degrades routing performance default Set the switch to use the default template to balance resources among features dual ipv4 and ipv6 default routing vlan Select a template that supports both IPv4 and IPv6 routing default Provide bal...

Page 437: ...mpacting switch performance The last row is a guideline used to calculate hardware resource consumption related to the other resource parameters Table 2 18 lists the approximate number of each resource supported in each of the dual IPv4 and IPv6 templates for a switch Table 2 17 Approximate Number of Feature Resources Allowed by Each Template Resource Templates Default Routing VLAN Unicast MAC add...

Page 438: ...h config sdm prefer dual ipv4 and ipv6 default Switch config exit Switch reload You can verify your settings by entering the show sdm prefer privileged EXEC command Related Commands IPv4 or MAC QoS ACEs total 512 512 512 IPv4 or MAC security ACEs total 1 K 512 1 K IPv6 policy based routing ACEs1 0 255 0 IPv6 QoS ACEs 510 510 510 IPv6 security ACEs 510 510 510 1 IPv6 policy based routing is not sup...

Page 439: ...nce to its default state ethernet lmi ce vlan map configures Ethernet Local Management Interface LMI parameters See the ethernet lmi ce vlan map command exit exits EVC configuration mode and returns to global configuration mode no negates a command or returns a command to its default setting Examples This example shows how to define an Ethernet service instance and to enter Ethernet service config...

Page 440: ... functionality of the password recovery feature by allowing an end user to reset a password only by agreeing to return to the default configuration To use the password recovery procedure a user with physical access to the switch holds down the Mode button while the unit powers up and for a second or two after the LED above port 1X goes off When the button is released the system continues with init...

Page 441: ...y of the config file on the switch If the switch is operating in VLAN Trunking Protocol VTP transparent mode we recommend that you also save a copy of the vlan dat file in a location away from the switch You can verify if password recovery is enabled or disabled by entering the show version privileged EXEC command Examples This example shows how to disable password recovery on a switch so that a u...

Page 442: ...chical dual level service policy per SVI With hierarchical QoS you can attach one ingress hierarchical service policy and one egress hierarchical service policy per ES port You can also attach a hierarchical service policy to an EtherChannel with no ports or with one or both ES ports Use the service policy output policy map name command only in an egress policy map attached to an ES port You canno...

Page 443: ...red overwrites the previous configuration However if you are applying an ingress hierarchical policy to an ES port that includes the set policy map class configuration command or policing actions in a two rate policer the switch automatically applies a port trust state to the ES port For example if you configure the set cos new cos command the switch automatically configures the interface to trust...

Page 444: ...ap Displays QoS policy maps show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_command _reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command Command Description ...

Page 445: ... with a physical level policy map and by attaching the physical level policy map to an ES port You can omit hierarchical levels but the order of the levels class level VLAN level and then the physical level must be preserved If you use the bandwidth policy map class configuration command in a child policy you also must use it in the parent policy If you enter this command in policy map class confi...

Page 446: ...fig pmap exit Switch config policy map my physical policy Switch config pmap class class default Switch config pmap c shape average 500000000 Switch config pmap c service policy my logical policy Switch config pmap c exit Switch config pmap exit Switch config interface gigabitethernet1 1 1 Switch config service policy input my physical policy You can verify your settings by entering the show polic...

Page 447: ... a mnemonic name for a commonly used value For example you can enter the set dscp af11 command which is the as same entering the set dscp 10 command You can enter the set precedence critical command which is the same as entering the set precedence 5 command For a list of supported mnemonics enter the set dscp or the set precedence command to see the command line help strings cos new cos New CoS va...

Page 448: ... cannot combine Layer 2 and Layer 3 set actions because the port can trust only one value in the inbound packet For example the switch does not support this policy map policy map p1 class cos1 police cir per 10 conform action set cos transmit 3 set dscp af22 To return to policy map configuration mode use the exit command To return to privileged EXEC mode use the end command Examples This example s...

Page 449: ...ess help text press the question mark key at a prompt To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog press Ctrl C When you complete your changes the setup program shows you the configuration command script that was created during the setup session You can save the configuration in NVRAM return to the setup program w...

Page 450: ...Prol Vlan1 10 1 2 3 YES NVRAM up up Vlan100 unassigned YES NVRAM down down Vlan150 unassigned YES NVRAM down down Vlan901 unassigned YES NVRAM down down FastEthernet1 0 1 unassigned YES unset up up FastEthernet1 0 2 111 1 1 1 YES NVRAM up up output truncated Enter interface name used to connect to the management network from the above interface summary vlan1 Configuring interface Vlan1 Configure I...

Page 451: ...config 1 Return back to the setup without saving this config 2 Save this configuration to nvram and exit Enter your selection 2 Related Commands Command Description show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_co mmand_reference_lis...

Page 452: ...de button start blinking If you press the Mode button for a total of 10 seconds the switch configuration is deleted and the switch reboots The switch can then be configured like a new switch either through the web based Express Setup program or the CLI based setup program Note As soon as you make any change to the switch configuration including entering no at the beginning of the CLI based setup p...

Page 453: ...igured switch the mode LEDs begin blinking after 2 seconds and turn solid green after 10 seconds Caution If you hold the Mode button down for a total of 10 seconds the configuration is deleted and the switch reboots This example shows how to disable Express Setup mode Switch config no setup express You can verify that Express Setup mode is disabled by pressing the Mode button The mode LEDs do not ...

Page 454: ...licing You must configure the bandwidth or the shape policy map class configuration command before you configure either the queue limit or the random detect policy map class configuration command in a class policy You cannot use the bandwidth queue limit random detect and the shape policy map class configuration commands with the priority policy map class configuration command in the same class wi...

Page 455: ...This example shows how to limit the specified traffic class to a data transmission rate of 256 kbps Switch config policy map policy1 Switch config pmap class class1 Switch config pmap c shape average 256000 Switch config pmap c exit Switch config pmap exit Switch config interface gigabitethernet1 1 1 Switch config if service policy output policy1 You can verify your settings by entering the show p...

Page 456: ...ists command Switch show access lists Standard IP access list 1 10 permit 1 1 1 1 20 permit 2 2 2 2 30 permit any 40 permit 0 255 255 255 wildcard bits 12 0 0 0 Standard IP access list videowizard_1 1 1 1 10 permit 1 1 1 1 Standard IP access list videowizard_10 10 10 10 10 permit 10 10 10 10 Extended IP access list 121 10 permit ahp host 10 10 10 10 host 20 20 10 10 precedence routine Extended IP ...

Page 457: ...unt 0 Bridge Only All bytes count 0 Forwarding To CPU All frame count 0 Forwarding To CPU All bytes count 0 L3 ACL INPUT Statistics Drop All frame count 0 Drop All bytes count 0 Bridge Only All frame count 0 Bridge Only All bytes count 0 Forwarding To CPU All frame count 0 Forwarding To CPU All bytes count 0 Forwarded All frame count 0 Forwarded All bytes count 0 Drop And Log All frame count 0 Dro...

Page 458: ... Rate Limit Access Lists rcvd 0 Delete one Access List rcvd 0 Related Commands Command Description access list Configures a standard or extended numbered access list on the switch For syntax information select Cisco IOS IP Command Reference Volume 1 of 3 Addressing and Services Release 12 2 IP Services Commands ip access list Configures a named IP access list on the switch For syntax information s...

Page 459: ...oad sw privileged EXEC command to download an image to a TFTP server the output of the archive download sw command shows the status of the download Examples These are examples of output from the show archive status command Switch show archive status IDLE No upgrade in progress Switch show archive status LOADING Upgrade in progress Switch show archive status EXTRACT Extracting the image Switch show...

Page 460: ...y Examples This is an example of output from the show arp access list command Switch show arp access list ARP access list rose permit ip 10 101 1 1 0 0 0 255 mac any permit ip 20 3 1 0 0 0 0 255 mac any Related Commands acl name Optional Name of the ACL Release Modification 12 2 25 EY This command was introduced Command Description arp access list Defines an ARP ACL deny ARP access list configurat...

Page 461: ...nning config privileged EXEC command to display the auto QoS configuration and the user modifications On an enhanced services ES port the srr queue bandwidth shape interface configuration command is not part of the generated auto qos voip command list To display information about the QoS configuration that might be affected by auto QoS use one of these commands show mls qos show mls qos maps cos d...

Page 462: ...hreshold 2 49 50 51 52 53 54 55 56 mls qos srr queue input dscp map queue 2 threshold 2 57 58 59 60 61 62 63 mls qos srr queue input dscp map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr queue input dscp map queue 2 threshold 3 40 41 42 43 44 45 46 47 mls qos srr queue output cos map queue 1 threshold 3 5 mls qos srr queue output cos map queue 2 threshold 3 3 6 7 mls qos srr queue outpu...

Page 463: ...security maximum 1999 speed 100 duplex full srr queue bandwidth share 10 10 60 20 srr queue bandwidth shape 10 0 0 0 mls qos trust device cisco phone mls qos trust cos auto qos voip cisco phone output truncated This is an example of output from the show auto qos interface interface id command when the auto qos voip cisco phone interface configuration command is entered Switch show auto qos interfa...

Page 464: ...ntax Description This command has no arguments or keywords Command Modes Privileged EXEC Command History Examples This is an example of output from the show boot command Table 2 19 describes each field in the display Switch show boot BOOT path list flash c3750 i9 mz Config file flash config text Private Config file flash private config text Enable Break no Manual Boot yes HELPER path list Release ...

Page 465: ...he filename that the software uses to read and write a nonvolatile copy of the system configuration Enable Break Displays whether a break during booting is enabled or disabled If it is set to yes on or 1 you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized Manual Boot Displays whether the switch automatically or manually b...

Page 466: ...ple of output from the show class map command Switch show class map Class Map match all videowizard_10 10 10 10 id 2 Match access group name videowizard_10 10 10 10 Class Map match any class default id 0 Match any Class Map match all dscp5 id 3 Match ip dscp 5 Related Commands class map name Optional Display the contents of the specified class map Release Modification 12 1 14 AX This command was i...

Page 467: ...Examples This is a partial output example from the show controllers cpu interface command Switch show controllers cpu interface cpu queue frames retrieved dropped invalid hol block rpc 4523063 0 0 0 stp 1545035 0 0 0 ipc 1903047 0 0 0 routing protocol 96145 0 0 0 L2 protocol 79596 0 0 0 remote console 0 0 0 0 sw forwarding 5756 0 0 0 host 225646 0 0 0 broadcast 46472 0 0 0 cbt to spt 0 0 0 0 igmp ...

Page 468: ... writeHeaderPtr 03A9BC60 Fifo2 StartPtr 038C8800 ReadPtr 038C88E0 WritePtrs 038C88E0 Fifo_Flag 88800200 writeHeaderPtr 038C88E0 Fifo3 StartPtr 03C30400 ReadPtr 03C30638 WritePtrs 03C30638 Fifo_Flag 89800400 writeHeaderPtr 03C30638 Fifo4 StartPtr 03AD5000 ReadPtr 03AD50A0 WritePtrs 03AD50A0 Fifo_Flag 89800400 writeHeaderPtr 03AD50A0 Fifo5 StartPtr 03A7A600 ReadPtr 03A7A600 WritePtrs 03A7A600 Fifo_F...

Page 469: ...out keywords provides traffic statistics basically the Remote Network Monitoring RMON statistics for all ports or for the specified port When you enter the phy or port asic keywords the displayed information is useful primarily for Cisco technical support representatives troubleshooting the switch interface id The physical port including type module and port number phy Optional Display the status ...

Page 470: ...bol error frames 0 Excessive collisions 0 Late collisions 0 Invalid frames too large 0 VLAN discard frames 0 Valid frames too large 0 Excess defer frames 0 Invalid frames too small 0 64 byte frames 0 Valid frames too small 0 127 byte frames 0 255 byte frames 0 Too old frames 0 511 byte frames 0 Valid oversize frames 0 1023 byte frames 0 System FCS error frames 0 1518 byte frames 0 RxPortFifoFull d...

Page 471: ...00000F7A TransmitBufferCommonCountPeak 0000001E TransmitBufferCommonCommonEmpty 000000FF NetworkActivity 00000000 00000000 00000000 02400000 DroppedStatistics 00000000 FrameLengthDeltaSelect 00000001 SneakPortFifoInfo 00000000 MacInfo 0EC0801C 00000001 0EC0801B 00000001 00C0001D 00000001 00C0001E 00000001 output truncated This is an example of output from the show controllers ethernet controller p...

Page 472: ... Drop Frames 0 Sup Queue 2 Drop Frames 0 Sup Queue 10 Drop Frames 0 Sup Queue 3 Drop Frames 0 Sup Queue 11 Drop Frames 0 Sup Queue 4 Drop Frames 0 Sup Queue 12 Drop Frames 0 Sup Queue 5 Drop Frames 0 Sup Queue 13 Drop Frames 0 Sup Queue 6 Drop Frames 0 Sup Queue 14 Drop Frames 0 Sup Queue 7 Drop Frames 0 Sup Queue 15 Drop Frames Switch 1 PortASIC 1 Statistics 0 RxQ 0 wt 0 enqueue frames 0 RxQ 0 wt...

Page 473: ...hnical support representatives troubleshooting the switch Examples This is an example of output from the show controllers tcam command Switch show controllers tcam TCAM 0 Registers REV 00B30103 SIZE 00080040 ID 00000000 CCR 00000000_F0000020 RPID0 00000000_00000000 RPID1 00000000_00000000 RPID2 00000000_00000000 RPID3 00000000_00000000 HRR0 00000000_E000CAFC HRR1 00000000_00000000 HRR2 00000000_00...

Page 474: ...CamIndex 0000FFE0 LocalNoMatch 000069E0 ForwardingRamBaseAddress 00022A00 0002FE00 00040600 0002FE00 0000D400 00000000 003FBA00 00009000 00009000 00040600 00000000 00012800 00012900 Related Commands Command Description show controllers cpu interface Displays the state of the CPU network ASIC and send and receive statistics for packets reaching the CPU show controllers ethernet controller Displays ...

Page 475: ...tch config cpu traffic qos cos 2 Switch config cpu traffic qos dscp 40 Show command Switch show cpu traffic qos QOS CPU Generated Traffic Set parameter type Cos trust DSCP dscp mutation map1 Precedence Default Related Commands Release Modification 12 2 52 SE This command was introduced Command Description cpu traffic qos cos Configures the CoS value for CPU generated traffic cpu traffic qos dscp C...

Page 476: ...2 448 Catalyst 3750 Metro Switch Command Reference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show cpu traffic qos ...

Page 477: ...d History Examples This is an example of output from the show dot1q tunnel command Switch show dot1q tunnel Port Gi1 1 1 Gi1 1 2 Po2 Related Commands interface interface id Optional Specify the interface for which to display 802 1Q tunneling information Valid interfaces include physical ports and port channels Release Modification 12 1 14 AX This command was introduced Command Description show vla...

Page 478: ...thcontrol Enabled Dot1x Protocol Version 1 Dot1x Oper Controlled Directions Both Dot1x Admin Controlled Directions Both Switch show dot1x all Dot1x Info for interface FastEthernet1 0 3 Supplicant MAC 00d0 b71b 35de AuthSM State CONNECTING BendSM State IDLE PortStatus UNAUTHORIZED MaxReq 2 HostMode Single Port Control Auto QuietPeriod 60 Seconds Re authentication Disabled ReAuthPeriod 3600 Seconds ...

Page 479: ...he show dot1x statistics interface interface id command Table 2 20 describes the fields in the display Switch show dot1x statistics interface fastethernet1 0 3 PortStatistics Parameters for Dot1x TxReqId 15 TxReq 0 TxTotal 15 RxStart 4 RxLogoff 0 RxRespId 1 RxResp 1 RxInvalid 0 RxLenErr 0 RxTotal 6 RxVersion 1 LastRxSrcMac 00d0 b71b 35de Table 2 20 show dot1x statistics Field Descriptions Field De...

Page 480: ...that have been received in which the packet body length field is invalid RxTotal Number of valid EAPOL frames of any type that have been received RxVersion Number of received packets in the 802 1x version 1 format LastRxSrcMac Source MAC address carried in the most recently received EAPOL frame Table 2 20 show dot1x statistics Field Descriptions continued Field Description Command Description dot1...

Page 481: ...1 TOS TAS TNS ACCESS AUTO ACCESS TOT TAT TNT NATIVE NEGOTIATE NATIVE Neighbor address 1 000943A7D081 Neighbor address 2 000000000000 Hello timer expiration sec state 1 RUNNING Access timer expiration sec state never STOPPED Negotiation timer expiration sec state never STOPPED Multidrop timer expiration sec state never STOPPED FSM state S2 ACCESS times multi trunk 0 Enabled yes In STP no Statistics...

Page 482: ...st 3750 Metro Switch Command Reference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show dtp Related Commands Command Description show interfaces trunk Displays interface trunking information ...

Page 483: ... History Examples This is an example of output from the show env all command Switch show env all FAN is OK TEMPERATURE is OK POWER is OK RPS is NOT PRESENT This is an example of output from the show env fan command Switch show env fan FAN is OK all Display both fan and temperature environmental status fan Display the switch fan status power Display the switch power status rps Display whether an RP...

Page 484: ...rivileged EXEC command to see the configuration for each port A displayed gbic invalid error in the Reason column refers to an invalid small form factor pluggable SFP interface Examples This is an example of output from the show errdisable detect command Switch show errdisable detect ErrDisable Reason Detection Mode arp inspection Enabled port bpduguard Enabled port channel misconfig Enabled port ...

Page 485: ...limit and storm control fields are not valid Related Commands Command Description errdisable detect cause Enables error disabled detection for a specific cause or all causes show errdisable flap values Displays error condition recognition information show errdisable recovery Displays error disabled recovery timer information show interfaces status Displays interface status or a list of interfaces ...

Page 486: ...e specified time interval will cause an error to be detected and a port to be disabled For example the display shows that an error will be assumed and the port shut down if three Dynamic Trunking Protocol DTP state port mode access trunk or Port Aggregation Protocol PAgP flap changes occur during a 30 second interval or if 5 link state link up down changes occur during a 10 second interval ErrDisa...

Page 487: ... Commands Command Description errdisable detect cause Enables error disable detection for a specific cause or all causes show errdisable detect Displays error disable detection status show errdisable recovery Displays error disable recovery timer information show interfaces status Displays interface status or a list of interfaces in error disabled state ...

Page 488: ...from the show errdisable recovery command Note Though visible the dhcp rate limit and unicast flood reasons are not supported Switch show errdisable recovery ErrDisable Reason Timer Status udld Disabled bpduguard Disabled security violatio Disabled channel misconfig Disabled vmps Disabled pagp flap Disabled dtp flap Disabled link flap Disabled gbic invalid Disabled psecure violation Disabled gbic ...

Page 489: ...ery Related Commands Command Description errdisable recovery Configures the recover mechanism variables show errdisable detect Displays error disable detection status show errdisable flap values Displays error condition recognition information show interfaces status Displays interface status or a list of interfaces in error disabled state ...

Page 490: ...ples This is an example of output from the show etherchannel 1 detail command Switch show etherchannel 1 detail Group state L2 Ports 2 Maxports 16 Port channels 1 Max Port channels 16 Protocol LACP Ports in the group Port Gi1 0 1 Port state Up Mstr In Bndl Channel group 1 Mode Active Gcchange Port channel Po1 GC Pseudo port channel Po1 Port index 0 Load 0x00 Protocol LACP Flags S Device is sending...

Page 491: ...ctive 0 0 00 Gi1 0 2 Active 0 Time since last port bundled 01d 20h 20m 20s Gi1 0 2 This is an example of output from the show etherchannel 1 summary command Switch show etherchannel 1 summary Flags D down P in port channel I stand alone s suspended H Hot standby LACP only R Layer3 S Layer2 u unsuitable for bundling U in use f failed to allocate aggregator d default port Number of channel groups in...

Page 492: ...ndled 01d 20h 24m 44s Gi1 0 2 This is an example of output from show etherchannel protocol command Switch show etherchannel protocol Channel group listing Group 1 Protocol LACP Group 2 Protocol PAgP Related Commands Command Description channel group Assigns an Ethernet port to an EtherChannel group channel protocol Restricts the protocol used on an interface to manage channeling interface port cha...

Page 493: ...ervice evc Identifier Type Act UNI cnt Status BLUE P P 2 Active PINK MP MP 2 PartiallyActive PURPLE P P 2 Active BROWN MP MP 2 Active GREEN P P 3 Active YELLOW MP MP 2 PartiallyActive BANANAS P P 0 InActive TEST2 P P 0 NotDefined ORANGE P P 2 Active TEAL P P 0 InActive Related Commands id evc id Optional Display EVC information for the specified service The EVC identifier can be a string of from 1...

Page 494: ...ernet0 3 10 FastEthernet0 4 300 10 FastEthernet0 6 untagged 1 4094 10 FastEthernet0 7 untagged 1 4094 10 FastEthernet0 8 untagged 1 4094 10 FastEthernet0 9 untagged 20 FastEthernet0 9 222 FastEthernet0 11 300 350 900 999 333 FastEthernet0 11 100 200 1000 1999 4094 222 FastEthernet0 12 20 333 FastEthernet0 12 10 10 FastEthernet0 13 10 20 FastEthernet0 13 20 30 FastEthernet0 13 30 200 FastEthernet0 ...

Page 495: ...ce OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show ethernet service instance Related Commands Command Description service instance id ethernet Defines an Ethernet service instance and enters Ethernet service configuration mode ...

Page 496: ...hernet0 1 Interface Identifier GigabitEthernet0 1 PE2 G101 Switch show ethernet service interface detail Interface FastEthernet0 1 ID CE VLANS EVC Map Type Bundling Multiplexing Interface FastEthernet0 2 ID CE VLANS EVC Map Type Bundling Multiplexing Interface FastEthernet0 3 ID CE VLANS EVC Map Type Bundling Multiplexing output truncated Interface GigabitEthernet0 1 ID PE2 G101 CE VLANS 10 20 30 ...

Page 497: ...ter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show ethernet service interface Related Commands Command Description service instance id ethernet Defines an Ethernet service instance and enters Ethernet service configuration mode from interface configuration mode ...

Page 498: ...and line help this option is not available for VLAN IDs module number Optional Display capabilities or switchport configuration characteristics depending on preceding keyword of all interfaces on the switch The range is 1 to 9 This option is not available if you entered a specific interface ID counters Optional See the show interfaces counters command description Optional Display the administrativ...

Page 499: ...how interfaces command for an interface Switch show interfaces gigabitethernet0 2 GigabitEthernet0 2 is up line protocol is up connected vlan err dis Hardware is Gigabit Ethernet address is 0018 1902 cd02 bia 0018 1902 cd02 MTU 1548 bytes BW 1000000 Kbit DLY 10 usec reliability 255 255 txload 1 255 rxload 1 255 Encapsulation ARPA loopback not set Keepalive not set Full duplex 1000Mb s link type is...

Page 500: ...r received on this interface GigabitEthernet1 0 2 Protocol Pkts In Chars In Pkts Out Chars Out No traffic sent or received on this interface output truncated This is an example of output from the show interfaces capabilities command for an interface Switch show interfaces gigabitethernet1 0 2 capabilities GigabitEthernet1 0 2 Model WS C3750G 24TS Type 10 100 1000BaseTX Speed 10 100 1000 auto Duple...

Page 501: ... neighbor Gi1 0 2 3 4 Port Vlans traffic requested of neighbor Gi1 0 2 1 3 This is an example of output from the show interfaces stats command for a specified VLAN interface Switch show interfaces vlan 1 stats Switching path Pkts In Chars In Pkts Out Chars Out Processor 1165354 136205310 570800 91731594 Route cache 0 0 0 0 Total 1165354 136205310 570800 91731594 This is an example of partial outpu...

Page 502: ...e Appliance trust none Table 2 21 show interfaces switchport Field Descriptions Field Description Name Displays the port name Switchport Displays the administrative and operational status of the port In this display the port is in switchport mode Administrative Mode Operational Mode Displays the administrative and operational modes Administrative Trunking Encapsulation Operational Trunking Encapsu...

Page 503: ...rfaces switchport backup Switch Backup Interface Pairs Active Interface Backup Interface State GigabitEthernet1 0 6 GigabitEthernet1 0 8 Active Down Backup Up Vlans Preferred on Active Interface 1 50 Vlans Preferred on Backup Interface 60 100 120 This is an example of output from the show interfaces switchport backup command In this example VLANs 1 to 50 60 and 100 to 120 are configured on the swi...

Page 504: ...rface Pairs Active Interface Backup Interface State GigabitEthernet1 0 6 GigabitEthernet1 0 8 Active Up Backup Up Vlans on Interface Gi 1 0 6 1 50 Vlans on Interface Gi 1 0 8 60 100 120 This is an example of output from the show interfaces interface id trunk command It displays trunking information for the port Switch show interfaces gigabitethernet1 0 1 trunk Port Mode Encapsulation Status Native...

Page 505: ...e switch Switch show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts Gi1 0 1 0 0 0 0 Gi1 0 2 0 0 0 0 output truncated This is an example of partial output from the show interfaces counters module command Switch show interfaces counters module 1 Port InOctets InUcastPkts InMcastPkts InBcastPkts interface id Optional ID of the physical interface including type module and port n...

Page 506: ...tocol status Protocols allocated Vlan1 Other IP Vlan20 Other IP ARP Vlan30 Other IP ARP Vlan40 Other IP ARP Vlan50 Other IP ARP Vlan60 Other IP ARP Vlan70 Other IP ARP Vlan80 Other IP ARP Vlan90 Other IP ARP Vlan900 Other IP ARP Vlan3000 Other IP Vlan3500 Other IP FastEthernet1 0 1 Other IP ARP CDP FastEthernet1 0 2 Other IP FastEthernet1 0 3 Other IP FastEthernet1 0 4 Other IP FastEthernet1 0 5 O...

Page 507: ...Metro Switch Command Reference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show interfaces counters Related Commands Command Description show interfaces Displays additional interface characteristics ...

Page 508: ...s Fail No Ext Neighbor this port blocks traffic for all VLANs When the external neighbors for the failed ports are configured the failed ports go through the alternate port state transitions and eventually go to an Open state or remain as the alternate port based on the alternate port election mechanism Examples This is sample output from the show interface rep command Switch show interface rep In...

Page 509: ...lock Port 1234567890123456 Configured Load balancing Block VLAN 1 4094 STCN Propagate to none LSL PDU rx 0 tx 0 HFL PDU rx 0 tx 0 BPA TLV rx 0 tx 0 BPA STCN LSL TLV rx 0 tx 0 BPA STCN HFL TLV rx 0 tx 0 EPA ELECTION TLV rx 0 tx 0 EPA COMMAND TLV rx 0 tx 0 EPA INFO TLV rx 0 tx 0 Related Commands Command Description rep segment Enables REP on an interface and assigns a segment ID This command is also...

Page 510: ...ltage transmitted power and received power from the SFP EEPROM and compares them against product alarm and warning thresholds When transceiver traps are enabled a trap is sent every 10 minutes when thresholds are exceeded The reading of entSensorThresholdTable and SNMP notification upon threshold violations in CISCO ENTITY SENSOR MIB is supported only in Cisco IOS Release 12 2 52 SE and later inte...

Page 511: ...arm high warning low warning low alarm A2D readouts if they differ are reported in parentheses The threshold values are uncalibrated High Alarm High Warn Low Warn Low Alarm Temperature Threshold Threshold Threshold Threshold Port Celsius Celsius Celsius Celsius Celsius Gi1 0 3 41 5 110 0 103 0 8 0 12 0 High Alarm High Warn Low Warn Low Alarm Voltage Threshold Threshold Threshold Threshold Port Vol...

Page 512: ...FP Min1 0 50 28 50 0 N A 3 00 Min2 0 30 28 29 5 N A 3 09 Max2 4 30 9 50 60 N A 3 59 Max1 4 50 9 30 70 N A 3 70 RX only WDM GBIC Min1 N A 28 50 0 N A 4 50 Min2 N A 28 29 5 N A 4 75 Max2 N A 6 69 60 N A 5 25 Max1 N A 6 00 70 N A 5 50 DWDM XENPAK Min1 1 50 24 50 0 N A N A Min2 1 29 24 29 5 N A N A Max2 3 29 6 69 60 N A N A Max1 3 50 4 00 70 N A N A DWDM X2 Min1 1 50 24 50 0 N A N A Min2 1 29 24 29 5 ...

Page 513: ...VID and Serial Number SN of that entity If there is no PID no output appears when you enter the show inventory command For the product identifier PID and version identifier VID of SFP modules the output of the show inventory user EXEC command displays either the correct information or displays Unspecified for the PID and nothing for the VID if the SFP module does not have PID and VID information E...

Page 514: ...sical ports and port channels log Optional Display the configuration and contents of the dynamic ARP inspection log buffer statistics vlan vlan range Optional Display statistics for forwarded dropped MAC validation failure IP validation failure access control list ACL permitted and denied and DHCP permitted and denied packets for the specified VLAN If no VLANs are specified or if a range is specif...

Page 515: ...mand Switch show ip arp inspection interfaces gigabitethernet1 0 1 Interface Trust State Rate pps Burst Interval Gi1 0 1 Untrusted 15 1 This is an example of output from the show ip arp inspection log command It shows the contents of the log buffer before the buffers are cleared Switch show ip arp inspection log Total Log Buffer Size 32 Syslog rate 10 entries per 300 seconds Interface Vlan Sender ...

Page 516: ...es 5 0 9 2000 0 0 For the show ip arp inspection statistics command the switch increments the number of forwarded packets for each ARP request and response packet on a trusted dynamic ARP inspection port The switch increments the number of ACL or DHCP permitted packets for each packet that is denied by source MAC destination MAC or IP validation checks and the switch increments the appropriate fai...

Page 517: ...an ARP ACL clear ip arp inspection log Clears the dynamic ARP inspection log buffer clear ip arp inspection statistics Clears the dynamic ARP inspection statistics ip arp inspection log buffer Configures the dynamic ARP inspection logging buffer ip arp inspection vlan logging Controls the type of packets that are logged per VLAN show arp access list Displays detailed information about ARP access l...

Page 518: ...g is configured for the circuit ID Examples This is an example of output from the show ip dhcp snooping command Switch show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs 40 42 Insertion of option 82 is enabled circuit id format vlan mod port remote id format string Verification of hwaddr field is enabled Interface Trusted Rate limit pps FastEtherne...

Page 519: ...y the dynamically and statically configured bindings in the DHCP snooping binding database If DHCP snooping is enabled and an interface changes to the down state the switch does not delete the statically configured bindings Examples This example shows how to display the DHCP snooping binding entries for a switch Switch show ip dhcp snooping binding MacAddress IpAddress Lease sec Type VLAN Interfac...

Page 520: ...s 1 This example shows how to display the DHCP snooping binding entries on VLAN 20 Switch show ip dhcp snooping binding vlan 20 MacAddress IpAddress Lease sec Type VLAN Interface 01 02 03 04 05 06 10 1 2 150 9747 dhcp snooping 20 GigabitEthernet1 0 1 00 00 00 00 00 02 10 1 2 151 65 dhcp snooping 20 GigabitEthernet1 0 2 Total number of bindings 2 Table 2 22 describes the fields in the show ip dhcp ...

Page 521: ...ime None Last Failed Time None Last Failed Reason No failure recorded Total Attempts 0 Startup Failures 0 Successful Transfers 0 Failed Transfers 0 Successful Reads 0 Failed Reads 0 Successful Writes 0 Failed Writes 0 Media Failures 0 This is an example of output from the show ip dhcp snooping database detail command Switch show ip dhcp snooping database detail Agent URL tftp 10 1 1 1 directory fi...

Page 522: ...lisions 0 Expired leases 0 Invalid interfaces 0 Unsupported vlans 0 Parse failures 0 Last Ignored Time None Total ignored bindings counters Binding Collisions 0 Expired leases 0 Invalid interfaces 0 Unsupported vlans 0 Parse failures 0 Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN ip dhcp snooping database Configures the DHCP snooping binding database agent ...

Page 523: ...ip dhcp snooping statistics detail Packets Processed by DHCP Snooping 0 Packets Dropped Because IDB not known 0 Queue full 0 Interface is in errdisabled 0 Rate limit exceeded 0 Received on untrusted ports 0 Nonzero giaddr 0 Source mac not equal to chaddr 0 Binding mismatch 0 Insertion of opt82 fail 0 Interface Down 0 Unknown output interface 0 Reply output port equal to input port 0 Packet denied ...

Page 524: ... packet received on an untrusted port was not zero or the no ip dhcp snooping information option allow untrusted global configuration command is not configured and a packet received on an untrusted port contained option 82 data Source mac not equal to chaddr Number of times the client MAC address field of the DHCP packet chaddr does not match the packet source MAC address and the ip dhcp snooping ...

Page 525: ...s can happen if option 82 is not used and the client MAC address has aged out If IPSG is enabled with the port security option and option 82 is not enabled the MAC address of the client is not learned and the reply packets will be dropped Reply output port equal to input port Number of times the output port for a DHCP reply packet is the same as the input port causing a possible loop Indicates a p...

Page 526: ...profile command with and without specifying a profile number If no profile number is entered the display includes all profiles configured on the switch Switch show ip igmp profile 40 IGMP Profile 40 permit range 233 1 1 1 233 255 255 255 Switch show ip igmp profile IGMP Profile 3 range 230 9 9 0 230 9 9 0 IGMP Profile 4 permit range 229 9 9 0 229 255 255 255 Related Commands profile number Optiona...

Page 527: ...g is globally enabled IGMP snooping TCN solicit query is globally disabled IGMP snooping global TCN flood query count is 2 IGMP snooping is enabled on this Vlan IGMP snooping immediate leave is disabled on this Vlan IGMP snooping mrouter learn mode is pim dvmrp on this Vlan IGMP snooping source only learning age timer is 10 IGMP snooping is running in IGMP_ONLY mode on this Vlan IGMP snooping repo...

Page 528: ...ping report suppression is enabled on this Vlan Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN ip igmp snooping querier Enables the IGMP querier function in Layer 2 networks ip igmp snooping report suppression Enables IGMP report suppression ip igmp snooping vlan immediate leave Enables IGMP snooping immediate leave processing on a VLAN ip ig...

Page 529: ...ic count user count Syntax Description Command Modes Privileged EXEC Command History Usage Guidelines Use this command to display multicast information or the multicast table VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping count Optional Display the total number of entries for the specified command options instead of the actual entries dynamic O...

Page 530: ... the entries learned by IGMP snooping Switch show ip igmp snooping groups vlan 1 dynamic Vlan Group Type Version Port List 104 224 1 4 2 igmp v2 Gi2 0 1 Fa1 0 15 104 224 1 4 3 igmp v2 Gi2 0 1 Fa1 0 15 This is an example of output from the show ip igmp snooping groups vlan vlan id ip address command It shows the entries for the group with the specified IP address Switch show ip igmp snooping groups...

Page 531: ...ation MVR is enabled the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information Examples This is an example of output from the show ip igmp snooping mrouter command It shows how to display multicast router ports on the switch Switch show ip igmp snooping mrouter Vlan ports 200 Fa1 0 13 static Fa1 0 14 static Related Commands vlan vlan id Optio...

Page 532: ...t shows the port number on which the querier is learned in the Port field The show ip igmp snooping querier detail user EXEC command is similar to the show ip igmp snooping querier command However the show ip igmp snooping querier command displays only the device IP address most recently detected by the switch querier The show ip igmp snooping querier detail command displays the device IP address ...

Page 533: ...MP switch querier status elected querier is 1 1 1 1 on port Fa1 0 1 admin state Enabled admin version 2 source IP address 10 1 1 65 query interval sec 60 max response time sec 10 querier timeout sec 120 tcn query count 2 tcn query interval sec 10 operational state Non Querier operational version 2 tcn query pending count 0 Related Commands Command Description ip igmp snooping Enables IGMP snooping...

Page 534: ...the IP SLAs and TWAMP standards implemented on the switch Command Modes User EXEC Command History Usage Guidelines Use the show ip sla standards command to display the IP SLAs TWAMP standards implemented on the switch Examples The following is sample output from the show ip sla standards command Switch show ip sla standards Feature Organization Standard TWAMP Server IETF draft ietf ippm twamp 06 T...

Page 535: ...nd History Usage Guidelines Use the detail keyword to display detailed information for a single IP SLAs TWAMP connection Use the requests keyword to display the current IP SLAs TWAMP connection requests Examples The following is sample output from the show ip sla twamp connection detail command Switch show ip sla twamp connection detail Connection Id 91 Client IP Address 172 27 111 225 Client Port...

Page 536: ... show ip sla twamp connection requests command Switch show ip sla twamp connection requests Connection Id Client Address Client Port 91 172 27 111 225 43026 Total number of current connections 1 Related Commands Command Description show ip sla standards Displays the TWAMP server and reflector standards implemented on the switch show ip sla twamp session Displays IP SLAs TWAMP sessions ...

Page 537: ...tion about IP SLAs TWAMP test sessions Examples The following is sample output from the show ip sla twamp session command Switch show ip sla twamp session IP SLAs Responder TWAMP is Enabled Recvr Addr 172 27 117 116 Recvr Port 3619 Sender Addr 172 27 111 225 Sender Port 32910 Session Id 172 27 117 116 533112 9C41EC42 Connection Id 95 Related Commands source ip ip address Optional Display results f...

Page 538: ... from the show ip source binding command Switch show ip source binding MacAddress IpAddress Lease sec Type VLAN Interface 00 00 00 0A 00 0B 11 0 0 1 infinite static 10 GigabitEthernet1 0 1 00 00 00 0A 00 0A 11 0 0 2 10000 dhcp snooping 10 GigabitEthernet1 0 1 Related Commands ip address Optional Display IP source bindings for a specific IP address mac address Optional Display IP source bindings fo...

Page 539: ...20 For VLAN 10 IP source guard with IP address filtering is configured on the interface and a binding exists on the interface For VLANs 11 to 20 the second entry shows that a default port access control list ACL is applied on the interface for the VLANs on which IP source guard is not configured The Fast Ethernet 1 0 2 interface is configured as trusted for DHCP snooping On the Fast Ethernet 1 0 3...

Page 540: ...rence OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show ip verify source IP source guard is not configured on the interface fa1 0 6 Related Commands Command Description ip verify source Enables IP source guard on an interface ...

Page 541: ...4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch When you configure the DHCPv6 server to detect conflicts it uses ping The client uses neighbor discovery to detect clients and reports to the server through a DECLINE message If an address conflict is detected the address is removed from the pool and the address is not assigned until the ...

Page 542: ... be used in MLD snooping To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch Examples This is an example of output from the show ipv6 mld snooping vlan command It shows snooping characteristics for a specific VLAN Switch show ipv6 mld snooping vlan 100 Global MLD Snooping configuration MLD snooping Enabled MLDv2 sn...

Page 543: ...ery count 2 Last listener query interval 1000 Vlan 1 MLD snooping Disabled MLDv1 immediate leave Disabled Explicit host tracking Enabled Multicast router learning mode pim dvmrp Robustness variable 1 Last listener query count 2 Last listener query interval 1000 output truncated Vlan 951 MLD snooping Disabled MLDv1 immediate leave Disabled Explicit host tracking Enabled Multicast router learning mo...

Page 544: ...D VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in MLD snooping Use the dynamic keyword to display information only about groups that are learned Use the user keyword to display information only about groups that have been configured To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and r...

Page 545: ... example of output from the show snooping address count user EXEC command Switch show ipv6 mld snooping address count Total number of multicast groups 2 This is an example of output from the show snooping address user user EXEC command Switch show ipv6 mld snooping address user Vlan Group Type Version Port List 2 FF12 3 user v2 Gi1 0 2 Gi1 0 Gi1 1 1 Related Commands Command Description ipv6 mld sn...

Page 546: ...or a specific VLAN VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in MLD snooping To configure the dual IPv4 and IPv6 template enter the sdm prefer dual ipv4 and ipv6 global configuration command and reload the switch Examples This is an example of output from the show ipv6 mld snooping mrouter command It displays snooping characteristics for all VLANs...

Page 547: ...ands Command Description ipv6 mld snooping Enables and configures MLD snooping on the switch or on a VLAN ipv6 mld snooping vlan mrouter interface interface id static ipv6 multicast address interface interface id Configures multicast router ports for a VLAN sdm prefer Configures an SDM template to optimize system resources based on how the switch is being used ...

Page 548: ...nd interface on which the querier was detected If the querier is the switch the output shows the Port field as Router If the querier is a router the output shows the port number on which the querier is learned in the Port field The output of the show ipv6 mld snoop querier vlan command displays the information received in response to a query message from an external or internal querier It does not...

Page 549: ...dress FE80 201 C9FF FE40 6000 MLD version v1 Port Gi1 0 1 Max response time 1000s Related Commands Command Description ipv6 mld snooping Enables and configures IPv6 MLD snooping on the switch or on a VLAN ipv6 mld snooping last listener query cou nt Configures the maximum number of queries that the switch sends before aging out an MLD client ipv6 mld snooping last listener query cou nt Configures ...

Page 550: ... route rip updated IPv6 Routing Table 12 entries Codes C Connected L Local S Static U Per user Static route B BGP R RIP I1 ISIS L1 I2 ISIS L2 protocol Optional Displays routes for the specified routing protocol using any of these keywords bgp isis ospf rip or displays routes for the specified type of route using any of these keywords connected local static interface interface id boot up Display th...

Page 551: ... 05 22 February 2007 R 4000 64 120 2 via FE80 A8BB CCFF FE00 9001 GigabitEthernet1 0 3 Last updated 17 23 05 22 February 2007 R 5000 64 120 2 via FE80 A8BB CCFF FE00 9001 GigabitEthernet1 0 4 Last updated 17 23 05 22 February 2007 R 5001 64 120 2 via FE80 A8BB CCFF FE00 9001 GigabitEthernet1 0 5 Last updated 17 23 05 22 February 2007 Related Commands Command Description show ipv6 route Displays th...

Page 552: ...ocol tunnel COS for Encapsulated Packets 5 Drop Threshold for Encapsulated Packets 0 Port Protocol Shutdown Drop Encapsulation Decapsulation Drop Threshold Threshold Counter Counter Counter Fa1 0 1 pagp 0 242500 lacp 24268 242640 udld 0 897960 Fa1 0 2 pagp 1000 24249 242700 lacp 24256 242660 udld 0 897960 Fa1 0 3 cdp 134482 1344820 pagp 1000 0 242500 lacp 500 0 485320 udld 300 44899 448980 Fa1 0 4...

Page 553: ...d cdp stp vtp cdp stp vtp pagp lacp udld pagp lacp udld Fa1 0 2 up pagp lacp udld Fa1 0 3 up pagp lacp udld 1000 Fa1 0 4 up pagp lacp udld 1000 500 Fa1 0 5 cdp stp vtp down Fa1 0 6 down pagp 1000 Fa1 0 7 down pagp 1000 Related Commands Command Description clear l2protocol tunnel counters Clears counters for protocol tunneling ports l2protocol tunnel Enables Layer 2 protocol tunneling for Cisco Dis...

Page 554: ...ppears You can enter the channel group number option to specify a channel group for all keywords except sys id Examples This is an example of output from the show lacp counters command user EXEC command Table 2 24 describes the fields in the display Switch show lacp counters LACPDUs Marker Marker Response LACPDUs Port Sent Recv Sent Recv Sent Recv Pkts Err Channel group 1 Fa1 0 5 19 10 0 0 0 0 0 F...

Page 555: ...r of LACP marker packets sent and received by an interface Marker Response Sent and Recv The number of LACP marker response packets sent and received by an interface LACPDUs Pkts and Err The number of unknown and illegal packets received by LACP for an interface Table 2 25 show lacp internal Field Descriptions Field Description State State of the specific port These are the allowed values Port is ...

Page 556: ...32768 0x3 0x3C Admin Key Administrative key assigned to this port LACP automatically generates an administrative key value as a hexadecimal number The administrative key defines the ability of a port to aggregate with other ports The ability of a port to aggregate with other ports is controlled by the port physical characteristics for example data rate and duplex capability and configuration restr...

Page 557: ...3a00 The system identification is made up of the system priority and the system MAC address The first two bytes are the system priority and the last six bytes are the globally administered individual MAC address associated to the system Related Commands Command Description clear lacp Clears LACP channel group information lacp port priority Configures the LACP port priority lacp system priority Con...

Page 558: ...ream interfaces or both configured If there is no link state group configuration for a group it is not shown as enabled or disabled Examples This is an example of output from the show link state group 1 command Switch show link state group 1 Link State Group 1 Status Enabled Down This is an example of output from the show link state group detail command Switch show link state group detail Link Sta...

Page 559: ...s a link state group show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_comm and_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command Command Description ...

Page 560: ...interface Switch show location civic interface g2 0 1 Civic location information Identifier 1 County Santa Clara Street number 3550 Building 19 Room C6 Primary road name Cisco Way City San Jose State CA Country US This is an example of output from the show location civic location command that displays all the civic location information Switch show location civic location static admin tag Display a...

Page 561: ...t from the show location elin location command that displays the emergency location information Switch show location elin location identifier 1 Elin location information Identifier 1 Elin 14085553881 Ports Gi2 0 2 This is an example of output from the show location elin static command that displays all emergency location information Switch show location elin static Elin location information Identi...

Page 562: ... is not set Interface FastEthernet1 0 2 Inbound access list is macl_e1 Interface FastEthernet1 0 3 Inbound access list is not set Interface FastEthernet1 0 4 Inbound access list is not set output truncated Interface FastEthernet1 0 10 Inbound access list is not set Interface FastEthernet1 0 11 Inbound access list is not set Interface FastEthernet1 0 12 Inbound access list is macl_e1 output truncat...

Page 563: ...d Modes User EXEC Command History Examples This is an example of output from the show mac address table command Switch show mac address table Mac Address Table Vlan Mac Address Type Ports All 0000 0000 0001 STATIC CPU All 0000 0000 0002 STATIC CPU All 0000 0000 0003 STATIC CPU All 0000 0000 0009 STATIC CPU All 0000 0000 0012 STATIC CPU All 0180 c200 000b STATIC CPU All 0180 c200 000c STATIC CPU Al...

Page 564: ...table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table multicast Displays the Layer 2 multicast entries for all VLANs or the specified VLAN show mac address tabl...

Page 565: ... for a specific interface Valid interfaces include physical ports and port channels vlan vlan id Optional Display entries for the specific VLAN only The range is 1 to 4094 Release Modification 12 1 14 AX This command was introduced Command Description show mac address table aging time Displays the aging time in all VLANs or the specified VLAN show mac address table count Displays the number of add...

Page 566: ...ging time vlan vlan id Syntax Description Command Modes User EXEC Command History Usage Guidelines If no VLAN number is specified the aging time for all VLANs appears Examples This is an example of output from the show mac address table aging time command Switch show mac address table aging time Vlan Aging Time 1 300 This is an example of output from the show mac address table aging time vlan 10 c...

Page 567: ...splays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table multicast Displays the Layer 2 multicast entries for all VLANs or the specified VLAN show mac address table notification...

Page 568: ...nd History Usage Guidelines If no VLAN number is specified the address count for all VLANs appears Examples This is an example of output from the show mac address table count command Switch show mac address table count Mac Entries for Vlan 10 Dynamic Address Count 0 Static Address Count 0 Total Mac Addresses 0 Mac Entries for Vlan 1 Dynamic Address Count 10 Static Address Count 0 Total Mac Address...

Page 569: ...ac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table multicast Displays the Layer 2 multicast entries for all VLANs or the specified VLAN show mac address table notification Displays the MAC address notification settings for all interfaces or the specif...

Page 570: ...Fa1 0 1 1 0008 217a ea00 DYNAMIC Fa1 0 1 1 000a b7d1 6f5b DYNAMIC Fa1 0 1 1 0010 7b3a e967 DYNAMIC Fa1 0 1 1 0010 a4e6 6e58 DYNAMIC Fa1 0 1 1 0090 92cf 1400 DYNAMIC Fa1 0 1 Total Mac Addresses for this criterion 10 Related Commands address mac address Optional Specify a 48 bit MAC address the valid format is H H H available in privileged EXEC mode only interface interface id Optional Specify an in...

Page 571: ...LANs or the specified VLAN show mac address table interface Displays the MAC address table information for the specified interface show mac address table multicast Displays the Layer 2 multicast entries for all VLANs or the specified VLAN show mac address table static Displays static MAC address table entries only show mac address table vlan Displays the MAC address table information for the speci...

Page 572: ...ace type valid interfaces include physical ports and port channels vlan vlan id Optional Display entries for a specific VLAN the range is 1 to 4094 Release Modification 12 1 14 AX This command was introduced Command Description show mac address table address Displays MAC address table information for the specified MAC address show mac address table aging time Displays the aging time in all VLANs o...

Page 573: ...ed VLANs and whether MAC address learning is enabled or disabled on them The default is that MAC address learning is enabled on all VLANs Use the command with a specific VLAN ID to display the learning status on an individual VLAN Examples This is an example of output from the show mac address table learning user EXEC command showing that MAC address learning is disabled on VLAN 200 Switch show ma...

Page 574: ...how mac address table move update command Switch show mac address table move update Switch ID 010b 4630 1780 Dst mac address 0180 c200 0010 Vlans Macs supported 1023 8320 Default Current settings Rcv Off On Xmt Off On Max packets per min Rcv 40 Xmt 60 Rcv packet count 10 Rcv conforming packet count 5 Rcv invalid packet count 0 Rcv packet count this min 0 Rcv threshold exceed count 0 Rcv last seque...

Page 575: ...t 3750 Metro Switch Cisco IOS Commands show mac address table move update Related Commands Command Description clear mac address table move update Clears the MAC address table move update counters mac address table move update Configures MAC address table move update on the switch ...

Page 576: ...ulticast command It shows how to display all multicast entries for the switch Switch show mac address table multicast Vlan Mac Address Type Ports 1 0100 5e00 0128 IGMP Gi1 0 1 This is an example of output from the show mac address table multicast count command It shows how to display a total count of MAC address entries for the switch Switch show mac address table multicast count Multicast MAC Ent...

Page 577: ...ow mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table notification Displays the MAC address notification settings for all interfaces or the speci...

Page 578: ...on change command Switch show mac address table notification change MAC Notification Feature is Enabled on the switch Interval between Notification Traps 60 secs Number of MAC Addresses Added 4 Number of MAC Addresses Removed 4 Number of Notifications sent to NMS 3 Maximum Number of entries configured in History Table 100 Current History Table Length 3 MAC Notification Traps are Enabled History Ta...

Page 579: ...ule 0 Port 1 Related Commands Command Description clear mac address table notification Clears the MAC address notification global counters show mac address table address Displays MAC address table information for the specified MAC address show mac address table aging time Displays the aging time in all VLANs or the specified VLAN show mac address table count Displays the number of addresses presen...

Page 580: ...ic command Switch show mac address table static Mac Address Table Vlan Mac Address Type Ports All 0100 0ccc cccc STATIC CPU All 0180 c200 0000 STATIC CPU All 0100 0ccc cccd STATIC CPU All 0180 c200 0001 STATIC CPU All 0180 c200 0004 STATIC CPU All 0180 c200 0005 STATIC CPU 4 0001 0002 0004 STATIC Drop 6 0001 0002 0007 STATIC Drop Total Mac Addresses for this criterion 8 address mac address Optiona...

Page 581: ...e specified VLAN show mac address table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table multicast Displays the Layer 2 multicast entries for all VLANs or the sp...

Page 582: ...an example of output from the show mac address table vlan 1 command Switch show mac address table vlan 1 Mac Address Table Vlan Mac Address Type Ports 1 0100 0ccc cccc STATIC CPU 1 0180 c200 0000 STATIC CPU 1 0100 0ccc cccd STATIC CPU 1 0180 c200 0001 STATIC CPU 1 0180 c200 0002 STATIC CPU 1 0180 c200 0003 STATIC CPU 1 0180 c200 0004 STATIC CPU 1 0180 c200 0005 STATIC CPU 1 0180 c200 0006 STATIC C...

Page 583: ...ress table count Displays the number of addresses present in all VLANs or the specified VLAN show mac address table dynamic Displays dynamic MAC address table entries only show mac address table interface Displays the MAC address table information for the specified interface show mac address table multicast Displays the Layer 2 multicast entries for all VLANs or the specified VLAN show mac address...

Page 584: ... History Examples This is an example of output from the show mls qos command when QoS is enabled and Differentiated Services Code Point DSCP transparency is disabled Switch show mls qos QoS is enabled QoS ip packet dscp rewrite disabled This is an example of output from the show mls qos command when QoS is enabled and DSCP transparency is enabled Switch show mls qos QoS is enabled QoS ip packet ds...

Page 585: ...is exceeded show mls qos aggregate policer aggregate policer name Syntax Description Command Modes User EXEC Command History Examples This is an example of output from the show mls qos aggregate policer command Switch show mls qos aggregate policer policer1 aggregate policer policer1 88000 2000000 exceed action drop Not used by any policy map Related Commands aggregate policer name Optional Displa...

Page 586: ...reshold2 100 100 Related Commands Release Modification 12 1 14 AX This command was introduced Command Description mls qos srr queue input bandwidth Assigns shaped round robin SRR weights to an ingress queue mls qos srr queue input buffers Allocates the buffers between the ingress queues mls qos srr queue input cos map Maps class of service CoS values to an ingress queue or assigns CoS values to a ...

Page 587: ...s command Switch show mls qos interface fastethernet1 0 7 buffers FastEthernet1 0 7 The port is mapped to qset 1 The allocations between the queues are 25 25 25 25 This is an example of output from the show mls qos interface interface id queueing command Switch show mls qos interface fastethernet1 0 7 queueing GigabitEthernet1 0 7 Egress Priority Queue enabled Shaped queue weights absolute 25 0 0 ...

Page 588: ... 0 0 0 15 19 0 0 0 0 0 20 24 0 0 0 0 0 25 29 0 0 0 0 0 30 34 0 0 0 0 0 35 39 0 0 0 0 0 40 44 0 0 0 0 0 45 49 0 0 0 6 0 50 54 0 0 0 0 0 55 59 0 0 0 0 0 60 64 0 0 0 0 dscp outgoing 0 4 363949 0 0 0 0 5 9 0 0 0 0 0 10 14 0 0 0 0 0 15 19 0 0 0 0 0 20 24 0 0 0 0 0 25 29 0 0 0 0 0 30 34 0 0 0 0 0 35 39 0 0 0 0 0 40 44 0 0 0 0 0 45 49 0 0 0 0 0 50 54 0 0 0 0 0 55 59 0 0 0 0 0 60 64 0 0 0 0 cos incoming 0...

Page 589: ...ss queues mls qos srr queue input cos map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID mls qos srr queue input priority queue Configures the ingress priority queue and guarantees bandwidth mls qos srr queue input threshold Assigns WTD...

Page 590: ... input queue threshold and the DSCP output queue threshold maps are displayed as a matrix The d1 column specifies the most significant digit of the DSCP number The d2 row specifies the least significant digit in the DSCP number The intersection of the d1 and the d2 values provides the queue ID and threshold ID For example in the DSCP input queue threshold map a DSCP value of 43 corresponds to queu...

Page 591: ...2 40 48 56 Dscp outputq threshold map d1 d2 0 1 2 3 4 5 6 7 8 9 0 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 1 02 01 02 01 02 01 02 01 02 01 02 01 03 01 03 01 03 01 03 01 2 03 01 03 01 03 01 03 01 03 01 03 01 03 01 03 01 03 01 03 01 3 03 01 03 01 04 01 04 01 04 01 04 01 04 01 04 01 04 01 04 01 4 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 04 01 04 01 5 04 01 04 01 04 01 04 01 ...

Page 592: ...Related Commands Command Description mls qos map Defines the CoS to DSCP map the DSCP to CoS map the DSCP to DSCP mutation map the IP precedence to DSCP map and the policed DSCP map mls qos srr queue input cos map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue input dscp map Maps DSCP values to an ingress queue or maps DSCP values to a que...

Page 593: ...mple of output from the show mls qos queue set command Switch show mls qos queue set Queueset 1 Queue 1 2 3 4 buffers 25 25 25 25 threshold1 100 200 100 100 threshold2 100 200 100 100 reserved 50 50 50 50 maximum 400 400 400 400 Queueset 2 Queue 1 2 3 4 buffers 25 25 25 25 threshold1 100 200 100 100 threshold2 100 200 100 100 reserved 50 50 50 50 maximum 400 400 400 400 qset id Optional ID of the ...

Page 594: ...nds show mls qos queue set Related Commands Command Description mls qos queue set output buffers Allocates buffers to the queue set mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation of the queue set ...

Page 595: ...cription Command Modes User EXEC Command History Examples This is an example of output from the show mls qos queue set command Switch show mls qos vlan 10 Vlan10 Attached policy map for Ingress pm test pm 2 Related Commands vlan id Display the policy maps for the specified VLAN The range is 1 to 4094 Release Modification 12 2 25 EY This command was introduced Command Description policy map Creates...

Page 596: ...cal Session Source Ports RX Only Fa1 0 1 Both Fa1 0 2 3 Fa1 0 5 6 Destination Ports Fa1 0 20 Encapsulation Replicate Ingress Disabled Session 2 Type Remote Source Session Source VLANs TX Only 10 Both 1 9 session Optional Display information about specified SPAN sessions session_number Specify the number of the SPAN or RSPAN session The range is 1 to 66 all Display all SPAN sessions local Display o...

Page 597: ...ation Replicate Ingress Disabled This is an example of output for the show monitor session all command when ingress traffic forwarding is enabled Switch show monitor session all Session 1 Type Local Session Source Ports Both Fa1 0 2 Destination Ports Fa1 0 3 Encapsulation Native Ingress Enabled default VLAN 5 Ingress encap DOT1Q Session 2 Type Local Session Source Ports Both Fa1 0 8 Destination Po...

Page 598: ...Vl60 UP vlan 18 18 implc null 50 Vl80 DOWN vlan unassigned unassigned not ready 52 Fa1 0 2 UP ether 17 17 implc null Table 2 27 describes the fields in the display detail Optional Display provides detailed information about the VCs on a provider edge device summary Optional Display provides a summary of the configured VCs on the provider edge device MPLS interfaces vcid Optional Display informatio...

Page 599: ...e label unassigned tunnel label not ready Local MTU 1500 Remote MTU 0 Remote interface description Packet totals in out 0 0 byte totals in out 0 0 vcid 52 type ether local groupid 3 remote groupid 3 vc is up client Fa1 0 2 is up destination 192 168 255 255 Peer LDP Ident 192 168 255 255 0 VC State The state of the VC UP or DOWN UP The VC can carry traffic between the two VC end points A VC is up w...

Page 600: ...igured and the client interface is up The remote interface is programmed if the remote interface is configured and there is a VC remote VC label and an IGP label The IGP label means that there is a label switched path LSP to the peer Down The VC is not ready to carry traffic between the two VC end points client The ingress or egress interface through which the Layer 2 VLAN packet travels The inter...

Page 601: ... that has been enabled to send and receive Layer 2 packets Packet totals in out The total number of packets forwarded in each direction byte totals in out The total number of bytes forwarded in each direction Table 2 28 show mpls l2 transport vc detail Field Descriptions continued Field Description Command Description mpls l2transport route Enables routing Layer 2 packets over a specified point to...

Page 602: ... arguments or keywords Command Modes Privileged EXEC Command History Examples This is an example of output from the show mvr command Switch show mvr MVR Running TRUE MVR multicast VLAN 1 MVR Max Multicast Groups 256 MVR Current multicast groups 0 MVR Global query response time 5 tenths of sec MVR Mode compatible In the preceding display the maximum number of multicast groups is fixed at 256 The MV...

Page 603: ...N registration on the switch mvr interface configuration Configures MVR ports show mvr interface Displays the configured MVR interfaces status of the specified interface or all multicast groups to which the interface belongs when the interface and members keywords are appended to the command show mvr members Displays all ports that are members of an MVR multicast group or if there are no members m...

Page 604: ...you enter the members keyword all MVR group members on the interface are displayed If you enter a VLAN ID all MVR group members in the VLAN are displayed Examples This is an example of output from the show mvr interface command Switch show mvr interface Port Type Mode VLAN Status Immediate Leave Fa0 1 Receiver Trunk 1 ACTIVE UP DISABLED Fa0 1 Receiver Trunk 2000 ACTIVE DOWN DISABLED Fa0 2 Receiver...

Page 605: ... DISABLED This is an example of output from the show mvr interface interface id members command Switch show mvr interface fastethernet1 0 6 members 239 255 0 0 DYNAMIC ACTIVE 239 255 0 1 DYNAMIC ACTIVE 239 255 0 2 DYNAMIC ACTIVE 239 255 0 3 DYNAMIC ACTIVE 239 255 0 4 DYNAMIC ACTIVE 239 255 0 5 DYNAMIC ACTIVE 239 255 0 6 DYNAMIC ACTIVE 239 255 0 7 DYNAMIC ACTIVE 239 255 0 8 DYNAMIC ACTIVE 239 255 0...

Page 606: ...000 Static 239 1 1 1 ACTIVE Fa0 2 2 Static 239 1 1 1 ACTIVE Fa0 2 3000 Static 239 1 1 2 ACTIVE Fa0 1 1 Static 239 1 1 2 ACTIVE Fa0 2 2 Static output truncated 239 255 0 255 INACTIVE None 239 255 1 0 INACTIVE None This is an example of output from the show mvr members ip address command It shows how to view the members of the IP multicast group 239 255 0 2 Switch show mvr members 239 255 0 2 Switch...

Page 607: ...onfiguration Enables and configures multicast VLAN registration on the switch mvr interface configuration Configures MVR ports show mvr Displays the global MVR configuration on the switch show mvr interface Displays the configured MVR interfaces status of the specified interface or all multicast groups to which the interface belongs when the members keyword is appended to the command ...

Page 608: ... 0 This is an example of output from the show pagp 1 internal command Switch show pagp 1 internal Flags S Device is sending Slow hello C Device is in Consistent state A Device is in Auto mode Timers H Hello timer is running Q Quit timer is running S Switching timer is running I Interface timer is running Channel group 1 Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Prior...

Page 609: ...mmands show pagp Channel group 1 neighbors Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap Gi1 0 1 switch p2 0002 4b29 4600 Gi1 0 1 9s SC 10001 Gi1 0 2 switch p2 0002 4b29 4600 Gi1 0 2 24s SC 10001 Related Commands Command Description clear pagp Clears PAgP channel group information ...

Page 610: ...Macro type default global Enable dynamic port error recovery for link state failures errdisable recovery cause link flap errdisable recovery interval 60 output truncated Macro name cisco desktop Macro type default interface macro keywords AVID Basic interface Enable data VLAN only Recommended value for access vlan AVID should not be 1 switchport access vlan AVID switchport mode access output trunc...

Page 611: ...hport trunk native vlan NVID output truncated Macro name snmp Macro type customizable enable port security linkup and linkdown traps snmp server enable traps port security snmp server enable traps linkup snmp server enable traps linkdown set snmp server host snmp server host ADDRESS set SNMP trap notifications precedence snmp server ip precedence VALUE This is an example of output from the show pa...

Page 612: ...t macro Related Commands Command Description macro apply Applies a macro on an interface or applies and traces a macro on an interface macro description Adds a description about the macros that are applied to an interface macro global Applies a macro on a switch or applies and traces a macro on a switch macro global description Adds a description about the macros that are applied to the switch mac...

Page 613: ...af12 1 10 af13 1 10 af21 1 10 policy map name class class name Optional Display the specified policy map and policy actions for the specified class interface interface id input output class class name Optional For ingress ports display the policy map name that is applied to the specified port For enhanced services ES ports display the policy map configuration Weighted Random Early Detection WRED s...

Page 614: ...00 6000 1 2000 6 1 10 7 1 10 rsvp 1 10 This is an example of output from the show policy map interface interface id command Switch show policy map interface gigabitethernet1 1 2 GigabitEthernet1 1 2 service policy output vlan policy class map vlan10 class match all 0 packets 0 bytes 5 minute offered rate 0 bps drop rate 0 bps match vlan 10 Output Queue Conversation 265 Bandwidth 80 800000 kbps Max...

Page 615: ...word the show port security interface interface id address command displays all the MAC addresses for the interface with aging information for each secure address You can also use this command to display all the MAC addresses for an interface even if you have not enabled port security on it If you enter the vlan keyword the show port security address interface interface id vlan command displays th...

Page 616: ... SecureStatic address aging Disabled Security Violation count 0 This is an example of output from the show port security address command Switch show port security address Secure Mac Address Table Vlan Mac Address Type Ports Remaining Age mins 1 0006 0700 0800 SecureConfigured Gi1 0 2 1 Total Addresses in System excluding one mac per port 1 Max Addresses limit in System excluding one mac per port 6...

Page 617: ...pter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show port security Related Commands Command Description switchport port security Enables port security on a port restricts the use of the port to a user defined group of stations and configures secure MAC addresses ...

Page 618: ...ed EXEC command Switch show rep topology segment 1 REP Segment 1 BridgeName PortName Edge Role sw1_multseg_3750 Gi1 1 1 Pri Alt sw3_multseg_3400 Gi0 13 Open sw3_multseg_3400 Gi0 14 Alt sw4_multseg_3400 Gi0 13 Open sw4_multseg_3400 Gi0 14 Open sw5_multseg_3400 Gi0 13 Open sw5_multseg_3400 Gi0 14 Open sw2_multseg_3750 Gi1 1 2 Open sw2_multseg_3750 Gi1 1 1 Open sw1_multseg_3750 Gi1 1 2 Sec Open segme...

Page 619: ...lans forwarding Bridge MAC 001a a19d 7c80 Port Number 080 Port Priority 000 Neighbor Number 4 7 repc_4_12cs Gi0 2 Intermediate Alternate Port some vlans blocked Bridge MAC 001a a19d 7c80 Port Number 002 Port Priority 040 Neighbor Number 5 6 output truncated This example shows output from the show rep topology segment archive command Switch show rep topology segment 1 archive REP Segment 1 BridgeNa...

Page 620: ...tual number might vary depending on the actual number of other features configured Examples This is an example of output from the show sdm prefer command displaying the template in use Switch show sdm prefer The current template is desktop default template The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs number of ...

Page 621: ...itch to support this level of features for 8 routed interfaces and 1024 VLANs number of unicast mac addresses 2K number of IPv4 IGMP groups multicast routes 1K number of IPv4 unicast routes 3K number of directly connected IPv4 hosts 2K number of indirect IPv4 routes 1K number of IPv6 multicast groups 1K number of directly connected IPv6 addresses 2K number of indirect IPv6 unicast routes 1K number...

Page 622: ...r 2 Catalyst 3750 Metro Switch Cisco IOS Commands show sdm prefer Related Commands Command Description sdm prefer Sets the SDM template to maximize resources for routing policy based routing or VLANs or to the default template or to select a dual IPv4 and IPv6 template ...

Page 623: ...active on the switch show setup express Syntax Description This command has no arguments or keywords Defaults No default is defined Command Modes Privileged EXEC Command History Examples This is an example of output from the show setup express command Switch show setup express express setup mode is active Related Commands Release Modification 12 1 14 AX This command was introduced Command Descript...

Page 624: ...nfiguration digest instance id detail interface interface id detail Syntax Description bridge group Optional Specify the bridge group number The range is 1 to 255 active detail Optional Display spanning tree information only on active interfaces available only in privileged EXEC mode backbonefast Optional Display spanning tree BackboneFast status blockedports Optional Display blocked port informat...

Page 625: ...ignated information until the port returns to the forwarding state or ceases to be designated instance id You can specify a single instance ID a range of IDs separated by a hyphen or a series of IDs separated by a comma The range is 1 to 4094 The display shows the number of currently configured instances interface interface id Optional Valid interfaces include physical interfaces VLANs and NNI por...

Page 626: ...ommand Switch show spanning tree active VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32768 Address 0001 42e2 cdd0 Cost 3038 Port 24 GigabitEthernet1 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 49153 priority 49152 sys id ext 1 Address 0003 fd63 9580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Uplinkfast enabled Interface Role...

Page 627: ...address 00d0 bbf5 c680 Designated port id is 128 25 designated path cost 19 Timers message age 2 forward delay 0 hold 0 Number of transitions to forwarding state 1 Link type is point to point by default BPDU sent 0 received 72364 output truncated This is an example of output from the show spanning tree interface interface id command Switch show spanning tree interface gigabitethernet1 0 1 Vlan Rol...

Page 628: ...ance role state cost prio vlans mapped 0 root FWD 200000 128 1 12 14 4094 This is an example of output from the show spanning tree mst 0 command Switch show spanning tree mst 0 MST00 vlans mapped 1 9 21 4094 Bridge address 0002 4b29 7a00 priority 32768 32768 sysid 0 Root address 0001 4297 e000 priority 32768 32768 sysid 0 port Gi1 0 1 path cost 200038 IST master this switch Operational hello time ...

Page 629: ...ning tree mst max age Sets the interval between messages that the spanning tree receives from the root switch spanning tree mst max hops Sets the number of hops in an MST region before the BPDU is discarded and the information held for an interface is aged spanning tree mst port priority Configures an interface priority spanning tree mst priority Configures the switch priority for the specified sp...

Page 630: ...played for one traffic type for all ports on the switch If you do not enter a traffic type settings are displayed for broadcast storm control Examples This is an example of a partial output from the show storm control command when no keywords are entered Because no traffic type keyword was entered the broadcast storm control settings appear Switch show storm control Interface Filter State Upper Lo...

Page 631: ...e ID of the interface Filter State Displays the status of the filter Blocking Storm control is enabled and a storm has occurred Forwarding Storm control is enabled and no storms have occurred Inactive Storm control is disabled Upper Displays the rising suppression level as a percentage of total available bandwidth in packets per second or in bits per second Lower Displays the falling suppression l...

Page 632: ...it ports Examples This is an example of output from the show system mtu command Switch show system mtu System MTU size is 1500 bytes System Jumbo MTU size is 5000 bytes System Alternate MTU size is 2000 bytes Routing MTU size is 1500 bytes This is an example of output when you have defined an alternate MTU size but not reloaded the switch Switch show system mtu System MTU size is 1500 bytes System...

Page 633: ...s of the link and UDLD detects that the link is bidirectional Table 2 30 describes the fields in this display Switch show udld fastethernet1 0 11 Interface fa1 0 11 Port enable administrative configuration setting Follows device default Port enable operational state Enabled Current bidirectional state Bidirectional Current operational state Advertisement Single Neighbor detected Message interval 6...

Page 634: ... sent from the local device Measured in seconds Time out interval The time period in seconds that UDLD waits for echoes from a neighbor device during the detection window Entry 1 Information from the first cache entry which contains a copy of echo information received from the neighbor Expiration time The amount of time in seconds remaining before this cache entry is aged out Device ID The neighbo...

Page 635: ...tate Enabled in aggressive mode Current bidirectional state Unknown Current operational state Link down Message interval 7 Time out interval 5 No neighbor cache information stored Related Commands Command Description udld global configuration Enables aggressive or normal mode in UDLD or sets the configurable message timer time udld interface configuration Enables UDLD on an individual interface or...

Page 636: ... show version output the configuration register information is not supported on the switch Switch show version Cisco Internetwork Operating System Software IOS tm C3750ME Software C3750ME I5 M Version 12 2 0 0 35 AX CISCO DEVELOPMENT Copyright c 1986 2003 by cisco Systems Inc Compiled Mon 13 Oct 03 13 45 by yenanh Image text base 0x00003000 data base 0x00A7C3F8 ROM Bootstrap program is C3750 boot ...

Page 637: ...rocessor with 120822K 10240K bytes of memory Last reset from power on Bridging software Target IOS Version 12 2 14 AX 1 Virtual Ethernet IEEE 802 3 interface s 24 FastEthernet IEEE 802 3 interface s 4 Gigabit Ethernet IEEE 802 3 interface s The password recovery mechanism is enabled output truncated 1024K bytes of flash simulated non volatile configuration memory ...

Page 638: ...lay list of VLANs being used internally by the switch These VLANs are always from the extended range VLAN IDs 1006 to 4094 You cannot create VLANs with these IDs by using the vlan global configuration command until you remove them from internal use mapping Optional Display VLAN mapping information contents of the VLAN mapping table for the enhanced services ES ports This command is supported only ...

Page 639: ...s shown as non operational Examples This is an example of output from the show vlan command Table 2 31 describes each field in the display Switch show vlan VLAN Name Status Ports 1 default active Fa1 0 1 Fa1 0 3 Fa1 0 4 Fa1 0 5 Fa1 0 6 Fa1 0 7 Fa1 0 8 Fa1 0 9 Fa1 0 10 Fa1 0 11 Fa1 0 12 Fa1 0 13 Fa1 0 14 Fa1 0 15 Fa1 0 16 Fa1 0 17 Fa1 0 18 Fa1 0 19 Fa1 0 20 Fa1 0 21 Fa1 0 22 Fa1 0 23 Fa1 0 24 Gi1 0...

Page 640: ...ow vlan Command Output Fields Field Description VLAN VLAN number Name Name if configured of the VLAN Status Status of the VLAN active or suspend Ports Ports that belong to the VLAN Type Media type of the VLAN SAID Security association ID value for the VLAN MTU Maximum transmission unit size for the VLAN Parent Parent VLAN if one exists RingNo Ring number for the VLAN if applicable BrdgNo Bridge nu...

Page 641: ...signed to it This is an example of output from the show vlan private vlan command Switch show vlan private vlan Primary Secondary Type Ports 10 501 isolated Gi3 0 3 10 502 community Fa2 0 11 10 503 non operational3 20 25 isolated Fa1 0 13 Fa1 0 20 Fa1 0 22 Gi1 0 1 Fa2 0 13 Fa2 0 22 Fa3 0 13 Fa3 0 14 Fa3 0 20 Gi3 0 1 20 30 community Fa1 0 13 Fa1 0 20 Fa1 0 21 Gi1 0 1 Fa2 0 13 Fa2 0 20 Fa3 0 14 Fa3 ...

Page 642: ...ated VLAN 10 20 120 10 drop 10 21 121 11 30 130 11 31 131 50 60 51 61 Interface Gi1 1 2 Outer VLAN Inner VLAN Translated VLAN 11 drop 11 30 130 11 31 131 80 800 90 900 Related Commands Command Description private vlan Configures a VLAN as a community isolated or primary VLAN or associates a primary VLAN with secondary VLANs switchport mode Configures the VLAN membership mode of a port vlan Enables...

Page 643: ...mand History Examples This is an example of output from the show vlan access map command Switch show vlan access map Vlan access map SecWiz 10 Match clauses ip address SecWiz_Fa1 0_3_in_ip Action forward Related Commands mapname Optional Name of a specific VLAN access map Release Modification 12 1 14 AX This command was introduced Command Description show vlan filter Displays information about all...

Page 644: ...an example of output from the show vlan filter command Switch show vlan filter VLAN Map map_1 is filtering VLANs 20 22 Related Commands access map name Optional Display filtering information for the specified VLAN access map vlan vlan id Optional Display filtering information for the specified VLAN The range is 1 to 4094 Release Modification 12 1 14 AX This command was introduced Command Descripti...

Page 645: ...the current and primary servers or use the statistics keyword to display client side statistics show vmps statistics Syntax Description Command Modes User EXEC Command History Examples This is an example of output from the show vmps command Switch show vmps VQP Client Status VMPS VQP Version 1 Reconfirm Interval 60 min Server Retry Count 3 VMPS domain server Reconfirmation status VMPS Action other...

Page 646: ...rwarded to or from the workstation with that address broadcast or multicast frames are delivered to the workstation if the port has been assigned to a VLAN The client keeps the denied address in the address table as a blocked address to prevent more queries from being sent to the VMPS for each new packet received from this workstation The client ages the address if no new packets are received from...

Page 647: ...nds Command Description clear vmps statistics Clears the statistics maintained by the VQP client vmps reconfirm privileged EXEC Sends VQP queries to reconfirm all dynamic VLAN assignments with the VMPS vmps retry Configures the per server retry count for the VQP client vmps server Configures the primary VMPS and up to three secondary servers ...

Page 648: ...y Switch show vtp counters VTP statistics Summary advertisements received 0 Subset advertisements received 0 Request advertisements received 0 Summary advertisements transmitted 0 Subset advertisements transmitted 0 Request advertisements transmitted 0 Number of config revision errors 0 Number of config digest errors 0 Number of V1 summary errors 0 VTP pruning statistics Trunk Join Transmitted Joi...

Page 649: ...ubset advertisements contain all the information for one or more VLANs Request advertisements transmitted Number of advertisement requests sent by this switch on its trunk ports Advertisement requests normally request information on all VLANs They can also request information on a subset of VLANs Number of configuration revision errors Number of revision errors Whenever you define a new VLAN delet...

Page 650: ... receives a VTP version 1 frame These errors mean that at least one neighboring switch is either running VTP version 1 or VTP version 2 with V2 mode disabled To solve this problem change the configuration of the switches in VTP V2 mode to disabled Join Transmitted Number of VTP pruning messages sent on the trunk Join Received Number of VTP pruning messages received on the trunk Summary Advts Recei...

Page 651: ...ements sent by other devices and cannot affect VLAN configurations on other devices in the network The switch receives VTP advertisements and forwards them on all trunk ports except the one on which the advertisement was received VTP Domain Name Name that identifies the administrative domain for the switch VTP Pruning Mode Displays whether pruning is enabled or disabled Enabling pruning on a VTP s...

Page 652: ...eference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands show vtp Related Commands Command Description clear vtp counters Clears the VTP and pruning counters vtp Configures the VTP filename interface name domain name and mode ...

Page 653: ...leted suspended or shut down The port must first be a member of an active VLAN before it can be re enabled The shutdown command disables all functions on the specified interface This command also marks the interface as unavailable To see if an interface is disabled use the show interfaces privileged EXEC command An interface that has been shut down is shown as administratively down in the display ...

Page 654: ...tion in the VTP database It shuts down traffic locally but the switch still advertises VTP information Examples This example shows how to shutdown traffic on VLAN 2 Switch config shutdown vlan 2 You can verify your setting by entering the show vlan privileged EXEC command Related Commands vlan id ID of the VLAN to be locally shut down The range is 2 to 1001 VLANs defined as default VLANs under the...

Page 655: ...rames Small frames are considered packets that are 67 frames or less Use the errdisable detect cause small frame global configuration command to globally enable the small frames threshold for each port You can configure the port to be automatically re enabled by using the errdisable recovery cause small frame global configuration command You configure the recovery time by using the errdisable reco...

Page 656: ...scription errdisable detect cause small frame Allows any switch port to be put into the error disabled state if an incoming frame is smaller than the minimum size and arrives at the specified rate threshold errdisable recovery cause small frame Enables the recovery timer show interfaces Displays the interface settings on the switch including input and output flow control ...

Page 657: ...ription Defaults Sending REP traps is disabled Command Modes Global configuration Command History Usage Guidelines Use this command to enable the switch to send REP specific traps corresponding to link operational status changes and port role changes Examples This example configures the switch to send REP traps at a rate of 10 per second Switch config snmp mib rep trap rate 10 Related Commands tra...

Page 658: ... specific errors lsa rate limit retransmit state change pim invalid pim message neighbor change rp mapping change mac notification port security trap rate rtr rsvp snmp authentication coldstart linkdown linkup warmstart storm control trap rate value stpx syslog transceiver all tty vlancreate vlandelete vlan membership vtp Syntax Description bgp Optional Enable Border Gateway Protocol BGP state cha...

Page 659: ...nsmit Optional Enable packet retransmit traps state change Optional Enable state change traps pim Optional Enable Protocol Independent Multicast PIM traps invalid pim message Optional Enable invalid PIM message traps neighbor change Optional Enable PIM neighbor change traps rp mapping change Optional Enable rendezvous point RP mapping change traps mac notification Optional Enable MAC address notif...

Page 660: ...command for each trap type SNMP transceiver traps apply to SFPs that support DoM capable transceivers installed on the switch The sensor values are polled every 10 minutes which is how often the user sees traps or alarms transceiver all Optional Enable SNMP traps for all supported Digital Optical Monitoring DoM capable transceivers installed on the switch tty Optional Send TCP connection traps Thi...

Page 661: ...e show vtp status or the show running config privileged EXEC command Related Commands Command Description show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_command _reference_list html Select the Cisco IOS Commands Master List Release 12...

Page 662: ... host the targeted recipient informs traps Optional Send SNMP traps or informs to this host version 1 2c 3 Optional Version of the Simple Network Management Protocol SNMP used to send the traps These keywords are supported 1 SNMPv1 This option is not available with informs 2c SNMPv2C 3 SNMPv3 These optional keywords can follow the version 3 keyword auth Optional Enables Message Digest 5 MD5 and Se...

Page 663: ...er status traps config Send SNMP configuration traps copy config Send SNMP copy configuration traps cpu threshold Allow CPU related traps entity Send SNMP entity traps envmon Send environmental monitor traps flash Send SNMP FLASH notifications hsrp Send SNMP Hot Standby Router Protocol HSRP traps ipmulticast Send SNMP IP multicast routing traps mac notification Send SNMP MAC notification traps msd...

Page 664: ...st 3750 Metro Switch Command Reference OL 9645 10 Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands snmp server host Note Though visible in the command line help strings the fru ctrl keyword is not supported ...

Page 665: ... sent To configure the switch to send SNMP notifications you must enter at least one snmp server host command If you enter the command with no keywords all trap types are enabled for the host To enable multiple hosts you must enter a separate snmp server host command for each host You can specify multiple notification types in the command for each host If a local user is not associated with a remo...

Page 666: ...e community string is defined as comaccess Switch config snmp server enable traps Switch config snmp server host myhost cisco com comaccess snmp This example shows how to enable the switch to send all traps to the host myhost cisco com by using the community string public Switch config snmp server enable traps Switch config snmp server host myhost cisco com public You can verify your settings by e...

Page 667: ...fication change command the trap is generated only when you enter the snmp server enable traps mac notification change and the mac address table notification change global configuration commands Examples This example shows how to enable the MAC notification trap when a MAC address is added to a port Switch config interface fastethernet1 0 4 Switch config if snmp trap mac notification change added ...

Page 668: ...ap mac notification change show mac address table notification Displays the MAC address notification settings for all interfaces or on the specified interface when the interface keyword is appended snmp server enable traps Sends the SNMP MAC notification traps when the mac notification keyword is appended Command Description ...

Page 669: ...t bridge and the designated switch When a switch receives an inferior BPDU it means that a link to which the switch is not directly connected an indirect link has failed that is the designated switch has lost its connection to the root switch If there are alternate paths to the root switch BackboneFast causes the maximum aging time on the ports on which it received the inferior BPDU to expire and ...

Page 670: ...ple spanning tree MST mode Caution Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning tree loops You can globally enable BPDU filtering on all Port Fast enabled interfaces by using the spanning tree portfast bpdufilter default global configuration command You can use the spanning tree bpdufilter interface configuration command to overrid...

Page 671: ...Reference listing page http www cisco com en US products sw iosswrel ps1835 prod _command_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command spanning tree portfast global configuration Globally enables the BPDU filtering or the BPDU guard feature on Port Fast enabled interfaces or enables the Port Fast feature on all nontrunking interfaces spannin...

Page 672: ...to prevent an interface from being included in the spanning tree topology You can enable the BPDU guard feature when the switch is operating in the per VLAN spanning tree plus PVST rapid PVST or the multiple spanning tree MST mode You can globally enable BPDU guard on all Port Fast enabled interfaces by using the spanning tree portfast bpduguard default global configuration command You can use the...

Page 673: ...eference listing page http www cisco com en US products sw iosswrel ps1835 prod _command_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command spanning tree portfast global configuration Globally enables the BPDU filtering or the BPDU guard feature on Port Fast enabled interfaces or enables the Port Fast feature on all nontrunking interfaces spanning...

Page 674: ...her values represent higher costs If you configure an interface with both the spanning tree vlan vlan id cost cost command and the spanning tree cost cost command the spanning tree vlan vlan id cost cost command takes effect Examples This example shows how to set the path cost to 250 on a port Switch config interface fastethernet1 0 4 Switch config if spanning tree cost 250 This example shows how ...

Page 675: ...s spanning tree cost Related Commands Command Description show spanning tree interface interface id Displays spanning tree information for the specified interface spanning tree port priority Configures an interface priority spanning tree vlan priority Sets the switch priority for the specified spanning tree instance ...

Page 676: ...4 ERR_DISABLE Channel misconfig error detected on chars putting chars in err disable state To show switch ports that are in the misconfigured EtherChannel use the show interfaces status err disabled privileged EXEC command To verify the EtherChannel configuration on a remote device use the show etherchannel summary privileged EXEC command on the remote device When a port is in the error disabled s...

Page 677: ...ted Commands Command Description errdisable recovery cause channel misconfig Enables the timer to recover from the EtherChannel misconfiguration error disable state show etherchannel summary Displays EtherChannel information for a channel as a one line summary per channel group show interfaces status err disabled Displays the interfaces in the error disabled state ...

Page 678: ...nning tree uses the extended system ID the switch priority and the allocated spanning tree MAC address to make the bridge ID unique for each VLAN or multiple spanning tree instance Support for the extended system ID affects how you manually configure the root switch the secondary root switch and the switch priority of a VLAN For more information see the spanning tree mst root and the spanning tree...

Page 679: ...e transitions to the root inconsistent blocked state to prevent the customer s switch from becoming the root switch or being in the path to the root The root port provides the best path from the switch to the root switch When the no spanning tree guard or the no spanning tree guard none command is entered root guard is disabled for all VLANs on the selected interface If this interface is in the ro...

Page 680: ...h the specified port Switch config interface fastethernet1 0 3 Switch config if spanning tree guard loop You can verify your settings by entering the show running config privileged EXEC command Related Commands Command Description show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco...

Page 681: ...e configuration Command History Usage Guidelines You can override the default setting of the link type by using the spanning tree link type command for example a half duplex link can be physically connected point to point to a single interface on a remote switch running the Multiple Spanning Tree Protocol MSTP or the rapid per VLAN spanning tree plus rapid PVST protocol and be enabled for rapid tr...

Page 682: ... tree detected protocols Restarts the protocol migration process force the renegotiation with neighboring switches on all interfaces or on the specified interface show spanning tree interface interface id Displays spanning tree state information for the specified interface show spanning tree mst interface interface id Displays multiple spanning tree MST information for the specified interface ...

Page 683: ...s most effective when it is configured on the entire switched network When the switch is operating in PVST or rapid PVST mode loop guard prevents alternate and root ports from becoming designated ports and spanning tree does not send bridge protocol data units BPDUs on root or alternate ports When the switch is operating in MST mode BPDUs are not sent on nonboundary interfaces if the interface is ...

Page 684: ...lays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_com mand_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command spanning tree guard loop Enables the loop guard feature on all the VLANs associated with the specifi...

Page 685: ...be active at any time All VLANs run PVST all VLANs run rapid PVST or all VLANs run MSTP When you enable the MST mode RSTP is automatically enabled Caution Changing spanning tree modes can disrupt traffic because all spanning tree instances are stopped for the previous mode and restarted in the new mode Examples This example shows to enable MST and RSTP on the switch Switch config spanning tree mod...

Page 686: ...mands Command Description show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_comm and_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command ...

Page 687: ...MST region configuration mode without applying configuration changes exit exits the MST region configuration mode and applies all configuration changes instance instance id vlan vlan range maps VLANs to an MST instance The range for the instance id is 0 to 4094 The range for vlan range is 1 to 4094 You can specify a single VLAN identified by VLAN ID number a range of VLANs separated by a hyphen or...

Page 688: ...ration mode map VLANs 10 to 20 to MST instance 1 name the region region1 set the configuration revision to 1 display the pending configuration apply the changes and return to global configuration mode Switch spanning tree mst configuration Switch config mst instance 1 vlan 10 20 Switch config mst name region1 Switch config mst revision 1 Switch config mst show pending Pending MST configuration Nam...

Page 689: ...cost values 1000 Mbps 20000 100 Mbps 200000 10 Mbps 2000000 Command Modes Interface configuration Command History Usage Guidelines When you configure the cost higher values represent higher costs Examples This example shows how to set a path cost of 250 on a port associated with instances 2 and 4 Switch config interface fastethernet1 0 4 Switch config if spanning tree mst 2 4 cost 250 You can veri...

Page 690: ...panning tree mst cost Related Commands Command Description show spanning tree mst interface interface id Displays MST information for the specified interface spanning tree mst port priority Configures an interface priority spanning tree mst priority Configures the switch priority for the specified spanning tree instance ...

Page 691: ...s Changing the spanning tree mst forward time command affects all spanning tree instances Examples This example shows how to set the spanning tree forwarding time to 18 seconds for all MST instances Switch config spanning tree mst forward time 18 You can verify your setting by entering the show spanning tree mst privileged EXEC command Related Commands seconds Length of the listening and learning ...

Page 692: ...computes the spanning tree topology The max age setting must be greater than the hello time setting Changing the spanning tree mst hello time command affects all spanning tree instances Examples This example shows how to set the spanning tree hello time to 3 seconds for all multiple spanning tree MST instances Switch config spanning tree mst hello time 3 You can verify your setting by entering the...

Page 693: ...from the root switch within the specified interval the switch recomputes the spanning tree topology The max age setting must be greater than the hello time setting Changing the spanning tree mst max age command affects all spanning tree instances Examples This example shows how to set the spanning tree max age to 30 seconds for all multiple spanning tree MST instances Switch config spanning tree m...

Page 694: ...M record with a cost of 0 and the hop count set to the maximum value When a switch receives this BPDU it decrements the received remaining hop count by one and propagates the decremented count as the remaining hop count in the generated M records When the count reaches 0 a switch discards the BPDU and ages the information held for the interface Changing the spanning tree mst max hops command affec...

Page 695: ...and Description show spanning tree mst Displays MST information spanning tree mst forward time Sets the forward delay time for all MST instances spanning tree mst hello time Sets the interval between hello BPDUs sent by root switch configuration messages spanning tree mst max age Sets the interval between messages that the spanning tree receives from the root switch ...

Page 696: ...ng tree CIST runs on this interface Note If a switch port is connected to a switch running prestandard Cisco IOS software you must use the spanning tree mst pre standard interface configuration command on the port If you do not configure the port to send only prestandard BPDUs the Multiple STP MSTP performance might diminish When the port is configured to automatically detect prestandard neighbors...

Page 697: ...erfaces have the same priority value the multiple spanning tree MST puts the interface with the lowest interface number in the forwarding state and blocks other interfaces Examples This example shows how to increase the likelihood that the port associated with spanning tree instances 20 and 22 is placed into the forwarding state if a loop occurs Switch config interface gigabitethernet1 0 2 Switch ...

Page 698: ...anning tree mst port priority Related Commands Command Description show spanning tree mst interface interface id Displays MST information for the specified interface spanning tree mst cost Sets the path cost for MST calculations spanning tree mst priority Sets the switch priority for the specified spanning tree instance ...

Page 699: ...vileged EXEC command Related Commands instance id Range of spanning tree instances You can specify a single instance a range of instances separated by a hyphen or a series of instances separated by a comma The range is 0 to 4094 priority Set the switch priority for the specified spanning tree instance This setting affects the likelihood that the switch is selected as the root switch A lower value ...

Page 700: ...port the switch sets the switch priority for the instance to 24576 if this value will cause this switch to become the root for the specified instance If any root switch for the specified instance has a switch priority lower than 24576 the switch sets its own priority to 4096 less than the lowest switch priority 4096 is the value of the least significant bit of a 4 bit switch priority value instanc...

Page 701: ...ch config spanning tree mst 10 root primary diameter 4 This example shows how to configure the switch as the secondary root switch for instance 10 with a network diameter of 4 Switch config spanning tree mst 10 root secondary diameter 4 You can verify your settings by entering the show spanning tree mst instance id privileged EXEC command Related Commands Command Description show spanning tree mst...

Page 702: ...an vlan id port priority priority command and the spanning tree port priority priority command the spanning tree vlan vlan id port priority priority command takes effect Examples This example shows how to increase the likelihood that the specified port will be put in the forwarding state if a loop occurs Switch config interface fastethernet1 0 2 Switch config if spanning tree vlan 20 port priority...

Page 703: ...ng tree port priority Related Commands Command Description show spanning tree interface interface id Displays spanning tree information for the specified interface spanning tree cost Sets the path cost for spanning tree calculations spanning tree vlan priority Sets the switch priority for the specified spanning tree instance ...

Page 704: ...s PVST the rapid PVST or the multiple spanning tree MST mode Use the spanning tree portfast bpdufilter default global configuration command to globally enable BPDU filtering on interfaces that are Port Fast enabled the interfaces are in a Port Fast operational state The interfaces still send a few BPDUs at link up before the switch begins to filter outbound BPDUs You should globally enable BPDU fi...

Page 705: ...ace changes directly from a blocking state to a forwarding state without making the intermediate spanning tree state changes You can override the spanning tree portfast default global configuration command by using the spanning tree portfast interface configuration command You can use the no spanning tree portfast default global configuration command to disable Port Fast on all interfaces unless t...

Page 706: ...oop and disrupt switch and network operation You can enable this feature when the switch is operating in the per VLAN spanning tree plus PVST the rapid PVST or the multiple spanning tree MST mode This feature affects all VLANs on the port An interface with the Port Fast feature enabled moves directly to the spanning tree forwarding state without the standard forward time delay You can use the span...

Page 707: ...onfiguration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_c ommand_reference_list html Select the Cisco IOS Commands Master List Release 12 2 to navigate to the command spanning tree bpdufilter Prevents an interface from sending or receiving bridge protocol data units BPDUs spanning tree ...

Page 708: ... to a value less than 3000 and you enable UplinkFast or UplinkFast is already enabled the path cost of all interfaces and VLAN trunks is increased by 3000 if you change the path cost to 3000 or above the path cost is not altered The changes to the switch priority and the path cost reduces the chance that a switch will become the root switch When UplinkFast is disabled the switch priorities of all ...

Page 709: ...e topology converges more slowly after a loss of connectivity Examples This example shows how to enable UplinkFast Switch config spanning tree uplinkfast You can verify your setting by entering the show spanning tree summary privileged EXEC command Related Commands Command Description show spanning tree summary Displays a summary of the spanning tree interface states spanning tree vlan root primar...

Page 710: ...nstance The forwarding time controls how long each of the listening and learning states last before the interface begins forwarding The range is 4 to 30 seconds hello time seconds Optional Set the interval between hello bridge protocol data units BPDUs sent by the root switch configuration messages The range is 1 to 10 seconds max age seconds Optional Set the interval between messages the spanning...

Page 711: ...ould be used only on backbone switches When you enter the spanning tree vlan vlan id root command the software checks the switch priority of the current root switch for each VLAN Because of the extended system ID support the switch sets the switch priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN If any root switch for the speci...

Page 712: ...ndary root switch for VLAN 10 with a network diameter of 4 Switch config spanning tree vlan 10 root secondary diameter 4 You can verify your settings by entering the show spanning tree vlan vlan id privileged EXEC command Related Commands Command Description show spanning tree vlan Displays spanning tree information spanning tree cost Sets the path cost for spanning tree calculations spanning tree...

Page 713: ...orts but you can configure speed to not negotiate nonegotiate if connected to a device that does not support autonegotiation However when a 1000BASE T SFP module is in the SFP module port you can configure speed as 10 100 or 1000 Mbps or auto When a 1000BASE T SFP module is inserted in an ES module port the speed defaults to 1000 10 Port runs at 10 Mbps 100 Port runs at 100 Mbps 1000 Port runs at ...

Page 714: ...e supported side Caution Changing the interface speed and duplex mode configuration might shut down and re enable the interface during the reconfiguration For guidelines on setting the switch speed and duplex parameters see the Configuring Interface Characteristics chapter in the software configuration guide for this release Examples This example shows how to set speed on a port to 100 Mbps Switch...

Page 715: ... rate drops to 80 percent of the connected speed These values are not exact because the hardware adjusts the line rate in increments of six This command is not supported on an enhanced services ES port Note The egress queue set default settings are suitable for most situations You should change them only when you have a thorough understanding of the queues and if these settings do not meet your qu...

Page 716: ...ode Point DSCP values to an egress queue or maps DSCP values to a queue and to a threshold ID mls qos queue set output threshold Configures the weighted tail drop WTD thresholds guarantees the availability of buffers and configures the maximum memory allocation for the queue set queue set Maps a port to a queue set show mls qos interface queueing Displays queueing strategy information srr queue ba...

Page 717: ...using the srr queue bandwidth shape interface configuration command this queue participates in shared mode The weight specified with the srr queue bandwidth shape command is ignored and the weights specified with the srr queue bandwidth share interface configuration command for a queue come into effect When configuring queues for the same port for both shaping and sharing make sure that you config...

Page 718: ... config if srr queue bandwidth share 4 4 4 4 You can verify your settings by entering the show mls qos interface interface id queueing privileged EXEC command Related Commands Command Description mls qos queue set output buffers Allocates buffers to a queue set mls qos srr queue output cos map Maps class of service CoS values to an egress queue or maps CoS values to a queue and to a threshold ID m...

Page 719: ...es can expand into the unused bandwidth and share it among themselves If you configure a shaped queue weight to 0 by using the srr queue bandwidth shape interface configuration command this queue participates in SRR shared mode The weight specified with the srr queue bandwidth shape command is ignored and the weights specified with the srr queue bandwidth share interface configuration command for ...

Page 720: ...mls qos interface interface id queueing privileged EXEC command Related Commands Command Description mls qos queue set output buffers Allocates buffers to a queue set mls qos srr queue output cos map Maps class of service CoS values to an egress queue or maps CoS values to a queue and to a threshold ID mls qos srr queue output dscp map Maps Differentiated Services Code Point DSCP values to an egre...

Page 721: ...s The range is 0 00 to 100 00 This value must be less than or equal to the rising suppression value If you do not configure a falling suppression level it is set to the rising suppression level level bps bps bps low Specify the rising and falling suppression levels as a rate in bits per second at which traffic is received on the port bps Rising suppression level up to 1 decimal place The range is ...

Page 722: ...CDP frames are blocked However the switch does not differentiate between routing updates such as Open Shortest Path First OSPF and regular multicast data traffic so both types of traffic are blocked The trap and shutdown options are independent of each other If you configure the action to be taken as shutdown the port is error disabled during a storm when a packet storm is detected you must use th...

Page 723: ... level Switch config if storm control broadcast level 75 5 This example shows how to enable unicast storm control on a port with a 87 percent rising suppression level and a 65 percent falling suppression level Switch config if storm control unicast level 87 65 This example shows how to enable multicast storm control on a port with a 2000 packets per second rising suppression level and a 1000 packe...

Page 724: ...n enter additional switchport commands with keywords as shown on the pages that follow Syntax Description This command has no arguments or keywords Defaults By default all interfaces are in Layer 2 mode Command Modes Interface configuration Command History Usage Guidelines Entering the no switchport command shuts the port down and then re enables it which might generate messages on the device to w...

Page 725: ...ow interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection settings show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Release 12 2 Command Reference listing page http www cisco com en US products sw iosswrel ps1835 prod_com mand_reference_list htm...

Page 726: ...priate default VLAN for the device The port must be in access mode before the switchport access vlan command can take effect An access port can be assigned to only one VLAN The VMPS server such as a Catalyst 6500 series switch must be configured before a port is configured as dynamic These restrictions apply to dynamic access ports The software implements the VLAN Query Protocol VQP client which c...

Page 727: ...s cannot be grouped with any other port including other dynamic ports Source or destination ports in a static address entry Monitor ports Tunnel ports Examples This example shows how to cause a port interface that has already been configured as a switched interface to operate in VLAN 2 instead of the platform s default VLAN when in access mode Switch config if switchport access vlan 2 You can veri...

Page 728: ...onds Command Modes Interface configuration FastEthernet FastEthernet IEEE 802 3 port name Valid range is 0 to 9 GigabitEthernet GigabitEthernet IEEE 802 3z port name Valid range is 0 to 9 Port channel Ethernet Channel of interface Valid range is 0 to 48 TenGigabitEthernet Ten Gigabit Ethernet port name Valid range is 0 to 9 interface id Specify that the Layer 2 interface to act as a backup link to...

Page 729: ...inks can be a port that belongs to an EtherChannel However you can configure two port channels EtherChannel logical interfaces as Flex Links and you can configure a port channel and a physical interface as Flex Links with either the port channel or the physical interface as the active link If STP is configured on the switch Flex Links do not participate in STP in all valid VLANs If STP is not runn...

Page 730: ... 8 forwards traffic for VLANs 60 and 100 to 120 Switch show interfaces switchport backup Switch Backup Interface Pairs Active Interface Backup Interface State GigabitEthernet1 0 6 GigabitEthernet1 0 8 Active Up Backup Up Vlans Preferred on Active Interface 1 50 Vlans Preferred on Backup Interface 60 100 120 When a Flex Link interface goes down LINK_DOWN VLANs preferred on this interface are moved ...

Page 731: ... 12 multicast fast convergence Switch config if end You can verify your setting by entering the show interfaces switchport backup detail privileged EXEC command Switch show interfaces switchport backup detail Switch Backup Interface Pairs Active Interface Backup Interface State GigabitEthernet1 0 11 GigabitEthernet1 0 12 Active Up Backup Standby Preemption Mode off Multicast Fast Convergence On Ba...

Page 732: ...on a protected port there could be security issues With multicast traffic the port blocking feature blocks only pure Layer 2 packets Multicast packets that contain IPv4 or IPv6 information in the header are not blocked Blocking unknown multicast or unicast traffic is not automatically enabled on protected ports you must explicitly configure it For more information about blocking packets see the so...

Page 733: ...ter 2 Catalyst 3750 Metro Switch Cisco IOS Commands switchport block Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection settings ...

Page 734: ...ration Because spanning tree Port Fast is enabled you should enter the switchport host command only on ports that are connected to a single host Connecting other switches hubs concentrators or bridges to a fast start port can cause temporary spanning tree loops Enable the switchport host command to decrease the time that it takes to start up packet forwarding Examples This example shows how to opt...

Page 735: ...rface connecting to it does not agree to the change When you enter dynamic auto mode the interface converts the link to a trunk link if the neighboring interface is set to trunk or desirable mode When you enter dynamic desirable mode the interface becomes a trunk interface if the neighboring interface is set to trunk desirable or auto mode access Set the port to access mode either static access or...

Page 736: ...n error message appears and 802 1x is not enabled If you try to change the mode of an 802 1x enabled port to trunk the port mode is not changed If you try to enable 802 1x on a port set to dynamic auto or dynamic desirable an error message appears and 802 1x is not enabled If you try to change the mode of an 802 1x enabled port to dynamic auto or dynamic desirable the port mode is not changed If y...

Page 737: ...ed EXEC command and examining information in the Administrative Mode and Operational Mode rows Related Commands Command Description show dot12q tunnel Displays information about 802 1Q tunnel ports on the switch show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection settings switchport access Configur...

Page 738: ... configure a SPAN destination port as a private VLAN host or promiscuous port the port becomes inactive Do not configure private VLAN on ports with these other features dynamic access port VLAN membership Dynamic Trunking Protocol DTP Port Aggregation Protocol PAgP Link Aggregation Control Protocol LACP Multicast VLAN Registration MVR voice VLAN A private VLAN port cannot be a SPAN destination por...

Page 739: ...vate VLAN host port you should also enable BPDU guard and Port Fast by using the spanning tree portfast bpduguard default global configuration command and the spanning tree portfast interface configuration command Switch configure terminal Switch config interface fastethernet 1 0 1 Switch config if switchport mode private vlan host Switch config if switchport private vlan host association 20 501 S...

Page 740: ...ecute it in dynamic auto or desirable mode Internetworking devices that do not support DTP might forward DTP frames improperly and cause misconfigurations To avoid this you should turn off DTP by using the switchport no negotiate command to configure the interfaces connected to devices that do not support DTP to not forward DTP frames When you enter the switchport nonegotiate command DTP negotiati...

Page 741: ...isco IOS Commands switchport nonegotiate Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection settings switchport mode Configures the VLAN membership mode of a port ...

Page 742: ...s used mac address sticky mac address Optional Enable the interface for sticky learning by entering only the mac address sticky keywords When sticky learning is enabled the interface adds all secure MAC addresses that are dynamically learned to the running configuration and converts these addresses to sticky secure MAC addresses Optional Enter a mac address to specify a sticky secure MAC address m...

Page 743: ...w the maximum value or increase the number of maximum allowable addresses You are not notified that a security violation has occurred Note We do not recommend configuring the protect mode on a trunk port The protect mode disables learning when any VLAN reaches its maximum limit even if the port has not reached its maximum limit restrict Set the security violation restrict mode In this mode when th...

Page 744: ...e new value is less than the previous value and the number of configured secure addresses on the interface exceeds the new value the command is rejected The switch does not support port security aging of sticky secure MAC addresses A security violation occurs when the maximum number of secure MAC addresses are in the address table and a station whose MAC address is not in the address table attempt...

Page 745: ...he switchport port security mac address sticky mac address interface configuration command an error message appears and the sticky secure MAC address is not added to the running configuration Examples This example shows how to enable port security on a port and to set the maximum number of secure addresses to 5 The violation mode is the default and no secure MAC addresses are configured Switch con...

Page 746: ...0 for that port To allow limited time access to particular secure addresses set the aging type as absolute When the aging time lapses the secure addresses are deleted To allow continuous access to a limited number of secure addresses set the aging type as inactivity This removes the secure address when it become inactive and other addresses can become secure To allow unlimited access to a secure a...

Page 747: ...configured secure addresses on a port Switch config interface gigabitethernet1 0 2 Switch config if switchport port security aging time 2 Switch config if switchport port security aging type inactivity Switch config if switchport port security aging static This example shows how to disable aging for configured secure addresses Switch config if no switchport port security aging static Related Comma...

Page 748: ...ected to the Cisco IP Phone to send the configuration to the Cisco IP Phone CDP is enabled by default globally and on all switch interfaces You should configure voice VLAN on switch access ports You can only configure a voice VLAN on Layer 2 ports Before you enable voice VLAN we recommend that you enable quality of service QoS on the switch by entering the mls qos global configuration command and ...

Page 749: ... 2 Catalyst 3750 Metro Switch Cisco IOS Commands switchport priority extend Related Commands Command Description show interfaces Displays the administrative and operational status of a switching nonrouting port switchport voice vlan Configures the voice VLAN on the port ...

Page 750: ...switchport mode private vlan host promiscuous interface configuration command If the port is in private VLAN host or promiscuous mode but the VLANs do not exist the command is allowed but the port is made inactive The secondary_vlan_list parameter cannot contain spaces It can contain multiple comma separated items Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs ...

Page 751: ...ivate VLAN host port and associate it with primary VLAN 20 and secondary VLAN 501 Switch configure terminal Switch config interface fastethernet 1 0 1 Switch config if switchport mode private vlan host Switch config if switchport private vlan host association 20 501 Switch config if end This example shows how to configure an interface as a private VLAN promiscuous port and map it to a primary VLAN...

Page 752: ...ust configure the protected ports for unique VLANs on each switch and configure a trunk link between the switches A protected port is different from a secure port A protected port does not forward any unicast multicast or broadcast traffic to any other protected port A protected port continues to forward unicast multicast and broadcast traffic to unprotected ports and vice versa Port monitoring do...

Page 753: ...n trunking mode See the following vlan list format The none keyword is not valid The default is all dot1q ethertype value Sets the ethertype value on an enhanced services ES port for 802 1Q encapsulation Used to select a nonstandard nondefault 2 byte ethertype to identify 802 1Q tagged frames The default ethertype value is 0x8100 Note This keyword is supported only on ES ports encapsulation Set th...

Page 754: ...ation is negotiate VLAN 1 is the default native VLAN ID on the port The default for all VLAN lists is to include all VLANs The default ethertype value for 802 1Q encapsulation is 0x8100 Command Modes Interface configuration Command History Usage Guidelines Encapsulation The switchport trunk encapsulation command is supported only on platforms and interface hardware that can support both ISL and 80...

Page 755: ...tch sends the packet without a tag otherwise the switch sends the packet with a tag The no form of the native vlan command resets the native mode VLAN to the appropriate default VLAN for the device Allowed VLAN To reduce the risk of spanning tree loops or storms you can disable VLAN 1 on any individual VLAN trunk port by removing VLAN 1 from the allowed list When you remove VLAN 1 from a trunk por...

Page 756: ...h config if switchport trunk pruning vlan remove 3 10 15 You can verify your settings by entering the show interfaces interface id switchport privileged EXEC command Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching nonrouting port including port blocking and port protection settings switchport mode Configures the VLAN...

Page 757: ... is used to switch the packet inside the switch The service provider VLAN ID is sent or received on the ES ports The VLAN ID range is from 1 to 4094 dot1q tunnel outer vlan id inner vlan id translated vlan id drop Configure the 802 1Q tunnel VLAN mapping on the interface as a two to one mapping The internal 802 1Q tunneling traffic with the outer VLAN ID outer vlan id and the inner VLAN ID inner v...

Page 758: ...traffic in 802 1Q tunnels Use the drop keyword to drop all VLAN traffic except traffic that is explicitly mapped When using the use the switchport vlan mapping internal dot1q tunnel internal outer vlan id internal inner vlan id external dot1q tunnel external outer vlan id external inner vlan id command make sure that the inner VLAN ID of the original 802 1Q packet internal inner vlan id and the in...

Page 759: ...mands switchport vlan mapping Related Commands Command Description show interfaces interface id vlan mapping Displays the VLAN mapping table for the identified interface show vlan mapping Displays the VLAN mapping table for the ES ports switchport mode dot1q tunnel Configures an interface as an 802 1Q tunnel port ...

Page 760: ...itch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command When you enter a VLAN ID the IP phone forwards voice traffic in 802 1Q frames tagged with the specified VLAN ID The switch puts 802 1Q voice traffic in the voice VLAN When you select dot1q none or untagged the switch puts the indica...

Page 761: ...ny type of port security is enabled on the access VALN dynamic port security is automatically enabled on the voice VLAN You cannot configure static secure MAC addresses in the voice VLAN The Port Fast feature is automatically enabled when voice VLAN is configured When you disable voice VLAN the Port Fast feature is not automatically disabled Examples This example shows how to configure VLAN 2 as t...

Page 762: ...witch ports alternate bytes Define an alternate frame size MTU to be applied to specific interfaces The range is between the configured system MTU and the configured jumbo MTU size 1500 to 9000 bytes The default is 1500 bytes alternate interface interface id range interface range Apply the alternate MTU to the specified interface or range of interfaces jumbo bytes Set the system jumbo frame size M...

Page 763: ... is accepted but not applied until the next switch reset When the configuration change takes effect the routing MTU size defaults to the new system MTU size If you enter a value that is outside the range for the specific type of switch the value is not accepted Beginning with Cisco IOS Release 12 2 55 SE you can define an alternate MTU size by using the system mtu alternate bytes command and apply...

Page 764: ...e effect until the next re load is done Switch config exit Switch reload This example shows how to apply the alternate MTU to Gigabit Ethernet interfaces 1 to 10 Changes are not applied until you reload the switch Switch config system mtu alternate interface range gigabitethernet 0 1 10 Changes to the Alternate MTU on interface s will not take effect until the next reload is done Switch config exi...

Page 765: ...when the specified source and destination addresses belong to the same VLAN If you specify source and destination addresses that belong to different VLANs the Layer 2 path is not identified and an error message appears If the source or destination MAC address belongs to multiple VLANs you must specify the VLAN to which both the source and destination MAC addresses belong If the VLAN is not specifi...

Page 766: ...1 0601 found on con6 ME C3750 12TE 2 2 6 6 con6 2 2 6 6 Gi1 0 1 Gi0 0 2 con5 2 2 5 5 Gi1 0 2 Gi0 0 1 con1 2 2 1 1 Gi1 0 1 Gi1 0 2 con2 2 2 2 2 Gi1 0 2 Gi1 0 1 Destination 0000 0201 0201 found on con2 WS C3550 24 2 2 2 2 Layer 2 trace completed This example shows the Layer 2 path when the switch is not connected to the source switch Switch traceroute mac 0000 0201 0501 0000 0201 0201 detail Source ...

Page 767: ...when source and destination switches belong to multiple VLANs Switch traceroute mac 0000 0201 0601 0000 0201 0201 Error Mac found on multiple vlans Layer2 trace aborted Related Commands Command Description traceroute mac ip Displays the Layer 2 path taken by the packets from the specified source IP address or hostname to the specified destination IP address or hostname ...

Page 768: ... you specify the IP addresses the switch uses Address Resolution Protocol ARP to associate the IP addresses with the corresponding MAC addresses and the VLAN IDs If an ARP entry exists for the specified IP address the switch uses the associated MAC address and identifies the physical path If an ARP entry does not exist the switch sends an ARP query and tries to resolve the IP address The IP addres...

Page 769: ...C3750 24TE 172 18 18 2 Layer2 trace completed This example shows how to display the Layer 2 path by specifying the source and destination hostnames Switch traceroute mac ip con6 con2 Translating IP to mac 2 2 66 66 0000 0201 0601 2 2 22 22 0000 0201 0201 Source 0000 0201 0601 found on con6 con6 2 2 6 6 Gi1 0 1 Gi1 0 2 con5 2 2 5 5 Gi1 0 2 Gi0 1 con1 2 2 1 1 Gi0 0 1 Gi0 2 con2 2 2 2 2 Gi0 0 2 Fa0 1...

Page 770: ...o an enhanced services ES port If you specify trust cos QoS uses the received or default port CoS value and the CoS to DSCP map to generate a DSCP value for the packet If you specify trust dscp QoS uses the DSCP value from the ingress packet For non IP packets that are tagged QoS uses the received CoS value for non IP packets that are untagged QoS uses the default port CoS value In either case the...

Page 771: ...ow the switch configures the inner and outer tags for packets sent over the enhanced services ES trunk port see the mls qos trust section on page 2 312 To return to policy map configuration mode use the exit command To return to privileged EXEC mode use the end command Examples This example shows how to define a port trust state to trust inbound DSCP values for traffic classified with class1 Switc...

Page 772: ...orts on fiber optic links For information about normal and aggressive modes see the Understanding UDLD section in the software configuration guide for this release If you change the message time between probe packets you are making a trade off between the detection speed and the CPU load By decreasing the time you can make the detection response faster but increase the load on the CPU This command...

Page 773: ...and errdisable recovery interval interval global configuration commands to automatically recover from the UDLD error disabled state Examples This example shows how to enable UDLD on all fiber optic ports Switch config udld enable You can verify your setting by entering the show udld privileged EXEC command Related Commands Command Description show udld Displays UDLD administrative and operational ...

Page 774: ... on fiber optic connections In aggressive mode UDLD also can detect unidirectional links due to one way traffic on fiber optic and twisted pair links and due to misconnected ports on fiber optic links For information about normal and aggressive modes see the Configuring UDLD chapter in the software configuration guide for this release To enable UDLD in normal mode use the udld port interface confi...

Page 775: ...to automatically recover from the UDLD error disabled state Examples This example shows how to enable UDLD on a port Switch config interface gigabitethernet1 0 1 Switch config if udld port This example shows how to disable UDLD on a fiber optic port despite the setting of the udld global configuration command Switch config interface gigabitethernet1 1 1 Switch config if udld port disable You can v...

Page 776: ...xample shows how to reset all interfaces disabled by UDLD Switch udld reset 1 ports shutdown by UDLD were reset You can verify your setting by entering the show udld privileged EXEC command Related Commands Release Modification 12 1 14 AX This command was introduced Command Description show running config Displays the operating configuration For syntax information use this link to the Cisco IOS Re...

Page 777: ...to multipoint You should know the correct number of maintenance end points MEPs in the domain If you enter a UNI count value greater than the actual number of endpoints the UNI status shows as partially active even if all endpoints are up If you enter a UNI count less than the actual number of endpoints UNI status shows as active even if all endpoints are not up Caution Configuring a UNI count doe...

Page 778: ...ch Cisco IOS Commands uni count Examples This example shows how to a UNI count of two with point to multipoint service Switch config ethernet evc test1 Switch config evc uni count 2 multipoint Related Commands Command Description ethernet evc evc id Defines an EVC and enters EVC configuration mode ...

Page 779: ... running configuration and you can save them in the switch startup configuration file When you save the VLAN and VTP configurations in the startup configuration file and reboot the switch the configuration is determined in these ways If both the VLAN database and the configuration file show the VTP mode as transparent and the VTP domain names match the VLAN database is ignored The VTP and VLAN con...

Page 780: ...gs having this VLAN as a parent VLAN in FDDI NET Token Ring NET and TrBRF VLANs The range is 0 to 15 The default bridge number is 0 no source routing bridge for FDDI NET TrBRF and Token Ring NET VLANs The type keyword applies only to TrCRF VLANs and is one of these srb source route bridging srt source route transparent bridging VLAN exit applies changes increments the VLAN database revision number...

Page 781: ...administrative domain The default value is 100000 plus the VLAN ID number shutdown shuts down VLAN switching on the VLAN This command takes effect immediately Other commands take effect when you exit config vlan mode state specifies the VLAN state active means the VLAN is operational the default suspend means the VLAN is suspended Suspended VLANs do not pass packets ste ste number defines the maxi...

Page 782: ...VTP v1 mode is enabled name vlan name media tr net state suspend active said said value mtu mtu size bridge bridge number stp type ieee ibm tb vlan1 tb vlan1 id tb vlan2 tb vlan2 id Token Ring bridge relay function TrBRF VTP v2 mode is enabled name vlan name media tr net state suspend active said said value mtu mtu size bridge bridge number stp type ieee ibm auto tb vlan1 tb vlan1 id tb vlan2 tb v...

Page 783: ... vlan end Switch copy running config startup config You can verify your setting by entering the show vlan privileged EXEC command Related Commands VTP v1 mode is enabled No VLAN can have an STP type set to auto This rule applies to Ethernet FDDI FDDI NET Token Ring and Token Ring NET VLANs Add a VLAN that requires translational bridging values are not set to zero The translational bridging VLAN ID...

Page 784: ...ommand to set whether a match causes the packet to be forwarded or dropped In VLAN access map configuration mode these commands are available action sets the action to be taken forward or drop default sets a command to its defaults exit exits from VLAN access map configuration mode match sets the values to match IP address or MAC address no negates a command or set its defaults When you do not spe...

Page 785: ...e map this will be entry 10 Switch config vlan access map vac1 Switch config access map match ip address acl1 Switch config access map action forward This example shows how to delete VLAN map vac1 Switch config no vlan access map vac1 Related Commands Command Description action Sets the action for the VLAN access map entry match access map configuration Sets the VLAN map to match packets against o...

Page 786: ...uration process we recommend that you completely define the VLAN access map before applying it to a VLAN For more information about VLAN map entries see the software configuration guide for this release Examples This example applies VLAN map entry map1 to VLANs 20 and 30 Switch config vlan filter map1 vlan list 20 30 This example shows how to delete VLAN map entry mac1 from VLAN 20 Switch config n...

Page 787: ...an filter Related Commands Command Description show vlan access map Displays information about a particular VLAN access map or all VLAN access maps show vlan filter Displays information about all VLAN filters or about a particular VLAN or VLAN access map vlan access map Creates a VLAN map entry for VLAN packet filtering ...

Page 788: ... Command History Examples This example shows how to immediately send VQP queries to the VMPS Switch vmps reconfirm You can verify your setting by entering the show vmps privileged EXEC command and examining the VMPS Action row of the Reconfirmation Status section The show vmps command shows the result of the last time the assignments were reconfirmed either because the reconfirmation timer expired...

Page 789: ...Global configuration Command History Examples This example shows how to set the VQP client to reconfirm dynamic VLAN entries every 20 minutes Switch config vmps reconfirm 20 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Reconfirm Interval row Related Commands interval Reconfirmation interval for VQP client queries to the VLAN Members...

Page 790: ...he default retry count is 3 Command Modes Global configuration Command History Examples This example shows how to set the retry count to 7 Switch config vmps retry 7 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the Server Retry Count row Related Commands count Number of attempts to contact the VLAN Membership Policy Server VMPS by the c...

Page 791: ...switch proxies the VMPS requests The VMPS server treats the cluster as a single switch and uses the IP address of the command switch to respond to requests When using the no form without specifying the ipaddress all configured servers are deleted If you delete all servers when dynamic access ports are present the switch cannot forward packets from new sources on these ports because it cannot query...

Page 792: ... Catalyst 3750 Metro Switch Cisco IOS Commands vmps server You can verify your setting by entering the show vmps privileged EXEC command and examining information in the VMPS Domain Server row Related Commands Command Description show vmps Displays VQP and VMPS information ...

Page 793: ... both IPv4 and IPv6 traffic When you enter this command IPv4 VRFs that are already configured also allow IPv6 traffic after you enter the address family ipv6 command Because this command is used only one time there is not a no version of the command This command is not stored in NVRAM because it has a one time immediate effect To configure IPv6 VRF aware routing you must use the dual ipv4 and ipv6...

Page 794: ...t modified Switch config vrf upgrade cli multi af mode non common policies vrf test Related Commands Command Description address family ipv4 Configures a routing session using standard IPv4 address prefixes address family ipv6 configures a routing session using standard IPv6 address prefixes vrf definition vrf name Configures a VPN VRF routing table and enters VRF configuration mode vrf forwarding...

Page 795: ...configure VLANs on the switch When a VTP client starts up it does not send VTP advertisements until it receives advertisements to initialize its VLAN database server Place the switch in VTP server mode A switch in VTP server mode is enabled for VTP and sends advertisements You can configure VLANs on the switch The switch can recover all the VLAN information in the current VTP database from nonvola...

Page 796: ... the switch configuration file The vtp file filename cannot be used to load a new database it renames only the file in which the existing database is stored Follow these guidelines when configuring a VTP domain name The switch is in the no management domain state until you configure a domain name While in the no management domain state the switch does not send any VTP advertisements even if change...

Page 797: ...ing a VTP password Passwords are case sensitive Passwords should match on all switches in the same domain When you use the no vtp password form of the command the switch returns to the no password state Follow these guidelines when setting VTP pruning VTP pruning removes information about each pruning eligible VLAN from VTP updates if there are no stations belonging to that VLAN If you enable prun...

Page 798: ...in for the switch Switch config vtp domain OurDomainName This example shows how to place the switch in VTP transparent mode Switch config vtp mode transparent This example shows how to configure the VTP domain password Switch config vtp password ThisIsOurDomain sPassword This example shows how to enable pruning in the VLAN database Switch config vtp pruning Pruning switched ON This example shows h...

Page 799: ...ud to connect Ethernet interfaces on two provider edge devices at each edge of the service provider network You must enter the command at the PE device at each edge of the service provider network to establish a bidirectional virtual connection which consists of two unidirectional label switched paths LSPs A VC is not established if not properly defined from both ends For the destination parameter...

Page 800: ...an Ethernet over MPLS EoMPLS tunnel between the PE1 VLAN 3 interface and the PE2 VLAN 4 interface PE1 has IP address 10 0 0 1 32 that PE2 discovers through routing and PE2 has IP address 20 0 0 1 32 that PE1 discovers through routing At the PE1 interface Switch config interface vlan 3 Switch config if xconnect 20 0 0 1 123 encapsulation mpls At the PE2 interface Switch config interface vlan 4 Swit...

Page 801: ...ering up and then entering a new password The password recovery disable feature allows the system administrator to protect access to the switch password by disabling part of this functionality and allowing the user to interrupt the boot process only by agreeing to set the system back to the default configuration With password recovery disabled the user can still interrupt the boot process and chan...

Page 802: ...formation in the BOOT environment variable if any If you supply an image name for the file url variable the boot command attempts to boot the specified image When you set boot loader boot command options they are executed immediately and apply only to the current boot loader session These settings are not saved for the next boot operation Filenames and directory names are case sensitive Examples T...

Page 803: ...nd Reference OL 9645 10 Appendix A Catalyst 3750 Metro Switch Boot Loader Commands boot Related Commands Command Description set Sets the BOOT environment variable to boot a specific image when the BOOT keyword is appended to the command ...

Page 804: ... list of files the contents of each file is sequentially displayed Examples This example shows how to display the contents of two files info and env_vars switch cat flash new images info flash env_vars Related Commands filesystem Alias for a flash file system Use flash for the system board flash device file url Path directory and name of the files to display Separate each filename with a space Rel...

Page 805: ...tain control characters spaces deletes slashes quotes semicolons or colons If you are copying a file to a new directory the directory must already exist Examples This example show how to copy a file at the root switch copy flash test1 text flash test4 text File flash test1 text successfully copied to flash test4 text You can verify that the file was copied by entering the dir filesystem boot loade...

Page 806: ...s example shows how to delete two files switch delete flash test2 text flash test5 text Are you sure you want to delete flash test2 text y n y File flash test2 text deleted Are you sure you want to delete flash test5 text y n y File flash test2 text deleted You can verify that the files were deleted by entering the dir flash boot loader command Related Commands filesystem Alias for a flash file sy...

Page 807: ... env_vars 9 drwx 768 Mar 01 2002 23 11 42 html 16 rwx 1037 Mar 01 2002 00 01 11 config text 14 rwx 1099 Mar 01 2002 01 14 05 homepage htm 22 rwx 96 Mar 01 2002 00 01 39 system_env_vars 17 drwx 192 Mar 06 2002 23 22 03 c3750me i5 mz 121 14 35 AX 15998976 bytes total 6397440 bytes free Table A 1 describes the fields in the display filesystem Alias for a flash file system Use flash for the system boa...

Page 808: ...750 Metro Switch Boot Loader Commands dir Related Commands 1839 Size of the file date Last modification date env_vars Filename Table A 1 dir Field Descriptions continued Field Description Command Description mkdir Creates one or more directories rmdir Removes one or more directories ...

Page 809: ...guments or keywords Defaults The flash file system is automatically initialized during normal system operation Command Modes Boot loader Command History Usage Guidelines During the normal boot process the flash file system is automatically initialized Use this command to manually initialize the flash file system For example you use this command during the recovery procedure for a lost or forgotten...

Page 810: ...e system and destroy all data in that file system format filesystem Syntax Description Command Modes Boot loader Command History Usage Guidelines Caution Use this command with care it destroys all data on the file system and renders your system unusable filesystem Alias for a flash file system Use flash for the system board flash device Release Modification 12 1 14 AX This command was introduced ...

Page 811: ...wer and then reconnect the power Examples This example shows how to perform an extensive file system check on flash memory switch fsck test flash f Optional Initialize the file system code and perform a fast file consistency check Cyclic redundancy checks CRCs in the flashfs sectors are not checked test Optional Initialize the file system code and perform extra POST on flash memory An extensive no...

Page 812: ... the help boot loader command to display the available commands help Syntax Description This command has no arguments or keywords Command Modes Boot loader Command History Usage Guidelines You can also use the question mark to display a list of available boot loader commands Release Modification 12 1 14 AX This command was introduced ...

Page 813: ...lization is 53 percent Total bytes 0x21ca40 2214464 Bytes used 0x120960 1182048 Bytes available 0xfc0e0 1032416 Alternate heap utilization is 3 percent Total alternate heap bytes 0x7d7d7c0 131585984 Alternate heap bytes used 0x400004 4194308 Alternate heap bytes available 0x797d7bc 127391676 Table A 2 describes the fields in the display Release Modification 12 1 14 AX This command was introduced T...

Page 814: ... a directory called Saved_Configs switch mkdir flash Saved_Configs Directory flash Saved_Configs created This example shows how to make two directories switch mkdir flash Saved_Configs1 flash Test Directory flash Saved_Configs1 created Directory flash Test created You can verify that the directory was created by entering the dir filesystem boot loader command Related Commands filesystem Alias for ...

Page 815: ...y a list of files the contents of each file is sequentially displayed Examples This example shows how to display the contents of two files info and env_vars switch more flash new images info flash env_vars Related Commands filesystem Alias for a flash file system Use flash for the system board flash device file url Path directory and name of the files to display Separate each filename with a space...

Page 816: ... semicolons or colons Filenames are limited to 45 characters the name cannot contain control characters spaces deletes slashes quotes semicolons or colons Examples This example shows a file named config text being renamed to config1 text switch rename flash config text flash config1 text You can verify that the file was renamed by entering the dir filesystem boot loader command Related Commands fi...

Page 817: ...clearing the processor registers and memory reset Syntax Description This command has no arguments or keywords Command Modes Boot loader Command History Examples This example shows how to reset the system switch reset Are you sure you want to reset the system y n y System resetting Related Commands Release Modification 12 1 14 AX This command was introduced Command Description boot Loads and boots...

Page 818: ...ectory you must first delete all the files in the directory The switch prompts you for confirmation before deleting each directory Examples This example shows how to remove a directory switch rmdir flash Test You can verify that the directory was deleted by entering the dir filesystem boot loader command Related Commands filesystem Alias for a flash file system Use flash for the system board flash...

Page 819: ...lly booting If the BOOT environment variable is not set the system attempts to load and execute the first executable image it can find by using a recursive depth first search through the flash file system If the BOOT variable is set but the specified images cannot be loaded the system attempts to boot the first bootable file that it can find in the flash file system ENABLE_BREAK Determines whether...

Page 820: ...n if the value is a null string A variable that is set to a null string for example is a variable with a value Many environment variables are predefined and have default values Command Modes Boot loader Command History BAUD rate The rate in bits per second bps used for the console The software inherits the baud rate setting from the boot loader and continues to use this value unless the configurat...

Page 821: ... variable can also be set by using the boot helper filesystem file url global configuration command The CONFIG_FILE environment variable can also be set by using the boot config file flash file url global configuration command The HELPER_CONFIG_FILE environment variable can also be set by using the boot helper config file filesystem file url global configuration command The HELPER_CONFIG_FILE envi...

Page 822: ...ou specify a list of files the contents of each file is sequentially displayed Examples This example shows how to display the contents of two files switch type flash new images info flash env_vars Related Commands filesystem Alias for a flash file system Use flash for the system board flash device file url Path directory and name of the files to display Separate each filename with a space Release ...

Page 823: ...lash file system ENABLE_BREAK Determines whether the automatic boot process can be interrupted by using the Break key on the console after the flash file system has been initialized HELPER A semicolon separated list of loadable files to dynamically load during the boot loader initialization Helper files extend or patch the functionality of the boot loader PS1 A string that is used as the command l...

Page 824: ... reset by using the no boot enable break global configuration command The HELPER environment variable can also be reset by using the no boot helper global configuration command The CONFIG_FILE environment variable can also be reset by using the no boot config file global configuration command The HELPER_CONFIG_FILE environment variable can also be reset by using the no boot helper config file glob...

Page 825: ...splay the boot loader version version Syntax Description This command has no arguments or keywords Command Modes Boot loader Command History Examples This example shows how to display the boot loader version switch version Boot Loader HULC HBOOT M Version 12 1 mbutts congo_bl 116 compiled Sat 19 Apr 03 17 02 by mbutts Release Modification 12 1 14 AX This command was introduced ...

Page 826: ...A 26 Catalyst 3750 Metro Switch Command Reference OL 9645 10 Appendix A Catalyst 3750 Metro Switch Boot Loader Commands version ...

Page 827: ... be enabled only under the guidance of Cisco technical support staff Caution Because debugging output is assigned high priority in the CPU process it can render the system unusable For this reason use the debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff It is best to use the debug commands during periods of lower network tr...

Page 828: ...omatically generated when auto QoS is enabled Switch debug autoqos AutoQoS debugging is on Switch configure terminal Enter configuration commands one per line End with CNTL Z Switch config interface gigabitethernet1 0 1 Switch config if auto qos voip cisco phone 21 29 41 mls qos map cos dscp 0 8 16 26 32 46 48 56 21 29 41 mls qos 21 29 42 no mls qos srr queue input cos map 21 29 42 no mls qos srr ...

Page 829: ...t dscp map queue 2 threshold 3 24 25 26 27 28 29 30 31 21 29 47 mls qos srr queue output dscp map queue 2 threshold 3 48 49 50 51 52 53 54 55 21 29 48 mls qos srr queue output dscp map queue 2 threshold 3 56 57 58 59 60 61 62 63 21 29 48 mls qos srr queue output dscp map queue 3 threshold 3 16 17 18 19 20 21 22 23 21 29 48 mls qos srr queue output dscp map queue 3 threshold 3 32 33 34 35 36 37 38 ...

Page 830: ...lt Backup interface debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug backup command is the same as the no debug backup command Related Commands all Display all backup interface debug messages errors Display backup interface error or exception debug messages events Display backup interface event debug messages vlan load balancing Display backup interf...

Page 831: ... History Usage Guidelines The undebug dot1x command is the same as the no debug dot1x command Related Commands all Display all 802 1x debug messages errors Display 802 1x error debug messages events Display 802 1x event debug messages packets Display 802 1x packet debug messages registry Display 802 1x registry invocation debug messages state machine Display state machine related events debug mess...

Page 832: ...bug dtp command is the same as the no debug dtp command Related Commands aggregation Display DTP user message aggregation debug messages all Display all DTP debug messages decision Display the DTP decision table debug messages events Display the DTP event debug messages oserrs Display DTP operating system related error debug messages packets Display DTP packet processing debug messages queue Displ...

Page 833: ...the linecard keyword is not supported Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines If you do not specify a keyword all debug messages are displayed The undebug etherchannel command is the same as the no debug etherchannel command Related Commands all Optional Display all EtherChannel debug messages detail Optional Display detailed EtherChannel debug...

Page 834: ...n between the Ethernet infrastructure and its clients error Display Ethernet customer service error messages occurring in the Ethernet infrastructure subsystem evc Display Ethernet virtual connection EVC debug messages id evc id Optional Display EVC debug messages relevant to a specific EVC identifier The EVC identifier can be a string of from 1 to 100 characters instance Display debug messages re...

Page 835: ...itch Command Reference OL 9645 10 Appendix B Catalyst 3750 Metro Switch Debug Commands debug ethernet service Related Commands Command Description show debugging Displays information about the types of debugging that are enabled ...

Page 836: ...d The undebug interface command is the same as the no debug interface command Related Commands interface id Display debug messages for the specified physical port for example fastethernet1 0 3 null interface number Display debug messages for null interfaces The interface number is always 0 port channel port channel number Display debug messages for the specified EtherChannel port channel The port ...

Page 837: ...ntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug ip dhcp snooping command is the same as the no debug ip dhcp snooping command Related Commands mac address Display debug messages for a DHCP packet with the specified MAC address agent Display debug messages for DHCP snooping agents event Display debug messages for DHCP snoopi...

Page 838: ... of this command to disable debugging debug ip igmp filter no debug ip igmp filter Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug ip igmp filter command is the same as the no debug ip igmp filter command Related Commands Release Modification 12 1 14 AX This command was introduced...

Page 839: ...rm of this command to disable debugging debug ip igmp max groups no debug ip igmp max groups Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug ip igmp max groups command is the same as the no debug ip igmp max groups command Related Commands Release Modification 12 1 14 AX This comm...

Page 840: ...ommand Modes Privileged EXEC Command History Usage Guidelines The undebug ip igmp snooping command is the same as the no debug ip igmp snooping command Related Commands group Optional Display IGMP snooping group activity debug messages management Optional Display IGMP snooping management activity debug messages router Optional Display IGMP snooping router activity debug messages timer Optional Dis...

Page 841: ...nnection command is the same as the no debug ip sla error twamp connection command Note Use the debug ip sla error twamp connection command before using the debug ip sla trace twamp connection command because the debug ip sla error twamp connection command generates less debugging output The debug ip sla error twamp connection command is supported in IPv4 networks Related Commands source ip ip add...

Page 842: ...he normal communications sent by an IP SLAs TWAMP reflector to the TWAMP server debug ip sla trace twamp control server Displays the normal communications sent by an IP SLAs TWAMP server to the TWAMP reflector debug ip sla trace twamp session Displays the normal communications between an IP SLAs TWAMP sender and reflector show debugging Displays information about the types of debugging that are en...

Page 843: ...r Note Use the debug ip sla error twamp control reflector command before using the debug ip sla trace twamp control reflector command because the debug ip sla error twamp control reflector command generates less debugging output The debug ip sla error twamp control reflector command is supported in IPv4 networks The undebug ip sla error twamp control reflector command is the same as the no debug i...

Page 844: ...ontrol reflector debug ip sla trace twamp control server Displays the normal communications sent by an IP SLAs TWAMP server to the TWAMP reflector debug ip sla trace twamp session Displays the normal communications between an IP SLAs TWAMP sender and reflector show debugging Displays information about the types of debugging that are enabled ...

Page 845: ...e Use the debug ip sla error twamp control server command before using the debug ip sla trace twamp control server command because the debug ip sla error twamp control server command generates less debugging output The debug ip sla error twamp control server command is supported in IPv4 networks The undebug ip sla error twamp control server command is the same as the no debug ip sla error twamp co...

Page 846: ...control server debug ip sla trace twamp control server Displays the normal communications sent by an IP SLAs TWAMP server to the TWAMP reflector debug ip sla trace twamp session Displays the normal communications between an IP SLAs TWAMP sender and reflector show debugging Displays information about the types of debugging that are enabled ...

Page 847: ...because the debug ip sla error twamp session command generates less debugging output The debug ip sla error twamp session command is supported in IPv4 networks The undebug ip sla error twamp session command is the same as the no debug ip sla error twamp session command Related Commands source ip ip address Optional Debug IP Performance Metrics IPPM TWAMP connections for the specified source Specif...

Page 848: ...amp session debug ip sla trace twamp control server Displays the normal communications sent by an IP SLAs TWAMP server to the TWAMP reflector debug ip sla trace twamp session Displays the normal communications between an IP SLAs TWAMP sender and reflector show debugging Displays information about the types of debugging that are enabled ...

Page 849: ...ileged EXEC Command History Usage Guidelines The debug ip sla trace twamp connection privileged EXEC command displays messages about normal communications between the client and server during a TWAMP session Note Use the debug ip sla error twamp connection command before using the debug ip sla trace twamp connection command because the debug ip sla error twamp connection command generates less deb...

Page 850: ...server Displays exceptions during communication between the IP SLAs TWAMP server and reflector debug ip sla error twamp session Displays exceptions during communication between the IP SLAs TWAMP sender and reflector debug ip sla trace twamp control reflector Displays the normal communications sent by an IP SLAs TWAMP reflector to the TWAMP server debug ip sla trace twamp control server Displays th...

Page 851: ...flector Syntax Description This command has no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines The debug ip sla trace twamp control reflector privileged EXEC command displays messages about normal TWAMP session communications sent from the reflector to the server Note Use the debug ip sla error twamp control reflector command before using the debug ip sla trace...

Page 852: ...wamp control server Displays exceptions during communication between the IP SLAs TWAMP server and reflector debug ip sla error twamp session Displays exceptions during communication between the IP SLAs TWAMP sender and reflector debug ip sla trace twamp connection Displays the normal communications between an IP SLAs TWAMP client and server debug ip sla trace twamp control server Displays the norm...

Page 853: ...rol server Syntax Description This command has no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines The debug ip sla trace twamp control server privileged EXEC command displays messages about normal TWAMP session communications sent from the server to the reflector Note Use the debug ip sla error twamp control server command before using the debug ip sla trace tw...

Page 854: ...p control server Displays exceptions during communication between the IP SLAs TWAMP server and reflector debug ip sla error twamp session Displays exceptions during communication between the IP SLAs TWAMP sender and reflector debug ip sla trace twamp connection Displays the normal communications between an IP SLAs TWAMP client and server debug ip sla trace twamp control reflector Displays the norm...

Page 855: ...ileged EXEC Command History Usage Guidelines The debug ip sla trace twamp session privileged EXEC command displays normal session communication between the TWAMP sender and reflector Note Use the debug ip sla error twamp session command before using the debug ip sla trace twamp session command because the debug ip sla error twamp session command generates less debugging output The debug ip sla tra...

Page 856: ...rver Displays exceptions during communication between the IP SLAs TWAMP server and reflector debug ip sla error twamp session Displays exceptions during communication between the IP SLAs TWAMP sender and reflector debug ip sla trace twamp connection Displays the normal communications between an IP SLAs TWAMP client and server debug ip sla trace twamp control reflector Displays the normal communica...

Page 857: ...able debugging debug ip verify source packet no debug ip verify source packet Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug ip verify source packet command is the same as the no debug ip verify source packet command Related Commands Release Modification 12 2 25 EY This command w...

Page 858: ...abled Command Modes Privileged EXEC Command History Usage Guidelines The undebug lacp command is the same as the no debug lacp command Related Commands all Optional Display all LACP debug messages event Optional Display LACP event debug messages fsm Optional Display LACP finite state machine debug messages misc Optional Display miscellaneous LACP debug messages packet Optional Display LACP packet ...

Page 859: ...tion Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug mac notification command is the same as the no debug mac notification command Related Commands Release Modification 12 1 14 AX This command was introduced Command Description show debugging Displays information about the types o...

Page 860: ...matm no debug matm Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug matm command is the same as the no debug matm command Related Commands Release Modification 12 1 14 AX This command was introduced Command Description debug platform matm Displays information about platform depende...

Page 861: ...uments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug matm move update command is the same as the no debug matm move update command Related Commands Release Modification 12 2 25 SED This command was introduced Command Description mac address table move update Configures MAC address table move update feature on the switch show d...

Page 862: ...as the no debug monitor command Related Commands all Display all SPAN debug messages errors Display detailed SPAN error debug messages idb update Display SPAN interface description block IDB update trace debug messages info Display SPAN informational tracing debug messages list Display SPAN port and VLAN list tracing debug messages notifications Display SPAN notification debug messages platform Di...

Page 863: ...le debugging debug mpls atom no debug mpls atom Note The Catalyst 3750 Metro switch supports Ethernet over MPLS EoMPLS a subset of AToM Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Related Commands Release Modification 12 1 14 AX This command was introduced Command Description debug mpls l2transport vlan E...

Page 864: ...ching Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Related Commands control Display EoMPLS traffic control plane debug messages distributed Display EoMPLS traffic distributed switching control debug messages switching Display EoMPLS traffic packet switching debug messages Release Modification 12 1 14 AX This command was introduced Command Descript...

Page 865: ...d Command Modes Privileged EXEC Command History Usage Guidelines The undebug mvrdbg command is the same as the no debug mvrdbg command Related Commands all Display all MVR activity debug messages events Display MVR event handling debug messages igmpsn Display MVR Internet Group Management Protocol IGMP snooping activity debug messages management Display MVR management activity debug messages ports...

Page 866: ...d to disable debugging debug nvram no debug nvram Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug nvram command is the same as the no debug nvram command Related Commands Release Modification 12 1 14 AX This command was introduced Command Description show debugging Displays inform...

Page 867: ...d Command Modes Privileged EXEC Command History Usage Guidelines The undebug pagp command is the same as the no debug pagp command Related Commands all Optional Display all PAgP debug messages event Optional Display PAgP event debug messages fsm Optional Display PAgP finite state machine debug messages misc Optional Display miscellaneous PAgP debug messages packet Optional Display PAgP packet debu...

Page 868: ...d Modes Privileged EXEC Command History Usage Guidelines The undebug platform acl command is the same as the no debug platform acl command Related Commands all Display all ACL manager debug messages exit Display ACL exit related debug messages label Display ACL label related debug messages main Display the main or important ACL debug messages racl Display router ACL related debug messages vacl Dis...

Page 869: ...debugging debug platform backup interface no debug platform backup interface Syntax Description This command has no arguments or keywords Command Default Platform backup interface debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform backup interface command is the same as the no platform debug backup interface command Related Commands Release Mo...

Page 870: ...mand has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines CFM is an end to end per service instance Ethernet layer operation administration and management OAM protocol that provides connectivity monitoring fault verification and fault isolation for large Ethernet networks The undebug platform cfm command is the same as the no de...

Page 871: ...oadcast queue cbt to spt q Display debug messages about packets received by the core based tree to shortest path tree cbt to spt queue cpuhub q Display debug messages about packets received by the CPU heartbeat queue host q Display debug messages about packets received by the host queue icmp q Display debug messages about packets received by the Internet Control Message Protocol ICMP queue igmp sn...

Page 872: ...tch Command Reference OL 9645 10 Appendix B Catalyst 3750 Metro Switch Debug Commands debug platform cpu queues Related Commands Command Description show debugging Displays information about the types of debugging that are enabled ...

Page 873: ...scription Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform dot1ad command is the same as the no debug platform dot1ad command When you enter debug platform dot1ad with no keywords all 802 1ad debug messages appear Related Commands error Displays 802 1ad error messages events Displays 802 1ad event debug messages receive Displays 802...

Page 874: ...nfiguration rpc Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform dot1x command is the same as the no debug platform dot1x command Related Commands initialization Display 802 1x initialization sequence debug messages interface configuration Display 802 1x interface configuration related debug messages rpc Display 8...

Page 875: ...ption Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform etherchannel command is the same as the no debug platform etherchannel command Related Commands init Display EtherChannel module initialization debug messages link up Display EtherChannel link up and link down related debug messages rpc detailed Display detailed EtherChannel rem...

Page 876: ... Privileged EXEC Command History Usage Guidelines If you do not specify a keyword all fallback bridging manager debug messages are displayed The undebug platform fallback bridging command is the same as the no debug platform fallback bridging command Related Commands error Optional Display fallback bridging manager error condition debug messages retry Optional Display fallback bridging manager ret...

Page 877: ...History Usage Guidelines If you do not specify a keyword all forwarding TCAM manager debug messages are displayed The undebug platform forw tcam command is the same as the no debug platform forw tcam command Related Commands adjustment Optional Display TCAM manager adjustment debug messages allocate Optional Display TCAM manager allocation debug messages audit Optional Display TCAM manager audit d...

Page 878: ... Privileged EXEC Command History Usage Guidelines The undebug platform ip arp inspection command is the same as the no debug platform ip arp inspection command Related Commands all Display all dynamic ARP inspection debug messages error Display dynamic ARP inspection error debug messages event Display dynamic ARP inspection event debug messages packet Display dynamic ARP inspection packet related ...

Page 879: ...request RPC events leave Optional Display all IGMP snooping leave request RPC events rx Optional Display all IGMP snooping DI receive RPC messages sync Optional Display all IGMP snooping DI sync update messages tx Optional Display all IGMP snooping DI sent RPC messages ucast Optional Display all IGMP snooping DI unicast request RPC messages error Display IGMP snooping error messages event Display ...

Page 880: ... IGMP snooping remote procedure call RPC event debug messages The keywords have these meanings cfg Optional Display IGMP snooping RPC debug messages l3mm Optional IGMP snooping Layer 3 multicast router group RPC debug messages misc Optional IGMP snooping miscellaneous RPC debug messages vlan Optional IGMP snooping VLAN assert RPC debug messages warn Display IGMP snooping warning messages Release M...

Page 881: ...P multicast event debug messages Note Using this command can degrade the performance of the switch mdb Display IP multicast debug messages for multicast distributed fast switching MDFS multicast descriptor block mdb events mdfs rp retry Display IP multicast MDFS rendezvous point RP retry event debug messages midb Display IP multicast MDFS multicast interface descriptor block MIDB debug messages mr...

Page 882: ...ch Command Reference OL 9645 10 Appendix B Catalyst 3750 Metro Switch Debug Commands debug platform ip multicast Related Commands Command Description show debugging Displays information about the types of debugging that are enabled ...

Page 883: ...lay IP unicast routing DHCP dynamic address related event debug messages errors Display all IP unicast routing error debug messages including resource allocation failures events Display all IP unicast routing event debug messages including registry and miscellaneous events interface Display IP unicast routing interface event debug messages mpath Display IP unicast routing multi path adjacency prog...

Page 884: ... Metro Switch Debug Commands debug platform ip unicast Usage Guidelines The undebug platform ip unicast command is the same as the no debug platform ip unicast command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled ...

Page 885: ...c signal no debug platform led generic signal Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform led command is the same as the no debug platform led command Related Commands generic Display LED generic action debug messages signal Display LED signal bit map debug messages Release Modification 12 1 14 AX This comman...

Page 886: ...same as the no debug platform matm command Related Commands aging Display MAC address aging debug messages all Display all platform MAC address management event debug messages ec aging Display EtherChannel address aging related debug messages errors Display MAC address management error debug messages learning Display MAC address management address learning debug messages rpc Display MAC address ma...

Page 887: ...ges usererr Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform messaging application command is the same as the no debug platform messaging application command Related Commands all Display all application messaging debug messages badpak Display bad packet debug messages cleanup Display clean up debug messages events...

Page 888: ...x Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform mpls command is the same as the no debug platform mpls command Related Commands backwalk Display MPLS backwalk messages encaps Display MPLS encapsulation messages errors Display MPLS error messages events Display all MPLS event messages lspv Display MPLS label switched p...

Page 889: ...delines The undebug platform phy command is the same as the no debug platform phy command Related Commands automdix Display PHY automatic medium dependent interface crossover Auto MDIX debug messages flowcontrol Display PHY flowcontrol debug messages forced Display PHY forced mode debug messages init seq Display PHY initialization sequence debug messages link status Display PHY link status debug m...

Page 890: ...ted events debug messages exceptions Display system exception debug messages hpm events Display platform port manager event debug messages idb events Display interface descriptor block IDB related events debug messages if numbers Display interface number translation event debug messages ios events Display Cisco IOS event debug messages link status Display interface link detection event debug messa...

Page 891: ...Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform pm command is the same as the no debug platform pm command Related Commands Release Modification 12 1 14 AX This command was introduced Command Description show debugging Displays information about the types of debugging that are enabled ...

Page 892: ...c interrupt periodic read write Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform port asic command is the same as the no debug platform port asic command Related Commands interrupt Display port ASIC interrupt related function debug messages periodic Display port ASIC periodic function call debug messages read Disp...

Page 893: ...Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform port security command is the same as the no debug platform port security command Related Commands add Display secure address addition debug messages aging Display secure address aging debug messages all Display all port security debug messages delete Display secure address deletion de...

Page 894: ...ts Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform qos acl tcam command is the same as the no debug platform qos acl tcam command Related Commands all Display all QoS and ACL TCAM QATM manager debug messages ctcam Display Cisco TCAM CTCAM related events debug messages errors Display QATM error related events debug messages labels Display QA...

Page 895: ...ble debugging debug platform remote commands no debug platform remote commands Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform remote commands command is the same as the no debug platform remote commands command Related Commands Release Modification 12 1 14 AX This comman...

Page 896: ...ommand to disable debugging debug platform rep no debug platform rep Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform rep command is the same as the no debug platform rep command Related Commands Release Modification 12 2 40 SE This command was introduced Command Descripti...

Page 897: ...eged EXEC Command History Usage Guidelines The undebug platform resource manager command is the same as the no debug platform resource manager command Related Commands all Display all resource manager debug messages dm Display destination map debug messages erd Display equal cost route descriptor table debug messages errors Display error debug messages madmed Display the MAC address descriptor tab...

Page 898: ...he no form of this command to disable debugging debug platform snmp no debug platform snmp Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform snmp command is the same as the no debug platform snmp command Related Commands Release Modification 12 1 14 AX This command was intr...

Page 899: ...form of this command to disable debugging debug platform span no debug platform span Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform span command is the same as the no debug platform span command Related Commands Release Modification 12 1 14 AX This command was introduced...

Page 900: ...rvisor asic all errors receive send Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform supervisor asic command is the same as the no debug platform supervisor asic command Related Commands all Display all supervisor ASIC event debug messages errors Display the supervisor ASIC error debug messages receive Display the...

Page 901: ...ticast packet unicast Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform sw bridge command is the same as the no debug platform sw bridge command Related Commands broadcast Display broadcast data debug messages control Display protocol packet debug messages multicast Display multicast data debug messages packet Disp...

Page 902: ...ead reg ssram tcam debug platform tcam search debug platform tcam write forw ram reg tcam no debug platform tcam log read search write no debug platform tcam log l2 acl input output local qos no debug platform tcam log l3 acl input output ipv6 acl input output local qos secondary local qos secondary no debug platform tcam read reg ssram tcam no debug platform tcam search no debug platform tcam wri...

Page 903: ... and QoS look up or secondary forwarding look up debug messages local Display local forwarding look up debug messages qos Display classification and quality of service QoS look up debug messages secondary Display secondary forwarding look up debug messages read reg ssram tcam Display TCAM read debug messages The keywords have these meanings reg Display TCAM register read debug messages ssram Displ...

Page 904: ...yntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform udld command is the same as the no debug platform udld command Related Commands all Optional Display all UDLD debug messages error Optional Display error condition debug messages rpc events messages Optional Display UDLD remote procedure call RPC debug messages The k...

Page 905: ...form vlan errors mvid rpc Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug platform vlan command is the same as the no debug platform vlan command Related Commands errors Display VLAN error debug messages mvid Display mapped VLAN ID allocations and free debug messages rpc Display remote procedure call RPC debug messages Re...

Page 906: ...he scp and pvlan keywords are not supported Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug pm command is the same as the no debug pm command all Display all PM debug messages assert Display assert debug messages card Display line card related events debug messages cookies Display internal PM cookie validation debug messages etherchnl Displ...

Page 907: ...etro Switch Command Reference OL 9645 10 Appendix B Catalyst 3750 Metro Switch Debug Commands debug pm Related Commands Command Description show debugging Displays information about the types of debugging that are enabled ...

Page 908: ...ug port security no debug port security Syntax Description This command has no arguments or keywords Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug port security command is the same as the no debug port security command Related Commands Release Modification 12 1 14 AX This command was introduced Command Description show debugging Displays ...

Page 909: ... as the no debug rep command Related Commands all Display all REP debug messages bpa event Display blocked port advertisement BPA debug messages bpasm Display BPA state machine debug messages epasm Display end port advertisement EPA state machine debug messages error Display REP protocol error debug messages failure recovery Display REP switchover event debug messages lslsm Display Link State Laye...

Page 910: ...o debug qos manager all event verbose Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug qos manager command is the same as the no debug qos manager command Related Commands all Display all QoS manager debug messages event Display QoS manager related event debug messages verbose Display QoS manager detailed debug messages Re...

Page 911: ...es bpdu Display spanning tree bridge protocol data unit BPDU debug messages bpdu opt Display optimized BPDU handling debug messages config Display spanning tree configuration change debug messages etherchannel Display EtherChannel support debug messages events Display spanning tree topology event debug messages exceptions Display spanning tree exception debug messages general Display general spann...

Page 912: ...ommands debug spanning tree Usage Guidelines The undebug spanning tree command is the same as the no debug spanning tree command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show spanning tree Displays spanning tree state information ...

Page 913: ...ackbonefast detail exceptions Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug spanning tree backbonefast command is the same as the no debug spanning tree backbonefast command Related Commands detail Optional Display detailed BackboneFast debug messages exceptions Optional Display spanning tree BackboneFast exception debu...

Page 914: ...pdu receive transmit Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug spanning tree bpdu command is the same as the no debug spanning tree bpdu command Related Commands receive Optional Display the nonoptimized path for received BPDU debug messages transmit Optional Display the nonoptimized path for transmitted BPDU debug ...

Page 915: ...ing tree bpdu opt detail packet Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug spanning tree bpdu opt command is the same as the no debug spanning tree bpdu opt command Related Commands detail Optional Display detailed optimized BPDU handling debug messages packet Optional Display packet level optimized BPDU handling deb...

Page 916: ...g Tree Protocol RSTP An MST region and a single spanning tree region running 802 1D An MST region and another MST region with a different configuration bpdu rx Display received MST bridge protocol data unit BPDUs debug messages bpdu tx Display sent MST BPDU debug messages errors Display MSTP error debug messages flush Display port flushing mechanism debug messages init Display MSTP data structure ...

Page 917: ... debug spanning tree mstp Usage Guidelines The undebug spanning tree mstp command is the same as the no debug spanning tree mstp command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show spanning tree Displays spanning tree state information ...

Page 918: ...essages errors Display debug messages for the interface between the spanning tree software module and the port manager software module flush Display shim flush operation debug messages general Display general event debug messages helper Display spanning tree helper task debug messages Helper tasks handle bulk spanning tree updates pm Display port manager event debug messages rx Display received br...

Page 919: ...bug spanning tree switch Usage Guidelines The undebug spanning tree switch command is the same as the no debug spanning tree switch command Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show spanning tree Displays spanning tree state information ...

Page 920: ...ions no debug spanning tree uplinkfast exceptions Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug spanning tree uplinkfast command is the same as the no debug spanning tree uplinkfast command Related Commands exceptions Optional Display spanning tree UplinkFast exception debug messages Release Modification 12 1 14 AX This...

Page 921: ...command Related Commands badpmcookies Display VLAN manager incidents of bad port manager cookie debug messages cfg vlan bootup cli Display config vlan debug messages The keywords have these meanings bootup Display messages when the switch is booting up cli Display messages when the command line interface CLI is in config vlan mode events Display VLAN manager event debug messages ifs See the debug ...

Page 922: ...0 Metro Switch Debug Commands debug sw vlan show vlan Displays the parameters for all configured VLANs or one VLAN if the VLAN name or ID is specified in the administrative domain show vtp Displays general information about VTP management domain status and counters Command Description ...

Page 923: ...erification word and the file version number Operation 2 reads the main body of the file which contains most of the domain and VLAN information Operation 3 reads type length version TLV descriptor structures Operation 4 reads TLV data Related Commands open read write Display VLAN manager IFS file open operation debug messages The keywords have these meanings read Display VLAN manager IFS file read...

Page 924: ...ommands accfwdchange Display debug messages for VLAN manager notification of aggregated access interface spanning tree forward changes allowedvlancfgchange Display debug messages for VLAN manager notification of changes to the allowed VLAN configuration fwdchange Display debug messages for VLAN manager notification of spanning tree forwarding changes linkchange Display debug messages for VLAN mana...

Page 925: ...WARNING macros in the VTP pruning code events Display debug messages for general purpose logic flow and detailed VTP messages generated by the VTP_LOG_RUNTIME macro in the VTP code packets Display debug messages for the contents of all incoming VTP packets that have been passed into the VTP code from the Cisco IOS VTP platform dependent layer except for pruning packets pruning packets xmit Display...

Page 926: ...ix B Catalyst 3750 Metro Switch Debug Commands debug sw vlan vtp Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show vtp Displays general information about VTP management domain status and counters ...

Page 927: ...Processing of configuration commands Processing of link up and link down indications For debug udld packets these debugging messages are displayed General packet processing program flow on receipt of an incoming packet Indications of the contents of the various pieces of packets received such as type length versions TLVs as they are examined by the packet reception code Packet transmission attempt...

Page 928: ...ds debug udld State change indications from the port manager software MAC address registry calls Related Commands Command Description show debugging Displays information about the types of debugging that are enabled show udld Displays UDLD administrative and operational status for all ports or the specified port ...

Page 929: ...mmand Modes Privileged EXEC Command History Usage Guidelines The undebug vqpc command is the same as the no debug vqpc command Related Commands all Optional Display all VQP client debug messages cli Optional Display the VQP client command line interface CLI debug messages events Optional Display VQP client event debug messages learn Optional Display VQP client address learning debug messages packe...

Page 930: ...ugging debug xconnect error event no debug xconnect error event Syntax Description Defaults Debugging is disabled Command Modes Privileged EXEC Command History Usage Guidelines The undebug xconnect command is the same as the no debug xconnect command Related Commands error Display xconnect authorization error debug messages event Display xconnect authorization event debug messages Release Modifica...

Page 931: ...mmands This appendix describes the show platform privileged EXEC commands that have been created or changed for use with the Catalyst 3750 Metro switch These commands display information helpful in diagnosing and resolving internetworking problems and should be used only under the guidance of Cisco technical support staff ...

Page 932: ...ot use this command unless a technical support representative asks you to do so interface interface id Display per interface ACL manager information for the specified interface The interface can be a physical interface a port channel or a VLAN label label number detail Display per label ACL manager information The label number range is 0 to 255 The keyword has this meaning detail Optional Display ...

Page 933: ...stration and management OAM protocol that provides proactive connectivity monitoring fault verification and fault isolation for large Ethernet networks show platform cfm Syntax Description There are no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while trou...

Page 934: ...d History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so config output Display the output of the last auto configuration application default Display whether or not the system is running the default configuration...

Page 935: ... show platform etherchannel flags time stamps Syntax Description Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so flags Display EtherChannel port flags time stamps Dis...

Page 936: ...psulation type cos cos Optional Class of service CoS value of the frame The range is 0 to 7 ip src ip dst ip Optional but required for IP packets Source and destination IP addresses in dotted decimal notation dscp dscp Optional Differentiated Services Code Point DSCP field in the IP header The range is 0 to 63 frag field Optional The IP fragment field for a fragmented IP packet The range is 0 to 6...

Page 937: ...u are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so Examples for examples of the show platform forward command output displays and what they mean see the Troubleshooting chapter of the software configuration guide for this release Release Modification 12 1 14 AX This comma...

Page 938: ... so all Display all IGMP snooping platform IP multicast information control di Display IGMP snooping control entries The keyword has this meaning di Optional Display IGMP snooping control destination index entries counters Display IGMP snooping counters flood vlan vlan id Display IGMP snooping flood information The keyword has this meaning vlan vlan id Optional Display flood information for the sp...

Page 939: ...s a technical support representative asks you to do so acl full info Display ACL full multicast route information counters Display IP multicast counters and statistics groups Display IP multicast routes per group hardware detail Display IP multicast routes loaded into hardware The optional detail keyword is used to show port members in the destination index and route index interfaces Display IP mu...

Page 940: ...tion Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so interfaces Display IP policy interface information route map name Display IP policy route map information The key...

Page 941: ...m information corresponding to Cisco Express Forwarding CEF interface descriptor block counts Display the current counts for the Layer 3 unicast databases dhcp Display the DHCP system dynamic addresses failed adjacency arp A B C D route Display the hardware resource failures The keywords have these meanings adjacency Display the adjacency entries that failed to be programmed in hardware arp Displa...

Page 942: ... Communication IPC Protocol trace log information show platform ipc trace Syntax Description There are no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you...

Page 943: ...ve while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so acl Display access control list ACL Layer 4 operators information pacl port asic Display port ACL Layer 4 operations information The keyword has this meaning port asic Optional Port ASIC number The value can be 0 or 1 qos port asic Display quality of service QoS Layer 4 operators ...

Page 944: ...mand History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so aging array Optional Display the MAC address table aging array hash table Optional Display the MAC address table hash table mac address mac address Opt...

Page 945: ...entative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so application incoming outgoing summary Display application message information The keywords have these meanings incoming Optional Display only information about incoming application messaging requests outgoing Optional Display only information about incoming application messa...

Page 946: ...rm monitor session session number Syntax Description Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representative asks you to do so session session number Optional Display SPAN information for the ...

Page 947: ...tration MVR multi expansion descriptor MED group mapping table show platform mvr table Syntax Description There are no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with a technical support representative while troubleshooting a problem Do not use this command unless a technical support representa...

Page 948: ...nical support representative asks you to do so counters Display module counters information group masks Display EtherChannel group masks information idbs active idbs deleted idbs Display interface data block IDB information The keywords have these meanings active idbs Display active IDB information deleted idbs Display deleted and leaked IDB information if numbers Display interface numbers informa...

Page 949: ...er asic number vct asic number port number asic number Syntax Description cpu queue map table asic number port number asic number Display the CPU queue map table entries The keywords have these meanings asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is t...

Page 950: ...nformation register The keywords have these meanings asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports mvid asic number Display the mapped VLAN ID table The keyword has this meaning asic number Optional Display in...

Page 951: ...y information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports span vlan id asic number Display the Switched Port Analyzer SPAN related information The keywords have these meanings vlan id Optional Display information for the specified VLAN The range is...

Page 952: ...on register queue Display the contents of the queue information register supervisor sram Display supervisor SRAM information asic number Optional Display information for the specified ASIC The range is 0 to 1 port number Optional Display information for the specified port and ASIC number The range is 0 to 27 where 0 is the supervisor and 1 to 25 are the ports vct asic number port number asic numbe...

Page 953: ...endent port security information show platform port security Syntax Description There are no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do ...

Page 954: ...tly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so label asic number Display QoS label maps for the specified ASIC Optional For asic number the range is 0 to 1 policer parameters asic number port alloc number asic number Display policer information The keywords have these meanings par...

Page 955: ...ndex The range is 0 to 65535 erd index number Display the equal cost route descriptor table for the specified index The keyword has this meaning index number Optional Display the specified index The range is 0 to 65535 mad index number Display the MAC address descriptor table for the specified index The keyword has this meaning index number Optional Display the specified index The range is 0 to 65...

Page 956: ...work Management Protocol SNMP counter information show platform snmp counters Syntax Description There are no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representativ...

Page 957: ...mand History Usage Guidelines You should use this command only when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so synchronization detail vlan vlan id Display spanning tree state synchronization information The keywords have these meanings detail Optional Disp...

Page 958: ...n show platform stp instance vlan id Syntax Description Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so vlan id Display spanning tree instance information for t...

Page 959: ...ed boundary information show platform tb Syntax Description There are no arguments or keywords Command Modes Privileged EXEC Command History Usage Guidelines You should use this command only when you are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so Release Modificat...

Page 960: ...6 acl qos secondary asic number detail invalid index number detail invalid invalid num number detail invalid invalid invalid num number detail invalid invalid show platform tcam table local asic number detail invalid index number detail invalid invalid num number detail invalid invalid invalid num number detail invalid invalid show platform tcam table mac address asic number detail invalid index n...

Page 961: ...le ipv6 Display IPv6 information acl Display the IPv6 ACL table information qos Display the IPv6 QoS table information secondary Display the IPv6 secondary table information local Display the local table mac address Display the MAC address table multicast expansion Display the IPv6 multicast expansion table qos Display the QoS table secondary Display the secondary table station Display the station...

Page 962: ...ou are working directly with your technical support representative while troubleshooting a problem Do not use this command unless your technical support representative asks you to do so misc Display miscellaneous VLAN module information mvid Display the mapped VLAN ID MVID allocation information prune Display the platform maintained pruning database refcount Display the VLAN lock module wise refer...

Page 963: ...Telegraph Company or of the Regents of the University of California Permission is granted to anyone to use this software for any purpose on any computer system and to alter it and redistribute it subject to the following restrictions 1 The author is not responsible for the consequences of use of this software no matter how awful even if they arise from flaws in it 2 The origin of this software mus...

Page 964: ... 2 interfaces 2 127 access map configuration mode 2 268 access mode 2 707 access ports 2 707 ACEs 2 75 2 346 ACLs deny 2 73 displaying 2 428 for non IP protocols 2 246 matching 2 268 permit 2 344 action command 2 5 address aliasing 2 326 aggregate port learner 2 333 allowed VLANs 2 725 Any Transport over MPLS See AToM archive download sw command 2 7 archive tar command 2 9 archive upload sw comman...

Page 965: ...etting A 23 files copying A 5 deleting A 6 displaying a list of A 7 displaying the contents of A 4 A 15 A 22 renaming A 16 file system formatting A 10 initializing flash A 9 running a consistency check A 11 prompt A 1 resetting the system A 17 boot manual command 2 27 boot private config file command 2 28 boot system command 2 29 BPDU filtering for spanning tree 2 642 2 676 BPDU guard for spanning...

Page 966: ... debug ip igmp snooping command B 14 debug ip sla error twamp connection B 15 debug ip sla error twamp control reflector B 17 debug ip sla error twamp control server B 19 debug ip sla error twamp session B 21 debug ip sla trace twamp connection B 23 debug ip sla trace twamp control reflector B 25 debug ip sla trace twamp control server B 27 debug ip sla trace twamp session B 29 debug ip verify sou...

Page 967: ...bug udld command B 101 debug vqpc command B 103 debug xconnect command B 104 default template 2 408 define interface range command 2 63 delete boot loader command A 6 delete command 2 65 deny ARP access list configuration command 2 66 deny IPv6 command 2 68 deny command 2 73 detect mechanism causes 2 102 DHCP snooping accepting untrusted packets from edge switch 2 156 enabling on a VLAN 2 162 opti...

Page 968: ...configure 2 136 display 2 486 rate limit incoming ARP packets 2 134 statistics clear 2 43 display 2 486 trusted interface state 2 138 type of packet logged 2 143 validation checks 2 140 dynamic auto VLAN membership mode 2 707 dynamic desirable VLAN membership mode 2 707 Dynamic Host Configuration Protocol DHCP See DHCP snooping Dynamic Trunking Protocol See DTP E EAP request identity frame maximum...

Page 969: ...gP aggregate port learner 2 333 clearing channel group information 2 51 debug messages display B 41 displaying 2 580 error detection for 2 102 error recovery timer 2 107 learn method 2 333 modes 2 30 physical port learner 2 333 priority of interface for transmitted traffic 2 335 ethermet lmi ce command 2 110 Ethernet controller internal register display 2 441 ethernet evc command 2 109 ethernet li...

Page 970: ...2 displaying 2 470 flowcontrol command 2 119 format boot loader command A 10 forwarding packets with ACL matches 2 5 forwarding results display C 6 frame forwarding information displaying C 6 fsck boot loader command A 11 G global configuration mode 1 2 1 3 H hardware ACL statistics 2 428 help boot loader command A 12 host connection port configuration 2 706 host ports private VLANs 2 710 I IEEE 8...

Page 971: ...nd 2 147 IP DHCP snooping See DHCP snooping ip dhcp snooping binding command 2 150 ip dhcp snooping command 2 149 ip dhcp snooping database command 2 152 ip dhcp snooping information option allow untrusted command 2 156 ip dhcp snooping information option command 2 154 ip dhcp snooping information option format remote id command 2 158 ip dhcp snooping limit rate command 2 159 ip dhcp snooping trus...

Page 972: ... 2 230 lacp system priority command 2 232 Layer 2 mode enabling 2 696 Layer 2 protocol ports displaying 2 524 Layer 2 protocol tunnel and EtherChannels 2 226 CoS 2 229 counters clearing 2 47 error detection for 2 102 error recovery 2 227 error recovery timer 2 107 setting thresholds for 2 227 Layer 2 traceroute IP addresses 2 740 MAC addresses 2 737 Layer 3 mode enabling 2 696 LDP destination 2 32...

Page 973: ...table static command 2 255 mac address table static drop command 2 256 macro description command 2 261 macro global command 2 262 macro global description command 2 265 macro name command 2 266 macros adding a description 2 261 adding a global description 2 265 applying 2 262 creating 2 266 displaying 2 582 specifying parameter values 2 262 tracing 2 262 macros interface range 2 63 2 123 maintenan...

Page 974: ...659 displaying 2 597 MST configuration mode 2 659 VLANs to instance mapping 2 659 path cost 2 661 protocol mode 2 657 restart protocol migration process 2 54 root port loop guard 2 651 preventing from becoming designated 2 651 restricting which can be root 2 651 root guard 2 651 root switch affects of extended system ID 2 650 hello time 2 664 2 672 interval between BDPU messages 2 665 interval bet...

Page 975: ...73 forwarding 2 344 non IP traffic access lists 2 246 denying 2 73 permitting 2 344 normal range VLANs 2 751 no vlan command 2 751 O OAM PDUs 2 114 OAM protocol 2 332 oam protocol cfm svlan command 2 332 operation administration and maintenance protocol See OAM P PAgP See EtherChannel pagp learn method command 2 333 pagp port priority command 2 335 password VTP 2 767 password recovery mechanism en...

Page 976: ...istics and status display 2 450 switch to authentication server retransmission time 2 96 switch to client frame retransmission number 2 86 2 87 switch to client retransmission time 2 96 test for IEEE 802 1x readiness 2 94 port channel load balance command 2 361 Port Fast for spanning tree 2 678 port ranges defining 2 63 ports debugging B 80 ports protected 2 724 port security aging 2 718 debug mes...

Page 977: ... priority queue 2 365 limiting the maximum output on a port 2 687 mapping a port to a queue set 2 374 mapping CoS values to a queue and threshold 2 306 mapping DSCP values to a queue and threshold 2 310 setting maximum and reserved memory allocations 2 290 setting WTD thresholds 2 290 SRR and priority queue interaction 2 365 enabling 2 275 hierarchical policies applying to an interface 2 414 avera...

Page 978: ...nd 2 372 queue set command 2 374 R random detect command 2 375 random detect dscp command 2 378 random detect exponential weighting constant command 2 382 random detect precedence command 2 385 rapid per VLAN spanning tree plus See STP rapid PVST See STP re authenticating 802 1x enabled ports 2 90 re authentication periodic 2 91 time between attempts 2 96 receiver ports MVR 2 328 receiving flow co...

Page 979: ...how env command 2 455 show errdisable detect command 2 456 show errdisable flap values command 2 458 show errdisable recovery command 2 460 show etherchannel command 2 462 show ethernet service evc command 2 465 show ethernet service instance command 2 466 show ethernet service interface command 2 468 show interface rep command 2 480 show interfaces command 2 470 show interfaces counters command 2...

Page 980: ...command C 12 show platform ip multicast command C 9 show platform ip policy command C 10 show platform ip unicast command C 11 show platform layer4op command C 13 show platform mac address table command C 14 show platform messaging command C 15 show platform monitor command C 16 show platform mvr table command C 17 show platform pm command C 18 show platform port asic command C 19 show platform po...

Page 981: ...mmand 2 659 spanning tree mst cost command 2 661 spanning tree mst forward time command 2 663 spanning tree mst hello time command 2 664 spanning tree mst max age command 2 665 spanning tree mst max hops command 2 666 spanning tree mst port priority command 2 669 spanning tree mst pre standard command 2 668 spanning tree mst priority command 2 671 spanning tree mst root command 2 672 spanning tree...

Page 982: ...interfaces 2 696 2 712 switchport access command 2 698 switchport backup interface command 2 700 switchport block command 2 704 switchport command 2 696 switchport host command 2 706 switchport mode command 2 707 switchport mode private vlan command 2 710 switchport nonegotiate command 2 712 switchport port security aging command 2 718 switchport port security command 2 714 switchport priority ext...

Page 983: ...or STP 2 680 user EXEC mode 1 2 V VCs assigning interfaces to 1 5 2 771 configuring 2 320 MPLS displaying 2 570 version boot loader command A 25 virtual circuits See VCs VLAN enabling guest VLAN supplicant 2 77 vlan global configuration command 2 751 vlan access map command 2 756 VLAN access map configuration mode 2 756 VLAN access maps actions 2 5 displaying 2 615 VLAN based QoS 2 315 VLAN config...

Page 984: ... server command 2 763 voice VLAN configuring 2 732 setting port priority 2 720 VPN routing forwarding table See VRF VQP and dynamic access ports 2 698 clearing client statistics 2 55 displaying information 2 617 per server retry count 2 762 reconfirmation interval 2 761 reconfirming dynamic VLAN assignments 2 760 VRF associating to an interface 2 198 configuring 2 196 VTP changing characteristics ...

Page 985: ...Index IN 22 Catalyst 3750 Metro Switch Command Reference OL 9645 10 ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands