REFERENCE GUIDE Cisco Small Business Pro SPS208G/SPS224G4/SPS2024 Ethernet Switches Command Line Interface
6bZg^XVh =ZVYfjVgiZgh 8^hXd HnhiZbh! >cX# HVc ?dhZ! 86 6h^V EVX^[^X =ZVYfjVgiZgh 8^hXd HnhiZbh JH6 EiZ# AiY# H^c\VedgZ :jgdeZ =ZVYfjVgiZgh 8^hXd HnhiZbh >ciZgcVi^dcVa 7K 6bhiZgYVb! I]Z CZi]ZgaVcYh 8^hXd ]Vh bdgZ i]Vc '%% d[[^XZh ldgaYl^YZ# 6YYgZhhZh! e]dcZ cjbWZgh! VcY [Vm cjbWZgh VgZ a^hiZY dc i]Z 8^hXd LZWh^iZ Vi lll#X^hXd#Xdb$\d$d[[^XZh# 889:! 88:CI! 8^hXd :dh! 8^hXd Ajb^c! 8^hXd CZmjh! 8^hXd HiVY^jbK^h^dc! 8^hXd IZaZEgZhZcXZ! 8^hXd LZW:m! i]Z 8^hXd ad\d! 98:! VcY LZaXdbZ id i]Z =jbVc CZildg` VgZ i
Contents Chapter 1: Introduction 18 Overview 18 CLI Command Modes 18 Accessing the Command Line Interface 22 Editing Features 28 Chapter 2: AAA Commands 33 aaa authentication login 33 aaa authentication enable 35 login authentication 36 enable authentication 37 ip http authentication 39 ip https authentication 40 show authentication methods 41 password 43 enable password 44 username 45 show users accounts 46 show privilege 47 Chapter 3: ACL Commands 48 ip access-list 4
Contents show interfaces access-lists Chapter 4: ARP Inspection Commands 62 64 ip arp inspection 64 ip arp inspection vlan 65 ip arp inspection trust 66 ip arp inspection validate 67 ip arp inspection list create 68 ip mac 69 ip arp inspection list assign 70 ip arp inspection logging interval 71 show ip arp inspection 72 show ip arp inspection list 73 Chapter 5: Address Table Commands 75 bridge address 75 bridge multicast filtering 76 bridge multicast address 77 bridge multi
Contents show bridge multicast address-table static 94 show bridge multicast filtering 95 show ports security 96 show ports security addresses 98 Chapter 6: Clock Commands 100 clock set 100 clock source 101 clock timezone 102 clock summer-time 103 sntp authentication-key 105 sntp authenticate 106 sntp port 107 sntp trusted-key 108 sntp client poll timer 109 sntp broadcast client enable 110 sntp anycast client enable 111 sntp client enable 112 sntp client enable (Interface)
Contents show startup-config Chapter 8: DHCP Commands 127 129 ip dhcp snooping 129 ip dhcp snooping vlan 130 ip dhcp snooping trust 131 ip dhcp information option allowed-untrusted 132 ip dhcp snooping verify 133 ip dhcp snooping database 134 ip dhcp snooping database update-freq 135 ip dhcp snooping binding 136 clear ip dhcp snooping database 137 show ip dhcp snooping 138 show ip dhcp snooping binding 139 Chapter 9: DHCP Relay Commands 141 ip dhcp relay enable (global) 141 ip
Contents Chapter 12: Ethernet Configuration Commands 150 interface ethernet 150 interface range ethernet 151 shutdown 152 description 153 speed 154 duplex 155 negotiation 156 port jumbo-frame 157 show system flowcontrol 158 flowcontrol 159 mdix 160 back-pressure 161 port jumbo-frame 162 sfp speed 163 clear counters 164 set interface active 165 show interfaces configuration 166 show interfaces status 167 show interfaces advertise 169 show interfaces description 170
Contents Chapter 13: GVRP Commands 182 gvrp enable (Global) 182 gvrp enable (Interface) 183 garp timer 184 gvrp vlan-creation-forbid 185 gvrp registration-forbid 186 clear gvrp statistics 187 show gvrp configuration 188 show gvrp statistics 189 show gvrp error-statistics 190 Chapter 14: IGMP Snooping Commands 192 ip igmp snooping (global) 192 ip igmp snooping (Interface) 193 ip igmp snooping mrouter 194 ip igmp snooping querier enable 195 ip igmp snooping host-time-out 196 i
Contents renew dhcp 211 ip default-gateway 212 show ip interface 213 arp 214 arp timeout 215 clear arp-cache 216 show arp 217 ip domain-lookup 218 ip domain-name 219 ip name-server 220 ip host 221 clear host 222 clear host dhcp 223 show hosts 224 Chapter 16: IP Source Guard Commands 226 ip source-guard (global) 226 ip source-guard (interface) 227 ip source-guard binding 228 ip source-guard tcam retries-freq 229 show ip source-guard configuration 230 show ip source-gu
Contents Chapter 18: Line Commands 242 line 242 speed 243 exec-timeout 244 show line 245 Chapter 19: Management ACL Commands 247 management access-list 247 management access-class 248 permit (management) 249 deny (management) 251 show management access-list 252 show management access-class 253 Chapter 20: PHY Diagnostics Commands 254 test copper-port tdr 254 show copper-ports tdr 255 show copper-ports cable-length 256 show fiber-ports optical-transceiver 257 Chapter 21: Po
Contents Chapter 23: QoS Commands 268 qos 268 show qos 269 class-map 270 show class-map 271 match 272 policy-map 273 class 274 show policy-map 276 trust 277 set 279 police 280 qos aggregate-policer 281 show qos aggregate-policer 283 police aggregate 284 wrr-queue bandwidth 285 wrr-queue cos-map 286 priority-queue out num-of-queues 288 traffic-shape 289 rate-limit (Ethernet) 290 show qos interface 291 qos wrr-queue threshold 293 qos map policed-dscp 295 qos map
Contents qos map dscp-mutation 302 show qos map 303 Chapter 24: RADIUS Commands 306 radius-server host 306 radius-server key 308 radius-server retransmit 309 radius-server source-ip 310 radius-server timeout 311 radius-server deadtime 312 show radius-servers 313 Chapter 25: RMON Commands 314 show rmon statistics 314 rmon collection history 317 show rmon collection history 318 show rmon history 319 rmon alarm 323 show rmon alarm-table 325 show rmon alarm 326 rmon event 3
Contents snmp-server filter 341 snmp-server host 342 snmp-server v3-host 344 snmp-server engineID local 346 snmp-server enable traps 348 snmp-server trap authentication 349 snmp-server contact 350 snmp-server location 351 snmp-server set 352 show snmp 353 show snmp engineID 355 show snmp views 355 show snmp groups 356 show snmp filters 358 show snmp users 359 Chapter 27: RSA and Certificate Commands 361 crypto certificate generate 361 crypto key generate dsa 363 crypto k
Contents spanning-tree port-priority 373 spanning-tree portfast 374 spanning-tree link-type 375 spanning-tree pathcost method 376 spanning-tree bpdu 377 spanning-tree guard root 378 clear spanning-tree detected-protocols 379 spanning-tree mst priority 380 spanning-tree mst max-hops 381 spanning-tree mst port-priority 382 spanning-tree mst cost 383 spanning-tree mst configuration 385 instance (mst) 386 name (mst) 387 revision (mst) 388 show (mst) 389 exit (mst) 390 abort (m
Contents show crypto key mypubkey 412 crypto certificate request 413 crypto certificate import 415 crypto certificate export 417 show crypto certificate mycertificate 418 Chapter 30: Syslog Commands 420 logging on 420 logging 421 logging console 422 logging buffered 423 logging buffered size 424 clear logging 425 logging file 426 clear logging file 427 aaa logging 428 file-system logging 429 management logging 430 show logging 431 show logging file 432 show syslog-serv
Contents show cpu utilization 449 show users 450 show sessions 451 show system 452 show version 454 show system tcam utilization 455 Chapter 32: TACACS+ Commands 456 tacacs-server host 456 tacacs-server key 458 tacacs-server timeout 459 tacacs-server source-ip 460 show tacacs 461 Chapter 33: User Interface Commands 463 login 463 configure 464 exit (configuration) 464 exit(EXEC) 465 end 466 help 467 history 468 history size 469 terminal history 470 terminal histor
Contents Chapter 34: VLAN Commands 477 switchport protected 477 switchport protected-port 478 switchport protected-port fastethernet 479 vlan database 480 vlan 481 default-vlan vlan 482 interface vlan 483 interface range vlan 484 name 485 switchport mode 486 switchport protected 487 switchport access vlan 488 switchport access multicast-tv vlan 489 switchport trunk allowed vlan 490 switchport trunk native vlan 491 switchport general allowed vlan 492 switchport general pvid
Contents Chapter 35: Web Server Commands 506 ip http server 506 ip http port 507 ip http exec-timeout 508 ip https server 509 ip https port 510 ip https exec-timeout 511 ip https certificate 512 show ip http 513 show ip https 514 Chapter 36: 802.
Contents dot1x radius-attributes vlan 537 dot1x single-host-violation 538 dot1x bpdu 539 show dot1x bpdu 541 dot1x guest-vlan 542 dot1x guest-vlan enable 543 dot1x mac-authentication 544 show dot1x advanced 545 Appendix A: Alias Names Alias Name Support Appendix B: Where to Go From Here 547 547 548 Product Resources 548 Related Documentation 548 Appendix C: Additional Information 549 Regulatory Compliance and Safety Information 549 Warranty 549 End User License Agreement (EULA
1 Introduction Overview This document describes the Command Line Interface (CLI) used to manage the Linksys SPS208G, SPS224G4, and SPS2024 switches. Unless noted otherwise, all of the CLI commands in this document apply to all three switches. This chapter describes the CLI command modes, how to access the CLI, and the CLI command editing features. CLI Command Modes For greater ease of use, the Command Line Interface (CLI) is divided into four command modes arranged hierarchically by privilege level.
1 Introduction CLI Command Modes User EXEC Mode This is the initial mode after system login (except for users who are defined as privileged users; refer to “Privileged EXEC Mode”). User EXEC mode is used for tasks that do not change the configuration, such as performing basic tests and listing system information.
1 Introduction CLI Command Modes Console# Console# disable Console> Global Configuration Mode The Global Configuration mode is used to configure features at the system level, and not at the interface level. To access Global Configuration mode from Privileged EXEC mode, enter the configure command at the Privileged EXEC mode prompt and press Enter.
1 Introduction CLI Command Modes Interface Configuration Mode Interface Configuration mode commands perform operations on specific interfaces. This mode is divided into the following submodes, each with a specific function: • Line Interface — Contains commands used to configure the management connections. These include commands such as line timeout settings, etc. The line Global Configuration mode command is used to enter the Line Configuration command mode.
Introduction Accessing the Command Line Interface 1 Accessing the Command Line Interface The Command Line Interface (CLI) can be accessed from a terminal or computer by performing one of the following tasks: • Running a terminal application, such as HyperTerminal, on a computer that is directly connected to the Switch’s console port, —or— • Running a telnet session from a command prompt on a computer with a network connection to the Switch.
1 Introduction Accessing the Command Line Interface Figure 1 Start > All Programs > Accessories > Communications > HyperTerminal STEP 3 Enter a name for this connection. Select an icon for the application, then click OK. Figure 2 STEP 4 HyperTerminal Connection Description Screen Select a port to communicate with the switch. Select COM1 or COM2.
1 Introduction Accessing the Command Line Interface Figure 3 STEP 5 HyperTerminal Connect To Screen Set the serial port settings as follows, then click OK.
1 Introduction Accessing the Command Line Interface Figure 4 HyperTerminal Properties Screen STEP 6 When the Command Line Interface appears, enter admin at the User Name prompt and press Enter. Figure 5 Command Line User Name Prompt The console# prompt is displayed. This prompt is where you enter CLI commands.
1 Introduction Accessing the Command Line Interface Figure 6 Command Line You can now enter CLI commands to manage the Switch. For detailed information on CLI commands, refer to the appropriate chapter(s) of this Reference Guide. Using Telnet over an Ethernet Interface Telnet provides a method of connecting to the Command Line Interface using TCP/ IP over a standard Ethernet connection. A telnet session can be established in HyperTerminal or from a command prompt.
1 Introduction Accessing the Command Line Interface Figure 8 STEP 3 The Command Line Interface will be displayed. Enter admin at the User Name prompt and press Enter. Figure 9 STEP 4 Command Prompt Command Line User Name Prompt The console# prompt is displayed. This prompt is where you enter CLI commands. Figure 10 Command Line You can now enter CLI commands to manage the Switch. For detailed information on CLI commands, refer to the appropriate chapter(s) of this Reference Guide.
1 Introduction Editing Features Editing Features Entering Commands A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces status ethernet e11, show, interfaces and status are keywords, ethernet is an argument that specifies the interface type, and e11 specifies the port. To enter commands that require parameters, enter the required parameters after the command keyword.
1 Introduction Editing Features Terminal Command Buffer Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets. Keyword Description Up-Arrow key Recalls commands in the history buffer, beginning with the most recent command.
1 Introduction Editing Features Command Completion If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing Tab after an incomplete command is entered, the system will attempt to identify and complete the command.
1 Introduction Editing Features Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts. Keyboard Key Description Up-arrow Recalls commands from the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. Down-arrow Returns the most recent commands from the history buffer after recalling commands with the up arrow key.
1 Introduction Editing Features Convention Description press key Names of keys to be pressed are shown in bold. Ctrl+F4 Keys separated by the + character are to be pressed simultaneously on the keyboard Screen Display Fixed-width font indicates CLI prompts, CLI commands entered by the user, and system messages displayed on the console. all When a parameter is required to define a range of ports or parameters and all is an option, the default for the command is all when no parameters are defined.
2 AAA Commands aaa authentication login The aaa authentication login Global Configuration mode command defines login authentication. To restore defaults, use the no form of this command. Syntax aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} Parameters • default — Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
2 AAA Commands aaa authentication login Keyword Description tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked. This has the same effect as the command aaa authentication login list-name local. NOTE If the authentication method is not defined, console users will be able to log in without any authentication check.
2 AAA Commands aaa authentication enable aaa authentication enable The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels. To restore defaults, use the no form of this command. Syntax aaa authentication enable {default | list-name} method1 [method2...
2 AAA Commands login authentication On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command aaa authentication enable default enable none. Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command.
2 AAA Commands enable authentication Parameters • default — Uses the default list created with the aaa authentication login command. • list-name — Uses the indicated list created with the aaa authentication login command. Default Configuration Uses the default set with the command aaa authentication login. Command Mode Line Configuration mode User Guidelines To change (or rename) an authentication method, use the negate command and create a new rule with the new method name.
2 AAA Commands enable authentication Syntax enable authentication {default | list-name} no enable authentication Parameters • default — Uses the default list created with the aaa authentication enable command. • list-name — Uses the indicated list created with the aaa authentication enable command. Default Configuration Uses the default set with the aaa authentication enable command. Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command.
2 AAA Commands ip http authentication ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for HTTP server users. To restore the default configuration, use the no form of this command. Syntax ip http authentication method1 [method2...] no ip http authentication Parameters • method1 [method2...] — Specify at least one method from the following list: Keyword Description local Uses the local username database for authentication.
2 AAA Commands ip https authentication User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line. Example The following example configures the HTTP authentication.
AAA Commands show authentication methods 2 Default Configuration The local user database is checked. This has the same effect as the command ip https authentication local. Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
AAA Commands show authentication methods 2 Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the authentication configuration.
2 AAA Commands password password The password Line Configuration mode command specifies a password on a line. To remove the password, use the no form of this command. Syntax password password [encrypted] no password Parameters • password — Password for this level. (Range: 1-159 characters) • encrypted — Encrypted password to be entered, copied from another device configuration. Default Configuration No password is defined.
2 AAA Commands enable password enable password The enable password Global Configuration mode command sets a local password to control access to user and privilege levels. To remove the password requirement, use the no form of this command. Syntax enable password [level level] password encrypted] no enable password [level level] Parameters • password — Password for this level. (Range: 1-159 characters) • level — Level for which the password applies. If not specified the level is 15 (Range: 1-15).
2 AAA Commands username username The username Global Configuration mode command creates a user account in the local database. To remove a user name, use the no form of this command. Syntax username name [password password] [evel level] [encrypted] no username name Parameters • name — The name of the user. (Range: 1-20 characters) • password — The authentication password for the user. (Range: 1-159 characters) • level — The user level (Range: 1-15).
2 AAA Commands show users accounts Example The following example configures a user named ‘bob’ with password ‘lee’ and user level 15 to the system. Console(config)# username bob password lee level 15 show users accounts The show users accounts Privileged EXEC mode command displays information about the users local database. Syntax show users accounts Default Configuration No default configuration for this command.
2 AAA Commands show privilege Username -------Bob Robert Smith Privilege --------15 15 15 show privilege To display your current level of privilege, use the show privilege command in EXEC mode. Syntax show privilege Parameters This command has no arguments or key words Default Configuration This command has no default configuration.
3 ACL Commands ip access-list The ip access-list Global Configuration mode command enables the IP-Access Configuration mode and creates Layer 3 ACLs. To delete an ACL, use the no form of this command. Syntax ip access-list access-list-name no ip access-list access-list-name Parameters • access-list-name — Specifies the name of the ACL. (Range: 0-32 characters) Use “” for empty string. Default Configuration The default for all ACLs is deny-all.
3 ACL Commands permit (ip) Example The following example shows how to create an IP ACL. Console(config)# ip access-list ip-acl1 Console(config-ip-al)# permit (ip) The permit IP-Access List Configuration mode command permits traffic if the conditions defined in the permit statement match.
3 ACL Commands permit (ip) • destination — Specifies the destination IP address of the packet. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255. • destination-wildcard — Specifies wildcard to be applied to the destination IP address. Use 1s in bit positions to be ignored. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255. • protocol — Specifies the abbreviated name or number of an IP protocol. (Range: 0-255).
3 ACL Commands permit (ip) IP Protocol Abbreviated Name Protocol Number (any IP protocol) any (25504) EIGRP routing protocol eigrp 88 Open Shortest Path Protocol ospf 89 IP-within-IP Encapsulation Protocol ipip 94 Protocol Independent Multicast pim 103 Layer Two Tunneling Protocol l2tp 115 ISIS over IPv4 isis 124 • dscp — Indicates matching the dscp-number with the packet dscp value.
3 ACL Commands deny (IP) fin. The flags are concatenated into one string. For example: +fin-ack. To define more than 1 flag - enter additional flags one after another without a space (example +syn-ack). Default Configuration No IPv4 ACL is defined. Command Mode IP-Access List Configuration mode User Guidelines Use the ip access-list Global Configuration mode command to enable the IPAccess List Configuration mode. Before an Access Control Element (ACE) is added to an ACL, all packets are permitted.
3 ACL Commands deny (IP) Syntax deny [disable-port] {any | protocol} {any | {source source-wildcard}} {ny | {destination destination-wildcard}} [dscp dscp number | ip-precedence ipprecedence] deny-icmp [disable-port] {any | {source source-wildcard}} {any | {destination destination-wildcard}} {ny | icmp-type} {any | icmp-code} [dscp number | ipprecedence number] deny-igmp [disable-port] {any | {source source-wildcard}} {any | {destination destination-wildcard}} {any | igmp-type} [dscp number | ip-precedenc
3 ACL Commands deny (IP) • protocol — Specifies the abbreviated name or number of an IP protocol. (Range: 0-255).
3 ACL Commands deny (IP) IP Protocol Abbreviated Name Protocol Number ISIS over IPv4 isis 124 (any IP protocol) any (25504) • in-port port-num — (Optional) Specifies the input port of the device. In case of egress classification this port will be the device input port. • out-port port-num — (Optional) Specifies the output port of the device. • dscp number — Indicates matching the dscp number with the packet dscp value.
3 ACL Commands mac access-list mac access-list The mac access-list Global Configuration mode command enables the MACAccess List Configuration mode and creates Layer 2 ACLs. To delete an ACL, use the no form of this command. Syntax mac access-list name no mac access-list name Parameters • name — Specifies the name of the ACL. (Range: 0-32 characters) Use “” for empty string. Default Configuration The default for all ACLs is deny all.
3 ACL Commands permit (MAC) permit (MAC) The permit MAC-Access List Configuration mode command defines permit conditions of an MAC ACL. Syntax permit {any | {host source source-wildcard} any | {destination destination-wildcard}} [lan vlan-id] [cos cos cos-wildcard] thtype eth-type] [inner-vlan vlan-id] Parameters • source — Specifies the source MAC address of the packet. • source-wildcard — Specifies wildcard bits to be applied to the source MAC address. Use 1s in bit positions to be ignored.
3 ACL Commands deny (MAC) User Guidelines Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied. If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface. Example The following example shows how to create a MAC ACL with permit rules.
3 ACL Commands deny (MAC) • destination-wildcard — (Optional for the first type) Specifies wildcard bits by placing 1’s in bit positions to be ignored. • vlan-id — Specifies the ID of the packet vlan. • cos — Specifies the packet’s Class of Service (CoS). • cos-wildcard — Specifies wildcard bits to be applied to the CoS. • eth-type — Specifies the packet’s Ethernet type. Default Configuration This command has no default configuration.
3 ACL Commands service-policy service-policy Apply a policy map to the input of a particular interface. Use no form in order to detach policy map from interface. The command is available in Advanced mode only. Syntax service-policy input policy-map-name no service-policy input Parameters • input — Use input policy-map-name to apply the specified policy-map to the input interface. • policy-map-name — Up to 32 characters. Default Configuration This command has no default configuration.
3 ACL Commands show access-lists Syntax service-acl input acl-name1 no service-acl input Parameters acl-name — Specifies an ACL to apply to the interface. Please see the usage guidelines. Default Configuration No ACL is assigned. Command Mode Interface configuration (Ethernet, Port-Channel). Usage Guidelines • Two ACLs of the same type can’t be added to a port.
3 ACL Commands show interfaces access-lists Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays access lists defined on a device. Console# show access-lists IP access list ACL1 permit ip host 172.30.40.1 any permit rsvp host 172.30.8.
3 ACL Commands show interfaces access-lists Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
4 ARP Inspection Commands ip arp inspection The ip arp inspection Global Configuration mode command globally enables ARP inspection. To disable ARP inspection, use the no form of this command. Syntax ip arp inspection no ip arp inspection Default Configuration The default configuration is set to disabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example globally enables ARP inspection.
ARP Inspection Commands ip arp inspection vlan 4 ip arp inspection vlan The ip arp inspection vlan Global Configuration mode command enables ARP inspection based on DHCP snooping database on a VLAN. To disable ARP inspection on a VLAN, use the no form of this command. Syntax ip arp inspection vlan-id no ip arp inspection vlan-id Parameters • vlan-id — Specifies a VLAN ID. Default Configuration The default configuration is set to disabled.
ARP Inspection Commands ip arp inspection trust 4 ip arp inspection trust The ip arp inspection trust Interface Configuration (Ethernet, Port-channel) mode command configures an interface trust state that determines if incoming Address Resolution Protocol (ARP) packets are inspected. To return to the default configuration, use the no form of this command. Syntax ip arp inspection trust no ip arp inspection trust Default Configuration The interface is untrusted.
4 ARP Inspection Commands ip arp inspection validate ip arp inspection validate The ip arp inspection validate Global Configuration mode command performs specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the no form of this command to return to the default settings. Syntax ip arp inspection validate no ip arp inspection validate Default Configuration The default configuration is set to disabled. Command Mode Global Configuration mode.
ARP Inspection Commands ip arp inspection list create 4 Example The following example perform specific checks for dynamic Address Resolution Protocol (ARP) inspection. Console(config)# ip arp inspection validate ip arp inspection list create The ip arp inspection list create Global Configuration mode command creates a static ARP binding list and to enter the ARP list configuration mode. To delete the list, use the no form of this command.
4 ARP Inspection Commands ip mac Example The following example creates a static ARP binding list and to enter the ARP list configuration mode. Console(config)# ip arp inspection list create ip mac The ip mac ARP-list Configuration mode command displays static ARP binding. To delete a binding, use the no form of this command. Syntax ip ip-address mac mac-address no ip ip-address mac mac-address Parameters • ip-address — Specifies the IP address to be entered to the list.
ARP Inspection Commands ip arp inspection list assign 4 Example The following example displays static ARP binding. Console(config)# ip arp inspection list servers Console(config-ARP-list)# ip 172.16.1.1 mac 0060.704C.7321 Console(config-ARP-list)# ip 172.16.1.2 mac 0060.704C.7322 ip arp inspection list assign The ip arp inspection list assign Global Configuration mode command assigns static ARP binding lists to a VLAN. To delete the assignment, use the no form of this command.
4 ARP Inspection Commands ip arp inspection logging interval Example The following example assigns static ARP binding lists to a VLAN. Console(config)# ip arp inspection list assign ip arp inspection logging interval The ip arp inspection logging interval Global Configuration mode command configures the minimal interval between successive ARP SYSLOG messages. To return to the default configuration, use the no form of this command.
ARP Inspection Commands show ip arp inspection 4 Example The following example configures the minimal interval between successive ARP SYSLOG messages. Console(config)# ip arp inspection logging interval show ip arp inspection The show ip arp inspection EXEC mode command displays the ARP inspection configuration. Syntax show ip arp inspection [ethernet interface | port-channel port-channel-number] Parameters • interface — Specifies an Ethernet port.
ARP Inspection Commands show ip arp inspection list 4 Example The following example displays the ARP inspection configuration. Console# show ip arp inspection IP ARP inspection is enabled. IP ARP inspection is configured on following VLANs: 2, 7-18 Verification of packet header is enabled Syslog messages interval: 5 seconds InterfaceTrusted ---------------e1yes e2no show ip arp inspection list The show ip arp inspection list Privileged EXEC mode command displays the static ARP binding list.
4 ARP Inspection Commands show ip arp inspection list Example The following example displays the static ARP binding list. Console# show ip arp inspection list List name: servers Assigned to VLANs: 1,2 IP ---------172.16.1.1 172.16.1.2 ARP -------------0060.704C.7321 0060.704C.
5 Address Table Commands bridge address The bridge address Interface Configuration (VLAN) mode command adds a MAClayer station source address to the bridge table. To delete the MAC address, use the no form of this command. Syntax bridge address mac-address {ethernet interface | port-channel port-channel-number} [permanent | delete-on-reset | delete-ontimeout | secure] no bridge address [mac-address] Parameters • mac-address — A valid MAC address. • interface— A valid Ethernet port.
Address Table Commands bridge multicast filtering 5 Default Configuration No static addresses are defined. The default mode for an added address is permanent. Command Mode Interface Configuration (VLAN) mode User Guidelines Using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN). Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port 1 to the bridge table.
Address Table Commands bridge multicast address 5 Default Configuration Filtering Multicast addresses is disabled. All Multicast addresses are flooded to all ports. Command Mode Global Configuration mode User Guidelines If Multicast devices exist on the VLAN, do not change the unregistered Multicast addresses state to drop on the switch ports.
5 Address Table Commands bridge multicast address Parameters • add — Adds ports to the group. If no option is specified, this is the default option. • remove — Removes ports from the group. • mac-multicast-address — A valid MAC Multicast address. • ip- multicast-address — A valid IP Multicast address. • interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
5 Address Table Commands bridge multicast forbidden address The following example registers the MAC address and adds ports statically. Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 01:00:5e:02:02:03 add ethernet e1, e2 bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration (VLAN) mode command forbids adding a specific Multicast address to specific ports. Use the no form of this command to restore the default configuration.
Address Table Commands bridge multicast forward-all 5 Default Configuration No forbidden addresses are defined. Command Mode Interface Configuration (VLAN) mode User Guidelines Before defining forbidden ports, the Multicast group should be registered. Example In this example, MAC address 0100.5e02.0203 is forbidden on port e9 within VLAN 8.
5 Address Table Commands bridge multicast forward-all Parameters • add — Force forwarding all Multicast packets. • remove — Do not force forwarding all Multicast packets. • interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports. • port-channel-number-list — Separate nonconsecutive port-channels with a comma and no spaces; a hyphen is used to designate a range of portchannels.
Address Table Commands bridge multicast forbidden forward-all 5 bridge multicast forbidden forward-all The bridge multicast forbidden forward-all Interface Configuration (VLAN) mode command forbids a port to be a forward-all-Multicast port. Use the no form of this command to restore the default configuration.
5 Address Table Commands bridge aging time Example In this example, forwarding all Multicast packets to e1 with VLAN 2 is forbidden. Console(config)# interface vlan 2 Console(config-if)# bridge multicast forbidden forward-all add ethernet e1 bridge aging time The bridge aging-time Global Configuration mode command sets the address table aging time. To restore the default configuration, use the no form of this command.
Address Table Commands clear bridge 5 Example In the following example, the bridge aging time is set to 250 seconds. Console(config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database. Syntax clear bridge Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
5 Address Table Commands port security port security The port security Interface Configuration mode command locks the port to block unknown traffic and prevent the port from learning new addresses. To restore defaults, use the no form of this command. Syntax port security [forward | discard | discard-shutdown] [trap seconds] no port security Parameters • forward — Forwards packets with unlearned source addresses, but does not learn the address.
5 Address Table Commands port security mode Example In this example, port e1 forwards all packets without learning addresses of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received. Console(config)# interface ethernet e1 Console(config-if)# port security forward trap 100 port security mode The port security mode Interface Configuration mode command configures the port security mode. To restore defaults, use the no form of this command.
5 Address Table Commands port security max User Guidelines There are no user guidelines for this command. Example In this example, port security mode is set to dynamic for Ethernet interface e7. Console(config)# interface ethernet e7 Console(config-if)# port security mode mac-addresses port security max The port security max Interface Configuration mode command configures the maximum addresses that can be learned on the port while the port is in port security max-addresses mode.
5 Address Table Commands show bridge address-table User Guidelines There are no user guidelines for this command. Example In this example the port security max interface configuration command configures the maximum addresses that can be learned on the port while the port is in port security max-addresses mode.
5 Address Table Commands show bridge address-table static Command Mode Privileged EXEC mode User Guidelines Internal usage VLANs (VLANs that are automatically allocated on ports with a defined Layer 3 interface) are presented in the VLAN column by a port number and not by a VLAN ID. “Special” MAC addresses that were not statically defined or dynamically learned are displayed in the MAC address table. This includes, for example, MAC addresses defined in ACLs.
5 Address Table Commands show bridge address-table static Parameters • vlan — Specifies a valid VLAN, such as VLAN 1. • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example In this example, all static entries in the bridge-forwarding database are displayed.
Address Table Commands show bridge address-table count 5 show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in the Forwarding Database. Syntax show bridge address-table count [vlan vlan] [Ethernet interface-number | portchannel port-channel-number] Parameters • vlan — Specifies a valid VLAN, such as VLAN 1. • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number.
Address Table Commands show bridge multicast address-table 5 Secure addresses: 2 Static addresses: 1 Dynamic addresses: 97 Internal addresses: 9 show bridge multicast address-table The show bridge multicast address-table Privileged EXEC mode command displays Multicast MAC address or IP Address Table information. Syntax show bridge multicast address-table [vlan vlan-id] [address macmulticast-address | ip-multicast-address] [format ip | format mac Parameters • vlan-id — Indicates the VLAN ID.
5 Address Table Commands show bridge multicast address-table User Guidelines A MAC address can be displayed in IP format only if it is in the range of 0100.5e00.0000-0100.5e7f.ffff. Example In this example, Multicast MAC address and IP Address Table information are displayed.
Address Table Commands show bridge multicast address-table static 5 NOTE A Multicast MAC address maps to multiple IP addresses as shown above. show bridge multicast address-table static The show bridge multicast address-table static Privileged EXEC mode command displays the statically configured Multicast addresses. Syntax show bridge multicast address-table static [vlan vlan-id] [address mac-multicastaddress | ip-multicast-address] [source ip-address] Parameters • vlan-id — Indicates the VLAN ID.
5 Address Table Commands show bridge multicast filtering Example Console# show bridge multicast address-table static MAC-GROUP Table Vlan ---1 MAC Address -------------0100.9923.8787 Type ------static Ports ----------e1, e2 Forbidden ports for Multicast addresses: Vlan ---- MAC Address -------------- Ports ----- show bridge multicast filtering The show bridge multicast filtering Privileged EXEC mode command displays the Multicast filtering configuration.
5 Address Table Commands show ports security Example In this example, the Multicast configuration for VLAN 1 is displayed. Console# show bridge multicast filtering 1 Filtering: Enabled VLAN: 1 Port ---e1 e2 e3 Static --------- Status --------Filter Filter Filter show ports security The show ports security Privileged EXEC mode command displays the port-lock status. Syntax show ports security [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port.
5 Address Table Commands show ports security User Guidelines There are no user guidelines for this command. Example In this example, all classes of entries in the port-lock status are displayed: Console# show ports security Port ---e1 e2 e3 Status ------ Learning -------Locked Unlocked Locked Action Maximum -----------Dynamic Discard Dynamic Disabled Discard, Trap Frequency ---- --------3 Enable100 28-8 DisableShutdown The following table describes the fields shown above.
5 Address Table Commands show ports security addresses show ports security addresses The show ports security addresses Privileged EXEC mode command displays the current dynamic addresses in locked ports. Syntax show ports security addresses [ethernet interface | port-channel port-channelnumber] Parameters • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number Default Configuration This command has no default configuration.
5 Address Table Commands show ports security addresses e4 e5 e6 ch1 ch2 Port is a Disabled Enabled Enabled Enabled member in port-channel ch1 Lock 1 Max-addresses 0 10 Max-addresses 0 50 Max-addresses 0 128 This example displays dynamic addresses in the currently locked port e1.
6 Clock Commands clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year or clock set hh:mm:ss month day year Parameters • hh:mm:ss — Current time in hours (military format), minutes, and seconds. (hh: 0-23, mm: 0-59, ss: 0-59) • day — Current day (by date) in the month. (Range: 1-31) • month — Current month using the first three letters by name. (Range: Jan, …, Dec) • year — Current year.
6 Clock Commands clock source User Guidelines There are no user guidelines for this command. Example The following example sets the system time to 13:32:00 on March 7th, 2005. Console# clock set 13:32:00 7 Mar 2005 clock source The clock source Global Configuration mode command configures an external time source for the system clock. Use the no form of this command to disable external time source.
6 Clock Commands clock timezone Example The following example configures an external time source for the system clock. Console(config)# clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes. Use the no form of this command to set the time to the Coordinated Universal Time (UTC). Syntax clock timezone hours-offset [minutes minutes-offset] [zone acronym] no clock timezone Parameters • hours-offset — Hours difference from UTC.
6 Clock Commands clock summer-time User Guidelines The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set. Example The following example sets the time zone to 6 hours difference from UTC. Console(config)# clock timezone -6 zone CST clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time).
6 Clock Commands clock summer-time • eu — The summer time rules are the European Union rules. • week — Week of the month. (Range: 1-5, first, last) • day — Day of the week (Range: first three letters of name; for example, sun) • date — Date of the month. (Range:1-31) • month — Month. (Range: first three letters of name; for example, Jan) • year — year - no abbreviation (Range: 2000-2097) • hh:mm — Time in military format, in hours and minutes.
6 Clock Commands sntp authentication-key USA rule for daylight savings time: • Start: Second Sunday in March • End: First Sunday in November • Time: 2 am local time EU rule for daylight savings time: • Start: Last Sunday in March • End: Last Sunday in October • Time: 1.00 am (01:00) Example The following example sets summer time starting on the first Sunday in April at 2 am and finishing on the last Sunday in October at 2 am.
6 Clock Commands sntp authenticate Default Configuration No authentication key is defined. Command Mode Global Configuration mode User Guidelines Multiple keys can be generated. Example The following example defines the authentication key for SNTP. Console(config)# sntp authentication-key 8 md5 ClkKey sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol (SNTP) traffic from servers.
6 Clock Commands sntp port User Guidelines The command is relevant for both Unicast and Broadcast. Example The following example defines the authentication key for SNTP and grants authentication. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 sntp port To specify the Simple Network Time Protocol (SNTP) UDP port of the SNTP server, use the sntp port global configuration command. To use the default port, use the no form of this command.
6 Clock Commands sntp trusted-key User Guidelines The command can change the SNTP UDP port. Example Console(config)# sntp port 12555 sntp trusted-key The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. Use the no form of this command to disable authentication of the identity of the system.
6 Clock Commands sntp client poll timer If there is at least 1 trusted key, then unauthenticated messages will be ignored. Example The following example authenticates key 8. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 sntp client poll timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol (SNTP) client. Use the no form of this command to restore default configuration.
6 Clock Commands sntp broadcast client enable Example The following example sets the polling time for the SNTP client to 120 seconds. Console(config)# sntp client poll timer 120 sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables Simple Network Time Protocol (SNTP) Broadcast clients. Use the no form of this command to disable SNTP Broadcast clients.
6 Clock Commands sntp anycast client enable sntp anycast client enable The sntp anycast client enable Global Configuration mode command enables SNTP Anycast client. Use the no form of this command to disable the SNTP Anycast client. Syntax sntp anycast client enable no sntp anycast client enable Default Configuration The SNTP Anycast client is disabled. Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command.
6 Clock Commands sntp client enable sntp client enable The sntp client enable Global Configuration mode command enables the Simple Network Time Protocol (SNTP) Broadcast and Anycast client on an interface. Use the no form of this command to disable the SNTP client.
6 Clock Commands sntp client enable (Interface) Example The following example enables the Simple Network Time Protocol (SNTP) Broadcast and Anycast client on an interface. console(config)# sntp client enable sntp client enable (Interface) The sntp client enable Interface Configuration (Ethernet, port-channel, VLAN) mode command enables the Simple Network Time Protocol (SNTP) client on an interface. This applies to both receive Broadcast and Anycast updates.
6 Clock Commands sntp unicast client enable Example The following example enables the SNTP client on Ethernet port e3. Console(config)# interface ethernet e3 Console(config-if)# sntp client enable sntp unicast client enable The sntp unicast client enable Global Configuration mode command enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. Use the no form of this command to disable requesting and accepting SNTP traffic from servers.
6 Clock Commands sntp unicast client poll sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined Unicast servers. Use the no form of this command to disable the polling for SNTP client. Syntax sntp unicast client poll no sntp unicast client poll Default Configuration Polling is disabled.
6 Clock Commands sntp server sntp server The sntp server Global Configuration mode command configures the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from a specified server. Use the no form of this command to remove a server from the list of SNTP servers. Syntax sntp server {ip-address | hostname} [oll] [key keyid] no sntp server host Parameters • ip-address — IP address of the server. • hostname — Hostname of the server.
6 Clock Commands show clock To enable polling you should also use the sntp unicast client poll Global Configuration mode command for global enabling. Polling time is determined by the sntp client poll timer Global Configuration mode command. Example The following example configures the device to accept SNTP traffic from the server on 192.1.1.1. Console(config)# sntp server 192.1.1.1 show clock The show clock Privileged EXEC mode command displays the time and date from the system clock.
6 Clock Commands show clock User Guidelines The symbol that precedes the show clock display indicates the following information: Symbol Description * Time is not authoritative. (blank) Time is authoritative. . Time is authoritative, but SNTP is not synchronized. Example The following example displays the time and date from the system clock.
6 Clock Commands show sntp configuration show sntp configuration The show sntp configuration Privileged EXEC mode command shows the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the current SNTP configuration of the device.
6 Clock Commands show sntp status Broadcast Clients: Enabled Anycast Clients: Enabled Broadcast Interfaces: e1, e3 show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows the status of the SNTP.
6 Clock Commands show sntp status Unicast servers: Server Status ---------- ------176.1.1.8 Up 176.1.8.179 Unknown Last response Offset [mSec] ---------------------------------19:58:22.289 PDT Feb 19 2005 7.33 12:17.17.987 PDT Feb 19 2005 8.98 Delay [mSec] -----117.79 189.19 Anycast server: Server Interface Status Last response Offset Delay [mSec] [mSec] ---------- --------- ------ -----------------------------------9:53:21.789 PDT Feb 19 2005 7.19 119.89 176.1.11.
7 Configuration and Image File Commands copy The copy Privileged EXEC mode command copies files from a source to a destination. Syntax copy source-url destination-url [snmp] Parameters • source-url — The source file location URL or reserved keyword of the source file to be copied. (Range: 1-160 characters) • destination-url — The destination file URL or reserved keyword of the destination file. (Range: 1-160 characters) • snmp — Used only when copying from/to startup-config.
7 Configuration and Image File Commands copy Keyword Source or Destination boot Boot file. tftp:// Source or destination URL for a TFTP network server. The syntax for this alias is tftp://host/[directory]/filename. The host can be represented by its IP address or hostname. xmodem: Source for the file from a serial connection that uses the Xmodem protocol. null: Null destination for copies or files. A remote file can be copied to null to determine its size.
7 Configuration and Image File Commands copy The following table describes copy characters: Character Description ! For network transfers, indicates that the copy process is taking place. Each exclamation point indicates successful transfer of ten packets (512 bytes each). . For network transfers, indicates that the copy process timed out. Generally, many periods in a row means that the copy process may fail.
Configuration and Image File Commands delete startup-config 7 Example The following example copies system image file1 from the TFTP server 172.16.101.101 to a non-active image file. Console# copy tftp://172.16.101.101/file1 image Accessing file ‘file1’ on 172.16.101.101... Loading file1 from 172.16.101.
Configuration and Image File Commands show running-config 7 Examples The following example deletes the startup-config file. Console# delete startup-config show running-config The show running-config Privileged EXEC mode command displays the contents of the currently running configuration file. Syntax show running-config Default Configuration This command has no default configuration.
Configuration and Image File Commands show startup-config 7 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable interface ethernet g24 ip address dhcp exit ip name-server 10.6.1.36 console# show startup-config The show startup-config Privileged EXEC mode command displays the contents of the startup configuration file.
Configuration and Image File Commands show startup-config 7 User Guidelines There are no user guidelines for this command. Example The following example displays the contents of the running configuration file. Console# show startup-config hostname device interface ethernet e1 ip address 176.242.100.100 255.255.255.0 duplex full speed 1000 interface ethernet e2 ip address 176.243.100.100 255.255.255.
8 DHCP Commands ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. Use the no form of this command to return to the default configuration. Syntax ip dhcp snooping no ip dhcp snooping Default Configuration The default configuration is set to disabled. Command Mode Global Configuration mode User Guidelines For any DHCP snooping configuration to take effect, DHCP snooping must be globally enable.
8 DHCP Commands ip dhcp snooping vlan ip dhcp snooping vlan The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN. Use the no form of this command to disable DHCP snooping on a VLAN. Syntax ip dhcp snooping vlan vlan-id no ip dhcp snooping vlan-id Parameters • vlan-id — Specifies the VLAN ID. Default Configuration The default configuration is set to disabled.
8 DHCP Commands ip dhcp snooping trust ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration (Ethernet, Port-channel) mode command configures a port as trusted for DHCP snooping purposes. Use the no form of this command to return to the default configuration. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration The interface is untrusted.
DHCP Commands ip dhcp information option allowed-untrusted 8 ip dhcp information option allowed-untrusted The ip dhcp information option allowed-untrusted Global Configuration mode command on a switch configures it to accept DHCP packets with option-82 information from an untrusted port. Use the no form of this command to configure the switch to drop these packets from an untrusted port.
8 DHCP Commands ip dhcp snooping verify ip dhcp snooping verify The ip dhcp snooping verify Global Configuration mode command configures the switch to verify, on an untrusted port, that the source MAC address in a DHCP packet matches the client hardware address. Use the no form of this command to configure the switch to not verify the MAC addresses.
8 DHCP Commands ip dhcp snooping database ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file. Use the no form of this command to delete the binding file. Syntax ip dhcp snooping database no ip dhcp snooping database Default Configuration The URL is not defined.
DHCP Commands ip dhcp snooping database update-freq 8 ip dhcp snooping database update-freq The ip dhcp snooping database update-freq Global Configuration Command configures the update frequency of the DHCP snooping binding file. Use the no form of this command to return to the default configuration. Syntax ip dhcp snooping database update-freq seconds no ip dhcp snooping database update-freq Parameters • seconds — Specifies, in seconds, the update frequency.
8 DHCP Commands ip dhcp snooping binding ip dhcp snooping binding The ip dhcp snooping binding Privileged EXEC mode command configures the DHCP snooping binding database and adds binding entries to the database. Use the no form of this command to delete entries from the binding database.
DHCP Commands clear ip dhcp snooping database 8 Example The following example configures the DHCP snooping binding database and adds binding entries to the database. Console(enable)# ip dhcp snooping binding clear ip dhcp snooping database The clear ip dhcp snooping database Privileged EXEC mode command clears the DHCP binding database. Syntax clear ip dhcp snooping database Default Configuration This command has no default configuration.
8 DHCP Commands show ip dhcp snooping show ip dhcp snooping The show ip dhcp snooping Privileged EXEC mode command displays the DHCP snooping configuration. Syntax show ip dhcp snooping [ethernet interface | port-channel port-channel-number] Parameters • interface — Specifies the Ethernet port. • port-channel-number — Specifies the Port-channel number. Default Configuration This command has no default configuration.
8 DHCP Commands show ip dhcp snooping binding Interface ---------------e1 e2 Trusted ---------------Yes Yes show ip dhcp snooping binding The show ip dhcp snooping binding Privileged EXEC mode command displays the DHCP snooping binding database and configuration information for all interfaces on a switch.
8 DHCP Commands show ip dhcp snooping binding User Guidelines There are no user guidelines for this command. Example The following example displays the DHCP snooping binding database and configuration information for all interfaces on a switch. Console# show ip dhcp snooping binding Update frequency: 1200 Total number of binding: 3 Mac Address IP Address Lease (sec) ----------0060.704C.73FF ---------- -------- ---------- ---- ---------10.1.8.1 7983 snooping 3 e21 10060.704C.7BC1 10.1.8.
9 DHCP Relay Commands ip dhcp relay enable (global) The ip dhcp relay enable Global Configuration mode command enables Dynamic Host Configuration Protocol (DHCP) relay features on your router. Use the no form of this command to disable the relay agent features. Syntax ip dhcp relay enable no ip dhcp relay enable Default Configuration DHCP is disabled on the router. Command Mode Global (Interface) Configuration mode User Guidelines This command is only functional if the device is in Router mode.
DHCP Relay Commands ip dhcp relay enable (interface) 9 ip dhcp relay enable (interface) The ip dhcp relay enable Interface Configuration mode command enables Dynamic Host Configuration Protocol (DHCP) relay features for an interface. Use the no form of this command to disable the relay agent features. Syntax ip dhcp relay enable no ip dhcp relay enable Default Configuration For a switch: Disabled.
9 DHCP Relay Commands ip dhcp relay address ip dhcp relay address The ip dhcp relay address Global Configuration mode command defines the DHCP servers that are available for DHCP relay. Use the no form of this command to remove a server from the available DHCP servers list. Syntax ip dhcp relay address ip-address no ip dhcp relay address [ip-address] Parameters • ip-address — DHCP server IP address. Up to 8 servers can be defined. Default Configuration No server is defined.
DHCP Relay Commands show ip dhcp relay 9 show ip dhcp relay The show ip dhcp relay Privileged EXEC mode command displays the defined DHCP relay server addresses available for DHCP relay. Syntax show ip dhcp relay Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command is only functional if the device is in Router mode. Example The following example displays DHCP relay server addresses.
10 DHCP Option 82 Commands ip dhcp information option The ip dhcp information option Global Configuration mode command enables DHCP option-82 data insertion. Use the no form of this command to disable DHCP option-82 data insertion. Syntax ip dhcp information option no ip dhcp information option Default Configuration DHCP option-82 data insertion is enabled. Command Mode Global Configuration mode. User Guidelines DHCP option 82 is enabled when DHCP snooping is enabled on VLANs.
DHCP Option 82 Commands show ip dhcp information option 10 show ip dhcp information option The show ip dhcp information option Privileged EXEC command displays the DHCP option 82 configuration. Syntax show ip dhcp information option Default Configuration No default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines DHCP option 82 is enabled when DHCP snooping is enabled on VLANs.
11 DHCP Auto-configuration ip dhcp autoconfig To enable the support of auto configuration via DHCP option 67 field, use the ip dhcp autoconfig global configuration command. To disable DHCP auto configuration, use the no form of this command. Syntax ip dhcp autoconfig no ip dhcp autoconfig Command Mode Global configuration Default Configuration By default the feature is enabled Usage Guidelines The command enables the support of auto-configuration via DHCP option 67 field.
11 DHCP Auto-configuration ip dhcp autoconfig file ip dhcp autoconfig file To manually set the file name for auto configuration via DHCP option 67 field, use the ip dhcp autoconfig file global configuration command. To delete the auto configuration filename, use the no form of this command. Syntax ip dhcp autoconfig file filename no ip dhcp autoconfig file Parameters • filename — Auto-configuration file name (up to 160 characters).
DHCP Auto-configuration show ip dhcp autoconfig 11 show ip dhcp autoconfig To show the status of the IP DHCP autoconfig mode use the show ip dhcp autoconfig EXEC command. Syntax show ip dhcp autoconfig Command Mode EXEC Example Device# show ip dhcp autoconfig DHCP autoconfig enabled Ip dhcp autoconfig filename /config/configfile1.
12 Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface Parameters • interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Ethernet Configuration Commands interface range ethernet 12 interface range ethernet The interface range ethernet Global Configuration mode command configures multiple Ethernet type interfaces at the same time. Syntax interface range ethernet {port-list | all} Parameters • port-list — List of valid ports. Where more than one port is listed, separate the nonconsecutive ports with a comma and no spaces, use a hyphen to designate a range of ports and group a list separated by commas in brackets.
Ethernet Configuration Commands shutdown 12 shutdown The shutdown Interface Configuration (Ethernet, port-channel) mode command disables an interface. Use the no form of this command to restart a disabled interface. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example disables Ethernet port e5 operations.
Ethernet Configuration Commands description 12 description The description Interface Configuration (Ethernet, port-channel) mode command adds a description to an interface. Use the no form of this command to remove the description. Syntax description string no description Parameters • string — A comment or a description of the port to allow the user to remember the purpose of the interface. (Range: 1-64 characters) Default Configuration The interface does not have a description.
Ethernet Configuration Commands speed 12 speed The speed Interface Configuration (Ethernet, port-channel) mode command configures the speed of a given Ethernet interface when not using autonegotiation. NOTE To configure the speed of a fiber SFP port, use the sfp speed command. Syntax speed {10 | 100 | 1000| 10000} Parameters • 10 — Forces 10 Mbps operation. • 100 — Forces 100 Mbps operation. • 1000 — Forces 1000 Mbps operation. • 10000 — Forces 10000 Mbps operation.
Ethernet Configuration Commands duplex 12 Example The following example configures the speed operation of Ethernet port e5 to 100 Mbps operation. Console(config)# interface ethernet e5 Console(config-if)# speed 100 duplex The duplex Interface Configuration (Ethernet) mode command configures the full/ half duplex operation of a given Ethernet interface when not using autonegotiation. Use the no form of this command to restore the default configuration.
Ethernet Configuration Commands negotiation 12 User Guidelines When configuring a particular duplex mode on the port operating at 10/100 Mbps, disable the auto-negotiation on that port. Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps. Example The following example configures the duplex operation of Ethernet port 1 to full duplex operation.
Ethernet Configuration Commands port jumbo-frame 12 Default Configuration Auto-negotiation is enabled. If unspecified, the default setting is to enable all capabilities of the port. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines If the capabilities are specified at the time when auto-negotiation is entered, not specifying capabilities when entering auto-negotiation overrides the previous configuration and enables all capabilities.
Ethernet Configuration Commands show system flowcontrol 12 Default Configuration Off User Guidelines The command would be effective only after reset. Command Mode Global configuration Examples Console(config)# port jumbo-frame show system flowcontrol The command is for SPS2024 only. Use the show system flowcontrol command to display the cascade ports flowcontrol state. Syntax show system flowcontrol Parameters This command has no arguments or keywords.
Ethernet Configuration Commands flowcontrol 12 Command Mode EXEC flowcontrol The flowcontrol Interface Configuration (Ethernet, port-channel) mode command configures flow control on a given interface. Use the no form of this command to disable flow control.
Ethernet Configuration Commands mdix 12 Example In the following example, flow control is enabled on port 1. Console(config)# interface ethernet 1 Console(config-if)# flowcontrol on mdix The mdix Interface Configuration (Ethernet) mode command enables cable crossover on a given interface. Use the no form of this command to disable cable crossover. NOTE (SPS224G4 combo ports) This command applies when the copper port is used. The configuration does not apply when an SFP is plugged to the port.
Ethernet Configuration Commands back-pressure 12 User Guidelines Auto: All possibilities to connect a PC with cross or normal cables are supported and are automatically detected. On: It is possible to connect to a PC only with a normal cable and to connect to another device only with a cross cable. No: It is possible to connect to a PC only with a cross cable and to connect to another device only with a normal cable. Example In the following example, automatic crossover is enabled on port 1.
Ethernet Configuration Commands port jumbo-frame 12 Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example In the following example back pressure is enabled on port 1. Console(config)# interface ethernet 1 Console(config-if)# back-pressure port jumbo-frame Use port jumbo-frame command to enable jumbo frames for the device. To disable it, use the no form of this command.
Ethernet Configuration Commands sfp speed 12 sfp speed The sfp speed Interface Configuration (Ethernet) mode command configures the speed of an SFP Ethernet interface. Use the no form of this command to disable sfp speed. NOTE The sfp speed command is supported in SPS2xx products.
Ethernet Configuration Commands clear counters 12 Example The following example configures the speed at 100 Mbps. Console(config)# interface ethernet 1 Console(config)# sfp speed 100 1 clear counters The clear counters Privileged EXEC mode command clears statistics on an interface. Syntax clear counters [ethernet interface | port-channel port-channel-number] Parameters • interface — Valid Ethernet port. • port-channel-number — Valid port-channel number.
Ethernet Configuration Commands set interface active 12 Example In the following example, the counters for interface 1 are cleared. Console# clear counters ethernet e1 set interface active The set interface active Privileged EXEC mode command reactivates a shutdown interface. Syntax set interface active {ethernet interface | port-channel port-channel-number} Parameters • interface — Valid Ethernet port. • port-channel-number — Valid port-channel number.
Ethernet Configuration Commands show interfaces configuration 12 Example The following example reactivates interface 1. Console# set interface active ethernet 1 show interfaces configuration The show interfaces configuration Privileged EXEC mode command displays the configuration for all configured interfaces. Syntax show interfaces configuration [ethernet interface | port-channel port-channelnumber] Parameters • interface — Valid Ethernet port. • port-channel-number — Valid port-channel number.
12 Ethernet Configuration Commands show interfaces status Example The following example displays the configuration of all configured interfaces: Console# show interfaces configuration Port Type ---1 2 3 4 5 6 7 8 9 10 11 Duplex Speed Neg ---------- -----100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full 100M-Copper Full ----100 100 100 100 100 100 100 100 100 100 100 ------Enabled En
12 Ethernet Configuration Commands show interfaces status Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the status of all configured interfaces.
12 Ethernet Configuration Commands show interfaces advertise show interfaces advertise The show interfaces advertise Privileged EXEC mode command displays autonegotiation data. Syntax show interfaces advertise [ethernet interface | port-channel port-channel-number] Parameters • interface — Valid Ethernet port. • port-channel-number — Valid port-channel number. Default Configuration This command has no default configuration.
12 Ethernet Configuration Commands show interfaces description 5 6 7 8 9 10 11 12 100M-Copper 100M-Copper 100M-Copper 100M-Copper 100M-Copper 100M-Copper 100M-Copper 100M-Copper Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled 100f, 100h, 10f, 10h -------- show interfaces description The show interfaces description Privileged EXEC mode command displays the description for all configured interfaces.
Ethernet Configuration Commands show interfaces counters 12 Example The following example displays descriptions of configured interfaces. Console# show interfaces description Port ---e1 e2 e3 e4 e5 e6 ch1 ch2 Description ----------lab show interfaces counters The show interfaces counters Privileged EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port.
12 Ethernet Configuration Commands show interfaces counters Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays traffic seen by the physical interface.
12 Ethernet Configuration Commands show interfaces counters The following example displays counters for Ethernet port e1.
12 Ethernet Configuration Commands show ports jumbo-frame Field Description Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully. Late Collisions Number of times that a collision is detected later than one slotTime into the transmission of a packet. Oversize Packets Counted frames received that exceed the maximum permitted frame size.
Ethernet Configuration Commands port storm-control broadcast enable 12 User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of jumbo frames on the device. Console# show port jumbo-frame Jumbo frames are disabled Jumbo frames will be enabled after reset port storm-control broadcast enable The port storm-control broadcast enable Interface Configuration (Ethernet) mode command enables Broadcast storm control.
Ethernet Configuration Commands port storm-control broadcast rate 12 Use the port storm-control include-multicast Global Configuration mode command to enable counting Multicast packets in the storm control calculation. Example The following example enables Broadcast storm control on port 1 of a device.
Ethernet Configuration Commands port storm-control include-multicast 12 User Guidelines Use the port storm-control broadcast enable Interface Configuration mode command to enable Broadcast storm control. Example The following example configures a port storm-control Broadcast rate of 4000 on port e2.
Ethernet Configuration Commands port storm-control unknown-unicast fastethernet enable 12 Example The following example enables counting Multicast packets in the port stormcontrol broadcast rate command. Console(config)# port storm-control include-multicast port storm-control unknown-unicast fastethernet enable The port storm-control unknown-unicast fastethernet enable Global Configuration mode Command enables unknown unicast storm control for FE ports.
Ethernet Configuration Commands port storm-control unknown-unicast fastethernet rate 12 Example The following example enables unknown unicast storm control for FE ports. Console(config)# port storm-control unknown-unicast fastethernet enable port storm-control unknown-unicast fastethernet rate The port storm-control unknown-unicast fastethernet rate Global Configuration mode command configures the maximum rate of unknown unicast storm control for FE ports.
Ethernet Configuration Commands show ports storm-control 12 The calculated rate includes the 20 bytes of Ethernet framing overhead (preamble+SFD+IPG). Example The following example configures the maximum rate of unknown unicast storm control for FE ports to 10M. console(config)# port storm-control unknown-unicast fastethernet rate 3500 show ports storm-control The show ports storm-control Privileged EXEC mode command displays the storm control configuration.
12 Ethernet Configuration Commands show ports storm-control Example The following example displays the storm control configuration.
13 GVRP Commands gvrp enable (Global) GARP VLAN Registration Protocol (GVRP) is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single device is manually configured with all desired VLANs for the network, and all other devices on the network learn these VLANs dynamically. The gvrp enable Global Configuration mode command enables GVRP globally. Use the no form of this command to disable GVRP on the device.
13 GVRP Commands gvrp enable (Interface) Example The following example enables GVRP globally on the device. Console(config)# gvrp enable gvrp enable (Interface) The gvrp enable Interface Configuration (Ethernet, port-channel) mode command enables GVRP on an interface. Use the no form of this command to disable GVRP on an interface. Syntax gvrp enable no gvrp enable Default Configuration GVRP is disabled on all interfaces.
13 GVRP Commands garp timer Example The following example enables GVRP on Ethernet port e6. Console(config)# interface ethernet e6 Console(config-if)# gvrp enable garp timer The garp timer Interface Configuration (Ethernet, Port channel) mode command adjusts the values of the join, leave and leaveall timers of GARP applications. Use the no form of this command to restore the default configuration.
13 GVRP Commands gvrp vlan-creation-forbid User Guidelines The following relationship must be maintained between the timers: Leave time must be greater than or equal to three times the join time. Leave-all time must be greater than the leave time. Set the same GARP timer values on all Layer 2-connected devices. If the GARP timers are set differently on Layer 2-connected devices, the GARP application will not operate successfully.
13 GVRP Commands gvrp registration-forbid User Guidelines This command forbids dynamic VLAN creation from the interface. The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists. Example The following example disables dynamic VLAN creation on Ethernet port 1.
13 GVRP Commands clear gvrp statistics Example The following example forbids dynamic registration of VLANs on Ethernet port 1. Console(config)# interface ethernet 1 Console(config-if)# gvrp registration-forbid clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical information. Syntax clear gvrp statistics [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port.
13 GVRP Commands show gvrp configuration Example The following example clears all GVRP statistical information on Ethernet port 1. Console# clear gvrp statistics ethernet 1 show gvrp configuration The show gvrp configuration Privileged EXEC mode command displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports are running GVRP.
13 GVRP Commands show gvrp statistics Example The following example displays GVRP configuration information. Console# show gvrp configuration GVRP Feature is currently enabled on the device.
13 GVRP Commands show gvrp error-statistics User Guidelines There are no user guidelines for this command. Example The following example shows GVRP statistical information.
13 GVRP Commands show gvrp error-statistics Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays GVRP statistical information.
14 IGMP Snooping Commands ip igmp snooping (global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled. Command Mode Global Configuration mode User Guidelines IGMP snooping can only be enabled on static VLANs. It must not be enabled on Private VLANs or their community VLANs.
IGMP Snooping Commands ip igmp snooping (Interface) 14 ip igmp snooping (Interface) The ip igmp snooping Interface Configuration (VLAN) mode command enables Internet Group Management Protocol (IGMP) snooping on a specific VLAN. Use the no form of this command to disable IGMP snooping on a VLAN interface. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled.
IGMP Snooping Commands ip igmp snooping mrouter 14 ip igmp snooping mrouter The ip igmp snooping mrouter Interface Configuration (VLAN) mode command enables automatic learning of Multicast device ports in the context of a specific VLAN. Use the no form of this command to remove automatic learning of Multicast device ports. Syntax ip igmp snooping mrouter learn-pim-dvmrp no ip igmp snooping mrouter learn-pim-dvmrp Default Configuration Automatic learning of Multicast device ports is enabled.
14 IGMP Snooping Commands ip igmp snooping querier enable ip igmp snooping querier enable Use the ip igmp snooping querier enable interface configuration command to enable Internet Group Management Protocol (IGMP) querier on a specific VLAN. Use the no form of this command to disable IGMP querier on a VLAN interface.
14 IGMP Snooping Commands ip igmp snooping host-time-out ip igmp snooping host-time-out The ip igmp snooping host-time-out Interface Configuration (VLAN) mode command configures the host-time-out. If an IGMP report for a Multicast group is not received for a host-time-out period from a specific port, this port is deleted from the member list of that Multicast group. Use the no form of this command to restore the default configuration.
14 IGMP Snooping Commands ip igmp snooping mrouter-time-out ip igmp snooping mrouter-time-out The ip igmp snooping mrouter-time-out Interface Configuration (VLAN) mode command configures the mrouter-time-out. The ip igmp snooping mrouter-timeout Interface Configuration (VLAN) mode command is used for setting the agingout time after Multicast device ports are automatically learned. Use the no form of this command to restore the default configuration.
14 IGMP Snooping Commands ip igmp snooping leave-time-out ip igmp snooping leave-time-out The ip igmp snooping leave-time-out Interface Configuration (VLAN) mode command configures the leave-time-out. If an IGMP report for a Multicast group is not received for a leave-time-out period after an IGMP Leave is received from one of the ports in the VLAN, this port is deleted from the member list of that Multicast group. Use the no form of this command to restore the default configuration.
14 IGMP Snooping Commands ip igmp snooping multicast-tv Example The following example configures the host leave timeout to 60 seconds. Console(config)# interface vlan 2 Console(config-if)# ip igmp snooping leave-time-out 60 ip igmp snooping multicast-tv The ip igmp snooping multicast-tv Global Configuration mode command defines the Multicast ip-addresses that are associated with a Multicast-TV VLAN. Use the no form of this command to remove all associations.
14 IGMP Snooping Commands ip igmp snooping map cpe vlan User Guidelines Use this command to define the Multicast transmissions on a Multicast-TV VLAN. The configuration is only relevant for an access port, which is a member in the configured VLAN as a Multicast-TV VLAN. If an IGMP message is received on such an access port, it is associated with the Multicast-TV VLAN provided that one of the Multicast IP addresses are associated with the Multicast-TV VLAN.
IGMP Snooping Commands show ip igmp snooping mrouter 14 Command Mode Global configuration Command Usage Use this command to associate CPE VLAN to a Multicast-TV VLAN. If an IGMP message is received on a customer port tagged with a CPE VLAN, and there is a mapping from that CPE VLAN to a Multicast-TV VLAN, the IGMP message is associated with the Multicast-TV VLAN. Example The following example maps an internal CPE VLAN number 4 to the Multicast TV VLAN number 300.
14 IGMP Snooping Commands show ip igmp snooping interface Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays Multicast device interfaces in VLAN 1000.
14 IGMP Snooping Commands show ip igmp snooping groups Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays IGMP snooping information on VLAN 1000.
14 IGMP Snooping Commands show ip igmp snooping groups Parameters • vlan-id — Specifies the VLAN number • ip-multicast-address — Specifies the IP Multicast address Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines To see the full Multicast Address Table (including static addresses) use the show bridge multicast address-table Privileged EXEC command. Example The following example shows IGMP snooping information on Multicast groups.
14 IGMP Snooping Commands show ip igmp snooping multicast-tv show ip igmp snooping multicast-tv The show ip igmp snooping multicast-tv Privileged EXEC mode command displays the IP addresses associated with Multicast TV VLANs. Syntax show ip igmp snooping multicast-tv [vlan vlan-id] Parameters • vlan-id — Specifies the VLAN ID value. • ip-multicast-address — Specifies the IP Multicast address. Default Configuration This command has no default configuration.
14 IGMP Snooping Commands show ip igmp snooping cpe vlans 1000 1000 1000 1000 1000 239.255.0.4 239.255.0.5 239.255.0.6 239.255.0.7 239.255.0.0 show ip igmp snooping cpe vlans The show ip igmp snooping cpe vlans Privileged EXEC mode command displays the CPE VLANs to Multicast TV VLANs mappings. Syntax show ip igmp snooping cpe vlans [vlan vlan-id] Parameters • vlan-id — CPE VLAN ID value. Default Configuration This command has no default configuration.
14 IGMP Snooping Commands show ip igmp snooping cpe vlans Example The following example displays the CPE VLANs to Multicast TV VLAN mappings.
15 IP Address Commands ip address The ip address Interface Configuration (VLAN) mode command sets an IP address. Use the no form of this command to remove an IP address. Syntax ip address ip-address {mask | prefix-length} [default-gateway ip-address] no ip address [ip-address] Parameters • ip-address — Specifies the valid IP address • mask — Specifies the valid network mask of the IP address. • prefix-length — Specifies the number of bits that comprise the IP address prefix.
15 IP Address Commands ip address dhcp User Guidelines An IP address cannot be configured for a range of interfaces (range context). This command is only functional if the device is in Switch mode. Example The following example configures VLAN 1 with IP address 131.108.1.27 and subnet mask 255.255.255.0. Console(config)# interface vlan 1 Console(config-if)# ip address 131.108.1.27 255.255.255.
15 IP Address Commands ip address dhcp Command Mode Interface Configuration (VLAN) mode User Guidelines This command is only functional if the device is in Switch mode. The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. Some DHCP servers require that the DHCPDISCOVER message have a specific host name. The ip address dhcp hostname host-name command is most typically used when the host name is provided by the system administrator.
15 IP Address Commands renew dhcp renew dhcp The renew dhcp Privileged EXEC mode command renews an IP address acquired from a DHCP server. Syntax renew dhcp [force-autoconfig] Parameters • force-autoconfig — If the DHCP server holds a DHCP option 67 record for the assigned IP address, the file would overwrite the existing device configuration Default Configuration This command has no default configuration.
15 IP Address Commands ip default-gateway ip default-gateway The ip default-gateway Global Configuration mode command defines a default gateway (device). Use the no form of this command to restore the default configuration. Syntax ip default-gateway ip-address no ip default-gateway Parameters • ip-address — Specifies the valid IP address of the currently defined default gateway. Default Configuration No default gateway is defined.
15 IP Address Commands show ip interface show ip interface The show ip interface Privileged EXEC mode command displays the usability status of configured IP interfaces. Syntax show ip interface [vlan vlan-id ] Parameters • vlan-id — Specifies a valid VLAN number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
15 IP Address Commands arp arp The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache. Use the no form of this command to remove an entry from the ARP cache. Syntax arp ip_addr hw_addr {vlan vlan-id } no arp ip_addr {vlan vlan-id } Parameters • ip_addr — Valid IP address or IP alias to map to the specified MAC address. • hw_addr — Valid MAC address to map to the specified IP address or IP alias. • vlan-id — Valid VLAN number.
15 IP Address Commands arp timeout Example The following example adds IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. Console(config)# arp 198.133.219.232 00:00:0c:40:0f:bc arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache. Use the no form of this command to restore the default configuration.
15 IP Address Commands clear arp-cache Example The following example configures the ARP timeout to 12000 seconds. Console(config)# arp timeout 12000 clear arp-cache The clear arp-cache Privileged EXEC mode command deletes all dynamic entries from the ARP cache. Syntax clear arp-cache Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
15 IP Address Commands show arp show arp The show arp Privileged EXEC mode command displays entries in the ARP table. Syntax show arp [ip-address ip-address] [mac-address mac-address] Parameters • ip-address — Displays the ARP entry of a specific IP address • mac-address — Displays the ARP entry of a specific MAC address Default Configuration This command has no default configuration.
15 IP Address Commands ip domain-lookup VLAN -----VLAN 1 Dynamic VLAN 1 IP Address ----------10.7.1.102 HW AddressStatus ---------------------00:10:B5:04:DB:4B 10.7.1.135 00:50:22:00:2A:A4Static ip domain-lookup The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation. Use the no form of this command to disable DNS-based host name-to-address translation.
15 IP Address Commands ip domain-name ip domain-name The ip domain-name Global Configuration mode command defines a default domain name used by the software to complete unqualified host names (names without a dotted-decimal domain name). Use the no form of this command to remove the default domain name. Syntax ip domain-name name no ip domain-name Parameters • name — Specifies the default domain name used to complete unqualified host names.
15 IP Address Commands ip name-server ip name-server The ip name-server Global Configuration mode command defines the available name servers. Use the no form of this command to remove a name server. Syntax ip name-server server-address [server-address2 … server-address8] no ip name-server [server-address1 … server-address8] Parameters • server-address — Specifies IP addresses of the name server. Default Configuration No name server addresses are specified.
15 IP Address Commands ip host ip host The ip host Global Configuration mode command defines static host name-toaddress mapping in the host cache. Use the no form of this command to remove the name-to-address mapping. Syntax ip host name address no ip host name Parameters • name — Specifies the name of the host. (Range: 1-158 characters) • address — Specifies the associated IP address. Default Configuration No host is defined.
15 IP Address Commands clear host clear host The clear host Privileged EXEC mode command deletes entries from the host name-to-address cache. Syntax clear host {name | *} Parameters • name — Specifies the host entry to be removed. (Range: 1-158 characters) • * — Removes all entries. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
15 IP Address Commands clear host dhcp clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name-to-address mapping received from Dynamic Host Configuration Protocol (DHCP). Syntax clear host dhcp {name | *} Parameters • name — Specifies the host entry to be removed. (Range: 1-158 characters) • * — Removes all entries. Default Configuration This command has no default configuration.
15 IP Address Commands show hosts show hosts The show hosts Privileged EXEC mode command displays the default domain name, a list of name server hosts, the static and the cached list of host names and addresses. Syntax show hosts [name] Parameters • name — Specifies the host name. (Range: 1-158 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
15 IP Address Commands show hosts Configured host name-to-address mapping: Host ---accounting.gm.com Cache Host ---www.stanford.edu Addresses --------176.16.8.8 176.16.8.9 (DHCP) TTL(Hours) Total Elapsed ----------72 3 SPS208G/SPS224G4/SPS2024 Command Line Interface Reference Guide Type ---IP Addresses --------171.64.14.
16 IP Source Guard Commands ip source-guard (global) The ip source-guard Global Configuration mode command globally enables the IP source guard. Use the no form of this command to disable IP source guard. Syntax ip source-guard no ip source-guard Default Configuration IP source guard is disabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables the IP source guard.
IP Source Guard Commands ip source-guard (interface) 16 ip source-guard (interface) The ip source-guard Interface Configuration (Ethernet, Port-channel) mode command enables IP source guard on an interface. Use the no form of this command to disable IP source guard. Syntax ip source-guard no ip source-guard Default Configuration IP source guard is disabled.
IP Source Guard Commands ip source-guard binding 16 ip source-guard binding The ip source-guard binding Global Configuration mode command configures the static IP source bindings on the switch. Use the no form of this command to delete static bindings. Syntax ip source-guard binding mac-address vlan-id ip-address {ethernet interface | portchannel port-channel-number} no ip source-guard binding mac-address vlan-id Parameters • mac-address — Specifies a MAC address. • vlan-id — Specifies a VLAN number.
16 IP Source Guard Commands ip source-guard tcam retries-freq Example The following example configures the static IP source bindings on the switch. Console(config)# ip source-guard binding 00:01:01:02:02:02 1 192.168.2.10 ethernet e2 ip source-guard tcam retries-freq The ip source-guard tcam retries-freq Global Configuration mode command configures the frequency of retries for TCAM resources for inactive IP source guard addresses. Use the no form of this command to return to the default configuration.
IP Source Guard Commands show ip source-guard configuration 16 User Guidelines Since the IP source guard uses the Ternary Content Addressable Memory (TCAM) resources, there may be situations where IP source guard addresses are inactive because of a lack of TCAM resources. By default, every minute the software conducts a search for available space in the TCAM for the inactive IP source guard addresses. You can use this command to change the frequency or to disable automatic retries for TCAM space.
16 IP Source Guard Commands show ip source-guard status Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the IP source guard configuration.
16 IP Source Guard Commands show ip source-guard status Parameters • mac-address—Specifies a MAC address. • ip-address—Specifies an IP address. • vlan-id—Specifies a VLAN number. • interface—Specifies an Ethernet port. • port-channel-number—Specifies a Port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example.
IP Source Guard Commands show ip source-guard inactive 16 show ip source-guard inactive The show ip source-guard inactive Privileged EXEC mode command displays the IP source guard inactive addresses. Syntax show ip source-guard inactive Default Configuration This command has no default configuration.
IP Source Guard Commands show ip source-guard inactive 16 Interface Filter IP Address MAC Address VLAN Type Reason --------- ------ ---------- ------------- ----- -----e32 IP 10.1.8.32 0060.704C.
17 LACP Commands lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. Use the no form of this command to restore the default configuration. Syntax lacp system-priority value no lacp system-priority Parameters • value — Specifies system priority value. (Range: 1-65535) Default Configuration The default system priority is 1. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
17 LACP Commands lacp port-priority Example The following example configures the system priority to 120. Console(config)# lacp system-priority 120 lacp port-priority The lacp port-priority Interface Configuration (Ethernet) mode command configures physical port priority. Use the no form of this command to return to the default configuration. Syntax lacp port-priority value no lacp port-priority Parameters • value — Specifies port priority.
17 LACP Commands lacp timeout Example The following example defines the priority of Ethernet port e6 as 247. Console(config)# interface ethernet e6 Console(config-if)# lacp port-priority 247 lacp timeout The lacp timeout Interface Configuration (Ethernet) mode command assigns an administrative LACP timeout. Use the no form of this command to return to the default configuration. Syntax lacp timeout {long | short} no lacp timeout Parameters • long — Specifies the long timeout value.
17 LACP Commands show lacp ethernet Example The following example assigns a long administrative LACP timeout to Ethernet port e6. Console(config)# interface ethernet e6 Console(config-if)# lacp timeout long show lacp ethernet The show lacp ethernet Privileged EXEC mode command displays LACP information for Ethernet ports. Syntax show lacp ethernet interface [parameters | statistics | protocol-state] Parameters • interface — Valid Ethernet port. • parameters — Link aggregation parameter information.
17 LACP Commands show lacp ethernet Example The following example display LACP information for Ethernet port e1.
17 LACP Commands show lacp port-channel e1 LACP Statistics: ACP PDUs sent: LACP PDUs received: e1 LACP Protocol State: LACP State Machines: Receive FSM: Mux FSM: Periodic Tx FSM: Control Variables: BEGIN: LACP_Enabled: Ready_N: Selected: Port_moved: NNT: Port_enabled: Timer Counters periodic tx timer: current while timer: wait while timer: 2 2 Port Disabled State Detached State No Periodic State FALSE TRUE FALSE UNSELECTED FALSE FALSE FALSE 0 0 0 show lacp port-channel The show lacp port-channel Privil
17 LACP Commands show lacp port-channel Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays LACP information about port-channel 1.
18 Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the Line Configuration command mode. Syntax line {console | telnet | ssh} Parameters • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
18 Line Commands speed Example The following example configures the device as a virtual terminal for remote console access. Console(config)# line telnet Console(config-line)# speed The speed Line Configuration mode command sets the line baud rate. Use the no form of this command to restore the default configuration. Syntax speed bps no speed Parameters • bps — Baud rate in bits per second (bps). Possible values are 2400, 4800, 9600, 19200, 38400, 57600 and 115200.
18 Line Commands exec-timeout Example The following example configures the line baud rate. Console(config)# line console Console(config-line)# speed 115200 exec-timeout The exec-timeout Line Configuration mode command sets the interval that the system waits until user input is detected. Use the no form of this command to restore the default configuration. Syntax exec-timeout minutes [seconds] no exec-timeout Parameters • minutes — Specifies the number of minutes for the timeout.
18 Line Commands show line Example The following example configures the interval that the system waits until user input is detected to 20 minutes. Console(config)# line console Console(config-line)# exec-timeout 20 show line The show line Privileged EXEC mode command displays line parameters. Syntax show line [console | telnet | ssh] Parameters • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet).
18 Line Commands show line Example The following example displays the line configuration.
19 Management ACL Commands management access-list The management access-list Global Configuration mode command configures a management Access List and enters the Management Access-List Configuration command mode. Use the no form of this command to delete an Access List. Syntax management access-list name no management access-list name Parameters • name— Specifies the Access List name. (Range: 1-32 characters) Default Configuration This command has no default configuration.
Management ACL Commands management access-class 19 If no match criteria are defined the default is ‘deny’. If the device is reentered to an Access-List context, the new rules are entered at the end of the Access-List. Use the management access-class command to choose the active Access-List. The active management list cannot be updated or removed.
19 Management ACL Commands permit (management) Parameters • name— Specifies the Access List name. (Range: 1-32 characters) • console-only—Indicates that the device can be managed only from the console. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures an access list called ‘mlist’ as the management access list.
19 Management ACL Commands permit (management) Parameters • ip-address — A valid source IP address. • mask — A valid network mask of the source IP address. • prefix-length — Number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0-32) • vlan — The VLAN number. • port-channel — The port-channel number. • service — The service type condition. Default Configuration If no permit rule is defined, the default is set to deny.
19 Management ACL Commands deny (management) deny (management) The deny Management Access-List Configuration mode command defines a deny rule. Syntax deny ip-source ip-address [mask mask | prefix-length] Parameters • ip-address — A valid source IP address. • mask — A valid network mask of the source IP address. • prefix-length — Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0-32) • vlan — The VLAN number.
Management ACL Commands show management access-list 19 Example The following example denies all ports in the access list called ‘mlist’. Console(config)# management access-list mlist Console(config-macl)# deny ip-source 172.16.15.3 show management access-list The show management access-list Privileged EXEC mode command displays management access lists. Syntax show management access-list Default Configuration This command has no default configuration.
Management ACL Commands show management access-class 19 show management access-class The show management access-class Privileged EXEC mode command displays the active management access list. Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information about the active management access list.
20 PHY Diagnostics Commands test copper-port tdr The test copper-port tdr Privileged EXEC mode command uses Time Domain Reflectometry (TDR) technology to diagnose the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface Parameters • interface — A valid Ethernet port. Default Configuration This command has no default configuration.
PHY Diagnostics Commands show copper-ports tdr 20 Example The following example results in a report on the cable attached to port e3. Console# test copper-port tdr e3 Cable is open at 64 meters Console# est copper-port tdr g4 Can’t perform this test on fiber ports show copper-ports tdr The show copper-ports tdr Privileged EXEC mode command displays information on the last Time Domain Reflectometry (TDR) test performed on copper ports.
20 PHY Diagnostics Commands show copper-ports cable-length Example The following example displays information on the last TDR test performed on all copper ports.
20 PHY Diagnostics Commands show fiber-ports optical-transceiver User Guidelines The port must be active and working in 1000M mode. Example The following example displays the estimated copper cable length attached to all ports.
20 PHY Diagnostics Commands show fiber-ports optical-transceiver Command Mode Privileged EXEC mode User Guidelines To test optical transceivers, ensure a fiber link is present. Example The following example displays the optical transceiver diagnostics results.
PHY Diagnostics Commands show fiber-ports optical-transceiver 20 Output Power – Measured TX output power in milliWatts Input Power – Measured RX received power milliWatts Tx Fault – Transmitter fault LOS – Loss of signal SPS208G/SPS224G4/SPS2024 Command Line Interface Reference Guide 259
21 Port Channel Commands interface port-channel The interface port-channel Global Configuration mode command enters the Global Configuration mode to configure a specific port-channel. Syntax interface port-channel port-channel-number Parameters • port-channel-number — A valid port-channel number. (Range: 1-64) Default Configuration This command has no default configuration.
21 Port Channel Commands interface range port-channel Example The following example enters the context of port-channel number 1. Console(config)# interface port-channel 1 interface range port-channel The interface range port-channel Global Configuration mode command enters the Global Configuration mode to configure multiple port-channels. Syntax interface range port-channel {port-channel-range | all} Parameters • port-channel-range — List of valid port-channels to add.
21 Port Channel Commands channel-group Example The following example groups port-channels 1, 2 and 6 to receive the same command. Console(config)# interface range port-channel 1-2,6 channel-group The channel-group Interface Configuration (Ethernet) mode command associates a port with a port-channel. Use the no form of this command to remove a port from a port-channel.
21 Port Channel Commands show interfaces port-channel Example The following example forces port e1 to join port-channel 1 without an LACP operation. Console(config)# interface ethernet e1 Console(config-if)# channel-group 1 mode on show interfaces port-channel The show interfaces port-channel Privileged EXEC mode command displays portchannel information. Syntax show interfaces port-channel [port-channel-number] Parameters • port-channel-number — Valid port-channel number.
21 Port Channel Commands show interfaces port-channel Example The following example displays information on all port-channels.
22 Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session. Use the no form of this command to stop a port monitoring session. Syntax port monitor src-interface [rx | tx] no port monitor src-interface Parameters • src-interface — Valid Ethernet port. • rx — Monitors received packets only. • tx — Monitors transmitted packets only. Default Configuration Monitors both received and transmitted packets.
22 Port Monitor Commands show ports monitor User Guidelines This command enables traffic on one port to be copied to another port, or between the source port (src-interface) and a destination port (port being configured). The following restrictions apply to ports configured as destination ports: The port cannot be already configured as a source port. The port cannot be a member in a port-channel. An IP interface is not configured on the port. GVRP is not enabled on the port.
22 Port Monitor Commands show ports monitor Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how the port monitoring status is displayed.
23 QoS Commands qos The qos Global Configuration mode command enables quality of service (QoS) on the device. Use the no form of this command to disable QoS on the device. Syntax qos [basic | advanced] no qos Parameters • basic — QoS basic mode. • advanced — QoS advanced mode, which enables the full range of QoS configuration. Default Configuration The QoS basic mode is enabled.
23 QoS Commands show qos Example The following example enables QoS on the device. Console(config)# qos basic show qos The show qos Privileged EXEC mode command displays the quality of service (QoS) mode for the device. Syntax show qos Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Trust mode is displayed if QoS is enabled in basic mode.
23 QoS Commands class-map class-map The class-map Global Configuration mode command creates or modifies a class map and enters the Class-map Configuration mode. Use the no form of this command to delete a class map. Syntax class-map class-map-name [match-all | match-any] no class-map class-map-name Parameters • class-map-name — Specifies the name of the class map (Range: 0-32 characters). • match-all — Checks that the packet matches all classification criteria in the class map match statement.
23 QoS Commands show class-map The Class-Map Configuration mode enables entering up to two match Class-map Configuration mode commands to configure the classification criteria for the specified class. If two match Class-map Configuration mode commands are entered, each should point to a different type of ACL (e.g., one to an IP ACL and one to a MAC ACL).
23 QoS Commands match Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows the class map for class1. Console# show class-map class1 Class Map match-any class1 (id4) match The match Class-map Configuration mode command defines the match criteria for classifying traffic. Use the no form of this command to delete the match criteria.
23 QoS Commands policy-map Default Configuration No match criterion is supported. Command Mode Class-map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example defines the match criterion for classifying traffic as an access group called ‘enterprise’ in a class map called ‘class1’.
23 QoS Commands class Command Mode Global Configuration mode User Guidelines Before configuring policies for classes whose match criteria are defined in a class map, use the policy-map Global Configuration mode command to specify the name of the policy map to be created or modified. Class policies in a policy map can only be defined if match criteria has already been defined for the classes.
23 QoS Commands class Parameters • class-map-name — Specifies the name of an existing class map. If the class map does not exist, a new class map will be created under the specified name (Range: 0-32 characters). • acl-name — Specifies the name of an IP or MAC ACL. Default Configuration No policy map is defined.
23 QoS Commands show policy-map show policy-map The show policy-map Privileged EXEC mode command displays the policy maps. Syntax show policy-map [policy-map-name [class-name]] Parameters • policy-map-name — Specifies the name of the policy map to be displayed. • class-name — Specifies the name of the class whose QoS policies are to be displayed. Default Configuration This command has no default configuration.
23 QoS Commands trust Policy Map policy2 class class 2 police 96000 4800 exceed-action drop class class3 police 124000 96000 exceed-action policed-dscp-transmit trust The trust Policy-Map Class Configuration mode command configures the trust state, which selects the value QoS uses as the source of internal DSCP value. Use no trust in order to return to the default trust state. Syntax trust [cos | dscp | cos-dscp] no trust Parameters • cos—QoS set the queue according to CoS to Queue Map.
23 QoS Commands trust User Guidelines • Use this command to distinguish the quality of service (QoS) trust behavior for certain traffic from others. For example, incoming traffic with certain DSCP values can be trusted. Configure a class map to match and trust the DSCP values in the incoming traffic. • Trust values set with this command supersede trust values set on specific interfaces with the qos trust interface configuration command.
23 QoS Commands set set The set Policy-map Class Configuration mode command sets new values in the IP packet. Syntax set {dscp new-dscp | queue queue-id | cos new-cos} no set Parameters • new-dscp — Specifies a new DSCP value for the classified traffic. (Range: 0-63) • queue-id — Specifies an explicit queue ID for setting the egress queue. • new-cos — Specifies a new user priority for marking the packet.
23 QoS Commands police Policy maps that contain set or trust Policy-map Class Configuration commands or that have ACL classifications cannot be attached to an egress interface by using the service-policy (Ethernet, Port-channel) Interface Configuration mode command. To return to the Policy-map Configuration mode, use the exit command. To return to the Privileged EXEC mode, use the end command.
23 QoS Commands qos aggregate-policer Default Configuration This command has no default configuration. Command Mode Policy-map Class Configuration mode User Guidelines Policing uses a token bucket algorithm. CIR represents the speed with which the token is removed from the bucket. CBS represents the depth of the bucket. Example The following example defines a policer for classified traffic. When the traffic rate exceeds 124,000 bps or the normal burst size exceeds 96000 bps, the packet is dropped.
23 QoS Commands qos aggregate-policer Parameters • aggregate-policer-name — Specifies the name of the aggregate policer. • committed-rate-bps — Specifies the average traffic rate (CIR) in bits per second (bps). • excess-burst-byte — Specifies the normal burst size (CBS) in bytes. • drop — Indicates that when the rate is exceeded, the packet is dropped. • policed-dscp-transmit — Indicates that when the rate is exceeded, the DSCP of the packet is remarked.
23 QoS Commands show qos aggregate-policer An aggregate policer can be applied to multiple classes in the same policy map; An aggregate policer cannot be applied across multiple policy maps. This policer can also be used in Cascade police to make a cascade policer. An aggregate policer cannot be deleted if it is being used in a policy map. The no police aggregate Policy-map Class Configuration command must first be used to delete the aggregate policer from all policy maps.
23 QoS Commands police aggregate Example The following example displays the parameters of the aggregate policer called ‘policer1’. Console# show qos aggregate-policer policer1 aggregate-policer policer1 96000 4800 exceed-action drop not used by any policy map police aggregate The police aggregate Policy-map Class Configuration mode command applies an aggregate policer to multiple classes within the same policy map. Use the no form of this command to remove an existing aggregate policer from a policy map.
23 QoS Commands wrr-queue bandwidth To return to the Policy-map Configuration mode, use the exit command. To return to the Privileged EXEC mode, use the end command. Example The following example applies the aggregate policer called ‘policer’1 to a class called ‘class1’ in policy map called ‘policy1’.
23 QoS Commands wrr-queue cos-map User Guidelines The ratio for each queue is defined by the queue weight divided by the sum of all queue weights (also referred to as the normalized weight). This command sets the ratio of the frequency in which the WRR packet scheduler de-queues packets, and not the bandwidth. In other words, the ratio is of the number of packets and not the bytes sent from each queue.
23 QoS Commands wrr-queue cos-map Default Configuration CoS values are mapped to 8 queues as follows: Cos0 is mapped to queue 3. Cos1 is mapped to queue 1. Cos2 is mapped to queue 2. Cos3 is mapped to queue 4. Cos4 is mapped to queue 5. Cos5 is mapped to queue 6. Cos6 is mapped to queue 7. Cos7 is mapped to queue 8.
23 QoS Commands priority-queue out num-of-queues priority-queue out num-of-queues The priority-queue out num-of-queues Global Configuration mode command configures the number of expedite queues. Use the no form of this command to restore the default configuration. Syntax priority-queue out num-of-queues number-of-queues no priority-queue out num-of-queues Parameters • number-of-queues — Specifies the number of expedite queues. Expedite queues have higher indexes.
23 QoS Commands traffic-shape traffic-shape The traffic-shape Interface Configuration (Ethernet, port-channel) mode command configures the shaper of the egress port/queue. Use the no form of this command to disable the shaper. Syntax traffic-shape {committed-rate excess-burst} [queue-id] no traffic-shape [queue-id] Parameters • committed-rate — Specifies the average traffic rate (CIR) in bits per second (bps).
23 QoS Commands rate-limit (Ethernet) Example The following example sets a shaper on Ethernet port e5 when the average traffic rate exceeds 124000 bps or the normal burst size exceeds 96000 bps. Console(config)# interface ethernet e5 Console(config-if) traffic-shape 124000 96000 rate-limit (Ethernet) The rate-limit interface configuration command limits the rate of the incoming traffic. The no form of this command is used to disable the rate limit.
23 QoS Commands show qos interface Example The following example limits the rate of the incoming traffic. Console(config)# interface ethernet e5 Console(config-if) rate-limit show qos interface The show qos interface Privileged EXEC mode command displays Quality of Service (QoS) information on the interface.
23 QoS Commands show qos interface Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines If no keyword is specified, port QoS mode (for example., DSCP trusted, CoS trusted, untrusted), default CoS value, DSCP-to-DSCP-mutation map attached to the port, and policy map attached to the interface are displayed. If no interface is specified, QoS information about all interfaces is displayed.
23 QoS Commands qos wrr-queue threshold qid Threshold 1 2 3 4 5 6 7 8 100 100 100 100 N/A N/A N/A N/A qid Min DP0 Max Prob Min DP0 DP0 DP1 Max DP1 Prob Min DP1 DP2 Max DP2 Prob DP2 Weight 1 2 3 4 5 6 7 8 N/A N/A N/A N/A 50 50 50 50 N/A N/A N/A N/A 60 60 60 60 N/A N/A N/A N/A 80 80 80 80 N/A N/A N/A N/A 6 6 6 6 N/A N/A N/A N/A 95 95 95 95 N/A N/A N/A N/A 4 4 4 4 N/A N/A N/A N/A 2 2 2 2 N/A N/A N/A N/A 13 13 13 13 N/A N/A N/A N/A 65 65 65 65 N/A N/A N/A N/A 85 85 85 85 qos wrr-queue t
23 QoS Commands qos wrr-queue threshold no qos wrr-queue threshold tengigabitethernet queue-id Parameters • gigabitethernet — Indicates that the thresholds are to be applied to Gigabit Ethernet ports. • tengigabitethernet — Indicates that the thresholds are to be applied to 10 Gigabit Ethernet ports. • queue-id — Specifies the queue number to which the threshold is assigned. • threshold-percentage0,1,2 — Specifies the queue threshold percentage value. Each value is separated by a space.
23 QoS Commands qos map policed-dscp qos map policed-dscp The qos map policed-dscp Global Configuration mode command modifies the policed-DSCP map for remarking purposes. Use the no form of this command to restore the default map. Syntax qos map policed-dscp dscp-list to dscp-mark-down no qos map policed-dscp Parameters • dscp- list — Specifies up to 8 DSCP values separated by a space. (Range: 0-63) • dscp-mark-down — Specifies the DSCP value to mark down.
23 QoS Commands qos map dscp-queue qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to CoS map. Use the no form of this command to restore the default map. Syntax qos map dscp-queue dscp-list to queue-id no qos map dscp-queue Parameters • dscp-list — Specifies up to 8 DSCP values separated by a space. (Range: 0 - 63) • queue-id — Specifies the queue number to which the DSCP values are mapped.
23 QoS Commands qos map dscp-dp Example The following example maps DSCP values 33, 40 and 41 to queue 1. Console(config)# qos map dscp-queue 33 40 41 to 1 qos map dscp-dp The qos map dscp-dp Global Configuration mode command maps the DSCP to Drop Precedence. Use the no form of this command to restore the default configuration. Advanced mode only.
23 QoS Commands qos trust (Global) Command Mode Global Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example displays how to priorities dscp values within the same queue. Console(config)# qos map dscp-dp 30 to 0 qos trust (Global) The qos trust Global Configuration mode command configures the system to the basic mode and trust state. Use the no form of this command to return to the untrusted state.
23 QoS Commands qos trust (Interface) Command Mode Global Configuration mode User Guidelines Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. When packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every device in the domain.
23 QoS Commands qos cos Default Configuration qos trust is enabled on each port when the system is in basic mode. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures Ethernet port e15 to the default trust state.
23 QoS Commands qos dscp-mutation Default Configuration Default CoS value of a port is 0. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines If the port is trusted, the default CoS value of the port is used to assign a CoS value to all untagged packets entering the port. Example The following example configures port e15 default CoS value to 3.
23 QoS Commands qos map dscp-mutation Command Mode Global Configuration mode. User Guidelines The DSCP to DSCP mutation map is applied to a port at the boundary of a Quality of Service (QoS) administrative domain. If two QoS domains have different DSCP definitions, use the DSCP to DSCP mutation map to match one set of DSCP values with the DSCP values of another domain. Apply the DSCP to DSCP mutation map only to ingress and to DSCP-trusted ports.
23 QoS Commands show qos map Parameters • in-dscp — Specifies up to 8 DSCP values separated by spaces. (Range: 063) • out-dscp — Specifies up to 8 DSCP values separated by spaces. (Range: 0-63) Default Configuration The default map is the Null map, which means that each incoming DSCP value is mapped to the same DSCP value. Command Mode Global Configuration mode. User Guidelines This is the only map that is not globally configured.
23 QoS Commands show qos map Parameters • dscp-queue — Displays the DSCP to queue map. • dscp-dp — Displays the DSCP to Drop Precedence map. • policed-dscp — Displays the DSCP to DSCP remark table. • dscp-mutation — Displays the DSCP-DSCP mutation table. Default Configuration The default configuration is set to disabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example displays the QoS mapping information.
23 QoS Commands show qos map Dscp-DP map: dl -0 1 2 3 4 5 6 : -- d2 -- 0 -00 00 00 00 00 00 00 1 -00 00 00 00 00 00 00 2 -00 00 00 00 00 00 00 3 -00 00 00 00 00 00 00 4 -00 00 00 00 00 00 5 -00 00 00 00 00 00 6 -00 00 00 00 00 00 7 -00 00 00 00 00 00 8 -00 00 00 00 00 00 9 -00 00 00 00 00 00 1 -01 11 21 31 41 51 61 2 -02 12 22 32 42 52 62 3 -03 13 23 33 43 53 63 4 -04 14 24 34 44 54 64 5 -05 15 25 35 45 55 65 6 -06 16 26 36 46 56 66 7 -07 17 27 37 47 57 67 8 -08 18 28 38 48 58 68 9 -0
24 RADIUS Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. Use the no form of this command to delete the specified RADIUS host.
24 RADIUS Commands radius-server host key must match the encryption used on the RADIUS daemon. To specify an empty string, enter “”. (Range: 0-128 characters) • source — Specifies the source IP address to use for communication. 0.0.0.0 is interpreted as request to use the IP address of the outgoing IP interface. • priority — Determines the order in which servers are used, where 0 has the highest priority. (Range: 0-65535) • type — Specifies the usage type of the server. Possible values: login, dot.
24 RADIUS Commands radius-server key radius-server key The radius-server key Global Configuration mode command sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon. Use the no form of this command to restore the default configuration. Syntax radius-server key [key-string] no radius-server key Parameters • key-string — Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server.
24 RADIUS Commands radius-server retransmit radius-server retransmit The radius-server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts. Use the no form of this command to reset the default configuration. Syntax radius-server retransmit retries no radius-server retransmit Parameters • retries — Specifies the retransmit value. (Range: 1-10) Default Configuration The software searches the list of RADIUS server hosts 3 times.
24 RADIUS Commands radius-server source-ip radius-server source-ip The radius-server source-ip Global Configuration mode command specifies the source IP address used for communication with RADIUS servers. Use the no form of this command to restore the default configuration. Syntax radius-server source-ip source no radius-source-ip source Parameters • source — Specifies a valid source IP address. Default Configuration The source IP address is the IP address of the outgoing IP interface.
24 RADIUS Commands radius-server timeout radius-server timeout The radius-server timeout Global Configuration mode command sets the interval during which the device waits for a server host to reply. Use the no form of this command to restore the default configuration. Syntax radius-server timeout timeout no radius-server timeout Parameters • timeout — Specifies the timeout value in seconds. (Range: 1-30) Default Configuration The timeout value is 3 seconds.
24 RADIUS Commands radius-server deadtime radius-server deadtime The radius-server deadtime Global Configuration mode command improves RADIUS response time when servers are unavailable. The command is used to cause the unavailable servers to be skipped. Use the no form of this command to restore the default configuration. Syntax radius-server deadtime deadtime no radius-server deadtime Parameters • deadtime — Length of time in minutes during which a RADIUS server is skipped over by transaction requests.
24 RADIUS Commands show radius-servers show radius-servers The show radius-servers Privileged EXEC mode command displays the RADIUS server settings. Syntax show radius-servers Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays RADIUS server settings. Console# show radius-servers IP address Port Auth ---------- ---172.16.1.1 1645 172.16.1.
25 RMON Commands show rmon statistics The show rmon statistics Privileged EXEC mode command displays RMON Ethernet statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channelnumber} Parameters • interface number — Valid Ethernet port. • port-channel-number — Valid port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
25 RMON Commands show rmon statistics Example The following example displays RMON Ethernet statistics for Ethernet port e1.
25 RMON Commands show rmon statistics Field Description Collisions The best estimate of the total number of collisions on this Ethernet segment. Undersize Pkts The total number of packets received, less than 64 octets long (excluding framing bits, but including FCS octets) and otherwise well formed. Oversize Pkts The total number of packets received, longer than 1518 octets (excluding framing bits, but including FCS octets) and otherwise well formed.
25 RMON Commands rmon collection history rmon collection history The rmon collection history Interface Configuration (Ethernet, port-channel) mode command enables a Remote Monitoring (RMON) MIB history statistics group on an interface. Use the no form of this command to remove a specified RMON history statistics group.
25 RMON Commands show rmon collection history Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on Ethernet port e1 with index number 1 and a polling interval period of 2400 seconds. Console(config)# interface ethernet e1 Console(config-if)# rmon collection history 1 interval 2400 show rmon collection history The show rmon collection history Privileged EXEC mode command displays the requested RMON history group statistics.
25 RMON Commands show rmon history Example The following example displays all RMON history group statistics. Console# show rmon collection history Index Interface Interval Requested Samples ----- --------- -------- --------1 e1 30 50 2 e1 1800 50 Granted Samples ------50 50 Owner ------CLI Manager The following table describes the significant fields shown in the display. Field Description Index An index that uniquely identifies the entry.
25 RMON Commands show rmon history • throughput — Indicates throughput counters. • errors — Indicates error counters. • other — Indicates drop and collision counters. • seconds — Specifies the period of time in seconds. (Range: 14294967295) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays RMON Ethernet history statistics for index 1.
25 RMON Commands show rmon history Sample Set: 1 Owner: Me Interface: e1 Interval: 1800 Requested Samples: 50Granted Samples: 50 Maximum Table Size: 500 (800 after reset) Time CRC Align Undersize Oversize Fragments ----------------------------- --------- -------- ----------Jan 18 2005 21:57:00 1 1 Jan 18 2005 21:57:30 1 1 Jabbers ------0490 0270 Console# show rmon history 1 other Sample Set: 1 Owner: Me Interface: e1 Interval: 1800 Requested Samples: 50Granted Samples: 50 Maximum Table Size: 500 Time --
25 RMON Commands show rmon history Field Description Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval, in hundredths of a percent.
25 RMON Commands rmon alarm Field Description Collisions The best estimate of the total number of collisions on this Ethernet segment during this sampling interval. rmon alarm The rmon alarm Global Configuration mode command configures alarm conditions. Use the no form of this command to remove an alarm. Syntax rmon alarm index variable interval rthreshold fthreshold revent fevent [type type] [startup direction] [owner name] no rmon alarm index Parameters • index — Specifies the alarm index.
25 RMON Commands rmon alarm • type — Specifies the method used for sampling the selected variable and calculating the value to be compared against the thresholds. Possible values are absolute and delta. If the method is absolute, the value of the selected variable is compared directly with the thresholds at the end of the sampling interval. If the method is delta, the selected variable value of the last sample is subtracted from the current value, and the difference is compared with the thresholds.
25 RMON Commands show rmon alarm-table • Sample interval — 360000 seconds • Rising threshold — 1000000 • Falling threshold — 1000000 • Rising threshold event index — 10 • Falling threshold event index — 20 Console(config)# rmon alarm 1000 LinkSys 360000 1000000 1000000 10 20 show rmon alarm-table The show rmon alarm-table Privileged EXEC mode command displays the alarms table. Syntax show rmon alarm-table Default Configuration This command has no default configuration.
25 RMON Commands show rmon alarm Index ----1 2 3 OID ---------------1.3.6.1.2.1.2.2.1.10.1 1.3.6.1.2.1.2.2.1.10.1 1.3.6.1.2.1.2.2.1.10.9 Owner -----CLI Manager CLI The following table describes significant fields shown in the example: Field Description Index An index that uniquely identifies the entry. OID Monitored variable OID. Owner The entity that configured this entry. show rmon alarm The show rmon alarm Privileged EXEC mode command displays alarm configuration.
25 RMON Commands show rmon alarm User Guidelines There are no user guidelines for this command. Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ------Field Value OID 1.3.6.1.2.1.2.2.1.10.1 Last Sample Value878128 Interval 30 Sample Typedelta Startup Alarmrising Rising Threshold8700000 Falling Threshold78 Rising Event1 Falling Event1 Owner CLI Field Description Alarm Alarm index. OID Monitored variable OID.
25 RMON Commands show rmon alarm Field Description Sample Type The method of sampling the variable and calculating the value compared against the thresholds. If the value is absolute, the value of the variable is compared directly with the thresholds at the end of the sampling interval. If the value is delta, the value of the variable at the last sample is subtracted from the current value, and the difference compared with the thresholds.
25 RMON Commands rmon event rmon event The rmon event Global Configuration mode command configures an event. Use the no form of this command to remove an event. Syntax rmon event index type [community text] [description text] [owner name] no rmon event index Parameters • index — Specifies the event index. (Range: 1-65535) • type — Specifies the type of notification generated by the device about this event. Possible values: none, log, trap, log-trap.
25 RMON Commands show rmon events Example The following example configures an event identified as index 10 and for which the device generates a notification in the log table. Console(config)# rmon event 10 log show rmon events The show rmon events Privileged EXEC mode command displays the RMON event table. Syntax show rmon events Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
25 RMON Commands show rmon log The following table describes significant fields shown in the example: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event. In the case of trap, an SNMP trap is sent to one or more management stations.
25 RMON Commands show rmon log Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the RMON log table.
25 RMON Commands rmon table-size rmon table-size The rmon table-size Global Configuration mode command configures the maximum size of RMON tables. Use the no form of this command to return to the default configuration. Syntax rmon table-size {history entries | log entries} no rmon table-size {history | log} Parameters • history entries — Maximum number of history table entries. (Range: 20 32767) • log entries — Maximum number of log table entries.
26 SNMP Commands snmp-server community The snmp-server community Global Configuration mode command configures the community access string to permit access to the SNMP protocol. Use the no form of this command to remove the specified community string.
26 SNMP Commands snmp-server community • type router — Specifies that SNMP requests for duplicate tables configure the router tables. This is the default. • type oob — Specifies that SNMP requests for duplicate tables configure the oob tables. Default Configuration No communities are defined. Command Mode Global Configuration mode User Guidelines The view-name parameter cannot be specified for su, which has access to the whole MIB.
26 SNMP Commands snmp-server view Example The following example defines community access string public to permit administrative access to SNMP protocol at an administrative station with IP address 192.168.1.20. Console(config)# snmp-server community public su 192.168.1.20 snmp-server view The snmp-server view Global Configuration mode command creates or updates a Simple Network Management Protocol (SNMP) server view entry. Use the no form of this command to remove a specified SNMP server view entry.
26 SNMP Commands snmp-server group Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same view record. The number of views is limited to 64. No check is made to determine that a MIB node corresponds to the “starting portion” of the OID until the first wildcard.
26 SNMP Commands snmp-server group Parameters • groupname—Specifies the name of the group (Range: 1-30 characters). • v1 — Indicates the SNMP Version 1 security model. • v2 — Indicates the SNMP Version 2 security model. • v3 — Indicates the SNMP Version 3 security model. • noauth — Indicates no authentication of a packet. Applicable only to the SNMP Version 3 security model. • auth — Indicates authentication of a packet without encrypting it. Applicable only to the SNMP Version 3 security model.
26 SNMP Commands snmp-server user User Guidelines The Router context is translated to “” context in the MIB. Example The following example attaches a group called user-group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view called user-view. Console(config)# snmp-server group user-group v3 riv read userview snmp-server user The snmp-server user Global Configuration mode command configures a new SNMP Version 3 user.
26 SNMP Commands snmp-server user • auth-md5 password — Indicates the HMAC-MD5-96 authentication level. The user should enter a password for authentication and generation of a DES key for privacy. (Range: 1-32 characters) • auth-sha password — Indicates the HMAC-SHA-96 authentication level. The user should enter a password for authentication and generation of a DES key for privacy. (Range: 1-32 characters) • auth-md5-key md5-des-keys — Indicates the HMAC-MD5-96 authentication level.
26 SNMP Commands snmp-server filter An SNMP EngineID has to be defined to add SNMP users to the device. Changing or removing the SNMP EngineID value deletes SNMPv3 users from the device’s database. The remote engineid designates the remote management station and should be defined to enable the device to receive informs. Example The following example configures an SNMPv3 user named ‘John’ in a group called ‘user-group’.
26 SNMP Commands snmp-server host Default Configuration No filter entry exists. Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines. Example The following example creates a filter that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIBII interfaces group.
26 SNMP Commands snmp-server host Parameters • ip-address — Specifies the IP address of the host (targeted recipient). • hostname — Specifies the name of the host. (Range:1-158 characters) • community-string — Specifies a password-like community string sent with the notification operation. (Range: 1-20) • traps — Indicates that SNMP traps are sent to this host. If unspecified, SNMPv2 traps are sent to the host. • informs — Indicates that SNMP informs are sent to this host. Not applicable to SNMPv1.
26 SNMP Commands snmp-server v3-host User Guidelines When configuring an SNMPv1 or SNMPv2 notification recipient, a notification view for that recipient is automatically generated for all the MIB. When configuring an SNMPv1 notification recipient, the Inform option cannot be selected. If a trap and inform are defined on the same target, and an inform was sent, the trap is not sent. Example The following example enables SNMP traps for host 10.1.1.1 with community string “management” using SNMPv2.
26 SNMP Commands snmp-server v3-host • informs — Indicates that SNMP informs are sent to this host. • noauth — Indicates no authentication of a packet. • auth — Indicates authentication of a packet without encrypting it. • priv — Indicates authentication of a packet with encryption. • port — Specifies the UDP port of the host to use. If unspecified, the default UDP port number is 162. (Range: 1-65535) • filtername—Specifies a string that defines the filter for this host.
26 SNMP Commands snmp-server engineID local snmp-server engineID local The snmp-server engineID local Global Configuration mode command specifies the Simple Network Management Protocol (SNMP) engineID on the local device. Use the no form of this command to remove the configured engine ID. Syntax snmp-server engineID local {engineid-string | default} no snmp-server engineID local Parameters • engineid-string — Specifies a character string that identifies the engine ID.
26 SNMP Commands snmp-server engineID local User Guidelines To use SNMPv3, you have to specify an engine ID for the device. You can specify your own ID or use a default string that is generated using the MAC address of the device. If the SNMPv3 engine ID is deleted or the configuration file is erased, SNMPv3 cannot be used. By default, SNMPv1/v2 are enabled on the device. SNMPv3 is enabled only by defining the Local Engine ID.
26 SNMP Commands snmp-server enable traps snmp-server enable traps The snmp-server enable traps Global Configuration mode command enables the device to send SNMP traps. Use the no form of this command to disable SNMP traps. Syntax snmp-server enable traps no snmp-server enable traps Default Configuration SNMP traps are enabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables SNMP traps.
SNMP Commands snmp-server trap authentication 26 snmp-server trap authentication The snmp-server trap authentication Global Configuration mode command enables the device to send SNMP traps when authentication fails. Use the no form of this command to disable SNMP failed authentication traps. Syntax snmp-server trap authentication no snmp-server trap authentication Default Configuration SNMP failed authentication traps are enabled.
26 SNMP Commands snmp-server contact snmp-server contact The snmp-server contact Global Configuration mode command configures the system contact (sysContact) string. Use the no form of this command to remove system contact information. Syntax snmp-server contact text no snmp-server contact Parameters • text — Specifies the string that describes system contact information. (Range: 1-160 characters) Default Configuration This command has no default configuration.
26 SNMP Commands snmp-server location snmp-server location The snmp-server location Global Configuration mode command configures the system location string. Use the no form of this command to remove the location string. Syntax snmp-server location text no snmp-server location Parameters • text — Specifies a string that describes system location information. (Range: 1-160 characters) Default Configuration This command has no default configuration.
26 SNMP Commands snmp-server set snmp-server set The snmp-server set Global Configuration mode command defines the SNMP MIB value. Syntax snmp-server set variable-name name1 value1 [ name2 value2 …] Parameters • variable-name — MIB variable name (Range 1-160 characters). • name value — List of name and value pairs. In the case of scalar MIBs, only a single pair of name values. In the case of an entry in a table, at least one pair of name and value followed by one or more fields (Range 1-160 characters).
26 SNMP Commands show snmp show snmp The show snmp Privileged EXEC mode command displays the SNMP status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the SNMP communications status.
26 SNMP Commands show snmp Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Target Address Type -------------- ----192.122.173.42 Trap Community Version UDP Filter TO Retries Port Name Sec --------- ------- ---- ------ --- ------Public 2 162 15 3 192.122.173.42 Inform Public 2 162 15 3 Version 3 Notifications Target Address Type Username Security Level -------------- ----- ---------------192.122.173.
26 SNMP Commands show snmp engineID show snmp engineID The show snmp engineID Privileged EXEC mode command displays the ID of the local Simple Network Management Protocol (SNMP) engine. Syntax show snmp engineID Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the SNMP engine ID.
26 SNMP Commands show snmp groups Parameters • viewname — Specifies the name of the view. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of views. Console# show snmp views Name ---------user-view user-view user-view OID Tree -----------------1.3.6.1.2.1.1 1.3.6.1.2.1.1.7 1.3.6.1.2.1.2.2.1.*.
26 SNMP Commands show snmp groups Parameters • groupname—Specifies the name of the group. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of views.
26 SNMP Commands show snmp filters Field Views Description Read Name of the view that enables only viewing the contents of the agent. If unspecified, all objects except the community-table and SNMPv3 user and access tables are available. Write Name of the view that enables entering data and managing the contents of the agent. Notify Name of the view that enables specifying an inform or a trap.
26 SNMP Commands show snmp users Example The following example displays the configuration of filters. Console# show snmp filters Name -----------user-filter user-filter user-filter OID Tree ------------------1.3.6.1.2.1.1 1.3.6.1.2.1.1.7 1.3.6.1.2.1.2.2.1.*.1 Type ----Included Excluded Included show snmp users The show snmp users Privileged EXEC mode command displays the configuration of users. Syntax show snmp users [username] Parameters • username—Specifies the name of the user.
26 SNMP Commands show snmp users Example The following example displays the configuration of users.
27 RSA and Certificate Commands crypto certificate generate The crypto certificate generate Global Configuration mode command generates a self-signed HTTPS certificate. Syntax crypto certificate [number] generate [key-generate length] [cn common- name] [ou organization-unit] [or organization] [loc location] [st state] [cu country] [duration days] Parameters • number — Specifies the certificate number. (Range: 1-2) • key-generate — Regenerate the SSL RSA key. • length — Specifies the SSL RSA key length.
RSA and Certificate Commands crypto certificate generate 27 Default Configuration The Certificate and SSL’s RSA key pairs do not exist. If no RSA key length is specified, the default length is 1024. If no URL or IP address is specified, the default common name is the lowest IP address of the device at the time that the certificate is generated. If the number of days is not specified, the default period of time that the certification is valid is 365 days.
RSA and Certificate Commands crypto key generate dsa 27 crypto key generate dsa The crypto key generate dsa Global Configuration mode command generates DSA key pairs. Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. If the device already has DSA keys, a warning and prompt to replace the existing keys with new keys are displayed.
RSA and Certificate Commands crypto key generate rsa 27 crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs. Syntax crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys are displayed.
28 Spanning Tree Commands spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. Use the no form of this command to disable the spanning-tree functionality. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality.
28 Spanning Tree Commands spanning-tree mode spanning-tree mode The spanning-tree mode Global Configuration mode command configures the spanning-tree protocol. Use the no form of this command to restore the default configuration. Syntax spanning-tree mode {stp | rstp | mstp} no spanning-tree mode Parameters • stp — Indicates that the Spanning Tree Protocol (STP) is enabled. • rstp — Indicates that the Rapid Spanning Tree Protocol (RSTP) is enabled.
28 Spanning Tree Commands spanning-tree forward-time Example The following example configures the spanning-tree protocol to RSTP. console(config)# spanning-tree mode rstp spanning-tree forward-time The spanning-tree forward-time Global Configuration mode command configures the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. Use the no form of this command to restore the default configuration.
28 Spanning Tree Commands spanning-tree hello-time Example The following example configures the spanning tree bridge forwarding time to 25 seconds. Console(config)# spanning-tree forward-time 25 spanning-tree hello-time The spanning-tree hello-time Global Configuration mode command configures the spanning tree bridge hello time, which is how often the device Broadcasts hello messages to other devices. Use the no form of this command to restore the default configuration.
28 Spanning Tree Commands spanning-tree max-age Example The following example configures spanning tree bridge hello time to 5 seconds. Console(config)# spanning-tree hello-time 5 spanning-tree max-age The spanning-tree max-age Global Configuration mode command configures the spanning tree bridge maximum age. Use the no form of this command to restore the default configuration. Syntax spanning-tree max-age seconds no spanning-tree max-age Parameters • seconds — Time in seconds.
28 Spanning Tree Commands spanning-tree priority Example The following example configures the spanning tree bridge maximum-age to 10 seconds. Console(config)# spanning-tree max-age 10 spanning-tree priority The spanning-tree priority Global Configuration mode command configures the spanning tree priority of the device. The priority value is used to determine which bridge is elected as the root bridge. Use the no form of this command to restore the default configuration.
Spanning Tree Commands spanning-tree disable 28 Example The following example configures spanning tree priority to 12288. Console(config)# spanning-tree priority 12288 spanning-tree disable The spanning-tree disable Interface Configuration mode command disables spanning tree on a specific port. Use the no form of this command to enable spanning tree on a port. Syntax spanning-tree disable no spanning-tree disable Default Configuration Spanning tree is enabled on all ports.
28 Spanning Tree Commands spanning-tree cost spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning tree path cost for a port. Use the no form of this command to restore the default configuration.
28 Spanning Tree Commands spanning-tree port-priority Example The following example configures the spanning-tree cost on Ethernet port e15 to 35000. Console(config)# interface ethernet e15 Console(config-if)# spanning-tree cost 35000 spanning-tree port-priority The spanning-tree port-priority Interface Configuration mode command configures port priority. Use the no form of this command to restore the default configuration.
28 Spanning Tree Commands spanning-tree portfast Example The following example configures the spanning priority on Ethernet port e15 to 96. Console(config)# interface ethernet e15 Console(config-if)# spanning-tree port-priority 96 spanning-tree portfast The spanning-tree portfast Interface Configuration mode command enables PortFast mode. In PortFast mode, the interface is immediately put into the forwarding state upon linkup without waiting for the standard forward time delay.
28 Spanning Tree Commands spanning-tree link-type User Guidelines This feature should be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt device and network operations. Example The following example enables PortFast on Ethernet port e15.
28 Spanning Tree Commands spanning-tree pathcost method Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example enables shared spanning-tree on Ethernet port e5. Console(config)# interface ethernet e15 Console(config-if)# spanning-tree link-type shared spanning-tree pathcost method The spanning-tree pathcost method Global Configuration mode command sets the default path cost method.
28 Spanning Tree Commands spanning-tree bpdu Command Mode Global Configuration mode User Guidelines This command is only operational with the device in Interface mode. This command applies to all spanning tree instances on the device. The cost is set using the spanning-tree cost command. Example The following example sets the default path cost method to long.
28 Spanning Tree Commands spanning-tree guard root • bridging — Bridge BPDU packets when spanning tree is disabled globally, untagged or tagged frames are flooded and are subject to ingress and egress VLAN rules Default Configuration The default setting is flooding. Command Modes Global Configuration mode User Guidelines The filtering and flooding modes are relevant when spanning-tree is disabled globally or on a single interface.
Spanning Tree Commands clear spanning-tree detected-protocols 28 Default Configuration Root guard is disabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines Root guard can be enabled when the device operates in STP, RSTP and MSTP. When root guard is enabled, the port changes to the alternate state if spanningtree calculations selects the port as the root port. Example The following example prevents Ethernet port e1 from being the root port of the device.
28 Spanning Tree Commands spanning-tree mst priority Parameters • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines This feature should be used only when working in RSTP or MSTP mode. Example The following example restarts the protocol migration process on Ethernet port e11.
28 Spanning Tree Commands spanning-tree mst max-hops Parameters • instance-id—ID of the spanning-tree instance (Range: 1-7). • priority—Device priority for the specified spanning-tree instance (Range: 061440 in multiples of 4096). Default Configuration The default bridge priority for IEEE Spanning Tree Protocol (STP) is 32768. Command Mode Global Configuration mode User Guidelines The device with the lowest priority is selected as the root of the spanning tree.
28 Spanning Tree Commands spanning-tree mst port-priority Parameters • hop-count—Number of hops in an MST region before the BDPU is discarded. (Range: 1-40) Default Configuration The default number of hops is 20. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10.
28 Spanning Tree Commands spanning-tree mst cost Parameters • instance-ID—ID of the spanning tree instance. (Range: 1-7) • priority—The port priority. (Range: 0-240 in multiples of 16) Default Configuration The default port priority for IEEE Multiple Spanning Tree Protocol (MSTP) is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures the port priority of port g1 to 144.
28 Spanning Tree Commands spanning-tree mst cost Parameters • instance-ID—ID of the spanning-tree instance (Range: 1-7). • cost—The port path cost.
Spanning Tree Commands spanning-tree mst configuration 28 spanning-tree mst configuration The spanning-tree mst configuration Global Configuration mode command enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode. Syntax spanning-tree mst configuration Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines All devices in an MST region must have the same VLAN mapping, configuration revision number and name.
28 Spanning Tree Commands instance (mst) instance (mst) The instance MST Configuration mode command maps VLANS to an MST instance. Syntax instance instance-id {add | remove} vlan vlan-range Parameters • instance-ID—ID of the MST instance (Range: 1- 7). • vlan-range—VLANs to be added to or removed from the specified MST instance. To specify a range of VLANs, use a hyphen. To specify a series of VLANs, use a comma. (Range: 1-4094).
28 Spanning Tree Commands name (mst) Example The following example maps VLANs 10-20 to MST instance 1. Console(config)# spanning-tree mst configuration Console(config-mst)# instance 1 add vlan 10-20 name (mst) The name MST Configuration mode command defines the configuration name. Use the no form of this command to restore the default setting. Syntax name string Parameters • string — MST configuration name. The name is case-sensitive.
28 Spanning Tree Commands revision (mst) Example The following example defines the configuration name as region1. Console(config) # spanning-tree mst_configuration Console(config-mst) # name region1 revision (mst) The revision MST Configuration mode command defines the configuration revision number. Use the no form of this command to restore the default configuration. Syntax revision value no revision Parameters • value — Configuration revision number (Range: 0-65535).
28 Spanning Tree Commands show (mst) Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 1 show (mst) The show MST Configuration mode command displays the current or pending MST region configuration. Syntax show {current | pending} Parameters • current—Indicates the current region configuration. • pending—Indicates the pending region configuration.
28 Spanning Tree Commands exit (mst) Example The following example displays a pending MST region configuration. Console(config-mst)# show Pending MST configuration Name: Region1 Revision: 1 Instance VLANs Mapped 0 1-9,21-4094 1 10-20 pending State Enabled Enabled exit (mst) The exit MST Configuration mode command exits the MST Configuration mode, and applies all configuration changes. Syntax exit Default Configuration This command has no default configuration.
Spanning Tree Commands abort (mst) 28 Example The following example exits the MST Configuration mode and saves changes. Console(config) # spanning-tree mst configuration Console(config-mst) # exit Console(config) # abort (mst) The abort MST Configuration mode command exits the MST Configuration mode without applying the configuration changes. Syntax abort Default Configuration This command has no default configuration.
28 Spanning Tree Commands show spanning-tree show spanning-tree The show spanning-tree Privileged EXEC mode command displays spanning-tree configuration. Syntax show spanning-tree [ethernet interface -number| port-channel port-channelnumber] [instance instance-id] show spanning-tree [detail] [active | blockedports] [instance instance-id] how spanning-tree mst-configuration Parameters • interface -number — A valid Ethernet port. • port-channel-number — A valid port channel number.
28 Spanning Tree Commands show spanning-tree Example The following example displays spanning-tree information.
28 Spanning Tree Commands show spanning-tree Name ---e1 e2 e3 e4 e5 State Prio.Nbr ------- -------Enabled 128.1 Enabled 128.2 Disabled 128.3 Enabled 128.4 Enabled 128.
28 Spanning Tree Commands show spanning-tree Root ID Priority Address Path Cost Root Port Hello Time 2 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State ---- ------e1 Enabled e2 Enabled e4 Enabled Prio.Nbr -------128.1 128.2 128.
28 Spanning Tree Commands show spanning-tree Root ID Priority Address Path Cost Root Port Hello Time 2 sec 32768 00:01:42:97:e0:00 20000 1 (e1) Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (e1) enabled State: Forwarding Role: Root Port id: 128.
28 Spanning Tree Commands show spanning-tree Port 4 (e4) enabled State: Blocking Role: Alternate Port id: 128.4 Port cost: 20000 Type: Shared (configured:auto) STPPort Fast: No (configured:no) Designated bridge Priority: 28672Address: 00:30:94:41:62:c8 Designated port id: 128.25 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (e5) enabled State: Disabled Role: N/A Port id: 128.
28 Spanning Tree Commands show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (e1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master IDPriority 32768 Address 00:02:4b:29:7a:00 This switch is the IST master.
28 Spanning Tree Commands show spanning-tree Console# show spanning-tree detail Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (e1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master IDPriority32768 Address00:02:4b:29:7a:00 This switch is the IST master.
28 Spanning Tree Commands show spanning-tree Port 3 (e3) enabled State: Forwarding Role: Designated Port id: 128.3 Port cost: 20000 Type: Shared (configured: auto) InternalPort Fast: No (configured:no) Designated bridge Priority: 32768Address: 00:02:4b:29:7a:00 Designated port id: 128.3 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (e4) enabled State: Forwarding Role: Designated Port id: 128.
Spanning Tree Commands show spanning-tree 28 (configured:no) Designated bridge Priority: 32768Address: 00:02:4b:29:7a:00 Designated port id: 128.1 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (e2) enabled State: Forwarding Role: Designated Port id: 128.2 Port cost: 20000 Type: Shared (configured: auto) Boundary STPPort Fast: No (configured:no) Designated bridge Priority: 32768Address: 00:02:4b:29:7a:00 Designated port id: 128.
28 Spanning Tree Commands show spanning-tree Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (e1) Hello Time 2 sec Max Age 20 secForward Delay 15 sec IST Master ID Priority Address Path Cost Rem hops Bridge ID 32768 00:02:4b:19:7a:00 10000 19 Priority 32768 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 secForward Delay 15 sec Max hop
29 SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. Use the no form of this command to restore the default configuration. Syntax ip ssh port port-number no ip ssh port Parameters • port-number — Port number for use by the SSH server (Range: 1-65535). Default Configuration The default port number is 22. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
29 SSH Commands ip ssh server Example The following example specifies the port to be used by the SSH server as 8080. Console(config)# ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to be configured from a SSH server. Use the no form of this command to disable this function. Syntax ip ssh server no ip ssh server Default Configuration Device configuration from a SSH server is enabled.
29 SSH Commands ip ssh pubkey-auth ip ssh pubkey-auth The ip ssh pubkey-auth Global Configuration mode command enables public key authentication for incoming SSH sessions. Use the no form of this command to disable this function. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth Default Configuration Public Key authentication to incoming SSH sessions is disabled. Command Mode Global Configuration mode User Guidelines AAA authentication is independent.
SSH Commands crypto key pubkey-chain ssh 29 crypto key pubkey-chain ssh The crypto key pubkey-chain ssh Global Configuration mode command enters the SSH Public Key-chain Configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys. Syntax crypto key pubkey-chain ssh Default Configuration No keys are specified. Command Mode Global Configuration mode User Guidelines Use this command to enter public key chain configuration mode.
29 SSH Commands user-key 0ZCk0N/W9a/tnkm1shRE7Di71+w3fNiOA 6w9o44t6+AINEICBCCA4YcF6zMzaT1wefWwX6f+ Rmt5nhhqdAtN/4oJfce166DqVX1gWmN zNR4DYDvSzg0lDnwCAC8Qh Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9 user-key The user-key SSH Public Key-string Configuration mode command specifies which SSH public key is manually configured. Use the no form of this command to remove an SSH public key.
29 SSH Commands key-string User Guidelines Follow this command with the key-string SSH Public Key-String Configuration mode command to specify the key. Example The following example enables manually configuring an SSH public key for SSH public key-chain bob.
29 SSH Commands key-string Command Mode SSH Public Key-string Configuration mode User Guidelines Use the key-string SSH Public Key-string Configuration mode command to specify which SSH public key is to be interactively configured next. To complete the command, you must enter a row with no characters. Use the key-string row SSH Public Key-string Configuration mode command to specify the SSH public key row by row. Each row must begin with a key-string row command.
29 SSH Commands show ip ssh show ip ssh The show ip ssh Privileged EXEC mode command displays the SSH server configuration. Syntax show ip ssh Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated.
29 SSH Commands show crypto key pubkey-chain ssh Field Description IP address Client address SSH Username User name Version SSH version number ` Encryption type (3DES, Blowfish, RC4) Auth Code Authentication Code (HMAC-MD5, HMAC-SHA1) show crypto key pubkey-chain ssh The show crypto key pubkey-chain ssh Privileged EXEC mode command displays SSH public keys stored on the device.
29 SSH Commands show crypto key mypubkey User Guidelines There are no user guidelines for this command. Example The following example displays SSH public keys stored on the device.
29 SSH Commands crypto certificate request Command Mode Privileged EXEC Example Console# show crypto key mypubkey rsa RSA key data: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint(Hex): 77:C7:19:85:98:19:27:96:C9:CC:83:C5:78:89:F8:86 Fingerprint(Bubble Babble): yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk crypto certificate r
29 SSH Commands crypto certificate request • ou organization-unit — Specifies the organization-unit or department name. Range: 1 - 64 characters • or organization — Specifies the organization name. Range: 1 - 64 characters • loc location — Specifies the location or city name. Range: 1 - 64 characters • st state — Specifies the state or province name. Range: 1 - 64 characters • cu country — Specifies the country name.
29 SSH Commands crypto certificate import DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh/F0MV/Kib6Sz5p+3nUUenbfHp/igVPmFM+1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW/wzDLvW2rsy5NPmH1QVl+8Ubx3GyCm /oW93BSOFwxwEsP58kf+sPYPy+/8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNAQkH MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m+2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa g+uNpyTkDt3ZVU72pjz/fa8TF0n3 -----END CERTIFICATE REQUEST----- CN= router.gm.
29 SSH Commands crypto certificate import Command Mode Global configuration User Guidelines Use this command to enter an external certificate (signed by Certification Authority) to the device. To end the session, use a blank line. The imported certificate must be based on a certificate request created by the crypto certificate request privileged EXEC command. If the public key found in the certificate does not match the device's SSL RSA key, the command will fail.
29 SSH Commands crypto certificate export Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 crypto certificate export To export the certificate and the RSA keys, use the crypto certificate export command in Privileged EXEC mode. Syntax crypto certificate number export Parameters • number — Specifies the certificate number. Range: 1 - 2 digits Default Configuration There is no default configuration for this command.
SSH Commands show crypto certificate mycertificate 29 show crypto certificate mycertificate To view the SSL certificates of your device, use the show crypto certificate mycertificate Privileged EXEC command. Syntax show crypto certificate mycertificate [number] Parameters • number — Specifies the certificate number. Range: 1, product specific Default value This command has no default setting.
SSH Commands show crypto certificate mycertificate 29 Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.
30 Syslog Commands logging on The logging on Global Configuration mode command controls error message logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. Use the no form of this command to disable the logging process. Syntax logging on no logging on Default Configuration Logging is enabled.
30 Syslog Commands logging Example The following example enables logging error messages. Console(config)# logging on logging The logging Global Configuration mode command logs messages to a syslog server. Use the no form of this command to delete the syslog server with the specified address from the list of syslogs.
30 Syslog Commands logging console The default facility is local7. Command Mode Global Configuration mode User Guidelines Up to 8 syslog servers can be used. If no specific severity level is specified, the global values apply to each server. Example The following example limits logged messages sent to the syslog server with IP address 10.1.1.1 to severity level critical. Console(config)# logging 10.1.1.
30 Syslog Commands logging buffered Default Configuration The default severity level is informational. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example limits logging messages displayed on the console to severity level errors. Console(config)# logging console errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity.
30 Syslog Commands logging buffered size Default Configuration The default severity level is informational. Command Mode Global Configuration mode User Guidelines All the syslog messages are logged to the internal buffer. This command limits the messages displayed to the user. Example The following example limits syslog messages displayed from an internal buffer based on severity level debugging.
30 Syslog Commands clear logging Default Configuration The default number of messages is 200. Command Mode Global Configuration mode User Guidelines This command takes effect only after Reset. Example The following example changes the number of syslog messages stored in the internal buffer to 300. Console(config)# logging buffered size 300 clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer.
30 Syslog Commands logging file User Guidelines There are no user guidelines for this command. Example The following example clears messages from the internal logging buffer. Console# clear logging Clear Logging File [y/n] logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity. Use the no form of this command to cancel using the buffer.
30 Syslog Commands clear logging file User Guidelines There are no user guidelines for this command. Example The following example limits syslog messages sent to the logging file based on severity level alerts. Console(config)# logging file alerts clear logging file The clear logging file Privileged EXEC mode command clears messages from the logging file. Syntax clear logging file Default Configuration This command has no default configuration.
30 Syslog Commands aaa logging Example The following example clears messages from the logging file. Console# clear logging file Clear Logging File [y/n] aaa logging The aaa logging Global Configuration mode command enables logging AAA login events. Use the no form of this command to disable logging AAA login events. Syntax aaa logging login no aaa logging login Parameters • login — Indicates logging messages related to successful login events, unsuccessful login events and other login-related events.
30 Syslog Commands file-system logging Example The following example enables logging messages related to AAA login events. Console(config)# aaa logging login file-system logging To control logging file system events, use the file-system logging command in global configuration mode. Use the no form to disable logging.
30 Syslog Commands management logging Example Console(config)# file-system logging copy management logging The management logging Global Configuration command enables logging management access list (ACL) events. Use the no form of this command to disable logging management access list events. Syntax management logging deny no management logging deny Parameters • deny — Indicates logging messages related to deny actions of management ACLs.
30 Syslog Commands show logging Console(config)# management logging deny show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
30 Syslog Commands show logging file Application ----------AAA File System File System Management ACL Event -----Login Copy Delete-Rename Deny Status ------Enabled Enabled Enabled Enabled Buffer log: 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/0, changed state to up 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/1, changed state to up 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/2,
30 Syslog Commands show logging file Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the logging state and the syslog messages stored in the logging file. Console# show logging file Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max.
30 Syslog Commands show syslog-servers changed state to up 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/2, changed state to up 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/3, changed state to up 11-Aug-2004 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2004 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up 11-Aug-2004 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/0, changed state to down 11-A
30 Syslog Commands show syslog-servers User Guidelines There are no user guidelines for this command. Example The following example displays the settings of the syslog servers. Console# show syslog-servers Device Configuration IP address ----------192.180.2.27 192.180.2.
31 System Management Commands ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax ping {ip-address | hostname}[size packet_size] [count packet_count] [timeout time_out] Parameters • ip-address — IP address to ping. • hostname — Host name to ping. (Range: 1-158 characters) • packet_size — Number of bytes in a packet. The actual packet size is eight bytes larger than the specified size specified because the device adds header information.
System Management Commands ping 31 Command Mode User EXEC mode User Guidelines Press Esc to stop pinging. The following are examples of unsuccessful pinging: • Destination does not respond. If the host does not respond, a “no answer from host” appears in ten seconds. • Destination unreachable. The gateway for this destination indicates that the destination is unreachable. • Network or host unreachable. The device found no corresponding entry in the route table.
System Management Commands traceroute 31 ----10.1.1.1 PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11 traceroute The traceroute User EXEC mode command discovers routes that packets actually take when traveling to their destination.
System Management Commands traceroute 31 Default Configuration The default number of bytes in a packet is 40. The default maximum TTL value is 0. The default number of probes to be sent at each TTL level is 3. The default timeout interval in seconds is 3. Command Mode User EXEC mode User Guidelines The traceroute command takes advantage of the error messages generated by the devices when a datagram exceeds its time-to-live (TTL) value.
31 System Management Commands traceroute Type Esc to abort. Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64) 1 i2-gateway.stanford.edu (192.68.191.83) 0 msec 0 msec 0 msec 2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec 3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec 4 Abilene--QSV.POS.calren2.net (198.32.249.162) 1 msec 1 msec 1 msec 5 kscyng-snvang.abilene.ucaid.edu (198.32.8.103) 33 msec 35 msec 35 msec 6 iplsng-kscyng.abilene.ucaid.edu (198.32.8.
31 System Management Commands telnet The following table describes characters that may appear in the traceroute command output. Field Description * The probe timed out. ? Unknown packet type. A Administratively unreachable. Usually, this output indicates that an access list is blocking traffic. F Fragmentation is required and DF is set. H Host unreachable. N Network unreachable. P Protocol unreachable. Q Source quench. R Fragment reassembly time exceeded. S Source route failed.
31 System Management Commands telnet • port — A decimal TCP port number, or one of the keywords listed in the Ports table in the User Guidelines. • keyword — One or more keywords listed in the Keywords table in the User Guidelines. Default Configuration The default port is the Telnet port (23) on the host.
31 System Management Commands telnet Console> ‘Ctrl-shift-6’ ? [Special telnet escape help] ^^ B sends telnet BREAK ^^ C sends telnet IP ^^ H sends telnet EC ^^ O sends telnet AO ^^ T sends telnet AYT ^^ U sends telnet EL Ctrl-shift-6 x suspends the session (return to system command prompt) Several concurrent Telnet sessions can be opened and switched.
31 System Management Commands telnet Ports Table Keyword Description Port Number BGP Border Gateway Protocol 179 chargen Character generator 19 cmd Remote commands 514 daytime Daytime 13 discard Discard 9 domain Domain Name Service 53 echo Echo 7 exec Exec 512 finger Finger 79 ftp File Transfer Protocol 21 ftp-data FTP data connections 20 gopher Gopher 70 hostname NIC hostname server 101 ident Ident Protocol 113 irc Internet Relay Chat 194 klogin Kerberos l
31 System Management Commands resume Keyword Description Port Number syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix-to-Unix Copy Program 540 whois Nickname 43 www World Wide Web 80 This command lists concurrent telnet connections to remote hosts that were opened by the current telnet session to the local device. It does not list telnet connections to remote hosts that were opened by other telnet sessions.
System Management Commands reload 31 Default Configuration The default connection number is that of the most recent connection. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following command switches to open Telnet session number 1. Console> resume 1 reload The reload Privileged EXEC mode command reloads the operating system. Syntax reload Default Configuration This command has no default configuration.
System Management Commands hostname 31 User Guidelines Caution should be exercised when resetting the device, to ensure that no other activity is being performed. In particular, the user should verify that no configuration files are being downloaded at the time of reset. Example The following example reloads the operating system. Console# reload This command will reset the whole system and disconnect your current session.
System Management Commands service cpu-utilization 31 User Guidelines There are no user guidelines for this command. Example The following example specifies the device host name. Console(config)# hostname enterprise enterprise(config)# service cpu-utilization The service cpu-utilization Global Configuration mode command enables measuring CPU utilization. Use the no form of the command to restore the default configuration.
System Management Commands show cpu utilization 31 Example This example enables measuring CPU utilization. Console(config)# service cpu-utilization show cpu utilization The show cpu utilization Privileged EXEC mode command displays information about CPU utilization. Syntax show cpu utilization Default Configuration This command has no default configuration.
31 System Management Commands show users show users The show users Privileged EXEC mode command displays information about the active users. Syntax show users Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information about the active users.
31 System Management Commands show sessions show sessions The show sessions Privileged EXEC mode command lists open Telnet sessions. Syntax show sessions Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines The command shows the telnet sessions to remote hosts opened by the present telnet session to the local device. This command will not show telnet sessions to remote hosts opened by other telnet sessions to the local device.
31 System Management Commands show system The following table describes significant fields shown above. Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session. Address IP address of the remote host. Port Telnet TCP port number Byte Number of unread bytes for the user to see on the connection. show system The show system Privileged EXEC mode command displays system information.
31 System Management Commands show system User Guidelines There are no user guidelines for this command. Example The following example displays the system information. Console# show system System Description: Corporate System Up Time (days,hour:min:sec):1,22:38:21 System Contact: System Name: RS1 System location: System MAC Address: 0010.B5F4.
31 System Management Commands show version show version The show version Privileged EXEC mode command displays system version information. Syntax show version [unit unit] Parameters • unit— Specifies the number of the unit. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays system version information (only for demonstration purposes).
System Management Commands show system tcam utilization 31 show system tcam utilization The show system tcam Privileged EXEC mode command displays the Ternary Content Addressable Memory (TCAM) utilization. Syntax show system tcam utilization [unit unit] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information on features control.
32 TACACS+ Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. Use the no form of the command to delete the specified name or address. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] no tacacs-server host {ip-address | hostname} Parameters • ip-address — IP address of the TACACS+ server. • hostname — Host name of the TACACS+ server.
32 TACACS+ Commands tacacs-server host • source — Specifies the source IP address to use for the communication. 0.0.0.0 indicates a request to use the IP address of the outgoing IP interface. • priority — Determines the order in which the TACACS+ servers are used, where 0 is the highest priority. (Range: 0-65535) Default Configuration No TACACS+ host is specified. If no port number is specified, default port number 49 is used.
32 TACACS+ Commands tacacs-server key tacacs-server key The tacacs-server key Global Configuration mode command sets the authentication encryption key used for all TACACS+ communications between the device and the TACACS+ daemon. Use the no form of the command. Syntax tacacs-server key key-string no tacacs-server key Parameters • key-string — Specifies the authentication and encryption key for all TACACS+ communications between the device and the TACACS+ server.
32 TACACS+ Commands tacacs-server timeout tacacs-server timeout The tacacs-server timeout Global Configuration mode command sets the interval during which the device waits for a TACACS+ server to reply. Use the no form of the command to restore the default configuration. Syntax tacacs-server timeout timeout no tacacs-server timeout Parameters • timeout — Specifies the timeout value in seconds.
32 TACACS+ Commands tacacs-server source-ip tacacs-server source-ip The tacacs-server source-ip Global Configuration mode command configures the source IP address to be used for communication with TACACS+ servers. Use the no form of the command to restore the default configuration. Syntax tacacs-server source-ip source no tacacs-server source-ip source Parameters • source — Specifies the source IP address. Default Configuration The source IP address is the address of the outgoing IP interface.
32 TACACS+ Commands show tacacs show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistical information about a TACACS+ server. Syntax show tacacs [ip-address] Parameters • ip-address — Name or IP address of the TACACS+ server. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
32 TACACS+ Commands show tacacs Global values ------------TimeOut: 3 SPS208G/SPS224G4/SPS2024 Command Line Interface Reference Guide 462
33 User Interface Commands login The login User EXEC mode command changes a login username. Syntax login Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enters Privileged EXEC mode and logs in with username admin.
User Interface Commands configure 33 configure The configure Privileged EXEC mode command enters the Global Configuration mode. Syntax configure Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enters Global Configuration mode.
User Interface Commands exit(EXEC) 33 Default Configuration This command has no default configuration. Command Mode All configuration modes User Guidelines There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to Privileged EXEC mode. Console(config-if)# exit Console(config)# exit Console# exit(EXEC) The exit Privileged/User EXEC mode command closes an active terminal session by logging off the device.
User Interface Commands end 33 User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session. Console> exit end The end command ends the current configuration session and returns to the Privileged EXEC mode. Syntax end Default Configuration This command has no default configuration. Command Mode All configuration modes. User Guidelines There are no user guidelines for this command.
User Interface Commands help 33 Console(config)# end Console# help The help command displays a brief description of the help system. Syntax help Default Configuration This command has no default configuration. Command Mode All command modes User Guidelines There are no user guidelines for this command. Example The following example describes the help system. Console# help Help may be requested at any point in a command by entering a question mark ‘?’.
User Interface Commands history 33 1. There is a valid command and a help request is made for entering a parameter or argument (e.g. ‘show ?’). All possible parameters or arguments for the entered command are displayed. 2. An abbreviated argument is entered and a help request is made for arguments matching the input (e.g. ‘show pr?’). history The history Line Configuration mode command enables the command history function. Use the no form of the command to disable the command history function.
33 User Interface Commands history size Console(config)# line telnet Console(config-line)# history history size The history size Line Configuration mode command configures the command history buffer size for a particular line. Use the no form of this command to reset the command history buffer size to the default configuration. Syntax history size number-of-commands no history size Parameters • number-of-commands—Number of commands that the system records in its history buffer.
User Interface Commands terminal history 33 Example The following example changes the command history buffer size to 100 entries for a particular line. Console(config)# line telnet Console(config-line)# history size 100 terminal history The terminal history User EXEC mode command enables the command history function for the current terminal session. Use the no form of this command to disable the command history function.
33 User Interface Commands terminal history size Console> terminal no history terminal history size The terminal history size User EXEC mode command configures the command history buffer size for the current terminal session. Use the no form of this command to reset the command history buffer size to the default setting.
User Interface Commands terminal datadump 33 Example The following example configures the command history buffer size to 20 commands for the current terminal session. Console> terminal history size 20 terminal datadump The terminal datadump User EXEC mode command enables dumping all the output of a show command without prompting. Use the no form of this command to disable dumping. Syntax terminal datadump terminal no datadump Default Configuration Data dump is disabled.
User Interface Commands debug-mode 33 Example This example dumps all output immediately after entering a show command. Console> terminal datadump debug-mode The debug-mode Privileged EXEC mode command switches to debug mode. Syntax debug-mode Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enables the debug command interface.
User Interface Commands show history 33 show history The show history Privileged EXEC mode command lists the commands entered in the current session. Syntax show history Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines The buffer includes executed and unexecuted commands. Commands are listed from the first to the most recent command. The buffer remains unchanged when entering into and returning from configuration modes.
33 User Interface Commands do Console# show history show version show clock show history 3 commands were logged (buffer size is 10) do The do command in any configuration mode executes an EXEC-level command from Global Configuration mode or any Configuration submode. Syntax do command Parameters • command — The EXEC command to be executed. Default Configuration This command has no default configuration.
33 User Interface Commands do Example The following example shows to display current privilege level.
34 VLAN Commands switchport protected The switchport protected Interface Configuration mode command overrides the FDB decision, and sends all Unicast, Multicast and Broadcast traffic to an uplink port. Use the no form of this command to disable overriding the FDB decision. Syntax switchport protected {ethernet port | port-channel port-channel-number} no switchport protected Parameters • port — Specifies the uplink Ethernet port. • port-channel-number — Specifies the uplink port-channel.
34 VLAN Commands switchport protected-port • PVE only operates on interfaces that do not belong to VLANs that have IP addresses. • PVE supports private communication by isolating PVE-defined ports and ensuring that all Unicast, Broadcast and Multicast traffic from these ports is only forwarded to uplink port(s). • PVE requires only one VLAN on each device, but not on every port; this reduces the number of VLANs required by the device.
VLAN Commands switchport protected-port fastethernet 34 Default Configuration Unprotected Command Mode Interface configuration (Ethernet, port-channel) User Guidelines Use this command to isolate unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch. NOTE The packet is still subject to the FDB decision and to all filtering rules.
34 VLAN Commands vlan database Default Configuration Unprotected Command Mode Global configuration Usage Guidelines This command configures all the FE ports as protected ports. vlan database The vlan database Global Configuration mode command enters the VLAN Configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
34 VLAN Commands vlan Example The following example enters the VLAN database mode. Console(config)# vlan database Console(config-vlan)# vlan The vlan VLAN Database mode command creates a VLAN. Use the no form of this command to delete a VLAN. Syntax vlan vlan-range no vlan vlan-range Parameters • vlan-range — Specifies a list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs.
34 VLAN Commands default-vlan vlan Example The following example creates the VLAN number 1972. Console(config)# vlan database Console(config-vlan)# vlan 1972 default-vlan vlan The default-vlan vlan VLAN Configuration mode command defines the default VLAN. Use the no form of this command to return to default. Syntax default-vlan vlan vlan-id no default-vlan vlan Parameters • vlan-id — VLAN ID of the default VLAN. Default Configuration The default configuration is disabled.
34 VLAN Commands interface vlan Example The following example defines the default VLAN. Console(config-vlan)# default-vlan vlan interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode. Syntax interface vlan vlan-id Parameters • vlan-id — Specifies an existing VLAN ID. Default Configuration This command has no default configuration.
34 VLAN Commands interface range vlan Example The following example configures VLAN 1 with IP address 131.108.1.27. Console(config)# interface vlan 1 Console(config-if)# ip address 131.108.1.27 interface range vlan The interface range vlan Global Configuration mode command enables simultaneously configuring multiple VLANs. Syntax interface range vlan {vlan-range | all} Parameters • vlan-range — Specifies a list of VLAN IDs to be added.
34 VLAN Commands name Configuring all ports may consume an excessive amount of time. Define only the required ports to save time. Example The following example groups VLANs 221 through 228 and 889 to receive the same command. Console(config)# interface range vlan 221-228,889 Console(config-if)# name The name Interface Configuration mode command adds a name to a VLAN. Use the no form of this command to remove the VLAN name.
34 VLAN Commands switchport mode User Guidelines The name string may include numbers and other characters (#,@,% etc.) but no spaces. Example The following example gives VLAN number 19 the name Marketing. Console(config)# interface vlan 19 Console(config-if)# name Marketing switchport mode The switchport mode Interface Configuration mode command configures the VLAN membership mode of a port. Use the no form of this command to restore the default configuration.
34 VLAN Commands switchport protected Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines. Example The following example configures Ethernet port 1 as an untagged layer 2 VLAN port. Console(config)# interface ethernet 1 Console(config-if)# switchport mode access switchport protected The switchport protected Interface Configuration mode command overrides the FDB decision, and sends all Unicast, Multicast and Broadcast traffic to an uplink port.
34 VLAN Commands switchport access vlan Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • Private VLAN Edge (PVE) only operates on interfaces that do not have an IP address. • PVE only operates on interfaces that do not belong to VLANs that have IP addresses. • PVE supports private communication by isolating PVE-defined ports and ensuring that all Unicast, Broadcast and Multicast traffic from these ports is only forwarded to uplink ports.
VLAN Commands switchport access multicast-tv vlan 34 Parameters • vlan-id — Specifies the ID of the VLAN to which the port is configured. Default Configuration All ports belong to VLAN 1. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines The command automatically removes the port from the previous VLAN and adds it to the new VLAN. Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN Ethernet port 1.
34 VLAN Commands switchport trunk allowed vlan Parameters • vlan-id — Specifies the ID of the VLAN to which the port is configured. Default Configuration The configuration is disabled. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines The user cannot transmit Multicast transmissions on the Multicast TV VLAN. Example The following example adds VLANs 2,5-6 to the allowed list.
34 VLAN Commands switchport trunk native vlan • remove vlan-list — List of VLAN IDs to be removed. Separate nonconsecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example adds VLANs 1, 2, 5 to 6 to the allowed list.
VLAN Commands switchport general allowed vlan 34 Default Configuration VID=1. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines The command adds the port as a member in native VLAN. If the port is already in the VLAN (as allowed) it will automatically change the last entry to native. The command adds the port as a member in native VLAN 2. If the port is already configured as a native VLAN 3 it will automatically change the last entry (VLAN 2).
34 VLAN Commands switchport general allowed vlan Parameters • add vlan-list — Specifies the list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. • remove vlan-list — Specifies the list of VLAN IDs to be removed. Separate nonconsecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. • tagged — Indicates that the port transmits tagged packets for the VLANs.
34 VLAN Commands switchport general pvid switchport general pvid The switchport general pvid Interface Configuration mode command configures the PVID when the interface is in general mode. Use the no form of this command to restore the default configuration. Syntax switchport general pvid vlan-id no switchport general pvid Parameters • vlan-id — Specifies the PVID (Port VLAN ID). Default Configuration If the default VLAN is enabled, PVID = 1. Otherwise, PVID=4095.
VLAN Commands switchport general ingress-filtering disable 34 switchport general ingress-filtering disable The switchport general ingress-filtering disable Interface Configuration mode command disables port ingress filtering. Use the no form of this command to restore the default configuration. Syntax switchport general ingress-filtering disable no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled.
VLAN Commands switchport general acceptable-frame-type tagged-only 34 switchport general acceptable-frame-type tagged-only The switchport general acceptable-frame-type tagged-only Interface Configuration mode command discards untagged frames at ingress. Use the no form of this command to restore the default configuration. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
34 VLAN Commands switchport customer vlan switchport customer vlan The switchport customer vlan Interface Configuration (Ethernet, port-channel) mode command sets the port’s VLAN when the interface is in customer mode. Use the no form of this command to restore the default configuration. Syntax switchport customer vlan vlan-id no switchport customer vlan Parameters • vlan-id — VLAN ID of the customer. Default Configuration No VLAN is configured.
VLAN Commands switchport customer multicast-tv vlan 34 switchport customer multicast-tv vlan The switchport customer multicast-tv vlan interface configuration command enables the receiving of Multicast transmissions from a VLAN that is not the Customer port’s VLAN, while keeping the L2 segregation with subscribers on different Customer port VLANs. Syntax switchport customer multicast-tv vlan {add vlan-list| remove vlan-list} Parameters • vlan-list — List of Multicast TV VLANs.
34 VLAN Commands switchport forbidden vlan switchport forbidden vlan The switchport forbidden vlan Interface Configuration mode command forbids adding specific VLANs to a port. Use the remove parameter for this command to restore the default configuration. Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} Parameters • add vlan-list — Specifies the list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs.
34 VLAN Commands show interfaces protected-ports Example The following example forbids adding VLAN IDs 234 to 256 to Ethernet port 1. Console(config)# interface ethernet 1 Console(config-if)# switchport mode trunk Console(config-if)# switchport forbidden vlan add 234-256 show interfaces protected-ports Use the show interfaces protected-ports EXEC command to show protected ports configuration. NOTE This command is supported in SPS20xx devices.
34 VLAN Commands show protected-ports fastethernet 1/2 1/3 1/4 Protected Protected Protected show protected-ports fastethernet Use the show protected-ports fastethernet EXEC command to show protected ports configuration. NOTE This command is supported in SPS2xx devices.
34 VLAN Commands show vlan show vlan The show vlan Privileged EXEC mode command displays VLAN information. Syntax show vlan [tag vlan-id | name vlan-name] Parameters • vlan-id — specifies a VLAN ID • vlan-name — Specifies a VLAN name string. (Range: 1-32 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays all VLAN information.
34 VLAN Commands show vlan multicast-tv 30 31 91 3978 VLAN0030 VLAN0031 VLAN0011 1 Guest VLAN 1 static static static guest Required Required Not Required -- show vlan multicast-tv The show vlan multicast-tv Privileged EXEC mode command displays information on the source ports and receiver ports of Multicast-TV VLAN. Syntax show vlan multicast-tv vlan vlan-id Parameters • vlan-id — VLAN ID value. Default Configuration The default configuration is disabled.
34 VLAN Commands show interfaces switchport Source ports ------------e8, e9 Receiver Ports ---------------------e1-e4, e12-e18, e22-e24 show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays the switchport configuration. Syntax show interfaces switchport {ethernet interface | port-channel port-channel- number} Parameters • interface — A valid Ethernet port number. • port-channel-number — A valid port-channel number.
34 VLAN Commands show interfaces switchport Example The following example displays the switchport configuration for Ethernet port 10 map protocol protocols-group.
35 Web Server Commands ip http server The ip http server Global Configuration mode command enables configuring the device from a browser. Use the no form of this command to disable this function. Syntax ip http server no ip http server Default Configuration HTTP server is enabled. Command Mode Global Configuration mode User Guidelines Only a user with access level 15 can use the Web server. Example The following example enables configuring the device from a browser.
35 Web Server Commands ip http port ip http port To specify the TCP port to be used by the web browser interface, use the ip http port global configuration command. To use the default port, use the no form of this command. Syntax ip http port port-number no ip http port Parameters • port-number — Port number for use by the HTTP server.
35 Web Server Commands ip http exec-timeout ip http exec-timeout The ip http exec-timeout Global Configuration mode command sets the interval that the system waits for user input in http sessions, prior to automatic logoff. Use the no form of this command to return to default. Syntax ip http exec-timeout minutes [seconds] no ip http exec-timeout Parameters • minutes — Integer that specifies the number of minutes. Range: 1 - 65535. • seconds — Additional time intervals in seconds. Range: 0 - 59.
Web Server Commands ip https server 35 ip https server The ip https server Global Configuration mode command enables configuring the device from a secured browser. Use the no form of this command to restore the default configuration. Syntax ip https server no ip https server Default Configuration Disabled. Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configuration mode command to generate an HTTPS certificate.
35 Web Server Commands ip https port ip https port The ip https port Global Configuration mode command specifies the TCP port used by the server to configure the device through the Web browser. Use the no form of this command to restore the default configuration. Syntax ip https port port-number no ip https port Parameters • port-number — Port number to be used by the HTTP server. Range: 065535. Default Configuration The default port number is 443. Command Mode Global Configuration mode.
35 Web Server Commands ip https exec-timeout ip https exec-timeout The ip https exec-timeout Global Configuration mode command sets the interval that the system waits for user input in https sessions, prior to automatic logoff. Use the no form of this command to return to default. Syntax ip https exec-timeout minutes [seconds] no ip https exec-timeout Parameters • minutes — Integer that specifies the number of minutes. Range: 1 - 65535. • seconds — Additional time intervals in seconds. Range: 0 - 59.
35 Web Server Commands ip https certificate ip https certificate To configure the active certificate for HTTPS, use the ip https certificate global configuration command. Use the no form of this command to return to default. Syntax ip https certificate number no ip https certificate Parameters • number — Specifies the certificate number. Range: 1 digit, product specific Default Configuration Certificate number 1.
Web Server Commands show ip http 35 show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax show ip http Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the HTTP server configuration. Console# show ip http HTTP server enabled.
35 Web Server Commands show ip https show ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration. Syntax show ip https Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is not active.
35 Web Server Commands show ip https Valid to: Apr 29 22:16:01 2004 GMT Subject: C= , ST= , L= , CN=10.6.41.
36 802.1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1x. Use the no form of this command to restore the default configuration. Syntax aaa authentication dot1x default method1 [method2...] no aaa authentication dot1x default Parameters • method1 [method2...
36 802.1x Commands dot1x system-auth-control User Guidelines Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied. To ensure that authentication succeeds even if all methods return an error, specify none as the final method in the command line. The RADIUS server must support MD-5 challenge and EAP type frames. Example The following example uses the aaa authentication dot1x default command with no authentication.
36 802.1x Commands dot1x port-control User Guidelines There are no user guidelines for this command. Example The following example enables 802.1x globally. Console(config)# dot1x system-auth-control dot1x port-control The dot1x port-control Interface Configuration mode command enables manually controlling the authorization state of the port. Use the no form of this command to restore the default configuration.
36 802.1x Commands dot1x re-authentication Default Configuration Port is in the force-authorized state Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to get immediately to the forwarding state after successful authentication. Example The following example enables 802.1x authentication on Ethernet port e16.
36 802.1x Commands dot1x timeout re-authperiod Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example enables periodic re-authentication of the client. Console(config)# interface ethernet e16 Console(config-if)# dot1x re-authentication dot1x timeout re-authperiod The dot1x timeout re-authperiod Interface Configuration mode command sets the number of seconds between re-authentication attempts.
36 802.1x Commands dot1x re-authenticate Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example sets the number of seconds between re-authentication attempts, to 300. Console(config)# interface ethernet e16 Console(config-if)# dot1x timeout re-authperiod 300 dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a reauthentication of all 802.
36 802.1x Commands dot1x timeout quiet-period User Guidelines There are no user guidelines for this command. Example The following command manually initiates a re-authentication of 802.1x-enabled Ethernet port e16.
36 802.1x Commands dot1x timeout tx-period User Guidelines During the quiet period, the device does not accept or initiate authentication requests. The default value of this command should only be changed to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide a faster response time to the user, a smaller number than the default value should be entered.
36 802.1x Commands dot1x max-req Default Configuration Timeout period is 30 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following command sets the number of seconds that the device waits for a response to an EAP-request/identity frame, to 3600 seconds.
36 802.1x Commands dot1x timeout supp-timeout Parameters • count — Number of times that the device sends an EAP-request/identity frame before restarting the authentication process. (Range: 1-10) Default Configuration The default number of times is 2.
36 802.1x Commands dot1x timeout supp-timeout Syntax dot1x timeout supp-timeout seconds no dot1x timeout supp-timeout Parameters • seconds — Time in seconds that the device waits for a response to an EAPrequest frame from the client before resending the request. (Range: 165535 seconds) Default Configuration Default timeout period is 30 seconds.
36 802.1x Commands dot1x timeout server-timeout dot1x timeout server-timeout The dot1x timeout server-timeout Interface Configuration mode command sets the time that the device waits for a response from the authentication server. Use the no form of this command to restore the default configuration. Syntax dot1x timeout server-timeout seconds no dot1x timeout server-timeout Parameters • seconds — Time in seconds that the device waits for a response from the authentication server.
36 802.1x Commands show dot1x show dot1x The show dot1x Privileged EXEC mode command displays the 802.1x status of the device or specified interface. Syntax show dot1x [ethernet interface] Parameters • interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the status of 802.1x-enabled Ethernet ports. Console# show dot1x 802.
36 802.1x Commands show dot1x e3 e4 e5 Auto Force-auth Force-auth Unauthorized Authorized Unauthorized* Ena Dis Dis 3600 3600 3600 Reauth Control ------Ena Reauth Period -----3600 Clark n/a n/a * Port is down or not present. Console# show dot1x ethernet e3 802.1x is enabled.
36 802.1x Commands show dot1x Field Description Port The port number. Admin mode The port admin mode. Possible values: Forceauth, Force-unauth, Auto. Oper mode The port oper mode. Possible values: Authorized, Unauthorized or Down. Reauth Control Reauthentication control. Reauth Period Reauthentication period. Username The username representing the identity of the Supplicant. This field shows the username in case the port control is auto.
36 802.1x Commands show dot1x users Field Description Termination Cause The reason for the session termination. State The current value of the Authenticator PAE state machine and of the Backend state machine. Authentication success The number of times the state machine received a Success message from the Authentication Server. Authentication fails The number of times the state machine received a Failure message from the Authentication Server.
36 802.1x Commands show dot1x statistics Example The following example displays 802.1x users. console(config-if)# show dot1x users Session Port Username Time ------ ----------- ---------e1 dva5 00:00:06 e2 admin 00:04:04 Auth Method -----Remote Remote MAC Address VLAN ----------------00:05:74:94:2a:1c 5 00:05:1c:18:0a:7e The following table describes the significant fields shown in the display. Field Description Port The port number.
36 802.1x Commands show dot1x statistics Parameters • interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays 802.1x statistics for the specified interface.
36 802.1x Commands show dot1x statistics Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator. EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator. EapolStartFramesRx The number of EAPOL Start frames that have been received by this Authenticator. EapolLogoffFramesRx The number of EAPOL Logoff frames that have been received by this Authenticator.
36 802.1x Commands Advanced Features Advanced Features dot1x auth-not-req The dot1x auth-not-req Interface Configuration (VLAN) mode command enables unauthorized devices access to the VLAN. Use the no form of this command to disable access to the VLAN. Syntax dot1x auth-not-req no dot1x auth-not-req Default Configuration Access is enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines An access port cannot be a member in an unauthenticated VLAN.
36 802.1x Commands dot1x multiple-hosts dot1x multiple-hosts The dot1x multiple-hosts Interface Configuration mode command enables multiple hosts (clients) on an 802.1x-authorized port, where the authorization state of the port is set to auto. Use the no form of this command to restore the default configuration. Syntax dot1x multiple-hosts [authentication] no dot1x multiple-hosts Parameters • authentication — Specifies that each station should be 802.1x authenticated.
36 802.1x Commands dot1x radius-attributes vlan Port security cannot be enabled on a port if multiple hosts mode is disabled, or if multiple hosts with authentication per host mode is enabled. It is recommended to enable reauthentication when working in ‘multiple sessions (multiple-hosts authentication)’, in order to detect ‘user logout’ for users who have not yet sent ‘logoff’. Example The following command enables multiple hosts (clients) on an 802.1x-authorized port.
36 802.1x Commands dot1x single-host-violation User Guidelines • User-based VLAN assignment is supported only in 802.1x multiple sessions. • The configuration of the parameter is allowed only when the port is Forced Authorized or Forced Unauthorized. dot1x single-host-violation The dot1x single-host-violation Interface Configuration (Ethernet) mode command configures the action to be taken when a station whose MAC address is not the supplicant MAC address attempts to access the interface.
36 802.1x Commands dot1x bpdu Command Mode Interface (Ethernet) Configuration mode User Guidelines The command is relevant when Multiple hosts is disabled and the user has been successfully authenticated. A BPDU message with a MAC address that is not the supplicant MAC address is not discarded in discard mode. A BPDU message with a MAC address that is not the supplicant MAC address causes a shutdown in discard-shutdown mode for GE ports, and is not discarded for FE ports.
36 802.1x Commands dot1x bpdu Parameters • filtering — Specify that when 802.1x is globally disabled, 802.1x BPDU packets would be filtered. • bridging — Specify that when 802.1x is globally disabled, 802.1x BPDU packets would be bridged. Default The default value is filtering. Command Modes Global configuration Usage Guidelines According to IEEE802.1 standards the 802.1X BPDUs should never be forwarded. The 802.1X BPDUs should be handled by the software in case 802.
36 802.1x Commands show dot1x bpdu show dot1x bpdu Use the show dot1x bpdu EXEC command to display the 802.1x BPDU handling when 802.1x is globally disabled. Syntax show dot1x bpdu Parameters This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Modes EXEC User Guidelines There are no user guidelines for this command. Examples Switch# show dot1x bpdu 802.1X BPDU packets are trapped for the 802.1X protocol. Switch# show dot1x bpdu 802.
36 802.1x Commands dot1x guest-vlan Switch# show dot1x bpdu 802.1X BPDU packets are bridged. dot1x guest-vlan The dot1x guest-vlan Interface Configuration (VLAN) mode command defines a guest VLAN. Use the no form of this command to restore the default configuration. Syntax dot1x guest-vlan no dot1x guest-vlan Default Configuration No VLAN is defined as a guest VLAN.
36 802.1x Commands dot1x guest-vlan enable Console# configure Console(config)# vlan database Console(config-vlan)# vlan 2 Console(config-vlan)# exit Console(config)# nterface vlan 2 Console(config-if)# dot1x guest-vlan dot1x guest-vlan enable The dot1x vlans guest-vlan enable Interface Configuration mode command enables unauthorized users on the interface access to the Guest VLAN. Use the no form of this command to disable access.
36 802.1x Commands dot1x mac-authentication Console# configure Console(config)# interface ethernet e1 Console(config-if)# dot1x guest-vlan enable dot1x mac-authentication The mac-authentication Interface Configuration mode command enables authentication based on the station’s MAC address. Use the no form of this command to disable MAC authentication. Syntax dot1x mac-authentication {mac-only | mac-and-802.
36 802.1x Commands show dot1x advanced It is not recommended to delete authenticated MAC addresses. Reauthentication must be enabled when working in this mode. When the device sends a MAC address as the 802.1x user name or password to a RADIUS server, the characters “:” and “-” are not forwarded to the Radius server. Avoid defining the corresponding MAC address with “:” and “-” in the RADIUS server. Example The following example enable authentication based on the station’s MAC address.
36 802.1x Commands show dot1x advanced User Guidelines There are no user guidelines for this command. Example The following example displays 802.1x advanced features for the device. Console# show dot1x advanced Guest VLAN: 3978 Unauthenticated VLANs: 91,92 Interface --------e1 e2 Multiple Hosts --------Disabled Enabled Guest VLAN -----------Enabled Enabled MAC Authentication -------------MAC-and-802.1X MAC-and-802.
A Alias Names Alias Name Support The table below defines alias names and their corresponding “native” command names, as supported on the switch. Input parameter variations and/or returned responses for commands launched with alias names are defined in the native command’s description in this guide. NOTE Alias names are supported by the SPS208G, SPS224G4, and SPS2024 switches.
B Where to Go From Here Product Resources Website addresses in this document are listed without http:// in front of the address because most current web browsers do not require it. If you use an older web browser, you may have to add http:// in front of the web address. Resource Link Cisco Partner Central (requires partner registration and login) www.cisco.com/web/partners/sell/smb/ Cisco Small Medium Business Product Information www.cisco.
C Additional Information Regulatory Compliance and Safety Information Regulatory Compliance and Safety Information for this product is available on Cisco.com at the following location: www.cisco.com/go/smallbiz Warranty Warranty information that applies to this product is available on Cisco.com at the following location: www.cisco.com/go/smallbiz End User License Agreement (EULA) Licensing information that applies to this product is available on Cisco.com at the following location: www.cisco.
D Support Contacts Support contact information for this product is available on Cisco.com at the following location: www.cisco.
