Cisco systems switch getting started guide (37 pages)
Summary of Contents for Cisco Catalyst 3560X-24P
Page 1
Catalyst 3750-X and 3560-X Switch Command Reference Cisco IOS Release 12.2(55)SE August 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-21522-02...
Page 2
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.
C O N T E N T S Preface xxiii Audience xxiii Purpose xxiii Conventions xxiii Related Publications xxiv Obtaining Documentation and Submitting a Service Request Using the Command-Line Interface C H A P T E R Accessing the Switch...
Page 6
2-188 duplex 2-189 epm access-control open 2-191 errdisable detect cause 2-193 errdisable detect cause small-frame 2-195 errdisable recovery 2-197 errdisable recovery cause small-frame 2-200 exception crashinfo 2-201 fallback profile 2-202 flowcontrol 2-204 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
Page 7
2-249 ip dhcp snooping trust 2-250 ip dhcp snooping verify 2-251 ip dhcp snooping vlan 2-252 ip dhcp snooping vlan information option format-type circuit-id string 2-253 ip igmp filter 2-255 ip igmp max-groups 2-257 ip igmp profile 2-259...
Page 8
2-313 l2protocol-tunnel 2-315 l2protocol-tunnel cos 2-318 lacp port-priority 2-319 lacp system-priority 2-321 link state group 2-323 link state track 2-325 location (global configuration) 2-326 location (interface configuration) 2-328 logging event 2-330 Catalyst 3750-X and 3560-X Switch Command Reference viii OL-21522-02...
Page 10
2-447 power inline 2-449 power inline consumption 2-452 power inline police 2-455 power-priority 2-458 power rps 2-460 power supply 2-462 priority-queue 2-464 private-vlan 2-466 private-vlan mapping 2-469 queue-set 2-471 radius-server dead-criteria 2-472 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
Page 11
2-532 show controllers cpu-interface 2-534 show controllers ethernet-controller 2-536 show controllers ethernet-controller fastethernet 2-543 show controllers ethernet phy macsec 2-546 show controllers power inline 2-549 show controllers tcam 2-551 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
Page 12
2-628 show ip verify source 2-630 show ipc 2-632 show ipv6 access-list 2-636 show ipv6 dhcp conflict 2-638 show ipv6 mld snooping 2-639 show ipv6 mld snooping address 2-641 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
Page 13
2-706 show mls qos input-queue 2-707 show mls qos interface 2-709 show mls qos maps 2-713 show mls qos queue-set 2-716 show mls qos vlan 2-718 show monitor 2-719 Catalyst 3750-X and 3560-X Switch Command Reference xiii OL-21522-02...
Page 17
Contents Catalyst 3750-X and 3560-X Switch Boot Loader Commands A P P E N D I X boot copy delete flash_init A-10 format A-11 fsck A-12 help A-13 memory A-14 mgmt_clr A-16 mgmt_init A-17 mgmt_show A-18 mkdir A-19 more A-20...
Page 18
B-45 debug platform fallback-bridging B-46 debug platform forw-tcam B-47 debug platform frontend-controller B-48 debug platform ip arp inspection B-49 debug platform ip dhcp B-50 debug platform ip igmp snooping B-51 Catalyst 3750-X and 3560-X Switch Command Reference xviii OL-21522-02...
Page 20
B-100 debug udld B-102 debug vqpc B-104 Catalyst 3750-X and 3560-X Show Platform Commands A P P E N D I X show platform acl show platform backup interface show platform configuration show platform dl show platform etherchannel show platform forward...
Page 21
Contents show platform tb C-45 show platform tcam C-47 show platform vlan C-50 Acknowledgments for Open-Source Software A P P E N D I X N D E X Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
Page 23
Ethernet and local area networking. Purpose This guide provides the information that you need about the Layer 2 and Layer 3 commands that have been created or changed for use with the Catalyst 3750-X and 3560-X switches. For information about the standard Cisco IOS Release 12.2 commands, see the Cisco IOS documentation set available from the...
Preface • Braces ({}) group required choices, and vertical bars ( | ) separate the alternative elements. Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional • element. Interactive examples use these conventions: Terminal sessions and system displays are in font.
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
For more information on Cisco IOS Release 12.2, see the Cisco IOS Release 12.2 Command Summary. For task-oriented configuration steps, see the software configuration guide for this release. In this document, IP refers to IP version 4 (IPv4) unless there is a specific reference to IP version 6 (IPv6). Accessing the Switch You manage the switch stack and the stack member interfaces through the stack master (such as a Catalyst 3750-X switch).
Line configuration • Table 1-1 lists the main command modes, how to access each mode, the prompt you see in that mode, and how to exit that mode. The prompts listed use the default name Switch. Table 1-1 Command Modes Summary...
After you access the device, you are automatically in user EXEC command mode. The EXEC commands available at the user level are a subset of those available at the privileged level. In general, use the user EXEC commands to temporarily change terminal settings, perform basic tests, and list system information.
The supported commands can vary depending on the version of software in use. To display a comprehensive list of commands, enter a question mark (?) at the prompt. Switch(config)# ? To exit global configuration command mode and to return to privileged EXEC mode, enter the end or exit command, or press Ctrl-Z. Interface Configuration Mode Interface configuration commands modify the operation of the interface.
For extended-range VLANs, all characteristics except the MTU size must remain at the default setting. To return to global configuration mode, enter exit; to return to privileged EXEC mode, enter end. All the commands except shutdown take effect when you exit config-vlan mode.
Page 32
Chapter 1 Using the Command-Line Interface CLI Command Modes Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
Page 34
This example shows how to configure IEEE 802.1x accounting: Switch(config)# aaa new-model Switch(config)# aaa accounting dot1x default start-stop group radius The RADIUS authentication server must be properly configured to accept and log update or watchdog Note packets from the AAA client.
The method argument identifies the method that the authentication algorithm tries in the given sequence to validate the password provided by the client. The only method that is truly IEEE 802.1x-compliant is the group radius method, in which the client data is validated against a RADIUS authentication server.
Page 36
This example shows how to enable AAA and how to create an IEEE 802.1x-compliant authentication list. This authentication first tries to contact a RADIUS server. If this action returns an error, the user is not allowed access to the network.
Use the aaa authorization network global configuration command on the switch stack or on a standalone switch to the configure the switch to use user-RADIUS authorization for all network-related service requests, such as IEEE 802.1x per-user access control lists (ACLs) or VLAN assignment. Use the no form of this command to disable RADIUS user authorization.
Use the action access-map configuration command on the switch stack or on a standalone switch to set the action for the VLAN access map entry. Use the no form of this command to return to the default setting. action {drop | forward} no action This command is not supported on switches running the LAN base feature set.
Page 39
Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands. ip access-list Creates a named access list. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands.
Use the archive copy-sw privileged EXEC command on the stack master to copy the running image from the flash memory on one stack member to the flash memory on one or more other stack members. archive copy-sw [/destination-system destination-stack-member-number] [/force-reload] [leave-old-sw] [/no-set-boot] [/overwrite] [/reload] [/safe] source-stack-member-number This command is supported only on Catalyst 3750-X switches.
Page 41
If you specify the command without the /overwrite option, the algorithm verifies that the new image is not the same as the one on the switch flash device or is not running on any stack members. If the images are the same, the copy does not occur. If the images are different, the old image is deleted, and the new one is copied.
Page 42
This example shows how to copy the running image from stack member 6 to stack member 8: Switch# archive copy-sw /destination-system 8 6 This example shows how to copy the running image from stack member 6 to all the other stack members: Switch# archive copy-sw 6 This example shows how to copy the running image from stack member 5 to stack member 7.
Use the archive download-sw privileged EXEC command on the switch stack or on a standalone switch to download a new image from a TFTP server to the switch or switch stack and to overwrite or keep the existing image.
Page 44
The new image is downloaded to the flash: file system. The BOOT environment variable is changed to point to the new software image on the flash: file system. Image names are case sensitive; the image file is provided in tar format.
Page 45
If you specify the command without the /overwrite option, the download algorithm verifies that the new image is not the same as the one on the switch flash device or is not running on any stack members. If the images are the same, the download does not occur. If the images are different, the old image is deleted, and the new one is downloaded.
Page 46
Creates a tar file, lists the files in a tar file, or extracts the files from a tar file. archive upload-sw Uploads an existing image on the switch to a server.
Use the archive tar privileged EXEC command on the switch stack or on a standalone switch to create a tar file, list files in a tar file, or extract the files from a tar file. archive tar {/create destination-url flash:/file-url} | {/table source-url} | {/xtract source-url flash:/file-url [dir/file...]}...
Page 48
For flash:/file-url [dir/file...], specify the location on the local flash file system into which the tar file is extracted. Use the dir/file... option to specify an optional list of files or directories within the tar file to be extracted. If none are specified, all files and directories are extracted.
Page 49
Switch# archive tar /create tftp:172.20.10.30/saved.tar flash:/new-configs This example shows how to display the contents of an image file that is in flash memory. An example of an image file name is c3750x-universal-tar.12-53.SE2. The contents of the tar file appear on the screen: Switch# archive tar /table flash: image_name .tar...
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands archive upload-sw archive upload-sw Use the archive upload-sw privileged EXEC command on the switch stack or on a standalone switch to upload an existing switch image to a server. archive upload-sw [/source-system-num stack member number | /version version_string]...
Page 51
Use the upload feature only if the HTML files associated with the embedded device manager have been installed with the existing image. The files are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. After these files are uploaded, the software creates the tar file.
Use the permit and deny access-list configuration commands to forward and to drop ARP packets based on the specified matching criteria. When the ARP ACL is defined, you can apply it to a VLAN by using the ip arp inspection filter vlan global configuration command. ARP packets containing only IP-to-MAC address bindings are compared to the ACL.
Page 53
Examples This example shows how to define an ARP access list and to permit both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 00001.0000.abcd...
The CoA bounce port command causes a link flap, which triggers a DHCP renegotiation from the host. This is useful when a VLAN change occurs and the endpoint is a device such as a printer, that has no supplicant to detect the change. Use this command to configure the switch to ignore the bounce port command.
Use the authentication command disable-port ignore global configuration command on the switch stack or on a standalone switch to allow the switch to ignore a command to disable a port. Use the no form of this command to return to the default status.
Modification 12.2(53)SE2 This command was introduced. Usage Guidelines Use the both keyword or the no form of this command to return to the default setting (bidirectional mode). Examples This example shows how to enable bidirectional mode: Switch(config-if)# authentication control-direction both...
Page 57
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port with the maximum number of devices already connected to that port. show authentication Displays information about authentication manager events on the switch.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication event authentication event Use the authentication event interface configuration command to set the actions for specific authentication events on the port. authentication event {[linksec] fail [action [authorize vlan vlan-id | next-method] {| retry {retry...
Page 59
MDA mode. Authenticated hosts remain in the authenticated VLAN, and the reauthentication timers are disabled. If a client is running Windows XP and the critical port to which the client is connected is in the •...
Page 60
Switch(config-if)# authentication event server alive action reinitialize This example shows how to configure a port to send both new and existing hosts to the critical VLAN when the RADIUS server is unavailable. Use this command for ports in multiple authentication (multiauth)
Page 61
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
When link-security authentication fails because of unrecognized user credentials, this command specifies that the switch authorizes a restricted VLAN on the port. Examples This example configures the interface so that the port is assigned to a restricted VLAN 40 after a failed authentication attempt: Switch(config)# interface gigabitethernet1/0/3...
You must enter the authentication port-control auto interface configuration command before configuring a fallback method. You can only configure web authentication as a fallback method to 802.1x or MAB, so one or both of these authentication methods should be configured for the fallback to enable.
Page 64
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
This command was introduced. Usage Guidelines Single-host mode should be configured if only one data host is connected. Do not connect a voice device to authenticate on a single-host port. Voice device authorization fails if no voice VLAN is configured on the port.
Page 66
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
This command was introduced. Usage Guidelines The linksec policy might change after a successful reauthentication started by a local timer or a change of authorization (CoA) reauthenticate command. If the policy changes from must-not-secure to must-secure after a reauthentication, the system attempts to secure the session. If the MACsec key does not renegotiate a MACsec connection after a reauthentication, the session is terminated, and all local states are removed.
The command enables authenticated hosts to move between 802.1x-enabled ports on a switch. For example, if there is a device between an authenticated host and port, and that host moves to another port, the authentication session is deleted from the first port, and the host is reauthenticated on the new port.
Page 69
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port with the maximum number of devices already connected to that port. show authentication Displays information about authentication manager events on the switch.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication open authentication open Use the authentication open interface configuration command to enable or disable open access on a port. Use the no form of this command to disable open access. authentication open...
Page 71
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
Each method can only be entered once. Flexible ordering is only possible between 802.1x and MAB. Web authentication can be configured as either a standalone method or as the last method in the order after either 802.1x or MAB. Web authentication should be configured only as fallback to dot1x or mab.
Page 73
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. Enables MAC authentication bypass on a port.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication periodic authentication periodic Use the authentication periodic interface configuration command to enable or disable reauthentication on a port. Enter the no form of this command to disable reauthentication. authentication periodic no authentication periodic Command Default Reauthentication is disabled.
Page 75
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
Trunk port—If you try to enable authentication on a trunk port, an error message appears, and is not • enabled. If you try to change the mode of an port to trunk, an error message appears, and the port mode is not changed.
Page 77
• EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an port. If you try to enable authentication on an EtherChannel port, an error message appears, and authentication is not enabled.
This command was introduced. Usage Guidelines Ordering sets the order of methods that the switch attempts when trying to authenticate a new device is connected to a port. When configuring multiple fallback methods on a port, set web authentication (webauth) last.
Page 79
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication priority Examples This example shows how to set 802.1x as the first authentication method and web authentication as the second authentication method: Switch(config-if)# authentication priority dotx webauth This example shows how to set MAC authentication Bypass (MAB) as the first authentication method...
Interval in seconds after which an attempt is made to authenticate an unauthorized port. value Enter a value between 1 and 65535 (in seconds). Defaults The inactivity and restart keywords are set to off. The reauthenticate keyword is set to one hour. Command Modes Interface configuration Command History Release Modification 12.2(53)SE2...
Page 81
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
Use the authentication violation interface configuration command to configure the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port.
Page 83
Sets the action for specific authentication events. authentication Configures a port to use web authentication as a fallback method for clients fallback that do not support 802.1x authentication. authentication Sets the authorization manager mode on a port.
Use the auto qos classify interface configuration command to automatically configure quality of service (QoS) classification for untrusted devices within a QoS domain. Use the no form of this command to return to the default setting. auto qos classify [police]...
Page 85
Usage Guidelines Use this command to configure the QoS for trusted interfaces within the QoS domain. The QoS domain includes the switch, the network interior, and edge devices that can classify incoming traffic for QoS. Auto-QoS configures the switch for connectivity with a trusted interface. The QoS labels of incoming packets are trusted.
Page 86
After auto-QoS is enabled, do not modify a policy map or aggregate policer that includes AutoQoS in its name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the copied policy map or policer. To use the new policy map instead of the generated one, remove the generated policy map from the interface, and apply the new policy map.
Use the auto qos trust interface configuration command on the switch stack or on a standalone switch to automatically configure quality of service (QoS) for trusted interfaces within a QoS domain. Use the no form of this command to return to the default setting.
Page 88
You can fine-tune the auto-QoS configuration after you enable auto-QoS. If the port is configured with auto-QoS trust, it trusts all the packets on the port. If the packets are not marked with a DSCP or CoS value, default marking takes affect.
Page 89
After auto-QoS is enabled, do not modify a policy map or aggregate policer that includes AutoQoS in its name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the copied policy map or policer. To use the new policy map instead of the generated one, remove the generated policy map from the interface, and apply the new policy map.
Use the auto qos video interface configuration command on the switch stack or on a standalone switch to automatically configure quality of service (QoS) for video within a QoS domain. Use the no form of this command to return to the default setting.
Page 91
• in its name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the copied policy map or policer. To use the new policy map instead of the generated one, remove the generated policy map from the interface, and apply the new policy map.
Page 92
(to avoid disrupting traffic on other ports affected by the global configuration). You can use the no mls qos global configuration command to disable the auto-QoS-generated global configuration commands. With QoS disabled, there is no concept of trusted or untrusted ports because the packets are not modified (the CoS, DSCP, and IP precedence values in the packet are not changed).
Use the auto qos voip interface configuration command to automatically configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain. Use the no form of this command to return to the default setting.
Page 94
QoS. Auto-QoS configures the switch for VoIP with Cisco IP Phones on switch and routed ports and for VoIP with devices running the Cisco SoftPhone application. These releases support only Cisco IP SoftPhone Version 1.3(3) or later.
Page 95
If the packet does not have a DSCP value of 24, 26, or 46 or is out of profile, the switch changes the DSCP value to 0. When a Cisco IP Phone is absent, the ingress classification is set to not trust the QoS label in the packet.
Page 96
(to avoid disrupting traffic on other ports affected by the global configuration). You can use the no mls qos global configuration command to disable the auto-QoS-generated global configuration commands. With QoS disabled, there is no concept of trusted or untrusted ports because the packets are not modified (the CoS, DSCP, and IP precedence values in the packet are not changed).
Page 97
Switch(config-pmap-c)# set dscp default Switch(config-if)# service-policy input AUTOQOS-SRND4-SOFTPHONE-POLICY Examples This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to the port is a trusted device: Switch(config)# interface gigabitethernet2/0/1...
Page 98
Displays QoS information at the port level. srr-queue bandwidth shape Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a port. srr-queue bandwidth share Assigns the shared weights and enables bandwidth sharing on the four egress queues mapped to a port.
Usage Guidelines A switch in VM mode is a switch that has a different minor version number than the version on the switch stack. A switch in VM mode cannot join the switch stack as a fully functioning member. If the switch stack has an image that can be copied to a switch in VM mode, the auto-upgrade process automatically copies the image from a stack member to the switch in VM mode.
Use the boot auto-download-sw global configuration command on the switch stack to specify a URL pathname to use for the automatic software upgrades. Use the no form of this command to remove the software image. boot auto-download-sw source-url no boot auto-download-sw This command is supported only on Catalyst 3750-X switches.
Page 101
This command was introduced. Usage Guidelines This command specifies a URL path to use for automatic software upgrades. You can use this command to configure the URL for the master switch to access in case of version-mismatch. Related Commands Command...
After you configure the NVRAM buffer size, reload the switch or switch stack. When you add a switch to a stack and the NVRAM size differs, the new switch syncs with the stack and reloads automatically.
Use the boot config-file global configuration command on a standalone switch to specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration. Use the no form of this command to return to the default setting.
When you enter this command, you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized. Despite the setting of this command, you can interrupt the automatic boot process at any time by pressing Note the MODE button on the switch front panel.
Use the boot helper global configuration command on the switch stack or on a standalone switch to dynamically load files during boot loader initialization to extend or patch the functionality of the boot loader. Use the no form of this command to return to the default.
Use the boot helper-config-file global configuration command on the switch stack or on a standalone switch to specify the name of the configuration file to be used by the Cisco IOS helper image. If this is not set, the file specified by the CONFIG_FILE environment variable is used by all versions of Cisco IOS that are loaded.
Use the boot manual global configuration command on a standalone switch to enable manually booting the switch during the next boot cycle. Use the no form of this command to return to the default setting. boot manual no boot manual Syntax Description This command has no arguments or keywords.
Use the boot private-config-file global configuration command on a standalone switch to specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the private configuration. Use the no form of this command to return to the default setting.
Use the boot system global configuration command on the switch stack or on a standalone switch to specify the Cisco IOS image to load during the next boot cycle. Use the no form of this command to return to the default setting.
Page 110
When you enter the boot system switch number or the boot system switch all command on the stack master, the stack master checks if a software image is already on the stack member (except on the stack master). If the software image does not exist on the stack member (for example, stack member 1), an...
Specifies the switch port that forwards the CDP packet to the Cisco TelePresence System. Defaults The default path for CDP packets through the switch is from any ingress port to the egress port connected to the Cisco Telepresence System. Command Modes...
Page 112
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cdp forward Related Commands Command Description show cdp forward Displays the CDP forwarding table. Catalyst 3750-X and 3560-X Switch Command Reference 2-80 OL-21522-02...
Use the channel-group interface configuration command on the switch stack or on a standalone switch to assign an Ethernet port to an EtherChannel group, to enable an EtherChannel mode, or both. Use the no form of this command to remove an Ethernet port from an EtherChannel group.
Page 114
If you use a new number, the channel-group command dynamically creates a new port channel. You do not have to disable the IP address that is assigned to a physical port that is part of a channel group, but we strongly recommend that you do so.
Page 115
This example shows how to configure a cross-stack EtherChannel in a switch stack. It uses LACP passive mode and assigns two ports on stack member 2 and one port on stack member 3 as static-access ports in VLAN 10 to channel 5:...
Page 116
Displays PAgP channel-group information. show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_ command_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command.
Use the channel-protocol interface configuration command on the switch stack or on a standalone switch to restrict the protocol used on a port to manage channeling. Use the no form of this command to return to the default setting.
This command was introduced. Usage Guidelines The link between the authenticator and supplicant switch is a trunk. When you enable VTP on both switches, the VTP domain name must be the same, and the VTP mode must be server. When you configure VTP mode, to avoid the MD5 checksum mismatch error, verify that: VLANs are not configured on two different.switches, which can be caused by two VTP servers in...
After specifying a policy map, you can configure a policy for new classes or modify a policy for any existing classes in that policy map. You attach the policy map to a port by using the service-policy interface configuration command.
Page 120
IP Differentiated Services Code Point (DSCP) to 10, and polices the traffic at an average rate of 1 Mb/s and bursts at 20 KB. Traffic exceeding the profile is marked down to a DSCP value gotten from the policed-DSCP map and then sent.
Page 121
Related Commands Command Description class-map Creates a class map to be used for matching packets to the class whose name you specify. police Defines a policer for classified traffic. policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy.
Use the class-map global configuration command on the switch stack or on a standalone switch to create a class map to be used for matching packets to the class whose name you specify and to enter class-map configuration mode. Use the no form of this command to delete an existing class map and to return to global configuration mode.
Page 123
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands class-map If you enter the match-all or match-any keyword, you can only use it to specify an extended named access control list (ACL) with the match access-group acl-index-or-name class-map configuration command.
12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all the information by using the clear dot1x all command, or you can clear only the information for the specified interface by using the clear dot1x interface interface-id command. Examples This example shows how to clear all IEEE 8021.x information:...
12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all counters by using the clear eap sessions command, or you can clear only the specific information by using the keywords. Examples This example shows how to clear all EAP information:...
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear errdisable interface clear errdisable interface Use the clear errdisable interface privileged EXEC command on the switch stack or on a standalone switch to re-enable a VLAN that was error disabled. clear errdisable interface interface-id vlan [vlan-list]...
Use the clear ip arp inspection log privileged EXEC command on the switch stack or on a standalone switch to clear the dynamic Address Resolution Protocol (ARP) inspection log buffer.
This example shows how to clear the statistics for VLAN 1: Switch# clear ip arp inspection statistics vlan 1 You can verify that the statistics were deleted by entering the show ip arp inspection statistics vlan 1 privileged EXEC command.
Use the clear ip dhcp snooping privileged EXEC command on the switch stack or on a standalone switch to clear the DHCP binding database agent statistics or the DHCP snooping statistics counters.
Page 130
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear ip dhcp snooping Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN. ip dhcp snooping database Configures the DHCP snooping binding database agent or the binding file.
12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all statistics by using the clear ipc statistics command, or you can clear only the queue statistics by using the clear ipc queue-statistics command. Examples This example shows how to clear all statistics:...
DECLINE message. If an address conflict is detected, the address is removed from the pool, and the address is not assigned until the administrator removes the address from the conflict list.
12.2(53)SE2 This command was introduced. Usage Guidelines Use this command to clear protocol tunnel counters on the switch or on the specified interface. Examples This example shows how to clear Layer 2 protocol tunnel counters on an interface: Switch# clear l2protocol-tunnel counters gigabitethernet1/0/3...
12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all counters by using the clear lacp counters command, or you can clear only the counters for the specified channel group by using the clear lacp channel-group-number counters command. Examples...
This command was introduced. Usage Guidelines We recommend that you keep OBFL enabled and do not erase the data stored in the flash memory. Examples This example shows how to clear all the OBFL information except for the uptime and CLI-command...
Use the clear mac address-table privileged EXEC command on the switch stack or on a standalone switch to delete from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, all dynamic addresses on stack members, or all dynamic addresses on a particular VLAN.
Use the clear mac address-table move update privileged EXEC command on the switch stack or on a standalone switch to clear the MAC address table move-update counters. clear mac address-table move update Syntax Description This command has no arguments or keywords.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear macsec counters interface clear macsec counters interface To clear Media Access Control Security (MACsec) counters for all interfaces or a specified interface, use the clear macsec counters interface privileged EXEC command. clear macsec counters interface [interface-id]...
Modification 12.2(53)SE2 This command was introduced. Usage Guidelines When you enter the clear mka all command, the switch prompts for a confirmation and then deletes all active MKA sessions. Examples This example clears all active MKA sessions: Switch# clear mka all...
Page 140
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear mka Related Commands Command Description show mka policy Displays MKA policy configuration information. show mka sessions Displays a summary of MKA sessions. show mka statistics Displays global MKA statistics.
12.2(53)SE2 This command was introduced. Examples This example shows how to clear NMSP statistics: Switch# clear nmsp statistics You can verify that information was deleted by entering the show nmsp statistics privileged EXEC command. Related Commands Command Description show nmsp Displays the NMSP information.
12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all counters by using the clear pagp counters command, or you can clear only the counters for the specified channel group by using the clear pagp channel-group-number counters command. Examples...
Use the clear port-security privileged EXEC command on the switch stack or on a standalone switch to delete from the MAC address table all secure addresses or all secure addresses of a specific type (configured, dynamic, or sticky) on the switch or on an interface.
Page 144
This example shows how to clear all secure addresses from the MAC address table: Switch# clear port-security all This example shows how to remove a specific configured secure address from the MAC address table: Switch# clear port-security configured address 0008.0070.0007...
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear spanning-tree counters clear spanning-tree counters Use the clear spanning-tree counters privileged EXEC command on the switch stack or on a standalone switch to clear the spanning-tree counters. clear spanning-tree counters [interface interface-id]...
IEEE 802.1D BPDUs on that port. A multiple spanning-tree (MST) switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (Version 3) associated with a different region, or a rapid spanning-tree (RST) BPDU (Version 2).
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear vmps statistics clear vmps statistics Use the clear vmps statistics privileged EXEC command on the switch stack or on a standalone switch to clear the statistics maintained by the VLAN Query Protocol (VQP) client. clear vmps statistics Syntax Description This command has no arguments or keywords.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear vtp counters clear vtp counters Use the clear vtp counters privileged EXEC command on the switch stack or on a standalone switch to clear the VLAN Trunking Protocol (VTP) and pruning counters. clear vtp counters Syntax Description This command has no arguments or keywords.
The cluster member switch retains the identity of the cluster command switch during a system reload by using the mac-address parameter. You can enter the no form on a cluster member switch to remove it from the cluster during debugging or recovery procedures. You would normally use this command from the cluster member switch console port or Ethernet management port only when the member has lost communication with the cluster command switch.
Page 150
<output truncated> cluster commander-address 00e0.9bc0.a500 member 4 name my_cluster <output truncated> This example shows how to remove a member from the cluster by using the cluster member console. Switch # configure terminal Enter configuration commands, one per line. End with CNTL/Z.
If the hop count is set to 1, it disables extended discovery. The cluster command switch discovers only candidates that are one hop from the edge of the cluster. The edge of the cluster is the point between the last discovered cluster member switch and the first discovered candidate switch.
Use the no form of the command to remove all members and to make the cluster command switch a candidate switch.
Page 153
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cluster enable Related Commands Command Description show cluster Displays the cluster status and a summary of the cluster to which the switch belongs. Catalyst 3750-X and 3560-X Switch Command Reference 2-121 OL-21522-02...
The holdtime is typically set as a multiple of the interval timer (cluster timer). For example, it takes (holdtime-in-secs divided by the interval-in-secs) number of heartbeat messages to be missed in a row to declare a switch down.
You must enter a member number to remove a switch from the cluster. However, you do not need to enter a member number to add a switch to the cluster. The cluster command switch selects the next available member number and assigns it to the switch that is joining the cluster.
Page 156
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cluster member Examples This example shows how to add a switch as member 2 with MAC address 00E0.1E00.2222 and the password key to a cluster. The cluster command switch adds the candidate to the cluster through VLAN 3.
Network Address Translation (NAT) so that a member without an IP address can communicate with devices outside the cluster. Use the no form of this command to return to the default setting.
Clustering is disabled, and the switch cannot become a candidate switch. When you enter the no cluster run command on a switch that is not part of a cluster, clustering is disabled on this switch. This switch cannot then become a candidate switch.
The same group name should be used on all members of the HSRP standby group that is to be bound to the cluster. The same HSRP group name should also be used on all cluster-HSRP capable members for the HSRP group that is to be bound.
Page 160
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cluster standby-group This example shows the error message when this command is executed on a cluster command switch and the specified HSRP standby group does not exist: Switch(config)# cluster standby-group my_hsrp...
Use the cluster timer global configuration command on the switch stack or on the a cluster command switch to set the interval in seconds between heartbeat messages. Use the no form of this command to set the interval to the default value.
Specify the stack member number. If the switch is a standalone switch, the switch stack-member number is 1. If the switch is in a stack, the range is 1 to 9, depending on the switch member numbers in the stack.
Page 163
For information about OBFL, see the hw-module command. Examples This example shows how to copy the OBFL data messages to the obfl_file file on the flash file system for stack member 3: Switch# copy logging onboard module 3 flash:obfl_file OBFL copy successful...
This example configures an MKA policy with a confidentiality offset of 30 bytes. Switch(config)# mka policy replay-policy Switch(config-mka-policy)# replay-protection window-size 300 Switch(config-mka-policy)# confidentiality offset 30 Switch(config-mka-policy)# end You can verify your setting by entering the show mka session detail privileged EXEC command. Related Commands Command Description show mka session detail Displays detailed information about active MKA sessions.
A macro can contain up to five ranges. All interfaces in a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs, but you can combine multiple interface types in a macro.
Page 166
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands define interface-range For physical interfaces: stack member is the number used to identify the switch within the stack. The number ranges from 1 • to 9 and is assigned to the switch the first time the stack member initializes.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands delete delete Use the delete privileged EXEC command on the switch stack or on a standalone switch to delete a file or directory on the flash memory device. delete [/force] [/recursive] filesystem:/file-url...
(Optional) Log a packet when it matches the ACE. Defaults There are no default settings. However, at the end of the ARP access list, there is an implicit deny ip any mac any command. Command Modes ARP access-list configuration...
Page 169
You can add deny clauses to drop ARP packets based on matching criteria. Examples This example shows how to define an ARP access list and to deny both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# deny ip host 1.1.1.1 mac host 0000.0000.abcd...
Use the deny command in IPv6 access list configuration mode on the switch stack or on a standalone switch to set deny conditions for an IPv6 access list. Use the no form of this command to remove the deny conditions.
Page 171
The optional port-number argument is a decimal number or the name of a TCP or a UDP port. A port number is a number from 0 to 65535. TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.
Page 172
(Optional) Specify an ICMP message type for filtering ICMP packets. ICMP packets can be filtered by an ICMP message type. The type is a number from 0 to 255. icmp-code (Optional) Specify an ICMP message code for filtering ICMP packets.
Page 173
You can add permit, deny, or remark statements to an existing access list without re-entering the entire list. To add a new statement anywhere other than at the end of the list, create a new statement with an appropriate entry number between two existing entry numbers to show where it belongs.
Page 174
This example configures the IPv6 access list named CISCO and applies the access list to outbound traffic on a Layer 3 interface. The first deny entry in the list prevents all packets that have a destination TCP port number greater than 5000 from leaving the interface. The second deny entry in the list prevents all packets that have a source UDP port number less than 5000 from leaving the interface.
Page 176
Though visible in the command-line help strings, appletalk is not supported as a matching condition. Note To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology...
Page 177
If you use the host keyword, you cannot enter an address mask; if you do not use the host keyword, you must enter an address mask. When an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list.
Use the diagnostic monitor global configuration command to configure health-monitoring diagnostic testing. Use the no form of this command to disable testing and to return to the default settings. diagnostic monitor interval switch number test {name | test-id | test-id-range | all} hh:mm:ss...
Page 179
• ID list. Enter the range as integers separated by a comma and a hyphen (for example, 1,3-6 specifies test IDs 1, 3, 4, 5, and 6). •...
Use the diagnostic schedule global configuration command to configure the diagnostic test schedule. Use the no form of this command to remove the schedule. diagnostic schedule switch number test {name | test-id | test-id-range | all | basic | non-disruptive} {daily hh:mm | on mm dd yyyy hh:mm | weekly day-of-week hh:mm}...
Page 181
• or lower case characters. If you are running a diagnostic test that has the reload attribute on a switch in a stack, you could Note potentially partition the stack depending on your cabling configuration. To avoid partitioning your stack,...
Use the diagnostic start privileged EXEC command to run an online diagnostic test. diagnostic start switch number test {name | test-id | test-id-range | all | basic | non-disruptive} Syntax Description switch number Specify the switch number, which is the stack member number. If the switch is a standalone switch, the switch number is 1.
Page 183
When specifying a test name, use the show diagnostic content privileged EXEC command to display the test ID list. To specify test 3 by using the test name, enter the diagnostic start switch number test TestPortAsicCam privileged EXEC command.
Page 184
This message appears if the configured test can cause a stack partition: Switch 6: Running test(s) 2 will cause the switch under test to reload after completion of the test list. Switch 6: Running test(s) 2 will partition stack...
Use the dot1x global configuration command on the switch stack or on a standalone switch to globally enable IEEE 802.1x authentication. Use the no form of this command to return to the default setting. dot1x {guest-vlan supplicant} | {system-auth-control} no dot1x {guest-vlan supplicant} | {system-auth-control} Though visible in the command-line help strings, the credentials name keywords are not supported.
Page 186
This example shows how to globally enable IEEE 802.1x authentication on a switch: Switch(config)# dot1x system-auth-control This example shows how to globally enable the optional guest VLAN behavior on a switch: Switch(config)# dot1x guest-vlan supplicant You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC command.
Use the dot1x auth-fail max-attempts interface configuration command on the switch stack or on a standalone switch to configure the maximum allowable authentication attempts before a port is moved to the restricted VLAN. To return to the default setting, use the no form of this command. dot1x auth-fail max-attempts max-attempts...
Page 188
[vlan id] Enables the optional restricted VLAN feature. dot1x max-reauth-req [count] Sets the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state. show dot1x [interface interface-id] Displays IEEE 802.1x status for the specified port.
Use the dot1x auth-fail vlan interface configuration command on the switch stack or on a standalone switch to enable the restricted VLAN on a port. To return to the default setting, use the no form of this command.
Page 190
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x auth-fail vlan You cannot configure a VLAN to be both a restricted VLAN and a voice VLAN. If you do this, a syslog message is generated. When a restricted VLAN port is moved to an unauthorized state, the authentication process restarts. If the supplicant fails the authentication process again, the authenticator waits in the held state.
The show dot1x all privileged EXEC command output is the same for all switches except for the port names and the state of the port. If a host is attached to the port but is not yet authenticated, a display similar to this appears: Supplicant MAC 0002.b39a.9275...
Page 192
= In If you enter the dot1x control-direction in interface configuration command and the port cannot support this mode due to a configuration conflict, this appears in the show dot1x all command output: ControlDirection = In (Disabled due to port settings)
12.2(53)SE2 This command was introduced. Usage Guidelines You must have another switch set up as the authenticator for this switch to be the supplicant. Examples This example shows how to configure a switch as a supplicant: Switch(config)# dot1x credentials profile You can verify your settings by entering the show running-config privileged EXEC command.
(global configuration) dot1x critical (global configuration) Use the dot1x critical global configuration command on the switch stack or on a standalone switch to configure the parameters for the inaccessible authentication bypass feature, also referred to as critical authentication or the authentication, authorization, and accounting (AAA) fail policy. To return to default settings, use the no form of this command.
Page 195
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x critical (global configuration) Related Commands Command Description dot1x critical (interface Enables the inaccessible authentication bypass feature, and configuration) configures the access VLAN for the feature. show dot1x Displays IEEE 802.1x status for the specified port.
If the critical port is a routed port, you can specify a VLAN, but this is optional. • If the client is running Windows XP and the critical port to which the client is connected is in the critical-authentication state, Windows XP might report that the interface is not authenticated.
Page 197
You can configure the inaccessible authentication bypass feature and the restricted VLAN on an IEEE 802.1x port. If the switch tries to re-authenticate a critical port in a restricted VLAN and all the RADIUS servers are unavailable, the switch changes the port state to the critical authentication state, and it remains in the restricted VLAN.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x default dot1x default Use the dot1x default interface configuration command on the switch stack or on a standalone switch to reset the IEEE 802.1x parameters to their default values. dot1x default Syntax Description This command has no arguments or keywords.
Use the dot1xfallback interface configuration command on the switch stack or on a standalone switch to configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. To return to the default setting, use the no form of this command.
Use the dot1x guest-vlan interface configuration command on the switch stack or on a standalone switch to specify an active VLAN as an IEEE 802.1x guest VLAN. Use the no form of this command to return to the default setting.
Page 201
Switch(config-if)# dot1x guest-vlan 5 This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request, and to enable VLAN 2 as an IEEE 802.1x guest VLAN when an IEEE 802.1x port is connected...
This command was introduced. Usage Guidelines Use this command to limit an IEEE 802.1x-enabled port to a single client or to attach multiple clients to an IEEE 802.1x-enabled port. In multiple-hosts mode, only one of the attached hosts needs to be successfully authorized for all hosts to be granted network access.
This command was introduced. Usage Guidelines Use this command to initialize the IEEE 802.1x state machines and to set up a fresh environment for authentication. After you enter this command, the port status becomes unauthorized. There is not a no form of this command.
Unless otherwise stated, the MAC authentication bypass usage guidelines are the same as the IEEE 802.1x authentication guidelines. If you disable MAC authentication bypass from a port after the port has been authenticated with its MAC address, the port state is not affected.
Page 205
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x mac-auth-bypass Examples This example shows how to enable MAC authentication bypass and to configure the switch to use EAP for authentication: Switch(config-if)# dot1x mac-auth-bypass eap You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC command.
Use the dot1x max-reauth-req interface configuration command on the switch stack or on a standalone switch to set the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state. Use the no form of this command to return to the default setting. dot1x max-reauth-req count...
Page 207
Command Description dot1x timeout tx-period Sets the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request. show dot1x [interface Displays IEEE 802.1x status for the specified port.
Examples This example shows how to set 5 as the number of times that the switch sends an EAP frame from the authentication server to the client before restarting the authentication process:...
Use the dot1x pae interface configuration command on the switch stack or on a standalone switch to configure the port as an IEEE 802.1x port access entity (PAE) authenticator. Use the no form of this command to disable IEEE 802.1x authentication on the port.
Use the dot1x port-control interface configuration command on the switch stack or on a standalone switch to enable manual control of the authorization state of the port. Use the no form of this command to return to the default setting.
Page 211
(VLAN Query Protocol [VQP]) port, an error message appears, and IEEE 802.1x authentication is not enabled. If you try to change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x re-authenticate dot1x re-authenticate Use the dot1x re-authenticate privileged EXEC command on the switch stack or on a standalone switch to manually initiate a re-authentication of the specified IEEE 802.1x-enabled port. dot1x re-authenticate [interface interface-id]...
Use the dot1x reauthentication interface configuration command on the switch stack or on a standalone switch to enable periodic re-authentication of the client. Use the no form of this command to return to the default setting. dot1x reauthentication...
Use the dot1x supplicant force-multicast global configuration command to force a supplicant switch to send only multicast Extensible Authentication Protocol over LAN (EAPOL) packets whenever it receives multicast or unicast EAPOL packets. Use the no form of this command to return to the default setting.
There is not a no form of this command. Examples This example shows how to enable the IEEE 802.1x readiness check on a switch to query a port. It also shows the response received from the queried port verifying that the device connected to it is IEEE 802.1x-capable:...
Use the dot1x test timeout global configuration command on the switch stack or on a standalone switch to configure the timeout used to wait for EAPOL response from a port being queried for IEEE 802.1x readiness. dot1x test timeout timeout...
Use the dot1x timeout interface configuration command on the switch stack or on a standalone switch to set IEEE 802.1x timers. Use the no form of this command to return to the default setting. dot1x timeout {quiet-period seconds | ratelimit-period seconds | reauth-period {seconds |...
Page 218
Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as the number of seconds to wait for a response to an EAP-request/identity frame from the client before re-transmitting the request: Switch(config-if)# dot1x timeout tx-period 60...
Page 219
Related Commands Command Description dot1x max-req Sets the maximum number of times that the switch sends an EAP-request/identity frame before restarting the authentication process. dot1x reauthentication Enables periodic re-authentication of the client. show dot1x Displays IEEE 802.1x status for all ports.
Use the dot1x violation-mode interface configuration command on the switch stack or on a standalone switch to configure the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port.
Use the duplex interface configuration command on the switch stack or on a standalone switch to specify the duplex mode of operation for a port. Use the no form of this command to return the port to its default value.
Page 222
If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
ACL. If you do not configure this command, the port applies the policies of the configured ACL to the traffic. If no static ACL is configured on a port, both the default and open directives allow access to the port.
Page 224
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands epm access-control open Examples This example shows how to configure an open directive. Switch(config)# epm access-control open You can verify your settings by entering the show running-config privileged EXEC command. Related Commands Command Description show running-config Displays the operating configuration.
Use the errdisable detect cause global configuration command on the switch stack or on a standalone switch to enable error-disabled detection for a specific cause or all causes. Use the no form of this command to disable the error-disabled detection feature.
Page 226
When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. For the BPDU guard, voice aware 802.1x security, and port-security features, you can configure the switch to shut down just the offending VLAN on the port when a violation occurs, instead of shutting down the entire port.
VLAN-tagged packets are small frames (67 bytes or less) and arrive at the minimum configured rate (the threshold). Use the no form of this command to return to the default setting.
Page 228
Displays the interface settings on the switch, including input and output flow control. small-frame violation rate Configures the rate (threshold) for incoming small frames to cause a port to be put into the error-disabled state. Catalyst 3750-X and 3560-X Switch Command Reference...
Use the errdisable recovery global configuration command on the switch stack or on a standalone switch to configure the recover mechanism variables. Use the no form of this command to return to the default setting. errdisable recovery {cause {all | arp-inspection | bpduguard | channel-misconfig |...
Page 230
When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. For the BPDU guard and port-security features, you can configure the switch to shut down just the offending VLAN on the port when a violation occurs, instead of shutting down the entire port.
Page 231
Displays interface status or a list of interfaces in error-disabled err-disabled state. clear errdisable interface Clears the error-disabled state from a port or VLAN that was error disabled by the per-VLAN error disable feature. Catalyst 3750-X and 3560-X Switch Command Reference 2-199...
Use the errdisable recovery cause small-frame global configuration command on the switch stack or on a standalone switch to enable the recovery timer for ports to be automatically re-enabled after they are error disabled by the arrival of small frames. Use the no form of this command to return to the default setting.
This command was introduced. Usage Guidelines The basic crashinfo file includes the Cisco IOS image name and version that failed, and a list of the processor registers, and a stack trace. The extended crashinfo file includes additional information that can help determine the cause of the switch failure.
Use the fallback profile global configuration command on the switch stack or on a standalone switch to create a fallback profile for web authentication. To return to the default setting, use the no form of this command. fallback profile profile...
Page 235
Related Commands Command Description dot1x fallback Configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. ip admission Enable web authentication on a switch port ip admission name proxy http...
When flow control receive is on for a device and it receives a pause frame, it stops sending any data packets.
Page 237
Does not send or receive Does not send or receive Examples This example shows how to configure the local port to not support flow control by the remote port: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# flowcontrol receive off You can verify your settings by entering the show interfaces privileged EXEC command.
We recommend that you keep OBFL enabled and do not erase the data stored in the flash memory. To ensure that the time stamps in the OBFL data logs are accurate, you should manually set the system clock, or configure it by using Network Time Protocol (NTP).
Page 239
Examples This example shows how to enable OBFL on a Catalyst 3750-X-only switch stack and to specify that all the hardware-related messages on stack member 4 are stored in the flash memory when this command is entered on the stack master:...
Caution ports that are assigned to the channel group. Do not assign bridge groups on the physical ports in a channel group used as a Layer 3 port-channel Caution interface because it creates loops. You must also disable spanning tree.
Page 241
• port and not on the port-channel interface. Do not configure a port that is an active member of an EtherChannel as an IEEE 802.1x port. If • IEEE 802.1x is enabled on a not-yet active port of an EtherChannel, the port does not join the EtherChannel.
Specifying a previously defined interface-range macro • All interfaces in a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs. However, you can define up to five interface ranges with a single command, with each range separated by a comma.
Page 243
Note channel number in the range must be active port channels. When you define a range, you must enter a space between the first entry and the hyphen (-): interface range gigabitethernet1/0/1 -2 When you define multiple ranges, you must still enter a space after the first entry and before the...
This command was introduced. Usage Guidelines SVIs are created the first time that you enter the interface vlan vlan-id command for a particular VLAN. The vlan-id corresponds to the VLAN-tag associated with data frames on an ISL or IEEE 802.1Q encapsulated trunk or the VLAN ID configured for an access port.
Page 245
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands interface vlan Examples This example shows how to create a new SVI with VLAN ID 23 and to enter interface configuration mode: Switch(config)# interface vlan 23 Switch(config-if)# You can verify your setting by entering the...
Use the ip access-group interface configuration command on the switch stack or on a standalone switch to control access to a Layer 2 or Layer 3 interface. Use the no form of this command to remove all access groups or the specified access group from the interface.
Page 247
ACL or VLAN map: • When an input port ACL is applied to an interface and a VLAN map is applied to a VLAN that the interface is a member of, incoming packets received on ports with the ACL applied are filtered by the port ACL.
Page 248
IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands ip access-list Configures a named ACL. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands.
IP address for the Layer 2 switch or an IP address for each switch virtual interface (SVI) or routed port on the Layer 3 switch. Use the no form of this command to remove an IP address or to disable IP processing.
Page 250
BOOTP or the DHCP server cannot reassign the address. A Layer 3 switch can have an IP address assigned to each routed port and SVI. The number of routed ports and SVIs that you can configure is not limited by software; however, the interrelationship between this number and the number of other features being configured might have an impact on CPU utilization due to hardware limitations.
Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip admission rule1 This example shows how to apply a web authentication rule to a fallback profile for use on an IEEE 802.1x enabled switch port. Switch# configure terminal Switch(config)# fallback profile profile1...
The ip admission name proxy http command globally enables web authentication on a switch. After you enable web authentication on a switch, use the ip access-group in and ip admission web-rule interface configuration commands to enable web authentication on a specific interface.
Page 253
Related Commands Command Description dot1x fallback Configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. fallback profile Create a web authentication fallback profile. ip admission...
All other packet types are bridged in the ingress VLAN without validation. If the switch denies a packet because of an explicit deny statement in the ACL, the packet is dropped. If the switch denies a packet because of an implicit deny statement, the packet is then compared against the list of DHCP bindings (unless the ACL is static, which means that packets are not compared against the bindings).
Page 255
Examples This example shows how to apply the ARP ACL static-hosts to VLAN 1 for dynamic ARP inspection: Switch(config)# ip arp inspection filter static-hosts vlan 1 You can verify your settings by entering the show ip arp inspection vlan 1 privileged EXEC command.
After you configure the rate limit, the interface retains the rate limit even when its trust state is changed. If you enter the no ip arp inspection limit interface configuration command, the interface reverts to its default rate limit.
Page 257
EtherChannel, this means that the actual rate limit might be higher than the configured value. For example, if you set the rate limit to 30 pps on an EtherChannel that has one port on switch 1 and one port on switch 2, each port can receive packets at 29 pps without causing the EtherChannel to become error-disabled.
If the log buffer overflows, it means that a log event does not fit into the log buffer, and the output display for the show ip arp inspection log privileged EXEC command is affected. A -- in the output display appears in place of all data except the packet count and the time.
Page 259
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip arp inspection log-buffer In a switch stack, the log buffer configuration applies to each stack member in the stack. Each stack member has the specified logs number entries and generates system messages at the configured rate. For example, if the interval (rate) is one entry per second, up to five system messages are generated per second in a five-member switch stack.
This command was introduced. Usage Guidelines The switch does not check ARP packets that it receives on the trusted interface; it simply forwards the packets. For untrusted interfaces, the switch intercepts all ARP requests and responses. It verifies that the intercepted packets have valid IP-to-MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination.
Page 261
Configures the dynamic ARP inspection logging buffer. log-buffer show inventory Displays the trust state and the rate limit of ARP packets for the specified interfaces interface or all interfaces. show inventory Displays the configuration and contents of the dynamic ARP inspection log buffer.
Use the ip arp inspection validate global configuration command on the switch stack or on a standalone switch to perform specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the no form of this command to return to the default settings.
Page 263
• inspection validate ip command, ARP probes are dropped unless you enter the allow-zeros keyword. The no form of the command disables only the specified checks. If none of the options are enabled, all checks are disabled. Examples This example show how to enable source MAC validation:...
Use the ip arp inspection vlan global configuration command on the switch stack or on a standalone switch to enable dynamic Address Resolution Protocol (ARP) inspection on a per-VLAN basis. Use the no form of this command to return to the default setting.
Use the ip arp inspection vlan logging global configuration command on the switch stack or on a standalone switch to control the type of packets that are logged per VLAN. Use the no form of this command to disable this logging control.
Page 266
If neither the acl-match or the dhcp-bindings keywords are specified, all denied packets are logged. The implicit deny at the end of an ACL does not include the log keyword. This means that when you use the static keyword in the ip arp inspection filter vlan global configuration command, the ACL overrides the DHCP bindings.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip device tracking ip device tracking To enable IP device tracking, use the ip device tracking global configuration command. Use the no form of this command to disable this feature. ip device tracking...
Use the ip device tracking maximum command to enable IP port security binding tracking on a Layer 2 port. Use the no form of this command to disable IP port security on untrusted Layer 2 interfaces.
The use-svi keyword was added. Usage Guidelines Use the count keyword option to set the number of times that the switch sends the ARP probe. The range is from 1 to 255. Use the interval keyword option to set the number of seconds that the switch waits for a response before resending the ARP probe.
Page 270
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip device tracking probe Related Commands Command Description show ip device Displays information about the entries in the IP device tracking table. tracking all Catalyst 3750-X and 3560-X Switch Command Reference 2-238 OL-21522-02...
Usage Guidelines For any DHCP snooping configuration to take effect, you must globally enable DHCP snooping. DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan vlan-id global configuration command. Examples...
Use the ip dhcp snooping binding privileged EXEC command on the switch stack or on a standalone switch to configure the DHCP snooping binding database and to add binding entries to the database. Use the no form of this command to delete entries from the binding database.
Page 273
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip dhcp snooping binding You can verify your settings by entering the show ip dhcp snooping binding or the show ip dhcp source binding privileged EXEC command. Related Commands Command...
Use the ip dhcp snooping database global configuration command on the switch stack or on a standalone switch to configure the DHCP snooping binding database agent. Use the no form of this command to disable the agent, to reset the timeout value, or to reset the write-delay value.
Page 275
Use the no ip dhcp snooping database write-delay command to reset the write-delay value. Examples This example shows how to store a binding file at an IP address of 10.1.1.1 that is in a directory called directory. A file named file must be present on the TFTP server.
ID suboption). The switch forwards the DHCP request that includes the option-82 field to the DHCP server. When the DHCP server receives the packet, it can use the remote ID, the circuit ID, or both to assign IP addresses and implement policies, such as restricting the number of IP addresses that can be assigned to a single remote ID or a circuit ID.
Page 277
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip dhcp snooping information option Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration. show ip dhcp snooping binding Displays the DHCP snooping binding information. Catalyst 3750-X and 3560-X Switch Command Reference...
Use the ip dhcp snooping information option allow-untrusted global configuration command on an aggregation switch to configure it to accept DHCP packets with option-82 information that are received on untrusted ports that might be connected to an edge switch. Use the no form of this command to return to the default setting.
Page 279
Examples This example shows how to configure an access switch to not check the option-82 information in untrusted packets from an edge switch and to accept the packets: Switch(config)# ip dhcp snooping information option allow-untrusted You can verify your settings by entering the show ip dhcp snooping user EXEC command.
When the option-82 feature is enabled, the default remote-ID suboption is the switch MAC address. This command allows you to configure either the switch hostname or a string of up to 63 ASCII characters (but no spaces) to be the remote ID.
Normally, the rate limit applies to untrusted interfaces. If you want to configure rate limiting for trusted interfaces, keep in mind that trusted interfaces might aggregate DHCP traffic on multiple VLANs (some of which might not be snooped) in the switch, and you will need to adjust the interface rate limits to a higher value.
Use the ip dhcp snooping trust interface configuration command on the switch stack or on a standalone switch to configure a port as trusted for DHCP snooping purposes. Use the no form of this command to return to the default setting.
Use the ip dhcp snooping verify global configuration command on the switch stack or on a standalone switch to configure the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. Use the no form of this command to configure the switch to not verify the MAC addresses.
Use the ip dhcp snooping vlan global configuration command on the switch stack or on a standalone switch to enable DHCP snooping on a VLAN. Use the no form of this command to return to the default setting.
DHCP snooping configuration to take effect. When the option-82 feature is enabled, the default circuit-ID suboption is the switch VLAN and the port identifier, in the format vlan-mod-port. This command allows you to configure a string of ASCII characters to be the circuit ID.
Page 286
Switch(config-if)# ip dhcp snooping vlan 250 information option format-type circuit-id override string testcustomer You can verify your settings by entering the show ip dhcp snooping user EXEC command. Note The show ip dhcp snooping user EXEC command only displays the global command output, including a remote-ID configuration.
Use the ip igmp filter interface configuration command on the switch stack or on a standalone switch to control whether or not all hosts on a Layer 2 interface can join one or more IP multicast groups by applying an Internet Group Management Protocol (IGMP) profile to the interface. Use the no form of this command to remove the specified profile from the interface.
Page 288
Displays the running configuration on the switch interface, including interface-id the IGMP profile (if any) that is applied to an interface. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands >...
Layer 2 interface can join or to configure the IGMP throttling action when the maximum number of entries is in the forwarding table. Use the no form of this command to set the maximum back to the default, which is to have no maximum limit, or to return to the default throttling action, which is to drop the report.
Page 290
After these entries are aged out, when the maximum number of entries is in the forwarding table, the switch drops the next IGMP report received on the interface.
• • permit: specifies that matching addresses are permitted. range: specifies a range of IP addresses for the profile. This can be a single IP address or a range • with a start and an end address. When entering a range, enter the low IP multicast address, a space, and the high IP multicast address.
Page 292
Related Commands Command Description ip igmp filter Applies the IGMP profile to the specified interface. show ip igmp profile Displays the characteristics of all IGMP profiles or the specified IGMP profile number. Catalyst 3750-X and 3560-X Switch Command Reference 2-260 OL-21522-02...
When IGMP snooping is enabled globally, it is enabled in all the existing VLAN interfaces. When IGMP snooping is globally disabled, it is disabled on all the existing VLAN interfaces. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
Page 294
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip igmp snooping Command Description show ip igmp snooping mrouter Displays the IGMP snooping router ports. show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch.
When IGMP snooping is globally disabled, IGMP snooping is disabled on all the existing VLAN interfaces. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Configuring the leave timer on a VLAN overrides the global setting.
Page 296
Configures a Layer 2 port as a multicast router port. ip igmp snooping vlan static Configures a Layer 2 port as a member of a group. show ip igmp snooping Displays the IGMP snooping configuration.
Use the ip igmp snooping querier global configuration command on the switch stack or on a standalone switch to globally enable the Internet Group Management Protocol (IGMP) querier function in Layer 2 networks.
Page 298
Usage Guidelines Use this command to enable IGMP snooping to detect the IGMP version and IP address of a device that sends IGMP query messages, which is also called a querier. By default, the IGMP snooping querier is configured to detect devices that use IGMP Version 2 (IGMPv2) but does not detect clients that are using IGMP Version 1 (IGMPv1).
When IGMP router suppression is enabled (the default), the switch sends the first IGMP report from all hosts for a group to all the multicast routers. The switch does not send the remaining IGMP reports for the group to the multicast routers. This feature prevents duplicate reports from being sent to the multicast devices.
Page 300
Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN. show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN. Catalyst 3750-X and 3560-X Switch Command Reference 2-268 OL-21522-02...
Use ip igmp snooping tcn flood query count global configuration command to control the time that multicast traffic is flooded after a TCN event. If you set the TCN flood query count to 1 by using the ip igmp snooping tcn flood query count command, the flooding stops after receiving 1 general query. If you set the count to 7, the flooding of multicast traffic due to the TCN event lasts until 7 general queries are received.
Page 302
Specifies flooding on an interface as the IGMP snooping spanning-tree TCN behavior. show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN. Catalyst 3750-X and 3560-X Switch Command Reference 2-270 OL-21522-02...
This command was introduced. Usage Guidelines When the switch receives a TCN, multicast traffic is flooded to all the ports until two general queries are received. If the switch has many ports with attached hosts that are subscribed to different multicast groups, the flooding might exceed the capacity of the link and cause packet loss.
This command was introduced. Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. You should configure the Immediate- Leave feature only when there is a maximum of one receiver on every port in the VLAN.
12.2(53)SE2 This command was introduced. Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. The CGMP learn method is useful for reducing control traffic. The configuration is saved in NVRAM.
Page 306
This example shows how to specify the multicast router learning method as CGMP: Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp You can verify your settings by entering the show ip igmp snooping privileged EXEC command. Related Commands Command...
Internet Group Management Protocol (IGMP) snooping and to statically add a Layer 2 port as a member of a multicast group. Use the no form of this command to remove ports specified as members of a static multicast group.
Page 308
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip igmp snooping vlan static Related Commands Command Description ip igmp snooping report-suppression Enables IGMP report suppression. show ip igmp snooping Displays the snooping configuration. show ip igmp snooping groups Displays IGMP snooping multicast information.
SNAP encapsulation. If a switch that is joining the stack does not support forwarding of IPv4 and IPv6 frames with SNAP encapsulation, all the switches in the stack do not forward the IPv4 and IPv6 frames, and this forwarding feature is disabled.
Use the ip source binding global configuration command on the switch stack or on a standalone switch to configure static IP source bindings on the switch. Use the no form of this command to delete static bindings.
Page 311
Enables IP source guard on an interface. show ip source binding Displays the IP source bindings on the switch. show ip verify source Displays the IP source guard configuration on the switch or on a specific interface. Catalyst 3750-X and 3560-X Switch Command Reference 2-279...
Use the ip ssh global configuration command on the switch stack or on a standalone switch to configure the switch to run Secure Shell (SSH) Version 1 or SSH Version 2. Use the no form of this command to return to the default setting.
Page 313
Features > Secure Shell Commands. show ssh Displays the status of the SSH server. For syntax information, select Cisco IOS Release 12.2 Configuration Guides and Command References > Cisco IOS Security Command Reference, Release 12.2 > Other Security Features >...
(global configuration) Use the ip sticky-arp global configuration command to enable sticky Address Resolution Protocol (ARP) on a switch virtual interface (SVI) that belongs to a private VLAN. Use the no form of this command to disable sticky ARP.
Page 315
(global configuration) • Use the no sticky-arp global configuration command to disable sticky ARP on the switch. Use the no sticky-arp interface configuration command to disable sticky ARP on an interface when • sticky ARP is disabled on the switch.
(interface configuration) Use the ip sticky-arp interface configuration command to enable sticky Address Resolution Protocol (ARP) on a switch virtual interface (SVI) or a Layer 3 interface. Use the no form of this command to disable sticky ARP.
Page 317
ARP entries. • If you disconnect the switch from a device and then connect it to another device with a different MAC address but with the same IP address, the ARP entry is not created, and this message appears: *Mar 2 00:26:06.967: %IP-3-STCKYARPOVR: Attempt to overwrite Sticky ARP entry:...
Use the ip verify source interface configuration command on the switch stack or on a standalone switch to enable IP source guard on an interface. Use the no form of this command to disable IP source guard. ip verify source {vlan dhcp-snooping | tracking} [port-security]...
Page 319
11-20 Switch# This example shows how to enable IP port security with IP-MAC filters on a Layer 2 access port: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip device tracking Switch(config)# interface gigabitethernet1/0/3...
Use the ipv6 access-list global configuration command on the switch stack or on a standalone switch to define an IPv6 access list and to place the switch in IPv6 access list configuration mode. To remove the access list, use the no form of this command.
Page 321
To disallow ICMPv6 neighbor discovery and to deny icmp any any nd-na or icmp any any nd-ns, there must be an explicit deny entry in the ACL. For the implicit deny ipv6 any any statement to take effect, an IPv6 ACL must contain at least one entry.
Page 322
Command Description deny (IPv6 access-list Sets deny conditions for an IPv6 access list. configuration) ipv6 traffic-filter Filters incoming or outgoing IPv6 traffic on an interface. permit (IPv6 Sets permit conditions for an IPv6 access list. access-list configuration) show ipv6 access-list Displays the contents of all current IPv6 access lists.
Use the ipv6 address dhcp interface configuration command on the switch stack or on a standalone switch to acquire an IPv6 address on an interface from the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server. To remove the address from the interface, use the no form of this command. ipv6 address dhcp [rapid-commit]...
When enabled, the command is checked only when an IPv6 address is acquired from DHCP. If you enter the command after the interface has acquired an IPv6 address, it does not take effect until the next time the client acquires an IPv6 address from DHCP.
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server sends to a pool address as part of a ping operation. To prevent the server from pinging pool addresses, use the no form of this command.
Page 326
Clears an address conflict from the DHCPv6 server database. conflict show ipv6 dhcp Displays address conflicts found by a DHCPv6 server, or reported through conflict a DECLINE message from a client. Catalyst 3750-X and 3560-X Switch Command Reference...
• hexadecimal, using 16-bit values between colons. lifetime t1 t2: sets a valid and a preferred time interval (in seconds) for the IPv6 address. The range • is 5 to 4294967295 seconds. The valid default is 2 days. The preferred default is 1 day. The valid lifetime must be greater than or equal to the preferred lifetime.
Page 328
After you create the DHCPv6 configuration information pool, use the ipv6 dhcp server interface configuration command to associate the pool with a server on an interface. However, if you do not configure an information pool, you still need to use the ipv6 dhcp server interface configuration command to enable the DHCPv6 server function on an interface.
Page 329
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 dhcp pool Related Commands Command Description ipv6 dhcp server Enables DHCPv6 service on an interface. show ipv6 dhcp pool Displays DHCPv6 configuration pool information. Catalyst 3750-X and 3560-X Switch Command Reference...
When an IPv6 DHCP packet is received by the server, the server determines if it was received from a DHCP relay or if it was directly received from the client. If the packet was received from a relay, the server verifies the link-address field inside the packet associated with the first relay that is closest to the client.
Page 331
The prefix address is valid if it is in the associated local prefix address pool and it is not assigned to a device. If the allow-hint keyword is not specified, the server ignores the client hint, and an address is allocated from the free list in the pool.
Use the ipv6 mld snooping global configuration command on the switch stack or on a standalone switch without keywords to enable IP version 6 (IPv6) Multicast Listener Discovery (MLD) snooping globally or on the specified VLAN. Use the no form of this command to disable MLD snooping on the switch or switch stack or the VLAN.
Page 333
Switch(config)# ipv6 mld snooping This example shows how to disable MLD snooping on a VLAN: Switch(config)# no ipv6 mld snooping vlan 11 You can verify your settings by entering the show ipv6 mld snooping user EXEC command. Related Commands Command...
In MLD snooping, the IPv6 multicast router periodically sends out queries to hosts belonging to the multicast group. If a host wants to leave a multicast group, it can silently leave or it can respond to the query with a Multicast Listener Done message (equivalent to an IGMP Leave message). When...
Page 335
This example shows how to set the last-listener query count for VLAN 10: Switch(config)# ipv6 mld snooping vlan 10 last-listener-query-count 3 You can verify your settings by entering the show ipv6 mld snooping [vlan vlan-id] user EXEC command. Related Commands...
VLAN. This time interval is the maximum time that a multicast router waits after issuing a Mulitcast Address Specific Query (MASQ) before deleting a port from the multicast group. Use the no form of this command to reset the query time to the default settings.
Page 337
This example shows how to globally set the last-listener query interval to 2 seconds: Switch(config)# ipv6 mld snooping last-listener-query-interval 2000 This example shows how to set the last-listener query interval for VLAN 1 to 5.5 seconds: Switch(config)# ipv6 mld snooping vlan 1 last-listener-query-interval 5500 You can verify your settings by entering the show ipv6 MLD snooping [vlan vlan-id] user EXEC command.
MLD snooping listener message suppression is equivalent to IGMP snooping report suppression. When enabled, received MLDv1 reports to a group are forwarded to IPv6 multicast routers only once in every report-forward time. This prevents the forwarding of duplicate reports.
(MLD) queries that the switch sends before deleting a listener that does not respond, or enter a VLAN ID to configure on a per-VLAN basis. Use the no form of this command to reset the variable to the default settings.
Page 340
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 mld snooping robustness-variable Examples This example shows how to configure the global robustness variable so that the switch sends out three queries before it deletes a listener port that does not respond: Switch(config)# ipv6 mld snooping robustness-variable 3 This example shows how to configure the robustness variable for VLAN 1.
Use the ipv6 mld snooping tcn global configuration commands on the switch stack or on a standalone switch to configure IP version 6 (IPv6) Multicast Listener Discovery (MLD) Topology Change Notifications (TCNs). Use the no form of the commands to reset the default settings.
Page 342
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 mld snooping tcn Related Commands Command Description sdm prefer Configures an SDM template to support IPv6 functions. dual-ipv4-and-ipv6 show ipv6 mld snooping Displays MLD snooping configuration. Catalyst 3750-X and 3560-X Switch Command Reference...
Use the ipv6 mld snooping vlan global configuration command on the switch stack or on a standalone switch to configure IP version 6 (IPv6) Multicast Listener Discovery (MLD) snooping parameters on the VLAN interface.
Page 344
Catalyst 3750-X or Catalyst 3560-X switch to receive queries on the VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch.
Layer 2 interfaces (router ACLs). If any port ACL (IPv4, IPv6, or MAC) is applied to an interface, that port ACL is used to filter packets, and any router ACLs attached to the SVI of the port VLAN are ignored.
Page 346
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 traffic-filter Examples This example filters inbound IPv6 traffic on an IPv6-configured interface as defined by the access list named cisco: Switch (config)# interface gigabitethernet1/0/1 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64...
Use the l2protocol-tunnel interface configuration command on the switch stack or on a standalone switch to enable tunneling of Layer 2 protocols on an access port, IEEE 802.1Q tunnel port, or a port channel. You can enable tunneling for Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunking Protocol (VTP) packets.
Page 348
When no protocol option is specified with the keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a drop threshold on the interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value.
Page 349
For more information about Layer 2 protocol tunneling, see the software configuration guide for this release. Examples This example shows how to enable protocol tunneling for CDP packets and to configure the shutdown threshold as 50 packets per second: Switch(config-if)# l2protocol-tunnel cdp...
5. The range is 0 to 7, with 7 being the highest priority. Defaults The default is to use the CoS value configured for data on the interface. If no CoS value is configured, the default is 5 for all tunneled Layer 2 protocol packets.
LACP channel group. An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode.
Page 352
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands lacp port-priority Examples This example shows how to configure the LACP port priority on a port: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# lacp port-priority 1000 You can verify your settings by entering the show lacp [channel-group-number] internal privileged EXEC command.
The lacp system-priority command determines which switch in an LACP link controls port priorities. An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. When there are more than eight ports in an LACP channel-group, the switch on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode.
Page 354
Command Description channel-group Assigns an Ethernet port to an EtherChannel group. lacp port-priority Configures the LACP port priority. show lacp sys-id Displays the system identifier that is being used by LACP. Catalyst 3750-X and 3560-X Switch Command Reference 2-322 OL-21522-02...
An interface can be an aggregation of ports (an EtherChannel), a single physical port in access or trunk mode, or a routed port. In a link-state group, these interfaces are bundled together. The downstream interfaces are bound to the upstream interfaces. Interfaces connected to servers are referred to as downstream interfaces, and interfaces connected to distribution switches and network devices are referred to as upstream interfaces.
Page 356
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands link state group Examples This example shows how to configure the interfaces as upstream in group 2: Switch# configure terminal Switch(config)# interface range gigabitethernet1/0/11 - 14 Switch(config-if-range)# link state group 2 upstream...
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands link state track link state track Use the link state track user EXEC command to enable a link-state group. Use the no form of this command to disable a link-state group. link state track [number]...
Usage Guidelines After entering the location civic-location identifier id global configuration command, you enter civic location configuration mode. In this mode, you can enter the civic location and the postal location information. The civic-location identifier must not exceed 250 bytes.
Page 359
You can verify your settings by entering the show location civic-location command. This example shows how to configure the emergency location information location on the switch: Switch (config)# location elin-location 14085553881 identifier 1 You can verify your settings by entering the show location elin privileged EXEC command.
(interface configuration) location (interface configuration) Use the location interface command to enter location information for an interface. Use the no form of this command to remove the interface location information. location {additional-location-information word | civic-location-id id | elin-location-id id}...
Page 361
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands location (interface configuration) You can verify your settings by entering the show location civic interface privileged EXEC command. This example shows how to enter emergency location information for an interface: Switch(config)# interface gigabitethernet2/0/2...
Use the logging event interface configuration command to enable notification of interface link status changes. Use the no form of this command to disable notification. logging event {bundle-status | link-status | spanning-tree | status | trunk status}...
Use the logging event power-inline-status interface configuration command to enable the logging of Power over Ethernet (PoE) events. Use the no form of this command to disable the logging of PoE status events; however, the no form of this command does not disable PoE error events.
Use the logging file global configuration command on the switch stack or on a standalone switch to set logging file parameters. Use the no form of this command to return to the default setting. logging file filesystem:filename [max-file-size | nomax [min-file-size]] [severity-level-number |...
Page 365
On the Catalyst 3750-switch, the log file is stored in ASCII text format in an internal buffer on a standalone switch, and in the case of a switch stack, on the stack master. If a standalone switch or the stack master fails, the log is lost unless you had previously saved it to flash memory by using the logging file flash:filename global configuration command.
This command was introduced. Usage Guidelines Use this command to allow a RADIUS server to authenticate a new user based on the host MAC address and VLAN. Use this feature on networks with the Microsoft IAS RADIUS server. The Cisco ACS ignores this command.
Page 367
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port with the maximum number of devices already connected to that port. Enables MAC-based authentication on a port.
ACL replaces the previously configured one. If you apply an ACL to a Layer 2 interface on a switch, and the switch has an input Layer 3 ACL or a VLAN map applied to a VLAN that the interface is a member of, the ACL applied to the Layer 2 interface takes precedence.
Page 369
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac access-group Examples This example shows how to apply a MAC extended ACL named macacl2 to an interface: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# mac access-group macacl2 in You can verify your settings by entering the show mac access-group privileged EXEC command. You can see configured ACLs on the switch by entering the show access-lists privileged EXEC command.
Use the mac access-list extended global configuration command on the switch stack or on a standalone switch to create an access list based on MAC addresses for non-IP traffic. Using this command puts you in the extended MAC access-list configuration mode. Use the no form of this command to return to the default setting.
Page 371
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac access-list extended This example shows how to delete MAC named extended access list mac1: Switch(config)# no mac access-list extended mac1 You can verify your settings by entering the show access-lists privileged EXEC command. Related Commands Command Description...
MAC address table after the entry is used or updated. Use the no form of this command to return to the default setting. The aging time applies to all VLANs or a specified VLAN.
Use the mac address-table learning global configuration command to enable MAC address learning on a VLAN. This is the default state. Use the no form of this command to disable MAC address learning on a VLAN to control which VLANs can learn MAC addresses.
Page 374
If you disable MAC address learning on a VLAN that includes a secure port, MAC address learning is not disabled on the secure port. If you later disable port security on the interface, the disabled MAC address learning state is enabled.
You can configure the access switch to send the MAC address-table move update messages if the primary link goes down and the standby link comes up. You can configure the uplink switches to receive and process the MAC address-table move update messages.
Page 376
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac address-table move update Related Commands Command Description clear mac address-table move Clears the MAC address-table move update global counters. update debug matm move update Debugs the MAC address-table move update message processing.
Use the mac address-table notification global configuration command on the switch stack or on a standalone switch to enable the MAC address notification feature on the switch or the switch stack. Use the no form of this command to return to the default setting.
Page 378
MAC address traps to the NMS by using the snmp-server enable traps mac-notification change global configuration command. You can also enable traps whenever a MAC address is moved from one port to another in the same VLAN by entering the mac address-table notification mac-move command and the snmp-server enable traps mac-notification move global configuration command.
Use the mac address-table static global configuration command on the switch stack or on a standalone switch to add static addresses to the MAC address table. Use the no form of this command to remove static entries from the table.
Use the mac address-table static drop global configuration command on the switch stack or on a standalone switch to enable unicast MAC address filtering and to configure the switch to drop traffic with a specific source or destination MAC address. Use the no form of this command to return to the default setting.
Page 381
Examples This example shows how to enable unicast MAC address filtering and to configure the switch to drop packets that have a source or destination address of c2f3.220a.12f4. When a packet is received in VLAN 4 with this MAC address as its source or destination, the packet is dropped: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 drop...
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac sec mac sec To enable 802.1ae Media Access Control Security (MACsec) on an interface, use the macsec interface configuration command. To disable MACsec on the interface, use the no form of this command. macsec...
Use the match access-map configuration command on the switch stack or on a standalone switch to set the VLAN map to match packets against one or more access lists. Use the no form of this command to remove the match parameters.
Page 384
Examples This example shows how to define and apply a VLAN access map vmap4 to VLANs 5 and 6 that will cause the interface to drop an IP packet if the packet matches the conditions defined in access list al2.
Use the match class-map configuration command on the switch stack or on a standalone switch to define the match criteria to classify traffic. Use the no form of this command to remove the match criteria. match {access-group acl-index-or-name | input-interface interface-id-list | ip dscp dscp-list | ip...
Page 386
For example, you can enter the match ip dscp af11 command, which is the same as entering the match ip dscp 10 command. You can enter the match ip precedence critical command, which is the same as entering the match ip precedence 5 command. For a list of supported mnemonics, enter the match ip dscp ? or the match ip precedence ? command to see the command-line help strings.
Page 387
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands match (class-map configuration) This example shows how to specify a range of physical ports to which an interface-level class map in a hierarchical policy map applies: Switch(config)# class-map match-all class4...
This command was introduced. Usage Guidelines When you enable auto-MDIX on an interface, you must also set the interface speed and duplex to auto so that the feature operates correctly. When auto-MDIX (and autonegotiation of speed and duplex) is enabled on one or both of connected interfaces, link up occurs, even if the cable type (straight-through or crossover) is incorrect.
Page 389
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mdix auto Related Commands Command Description Displays general information about internal registers of an interface, show controllers including the operational state of auto-MDIX. ethernet-controller interface-id phy Catalyst 3750-X and 3560-X Switch Command Reference...
Use the media-type rj45 line configuration command to manually select the RJ-45 console connection for input, whether or not there is a device connected to the USB console port. Use the no form of this command to return to the default setting. The USB console takes precedence if devices are connected to both consoles.
To remove any MKA policy from the interface, including the default, enter the no mka policy interface configuration command. Examples This example shows what you see if you apply the default policy to an interface that already has a policy applied: Switch(config)# interface gigabitethernet 1/0/6...
This command was introduced. Usage Guidelines If you enter the name of an existing policy, you see a warning that any changes to the policy deletes all active MKA sessions with that policy. Whenever you change an MKA policy, active MKA sessions with that policy applied are cleared.
Page 393
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mka policy (global configuration) Examples This example shows what you see if you create a policy name that already exists: Switch(config)# mka policy test-policy Switch(config-mks-policy)# exit Switch(config)# mka policy test-policy %MKA policy “test-policy”...
If a different MKA policy was applied to the interface, entering this command clears all active MKA sessions running on the interface. If you enter a a policy name that is already applied to the interface, you are notified that the policy was already applied and no sessions are cleared.
Page 395
(interface configuration) Related Commands Command Description mka policy (global Creates an MKA policy and enters MKA policy configuration mode. configuration) show mka policy Displays MKA policies configured on the switch. Catalyst 3750-X and 3560-X Switch Command Reference 2-363...
(QoS) for the entire switch. When the mls qos command is entered, QoS is enabled with the default parameters on all ports in the system. Use the no form of this command to reset all the QoS-related statistics and to disable the QoS features for the entire switch.
Page 397
IPv6 qos aces: 0.5K number of IPv6 security aces: 0.5K Switch# configure terminal Switch(config)# mls qos You can verify your settings by entering the show mls qos privileged EXEC command. Related Commands Command Description show mls qos Displays QoS information.
A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded. Use the no form of this command to delete an aggregate policer.
Page 399
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos aggregate-policer You cannot delete an aggregate policer if it is being used in a policy map. You must first use the no police aggregate aggregate-policer-name policy-map class configuration command to delete the aggregate policer from all policy maps before using the no mls qos aggregate-policer aggregate-policer-name command.
Use the mls qos cos interface configuration command on the switch stack or on a standalone switch to define the default class of service (CoS) value of a port or to assign the default CoS to all incoming packets on the port. Use the no form of this command to return to the default setting.
Page 401
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos cos This example shows how to assign all the packets entering a port to the default port CoS value of 4 on a port: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# mls qos cos 4 Switch(config-if)# mls qos cos override You can verify your settings by entering the show mls qos interface privileged EXEC command.
Use the mls qos dscp-mutation interface configuration command on the switch stack or on a standalone switch to apply a Differentiated Services Code Point (DSCP)-to-DSCP-mutation map to a DSCP-trusted port. Use the no form of this command to return the map to the default settings (no DSCP mutation). mls qos dscp-mutation dscp-mutation-name...
Page 403
This example show how to remove the DSCP-to-DSCP-mutation map name dscpmutation1 from the port and to reset the map to the default: Switch(config-if)# no mls qos dscp-mutation dscpmutation1 You can verify your settings by entering the show mls qos maps privileged EXEC command. Related Commands Command...
Use the mls qos map global configuration command on the switch stack or on a standalone switch to define the class of service (CoS)-to-Differentiated Services Code Point (DSCP) map, DSCP-to-CoS map, the DSCP-to-DSCP-mutation map, the IP-precedence-to-DSCP map, and the policed-DSCP map.
Page 405
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos map Defaults Table 2-14 shows the default CoS-to-DSCP map: Table 2-14 Default CoS-to-DSCP Map CoS Value DSCP Value Table 2-15 shows the default DSCP-to-CoS map: Table 2-15 Default DSCP-to-CoS Map...
Page 406
Switch(config)# mls qos map ip-prec-dscp 0 10 20 30 40 50 55 60 This example shows how to define the policed-DSCP map. DSCP values 1, 2, 3, 4, 5, and 6 are marked down to DSCP value 0. Marked DSCP values that not explicitly configured are not modified:...
Page 407
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos map Related Commands Command Description mls qos dscp-mutation Applies a DSCP-to-DSCP-mutation map to a DSCP-trusted port. show mls qos maps Displays quality of service (QoS) mapping information. Catalyst 3750-X and 3560-X Switch Command Reference...
Use the mls qos queue-set output buffers global configuration command on the switch stack or on a standalone switch to allocate buffers to a queue-set (four egress queues per port). Use the no form of this command to return to the default setting.
Page 409
Examples This example shows how to map a port to queue-set 2. It allocates 40 percent of the buffer space to egress queue 1 and 20 percent to egress queues 2, 3, and 4: Switch(config)# mls qos queue-set output 2 buffers 40 20 20 20...
Use the mls qos queue-set output threshold global configuration command on the switch stack or on a standalone switch to configure the weighted tail-drop (WTD) thresholds, to guarantee the availability of buffers, and to configure the maximum memory allocation to a queue-set (four egress queues per port).
Page 411
(free buffers). If the queue is not over-limit, the switch can allocate buffer space from the reserved pool or from the common pool (if it is not empty). If there are no free buffers in the common pool or if the queue is over-limit, the switch drops the frame.
DSCP field in the incoming packet, and the DSCP field in the outgoing packet is the same as that in the incoming packet.
Page 413
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos rewrite ip dscp Examples This example shows how to enable DSCP transparency and configure the switch to not change the DSCP value of the incoming IP packet: Switch(config)# mls qos...
Switch(config)# mls qos srr-queue input priority-queue 2 bandwidth 0 Switch(config)# mls qos srr-queue input bandwidth 25 75 In this example, queue 2 has three times the bandwidth of queue 1; queue 2 is serviced three times as often as queue 1.
Page 415
This example shows how to assign the ingress bandwidths for the queues in the stack. Queue 1 is the priority queue with 10 percent of the bandwidth allocated to it. The bandwidth ratio allocated to queues 1 and 2 is 4/(4+4).
Percentage of buffers allocated to ingress queues 1 and 2. The range is 0 to percentage2 100. Separate each value with a space. Defaults Ninety percent of the buffers is allocated to queue 1, and 10 percent of the buffers is allocated to queue 2. Command Modes Global configuration Command History...
Use the mls qos srr-queue input cos-map global configuration command on the switch stack or on a standalone switch to map class of service (CoS) values to an ingress queue or to map CoS values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
Page 419
Examples This example shows how to map CoS values 0 to 3 to ingress queue 1 and to threshold ID 1 with a drop threshold of 50 percent. It maps CoS values 4 and 5 to ingress queue 1 and to threshold ID 2 with a drop...
Differentiated Services Code Point (DSCP) values to an ingress queue or to map DSCP values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
Page 421
Examples This example shows how to map DSCP values 0 to 6 to ingress queue 1 and to threshold 1 with a drop threshold of 50 percent. It maps DSCP values 20 to 26 to ingress queue 1 and to threshold 2 with a drop...
Use the no form of this command to return to the default setting. mls qos srr-queue input priority-queue queue-id bandwidth weight...
Page 423
Examples This example shows how to assign the ingress bandwidths for the queues in the stack. Queue 1 is the priority queue with 10 percent of the bandwidth allocated to it. The bandwidth ratio allocated to queues 1 and 2 is 4/(4+4).
(CoS) or Differentiated Services Code Points (DSCPs) values are mapped to threshold 1 and to threshold 2. If threshold 1 is exceeded, packets with CoS or DSCPs assigned to this threshold are dropped until the threshold is no longer exceeded. However, packets assigned to threshold 2 continue to be queued and sent as long as the second threshold is not exceeded.
Page 425
Allocates the buffers between the ingress queues. mls qos srr-queue input cos-map Maps class of service (CoS) values to an ingress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue input dscp-map Maps Differentiated Services Code Point (DSCP) values to an ingress queue or maps DSCP values to a queue and to a threshold ID.
Use the mls qos srr-queue output cos-map global configuration command on the switch stack or on a standalone switch to map class of service (CoS) values to an egress queue or to map CoS values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
Page 427
Examples This example shows how to map a port to queue-set 1. It maps CoS values 0 to 3 to egress queue 1 and to threshold ID 1. It configures the drop thresholds for queue 1 to 50 and 70 percent of the allocated memory, guarantees (reserves) 100 percent of the allocated memory, and configures 200 percent as the maximum memory that this queue can have before packets are dropped.
Differentiated Services Code Point (DSCP) values to an egress or to map DSCP values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
Page 429
Examples This example shows how to map a port to queue-set 1. It maps DSCP values 0 to 3 to egress queue 1 and to threshold ID 1. It configures the drop thresholds for queue 1 to 50 and 70 percent of the allocated memory, guarantees (reserves) 100 percent of the allocated memory, and configures 200 percent as the maximum memory that this queue can have before packets are dropped.
CoS can be the packet CoS for trunk ports or the port default CoS for nontrunk ports. If the DSCP is trusted, the DSCP field of the IP packet is not modified. However, it is still possible that the CoS value of the packet is modified (according to DSCP-to-CoS map).
Page 431
The trusted boundary feature prevents security problems if users disconnect their PCs from networked Cisco IP Phones and connect them to the switch port to take advantage of trusted CoS or DSCP settings. You must globally enable the Cisco Discovery Protocol (CDP) on the switch and on the port connected to the IP phone.
Use the mls qos vlan-based interface configuration command on the switch stack or on a standalone switch to enable VLAN-based quality of service (QoS) on the physical port. Use the no form of this command to disable this feature.
Entering the no mode command sets the switch to the defaults of power-shared and non-strict mode. For stack power, available power is the total power available for PoE from all power supplies in the Note power stack, budgeted power is the power allocated to all powered devices connected to PoE ports in the stack, and consumed power is the actual power consumed by the powered devices.
Page 434
This reduces the available power in the pool for switches and powered devices, but in case of a failure or an extreme power load, there is less chance of having to shut down switches or powered devices.
(such as a Cisco IDS Sensor Appliance), to add or delete interfaces or VLANs to or from an existing SPAN or RSPAN session, and to limit (filter) SPAN source traffic to specific VLANs. Use the no form of this command to remove the SPAN or RSPAN session or to remove source or destination interfaces or filters from the SPAN or RSPAN session.
Page 436
Specify a list of VLANs as filters on trunk source ports to limit SPAN source traffic to specific VLANs. The vlan-id range is 1 to 4094. source Specify the SPAN or RSPAN source. A source can be a physical port, a port channel, or a VLAN. both, rx, tx (Optional) Specify the traffic direction to monitor.
Page 437
VSPAN, and only packets with the monitored VLAN ID are sent to the destination port. You can monitor traffic on a single port or VLAN or on a series or range of ports or VLANs. You select a series or range of interfaces or VLANs by using the [, | -] options.
Page 438
SPAN only; RSPAN does not support encapsulation replication.) Examples This example shows how to create a local SPAN session 1 to monitor both sent and received traffic on source port 1 on stack member 1 to destination port 2 on stack member 2:...
Page 439
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands monitor session This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports IEEE 802.1Q encapsulation. Egress traffic replicates the source; ingress traffic uses IEEE 802.1Q encapsulation.
MVR mode for a switch, configure the MVR IP multicast address, set the maximum time to wait for a query reply before removing a port from group membership, and to specify the MVR multicast VLAN. Use the no form of this command to return to the default settings.
Page 441
A maximum of 256 MVR multicast groups can be configured on a switch. Use the mvr group command to statically set up all the IP multicast addresses that will take part in MVR. Any multicast data sent to a configured multicast address is sent to all the source ports on the switch and to all receiver ports that have registered to receive data on that IP multicast address.
Page 442
Displays all ports that are members of an MVR multicast group; if the group has no members, its status is shown as Inactive. Catalyst 3750-X and 3560-X Switch Command Reference 2-410...
Layer 2 port as a multicast VLAN registration (MVR) receiver or source port, to set the Immediate Leave feature, and to statically assign a port to an IP multicast VLAN and IP address. Use the no form of this command to return to the default settings.
Page 444
VLAN. A port that is not taking part in MVR should not be configured as an MVR receiver port or a source port. A non-MVR port is a normal switch port, able to send and receive multicast data with normal switch behavior.
Page 445
Displays MVR global parameters or port parameters. show mvr interface Displays the configured MVR interfaces or displays the multicast groups to which a receiver port belongs. Also displays all MVR groups of which the interface is a member. show mvr members Displays all receiver ports that are members of an MVR multicast group.
Use the network-policy profile number interface configuration command to apply a profile to an interface. If you first configure a network-policy profile on an interface, you cannot apply the switchport voice vlan command on the interface. If switchport voice vlan vlan-id is already configured on an interface, you can apply a network-policy profile on the interface.
(global configuration) Use the network-policy profile global configuration command to create a network-policy profile and to enter network-policy configuration mode. Use the no form of this command to delete the policy and to return to global configuration mode.
The voice-signaling application type is for network topologies that require a different policy for voice signaling than for voice media. This application type should not be advertised if all the same network policies apply as those advertised in the voice policy TLV.
Page 449
This example shows how to configure the voice application type for VLAN 100 with a priority 4 CoS: Switch(config)# network-policy profile 1 Switch(config-network-policy)# voice vlan 100 cos 4 This example shows how to configure the voice application type for VLAN 100 with a DSCP value of 34: Switch(config)# network-policy profile 1 Switch(config-network-policy)# voice vlan 100 dscp 34...
Use the nmsp global configuration command to enable the switch to send NMSP location and attachment notifications to a Cisco Mobility Services Engine (MSE). Examples This example shows how to enable NMSP on a switch and set the location notification time to 10 seconds: Switch(config)# nmsp enable...
Use the nmsp attachment suppress interface configuration mode command to suppress the reporting of attachment information from a specified interface. Use the no form of this command to return to the default setting. nmsp attachment suppress...
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands no authentication logging verbose no authentication logging verbose Use the no authentication logging verbose global configuration command on the switch stack or on a standalone switch to filter detailed information from authentication system messages. no authentication logging verbose Defaults All details are displayed in the system messages.
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands no dot1x logging verbose no dot1x logging verbose Use the no dot1x logging verbose global configuration command on the switch stack or on a standalone switch to filter detailed information from 802.1x system messages. no dot1x logging verbose Defaults All details are displayed in the system messages.
Use the no mab logging verbose global configuration command on the switch stack or on a standalone switch to filter detailed information from MAC authentication bypass (MAB) system messages. no mab logging verbose Defaults All details are displayed in the system messages.
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands Use the nsf router configuration command on a switch stack or standalone switch to enable and configure Cisco nonstop forwarding (NSF) for Open Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP) routing.
Page 456
Enables a routing process. Displays the current operating configuration. For syntax information, select Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 > EIGRP Commands and Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 > OSFP Commands.
Catalyst 1900 switch. When the link partner to the switch is a physical learner, we recommend that you configure the switch as a physical-port learner by using the pagp learn-method physical-port interface configuration command and to set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac global configuration command.
Page 458
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands pagp learn-method Examples This example shows how to set the learning method to learn the address on the physical port within the EtherChannel: Switch(config-if)# pagp learn-method physical-port This example shows how to set the learning method to learn the address on the port-channel within the...
If all unused ports in the EtherChannel are in hot-standby mode, they can be placed into operation if the currently selected port and link fails. Use the no form of this command to return to the default setting.
Page 460
Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_command_r eference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. Catalyst 3750-X and 3560-X Switch Command Reference 2-428...
Use the permit Address Resolution Protocol (ARP) access-list configuration command to permit an ARP packet based on matches against the Dynamic Host Configuration Protocol (DHCP) bindings. Use the no form of this command to remove the specified access control entry (ACE) from the access control list.
Page 462
You can add permit clauses to forward ARP packets based on some matching criteria. Examples This example shows how to define an ARP access list and to permit both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 0000.0000.abcd...
(IPv6 access-list configuration) Use the permit IPv6 access list configuration command on the switch stack or on a standalone switch to set permit conditions for an IPv6 access list. Use the no form of this command to remove the permit conditions.
Page 464
The optional port-number argument is a decimal number or the name of a TCP or a UDP port. A port number is a number from 0 to 65535. TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.
Page 465
(Optional) Specify an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by the ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. icmp-message (Optional) Specify an ICMP message name for filtering ICMP packets.
Page 466
You can add permit, deny, or remark statements to an existing access list without re-entering the entire list. To add a new statement anywhere other than at the end of the list, create a new statement with an appropriate entry number that falls between two existing entry numbers to show where it belongs.
Page 467
Switch(config-if)# ipv6 traffic-filter OUTBOUND out Switch(config-if)# ipv6 traffic-filter INBOUND in Given that a permit any any statement is not included as the last entry in the OUTBOUND or the Note INBOUND access list, only TCP, UDP, and ICMP packets are permitted out of and into the interface (the implicit deny-all condition at the end of the access list denies all other packet types on the interface).
Page 468
Related Commands Command Description ipv6 access-list Defines an IPv6 access list and enters IPv6 access list configuration mode. ipv6 traffic-filter Filters incoming or outgoing IPv6 traffic on an interface. deny (IPv6 access-list Sets deny conditions for an IPv6 access list.
Use the permit MAC access-list configuration command on the switch stack or on a standalone switch to allow non-IP traffic to be forwarded if the conditions are matched. Use the no form of this command to remove a permit condition from the extended MAC access list.
Page 470
(Optional) Select EtherType Xerox Network Systems (XNS) protocol suite. To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology...
Page 471
If you use the host keyword, you cannot enter an address mask; if you do not use the any or host keywords, you must enter an address mask. After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list.
A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded. Use the no form of this command to remove an existing policer.
Page 473
Examples This example shows how to configure a policer that drops packets if traffic exceeds 1 Mb/s average rate with a burst size of 20 KB. The DSCPs of incoming packets are trusted, and there is no packet modification. Switch(config)# policy-map policy1...
A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded. Use the no form of this command to remove the specified policer.
Page 475
Switch(config-pmap-c)# exit Switch(config-pmap)# class class3 Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate agg_policer2 Switch(config-pmap-c)# exit You can verify your settings by entering the show mls qos aggregate-policer privileged EXEC command. Related Commands Command Description mls qos aggregate-policer Defines policer parameters, which can be shared by multiple classes within a policy map.
No policy maps are defined. The default behavior is to set the Differentiated Services Code Point (DSCP) to 0 if the packet is an IP packet and to set the class of service (CoS) to 0 if the packet is tagged. No policing is performed.
Page 477
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands policy-map Only one policy map per ingress port or SVI is supported. You can apply the same policy map to multiple physical ports or SVIs. You can apply a nonhierarchical policy maps to physical ports or to SVIs. A nonhierarchical policy map is the same as a port-based policy maps in Catalyst 3750 and 3560 switches.
Page 478
Defines a traffic classification match criteria (through the police, set, and trust policy-map class configuration command) for the specified class-map name. class-map Creates a class map to be used for matching packets to the class whose name you specify. service-policy Applies a policy map to a port.
Use the port-channel load-balance global configuration command on the switch stack or on a standalone switch to set the load-distribution method among the ports in the EtherChannel. Use the no form of this command to return to the default setting.
Page 480
Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_comman d_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. Catalyst 3750-X and 3560-X Switch Command Reference 2-448...
{high | low} Configures the power priority of a StackPower port. In case of a power supply failure, ports configured as low priority are turned off first. The default priority is low.
Page 482
The switch reserves the power on a static port even when there is no connected device and whether or not the port is in a shutdown or in a no shutdown state. The switch allocates the configured maximum wattage to the port, and the amount is never adjusted through the IEEE class or by CDP messages from the powered device.
Page 483
Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# power inline never This example shows how to set the priority of a port to high, so that it would be one of the last ports to be shut down in case of power supply failure:...
IEEE classification. If the powered device is a class 0 (class status unknown) or a class 3, the switch budgets 15400 mW for the device, regardless of the CDP-specific amount of power needed.
Page 485
The initial allocation for Class 0, Class 3, and Class 4 powered devices is 15.4 W. When a device starts Note up and uses CDP or LLDP to send a request for more than 15.4 W, it can be allocated up to the maximum of 30 W.
Page 486
Take precaution not to oversubscribe the power supply. It is recommended to enable power policing if the switch supports it. Refer to documentation. You can verify your settings by entering the show power inline consumption privileged EXEC command. Related Commands Command...
This command is supported only on Power over Ethernet (PoE)-capable ports. If you enter this command on a switch or port that does not support PoE, an error message appears. In a switch stack, this command is supported on all switches or ports in the stack that support PoE and real-time power-consumption monitoring.
Page 488
If the port continuously draws more than 15.4 W, the cycle repeats. When a powered device connected to a PoE+ port restarts and sends a CDP or LLDP packet with a power Note TLV, the switch locks to the power-negotiation protocol of that first packet and does not respond to power requests from the other protocol.
Page 489
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands power inline police Examples This example shows how to enable policing of the power consumption and configuring the switch to generate a syslog message on the PoE port on a switch: Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# power inline police action log You can verify your settings by entering the show power inline police privileged EXEC command.
We recommend that you configure different priority values for each switch and for its high priority ports and low priority ports to limit the number of devices shut down at one time during a loss of power. If you try to configure the same priority value on different switches in a power stack, the configuration is allowed, but you receive a warning message.
Page 491
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands power-priority Examples This is an example of setting the power priority for switch 1 in power stack a to 7, for the high-priority ports to 11, and for the low-priority ports to 20. Switch(config)# stack-power switch 1...
RPS is not providing power to a switch. • priority priority Set the priority of the RPS port. The range is from 1 to 6, where 1 is the highest priority and 6 is the lowest priority. Defaults The name of the RPS 2300 is not configured.
Page 493
If you do not want the RPS to provide power to a switch connected to the specified RPS port but do not want to disconnect the RPS cable between the switch and the redundant power system, use the power rps switch-number port rps-port-id mode standby command.
Use the power supply user EXEC command on the switch stack or on a standalone switch to configure and manage the internal power supplies on the switch. power supply switch-number {reset {hard | soft} slot {A | B} {off | on}}...
Page 495
Catalyst 3750-X and 3560-X Switch Cisco IOS Commands power supply This example shows how to set the power supply in slot A of stack member 2 in a switch stack to off: Switch> power supply 2 slot A off This example shows how to set power supply B of a standalone switch to on: Switch>...
SRR. This means that weight1 in the srr-queue bandwidth shape or the srr-queue bandwidth shape interface configuration command is ignored (not used in the ratio calculation). The expedite queue is a priority queue, and it is serviced until empty before the other queues are serviced.
Page 497
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands priority-queue This example shows how to disable the egress expedite queue after the SRR shaped and shared weights are configured. The shaped mode overrides the shared mode. Switch(config)# interface gigabitethernet1/0/2...
VLAN, you should not change the VTP mode to client or server. VTP does not propagate private-VLAN configuration. You must manually configure private VLANs on all switches in the Layer 2 network to merge their Layer 2 databases and to prevent flooding of private-VLAN traffic.
Page 499
An isolated VLAN is used by isolated ports to communicate with promiscuous ports. It does not carry traffic to other community ports or isolated ports with the same primary vlan domain. A primary VLAN is the VLAN that carries traffic from a gateway to customer end stations on private ports.
Page 500
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands private-vlan Switch(config-vlan)# private-vlan association 501-503 Switch(config-vlan)# end You can verify your setting by entering the show vlan private-vlan or show interfaces status privileged EXEC command. Related Commands Command Description show interfaces...
Traffic that is received on the secondary VLAN is routed by the SVI of the primary VLAN. A secondary VLAN can be mapped to only one primary SVI. IF you configure the primary VLAN as a secondary VLAN, all SVIs specified in this command are brought down.
Page 502
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands private-vlan mapping Examples This example shows how to map the interface of VLAN 20 to the SVI of VLAN 18: Switch# configure terminal Switch# interface vlan 18 Switch(config-if)# private-vlan mapping 20...
Use the queue-set interface configuration command on the switch stack or on a standalone switch to map a port to a queue-set. Use the no form of this command to return to the default setting. queue-set qset-id no queue-set qset-id...
The tries parameter should be the same as the number of retransmission attempts. • Examples This example shows how to configure 60 as the time and 10 as the number of tries, the conditions that determine when a RADIUS server is considered unavailable Switch(config)# radius-server dead-criteria time 60 tries 10 You can verify your settings by entering the show running-config privileged EXEC command.
Page 505
Specifies the number of times that the switch tries to reach the RADIUS servers before considering the servers to be unavailable. For syntax information, select Cisco IOS Security Command Reference, Release 12.2 >...
Always configure the key as the last item in this command. Leading spaces are ignored, but spaces within and at the end of the key are used. If there are spaces in your key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
Page 507
Examples This example shows how to configure 1500 as the UDP port for the accounting server and 1510 as the UDP port for the authentication server: Switch(config)# radius-server host 1.1.1.1 acct-port 1500 auth-port 1510...
Use the rcommand user EXEC command on the switch stack or on the cluster command switch to start a Telnet session and to execute commands on a cluster member switch from the cluster command switch or the switch stack. To end the session, enter the exit command.
Page 509
This command will not work if the vty lines of the cluster command switch have access-class configurations. You are not prompted for a password because the cluster member switches inherited the password of the cluster command switch when they joined the cluster.
12.2(53)SE2 This command was introduced. Usage Guidelines If there is more than one switch in the switch stack, and you enter the reload slot stack-member-number command, you are not prompted to save the configuration. Examples This example shows how to reload the switch stack: Switch(config)# reload System configuration has been modified.
Page 511
Accesses a specific stack member. switch priority Changes the stack member priority value. switch renumber Changes the stack member number. show switch Displays information about the switch stack and its stack members. Catalyst 3750-X and 3560-X Switch Command Reference 2-479 OL-21522-02...
12.2(53)SE2 This command was introduced. Usage Guidelines The commands (such as debug, show, or clear) you use in the LINE command-to-execute string apply to a specific stack member or to the switch stack. Examples This example shows how to execute the undebug command on the switch stack:...
Page 513
Accesses a specific stack member. switch priority Changes the stack member priority value. switch renumber Changes the stack member number. show switch Displays information about the switch stack and its stack members. Catalyst 3750-X and 3560-X Switch Command Reference 2-481 OL-21522-02...
If VLAN Trunking Protocol (VTP) is enabled, the RSPAN feature is propagated by VTP for VLAN-IDs that are lower than 1005. If the RSPAN VLAN ID is in the extended range, you must manually configure intermediate switches (those in the RSPAN VLAN between the source switch and the destination switch).
Page 515
Switch(config-vlan)# remote-span This example shows how to remove the RSPAN feature from a VLAN. Switch(config)# vlan 901 Switch(config-vlan)# no remote-span You can verify your settings by entering the show vlan remote-span user EXEC command. Related Commands Command Description monitor session Enables Switched Port Analyzer (SPAN) and RSPAN monitoring on a port and configures a port as a source or destination port.
This command was introduced. Usage Guidelines If you do not specify a URL, the switch tries to read the file from the configured URL. Examples This example shows how to renew the DHCP snooping binding database without checking CRC values...
Page 517
Enables DHCP snooping on a VLAN. ip dhcp snooping binding Configures the DHCP snooping binding database. show ip dhcp snooping database Displays the status of the DHCP snooping database agent. Catalyst 3750-X and 3560-X Switch Command Reference 2-485 OL-21522-02...
MKA policy configuration command. When replay protection is set, you must configure a window size in number of frames. Use the no form of the command to disable replay protection. Use the default form of this command to return to the default window size of 0 frames.
Entering the reserved-only command restricts assignments from the DHCP pool to preconfigured reservations. Unreserved addresses that are part of the network or on pool ranges are not offered to the client, and other clients are not served by the pool.
Use the rmon collection stats interface configuration command on the switch stack or on a standalone switch to collect Ethernet group statistics, which include usage statistics about broadcast and multicast packets, and error statistics about cyclic redundancy check (CRC) alignment errors and collisions. Use the no form of this command to return to the default setting.
Use a template to provide maximum system usage for unicast routing or for VLAN configuration or to select the dual IPv4 and IPv6 template to support IPv6 forwarding. Use the no form of this command to return to the default template.
Page 523
Follow these guidelines for switch stacks: In a switch stack, all stack members use the same SDM desktop template that is stored on the stack •...
Page 524
IPv4-and IPv6templates for a switch. Note On switches running the LAN base feature set, routing values shown in all templates are not valid. Table 2-24 Approximate Feature Resources Allowed by Dual IPv4-IPv6 Templates...
Page 525
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands sdm prefer Switch# reload This example shows how to configure the routing template on a switch running the IP base or IP services feature set: Switch(config)# sdm prefer routing Switch(config)# exit...
To use the password-recovery procedure, a user with physical access to the switch holds down the Mode button while the unit powers up and for a second or two after the LED above port 1X turns off. When the button is released, the system continues with initialization.
Page 527
Note recommend that you save a copy of the config file in a location away from the switch in case the end user uses the password recovery procedure and sets the system back to default values. Do not keep a backup copy of the config file on the switch.
Use the service-policy interface configuration command on the switch stack or on a standalone switch to apply a policy map defined by the policy-map command to the input of a physical port or a switch virtual interface (SVI). Use the no form of this command to remove the policy map and port association.
Page 529
This example shows how to remove plcmap2 from a physical port: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# no service-policy input plcmap2 This example shows how to apply plcmap1 to an ingress SVI when VLAN-based QoS is enabled: Switch(config)# interface vlan 10 Switch(config-if)# service-policy input plcmap1 This example shows how to create a hierarchical policy map and attach it to an SVI: Switch>...
Page 530
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands service-policy Related Commands Command Description policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy. show policy-map Displays QoS policy maps. show running-config Displays the operating configuration.
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands session session Use the session privileged EXEC command on the stack master to access a specific stack member. session stack-member-number Note This command is supported only on Catalyst 3750-X switches. Syntax Description stack-member-number Specify the stack member number.
For example, you can enter the set dscp af11 command, which is the same as entering the set dscp 10 command. You can enter the set ip precedence critical command, which is the same as entering the set ip precedence 5 command. For a list of supported mnemonics, enter the set dscp ? or the set ip precedence ? command to see the command-line help strings.
Page 533
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands Examples This example shows how to assign DSCP 10 to all FTP traffic without any policers: Switch(config)# policy-map policy_ftp Switch(config-pmap)# class ftp_class Switch(config-pmap-c)# set dscp 10 Switch(config-pmap)# exit You can verify your settings by entering the show policy-map privileged EXEC command.
EXEC command. Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt. To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.
Page 535
Enter virtual terminal password: terminal-password Configure SNMP Network Management? [no]: yes Community string [public]: Current interface summary Any interface listed with OK? value “NO” does not have a valid configuration Interface IP-Address OK? Method Status Protocol Vlan1 172.20.135.202...
Page 536
Use this configuration? [yes/no]: yes [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]:...
(CLI)-based setup program. When you press the Mode button for 2 seconds on a configured switch, the LEDs above the Mode button start blinking. If you press the Mode button for a total of 10 seconds, the switch configuration is deleted, and the switch reboots.
Page 538
On a configured switch, the mode LEDs begin blinking after 2 seconds and turn solid green after 10 seconds. If you hold the Mode button down for a total of 10 seconds, the configuration is deleted, and the switch Caution reboots.
Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch. show access-lists [name | number | hardware counters | ipc] [ | {begin | exclude | include} expression] Syntax Description name (Optional) Name of the ACL.
Page 540
60 permit ip host 10.91.28.64 any 70 permit ip host 10.99.75.128 any 80 permit ip host 10.38.49.0 any This is an example of output from the show access-lists hardware counters command: Switch# show access-lists hardware counters L2 ACL INPUT Statistics...
Page 541
Related Commands Command Description access-list Configures a standard or extended numbered access list on the switch. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands. ip access list Configures a named IP access list on the switch.
If you do not have a TFTP server, you can use Network Assistant or the embedded device manager to download the image by using HTTP. The show archive status command shows the progress of the download.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show arp access-list command: Switch>...
Table 2-25 describes the significant fields shown in the output of the show authentication command. The possible values for the status of sessions are shown below. For a session in terminal state, Authz Note Success or Authz Failed is displayed along with No methods if no method has provided a result.
Page 545
For a session in a terminal state, Authc Success, Authc Failed, or Failed over are displayed. Failed over means that an authentication method ran and then failed over to the next method, which did not provide a result. Not run appears for sessions that synchronized on standby.
Page 546
0xCC000008 Runnable methods list: Method State dot1x Failed over This is an example of the show authentication sessions command for a specified MAC address: Switch# show authentication sessions mac 000e.84af.59bd Interface: GigabitEthernet1/23 MAC Address: 000e.84af.59bd Status: Authz Success Domain: DATA...
Page 547
Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. Catalyst 3750-X and 3560-X Switch Command Reference...
• show running-config • Examples This is an example of output from the show auto qos command after the auto qos voip cisco-phone and the auto qos voip cisco-softphone interface configuration commands are entered: Switch> show auto qos GigabitEthernet2/0/4 auto qos voip cisco-softphone...
Page 549
GigabitEthernet2/0/6 auto qos voip cisco-phone This is an example of output from the show auto qos interface interface-id command when the auto qos voip cisco-phone interface configuration command is entered: Switch> show auto qos interface gigabitethernet 2/0/5...
Page 550
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show auto qos class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 policy-map AutoQoS-Police-SoftPhone class AutoQoS-VoIP-RTP-Trust set dscp ef police 320000 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust...
Page 551
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show auto qos This is an example of output from the show auto qos interface interface-id command when the auto qos voip cisco-phone interface configuration command is entered: Switch> show auto qos interface gigabitethernet1/0/2...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show boot command for all stack members.
Page 553
Enable Break Displays whether a break during booting is enabled or disabled. If it is set to yes, on, or 1, you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized.
Page 554
Specifies the software image to use in the auto-upgrade process. auto-download-sw This command is available only on stacking-capable switches. boot config-file Specifies the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration. boot enable-break Enables interrupting the automatic boot process.
(SFP) module ports. For more information about TDR, see the software configuration guide for this release. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 556
The cable has a short. • Remote pair Name of the pair of wires to which the local pair is connected. TDR can learn about the remote pair only when the cable is properly connected and the link is up. Pair status The status of the pair of wires on which TDR is running: Normal—The pair of wires is properly connected.
To display the CDP forwarding table, use the show cdp forward user EXEC command. show cdp forward [entry | forward | interface interface-id | neighbor | traffic] [ | {begin | exclude | include} expression] Note This command is not supported on switches running the LAN base feature set.
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cisp show cisp Use the show cisp privileged EXEC command to display CISP information for a specified interface. show cisp {[interface interface-id] | clients | summary} | {[begin | exclude | include} expression]} Syntax Description...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show class-map command: Switch>...
Use the show cluster user EXEC command to display the cluster status and a summary of the cluster to which the switch belongs. This command can be entered on the cluster command switch and cluster member switches.
Page 561
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cluster This is an example of output when the show cluster command is entered on a cluster member switch: Switch1> show cluster Member switch for cluster “hapuna” Member number: Management IP address: 192.192.192.192...
If the switch is not a cluster command switch, the command displays an empty line at the prompt. The SN in the display means switch member number. If E appears in the SN column, it means that the switch is discovered through extended discovery. If E does not appear in the SN column, it means that the switch member number is the upstream neighbor of the candidate switch.
Page 563
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cluster candidates This is an example of output from the show cluster candidates command that uses the MAC address of a cluster member switch directly connected to the cluster command switch: Switch>...
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show cluster members command. The SN in the display means switch number. Switch# show cluster members...
Page 565
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cluster members This is an example of output from the show cluster members detail command: Switch# show cluster members detail Device 'StLouis1' with member number 0 (Command Switch) Device type:...
This display provides information that might be useful for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 567
89800400 <output truncated> Related Commands Command Description show controllers Displays per-interface send and receive statistics read from the hardware or ethernet-controller the interface internal registers. show interfaces Displays the administrative and operational status of all interfaces or a specified interface.
When you enter the phy or port-asic keywords, the displayed information is useful primarily for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 569
Deferred frames The number of frames that are not sent after the time exceeds 2*maximum-packet time. MTU exceeded frames The number of frames that are larger than the maximum allowed frame size. 1 collision frames The number of frames that are successfully sent on an interface after one collision occurs.
Page 570
The number of frames that could not be sent on an interface after 16 collisions occur. Late collisions After a frame is sent, the number of frames dropped because late collisions were detected while the frame was sent. VLAN discard frames The number of frames dropped on an interface because the CFI bit is set.
Page 571
The total number of frames received on an interface that have alignment errors. FCS errors The total number of frames received on an interface that have a valid length (in bytes) but do not have the correct FCS values. Oversize frames The number of frames received on an interface that are larger than the maximum allowed frame size.
Page 572
Field Description System FCS error frames The total number of frames received on an interface that have a valid length (in bytes) but that do not have the correct FCS values. RxPortFifoFull drop The total number of frames received on an interface that are dropped because the ingress queue frames is full.
Page 573
Fibre Type : Fibre Type Byte 0 :0x20 =SM, Generic Fibre Type Byte 1 :0x0 =Unspecified <output truncated> This is an example of output from the show controllers ethernet-controller port-asic configuration command: Switch# show controllers ethernet-controller port-asic configuration ======================================================================== Switch 1, PortASIC 0 Registers...
Page 574
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers ethernet-controller This is an example of output from the show controllers ethernet-controller port-asic statistics command: Switch# show controllers ethernet-controller port-asic statistics =========================================================================== Switch 1, PortASIC 0 Statistics --------------------------------------------------------------------------- 0 RxQ-0, wt-0 enqueue frames...
The output display provides information that might be useful for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 576
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers ethernet-controller fastethernet Examples This is an example of output from the show controllers ethernet-controller fastethernet 0 command. Table 2-29 Table 2-30 for descriptions of the Transmit and Receive fields.
Page 577
0x120 malrxctp0r 0x0F0272C0 0x140 malrcbs0 0x00000060 0x160 <output truncated> This is an example of output from the show controllers ethernet-controller fastethernet 0 stack command on a stack member: Switch# show controller ethernet-controller fastethernet 0 stack Switch Interface-Name Duplex Speed Link-State...
The displayed information is useful s for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 579
IGR_UNKSCI : 0x0 IGR_MISS : 0x52B 00-10-18, 03-06, 01-02 This is an example output from the show controllers ethernet phy macsec registers command: Switch# show controllers ethernet g1/0/1 phy macsec registers GigabitEthernet1/0/1 (gpn: 1, port-number: 1) ----------------------------------------------------------- Macsec Registers -----------------------------------------------------------...
Page 580
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers ethernet phy macsec Related Commands Command Description debug macsec Enables MACsec debugging. show macsec Displays MACsec information. Catalyst 3750-X and 3560-X Switch Command Reference 2-548 OL-21522-02...
Use the show controllers power inline user EXEC command to display the values in the registers of the specified Power over Ethernet (PoE) controller. show controllers power inline [instance] [module switch-number] [ | {begin | exclude | include}...
Page 582
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers power inline Disconnect : N N N N N N N N N N N N N N N N Detection Status : 55 55 55 55 55 55 55 55...
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers tcam show controllers tcam Use the show controllers tcam privileged EXEC command to display the state of the registers for all hardware memory in the system and for all hardware interface ASICs that are content-addressable memory-controllers.
Page 584
00000000 00012800 00012900 Related Commands Command Description show controllers Displays the state of the CPU network ASIC and send and receive statistics cpu-interface for packets reaching the CPU. show controllers Displays per-interface send and receive statistics read from the hardware or ethernet-controller the interface internal registers.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show controllers utilization command.
Page 586
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers utilization This is an example of output from the show controllers utilization command on a specific port: Switch> show controllers gigabitethernet1/0/1 utilization Receive Bandwidth Percentage Utilization Transmit Bandwidth Percentage Utilization...
[number | all] [ | {begin | exclude | include} expression] show diagnostic post [ |{begin | exclude | include} expression] show diagnostic result switch [number | all] [detail | test {name | test-id | test-id-range | all} [detail]] [ | {begin | exclude | include} expression]...
Page 588
The show diagnostic post command output is the same as the show post command output. In Catalyst 3750-X switch stacks, if you do not enter the switch number parameter with the content, result, schedule, and switch keywords, information for all stack members is displayed.
Page 589
Note information about test 7, TestInlinePwrCtlr, does not appear in the command output. This example shows how to display the diagnostic test results on a switch. You can also use the show diagnostic switch command to display these diagnostic results.
Page 590
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show diagnostic This example shows how to display the detailed switch results for all the switches in stack. You can also use the show diagnostic result switch all detail command to display these results.
Page 591
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show diagnostic Total run count -------------> 0 Last test execution time ----> n/a First test failure time -----> n/a Last test failure time ------> n/a Last test pass time ---------> n/a Total failure count --------->...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples These are examples of output from the show dot1q-tunnel command: Switch>...
Page 593
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show dot1q-tunnel Related Commands Command Description show vlan dot1q tag native Displays IEEE 802.1Q native VLAN tagging status. switchport mode dot1q-tunnel Configures an interface as an IEEE 802.1Q tunnel port. Catalyst 3750-X and 3560-X Switch Command Reference...
This command was introduced. Usage Guidelines If you do not specify a port, global parameters and a summary appear. If you specify a port, details for that port appear. If the port control is configured as unidirectional or bidirectional control and this setting conflicts with...
Page 595
= 3600 (Locally configured) ReAuthMax MaxReq TxPeriod = 30 RateLimitPeriod This is an example of output from the show dot1x interface interface-id details user EXEC command: Switch# show dot1x interface gigabitethernet1/0/2 details Dot1x Info for GigabitEthernet1/0/2 ----------------------------------- = AUTHENTICATOR PortControl...
Page 596
RateLimitPeriod Dot1x Authenticator Client List Empty This is an example of output from the show dot1x interface interface-id details commmand when a port is assigned to a guest VLAN and the host mode changes to multiple-hosts mode: Switch# show dot1x interface gigabitethernet1/0/1 details...
Page 597
Number of EAPOL frames that have been received and have an unrecognized frame type. RxLenError Number of EAPOL frames that have been received in which the packet body length field is invalid. RxTotal Number of valid EAPOL frames of any type that have been received.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show dtp command:...
{{registrations [method [name] | transport [name]]} | {sessions [credentials name [interface interface-id] | interface interface-id | method name | transport name]}} [credentials name | interface interface-id | transport name] [ | {begin | exclude | include} expression] Syntax Description registrations Display EAP registration information.
Page 601
• transport name keyword—The specified lower layer. • Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output appear. Examples This is an example of output from the show eap registrations privileged EXEC command: Switch>...
Page 602
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show eap This is an example of output from the show eap sessions interface interface-id privileged EXEC command: Switch# show eap sessions gigabitethernet1/0/1 Role: Authenticator Decision: Fail Lower layer: Dot1x-AuthenticaInterface: Gi1/0/1...
Use the show env user EXEC command to display fan, temperature, redundant power system (RPS) availability, and power information for the switch or the switch stack. show env {all | fan | power [all | switch [switch-number]] | rps | stack [switch-number] | temperature [status]} [ | {begin | exclude | include} expression]...
Page 604
You can also use the show env temperature command to display the switch temperature status. The command output shows the green and yellow states as OK and the red state as FAULTY. If you enter the show env all command, the command output is the same as the show env temperature status command output.
Page 605
: 59 Degree Celsius POWER is OK RPS is AVAILABLE <output truncated> This example shows how to display the temperature value, state, and the threshold values on a standalone switch. Table 2-33 describes the temperature states in the command output.
(SFP) module. gbic-invalid Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 607
Enables error-disabled detection for a specific cause or all causes. show errdisable flap-values Displays error condition recognition information. show errdisable recovery Displays error-disabled recovery timer information. show interfaces status Displays interface status or a list of interfaces in error-disabled state. Catalyst 3750-X and 3560-X Switch Command Reference 2-575 OL-21522-02...
The Flaps column in the display shows how many changes to the state within the specified time interval will cause an error to be detected and a port to be disabled. See the “Examples” section for an example of the display.
A gbic-invalid error-disable reason refers to an invalid small form-factor pluggable (SFP) module interface. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 610
Interface Errdisable reason Time left(sec) --------- ----------------- -------------- Gi1/0/2 link-flap Though visible in the output, the unicast-flood field is not valid. Note Related Commands Command Description errdisable recovery Configures the recover mechanism variables. show errdisable detect Displays error-disabled detection status.
In the output, the Passive port list field is displayed only for Layer 3 port channels. This field means that the physical port, which is still not up, is configured to be in the channel group (and indirectly is in the only port channel in the channel group).
Page 612
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show etherchannel Examples This is an example of output from the show etherchannel 1 detail command: Switch> show etherchannel 1 detail Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16...
Page 613
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show etherchannel This is an example of output from the show etherchannel 1 summary command: Switch> show etherchannel 1 summary Flags: D - down P - in port-channel I - stand-alone s - suspended...
Use the show fallback profile privileged EXEC command to display profiles that are configured on the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 615
Related Commands Command Description dot1x fallback Configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. fallback profile Create a web authentication fallback profile. ip admission Enable web authentication on a switch port...
This command was introduced. Usage Guidelines Use this command to display the flow control status and statistics on the switch or for a specific interface. Use the show flowcontrol command to display information about all the switch interfaces. For a standalone switch, the output from the show flowcontrol command is the same as the output from the show flowcontrol module number command.
Page 617
-------- -------- -------- -------- ------- ------- Gi2/0/1 Unsupp. Unsupp. Gi2/0/2 desired Gi2/0/3 desired <output truncated> This is an example of output from the show flowcontrol interface interface-id command: Switch> show flowcontrol gigabitethernet2/0/2 Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper...
This command applies only to 10-Gigabit Ethernet interfaces and to the SFP module interfaces. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces show interfaces Use the show interfaces privileged EXEC command to display the administrative and operational status of all interfaces or a specified interface. show interfaces [interface-id | vlan vlan-id] [accounting | capabilities [module number] |...
Page 621
On Catalyst 3750-X switches, use the show interface capabilities module number command to • display the capabilities of all interfaces on that switch in the stack. If there is no switch with that module number in the stack, there is no output.
Page 622
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces Examples This is an example of output from the show interfaces command for an interface on stack member 3: Switch# show interfaces gigabitethernet3/0/2 GigabitEthernet3/0/2 is down, line protocol is down Hardware is Gigabit Ethernet, address is 0009.43a7.d085 (bia 0009.43a7.d085)
Page 623
Switch# show interfaces gigabitethernet1/0/2 description Interface Status Protocol Description Gi1/0/2 down Connects to Marketing This is an example of output from the show interfaces etherchannel command when port channels are configured on the switch: Switch# show interfaces etherchannel ---- Port-channel1: Age of the Port-channel...
Page 624
570800 91731594 Route cache Total 1165354 136205310 570800 91731594 This is an example of partial output from the show interfaces status command. It displays the status of all interfaces. Switch# show interfaces status Port Name Status Vlan Duplex Speed Type...
Page 625
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces This is an example of output from the show interfaces switchport command for a port. Table 2-34 describes the fields in the display. Private VLAN trunks are not supported in this release, so those fields are not applicable.
Page 626
Displays the class of service (CoS) setting of the data packets of the IP phone. This is an example of output from the show interfaces switchport command for a port configured as a private VLAN promiscuous port. The primary VLAN 20 is mapped to secondary VLANs 25, 30 and 35:...
Page 627
When a Flex Link interface goes down (LINK_DOWN), VLANs preferred on this interface are moved to the peer interface of the Flex Link pair. In this example, if interface Gi2/0/6 goes down, Gi2/0/8 carries all VLANs of the Flex Link pair.
Page 628
Active Down/Backup Up Vlans Preferred on Active Interface: 1-50 Vlans Preferred on Backup Interface: 60, 100-120 This is an example of output from the show interfaces interface-id trunk command. It displays trunking information for the port. Switch# show interfaces gigabitethernet1/0/1 trunk...
Page 629
Transceiver is internally calibrated. mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable. ++ : high alarm, + : high warning, - : low warning, -- : low alarm. A2D readouts (if they differ), are reported in parentheses. The threshold values are calibrated.
Page 630
Configures a port as a static-access or a dynamic-access port. switchport block Blocks unknown unicast or multicast traffic on an interface. switchport backup interface Configures Flex Links, a pair of Layer 2 interfaces that provide mutual backup. switchport mode Configures the VLAN membership mode of a port.
If you do not enter any keywords, all counters for all interfaces are included. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Page 632
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces counters Examples This is an example of partial output from the show interfaces counters command. It displays all counters for the switch. Switch# show interfaces counters Port InOctets InUcastPkts...
Page 633
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces counters This is an example of output from the show interfaces counters trunk command. It displays trunk counters for all interfaces. Switch# show interfaces counters trunk Port TrunkFramesTx TrunkFramesRx...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show interfaces interface-id transceiver properties command:...
Page 635
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces transceivers This is an example of output from the show interfaces interface-id transceiver detail command: Switch# show interfaces gigabitethernet1/0/3 transceiver detail ITU Channel not available (Wavelength not available), Transceiver is externally calibrated.
Page 636
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces transceivers XFP_ER XENPAK_LR 10-1838-04 X2_LR <output truncated> This is an example of output from the show interfaces transceiver threshold-table command: Optical Tx Optical Rx Temp Laser Bias Voltage current...
If there is no PID, no output appears when you enter the show inventory command. Note Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
Use the show ip arp inspection privileged EXEC command to display the configuration and the operating state of dynamic Address Resolution Protocol (ARP) inspection or the status of this feature for all VLANs or for the specified interface or VLAN.
Page 639
-------------- Gi1/0/1 Untrusted This is an example of output from the show ip arp inspection log command. It shows the contents of the log buffer before the buffers are cleared: Switch# show ip arp inspection log Total Log Buffer Size : 32 Syslog rate : 10 entries per 300 seconds.
Page 640
Mon Mar 1 1993 If the log buffer overflows, it means that a log event does not fit into the log buffer, and the display for the show ip arp inspection log privileged EXEC command is affected. A -- in the display appears in place of all data except the packet count and the time.
Page 641
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip arp inspection This is an example of output from the show ip arp inspection vlan 5 command. It shows the configuration and the operating state of dynamic ARP inspection for VLAN 5.
Output appear. This command displays only the results of global configuration. Therefore, in this example, the circuit ID suboption appears in its default format of vlan-mod-port, even if a string is configured for the circuit Examples This is an example of output from the show ip dhcp snooping command: Switch>...
Use the show ip source binding privileged EXEC command to display the dynamically and statically configured bindings in the DHCP snooping binding database. If DHCP snooping is enabled and an interface changes to the down state, the switch does not delete the statically configured bindings.
Page 644
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip dhcp snooping binding This example shows how to display the DHCP snooping binding entries for a specific IP address: Switch> show ip dhcp snooping binding 10.1.2.150 MacAddress IpAddress Lease(sec)
Use the show ip dhcp snooping database user EXEC command to display the status of the DHCP snooping binding database agent. show ip dhcp snooping database [detail] [ | {begin | exclude | include} expression] This command is available only if your switch is running the IP services feature set.
Page 646
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip dhcp snooping database This is an example of output from the show ip dhcp snooping database detail command: Switch# show ip dhcp snooping database detail Agent URL : tftp://10.1.1.1/directory/file...
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. In a switch stack, all statistics are generated on the stack master. If a new stack master is elected, the statistics counters reset.
Page 648
Packets Processed by DHCP Snooping Total number of packets handled by DHCP snooping, including forwarded and dropped packets. Packets Dropped Because IDB not known Number of errors when the input interface of the packet cannot be determined. Queue full Number of errors when an internal queue used to process the packets is full.
Page 649
DHCP Snooping Statistic Description Interface Down Number of times the packet is a reply to the DHCP relay agent, but the SVI interface for the relay agent is down. This is an unlikely error that occurs if the SVI goes down between sending the client request to the DHCP server and receiving the response.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples These are examples of output from the show ip igmp profile privileged EXEC command, with and without specifying a profile number.
Usage Guidelines Use this command to display snooping configuration for the switch or for a specific VLAN. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 652
CGMP interoperability mode :IGMP_ONLY Last member query interval : 100 This is an example of output from the show ip igmp snooping command. It displays snooping characteristics for all VLANs on the switch. Switch> show ip igmp snooping Global IGMP Snooping configuration:...
Page 653
Command Description ip igmp snooping vlan static Statically adds a Layer 2 port as a member of a multicast group. show ip igmp snooping groups Displays the IGMP snooping multicast table for the switch. show ip igmp snooping mrouter Displays IGMP snooping multicast router ports for the switch or for the specified multicast VLAN.
Usage Guidelines Use this command to display multicast information or the multicast table. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 655
224.1.4.3 igmp Gi2/0/1, Gi2/0/2 This is an example of output from the show ip igmp snooping groups count command. It displays the total number of multicast groups on the switch. Switch# show ip igmp snooping groups count Total number of multicast groups: 2 This is an example of output from the show ip igmp snooping groups dynamic command.
Usage Guidelines Use this command to display multicast router ports on the switch or for a specific VLAN. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. When multicast VLAN registration (MVR) is enabled, the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information.
Page 657
Adds a multicast router port. ip igmp snooping vlan static Statically adds a Layer 2 port as a member of a multicast group. show ip igmp snooping Displays the IGMP snooping configuration of the switch or the...
The show ip igmp snooping querier command output also shows the VLAN and the interface on which the querier was detected. If the querier is the switch, the output shows the Port field as Router. If the querier is a router, the output shows the port number on which the querier is learned in the Port field.
Page 659
IP Address IGMP Version Port --------------------------------------------------- 172.20.50.11 Gi1/0/1 172.20.40.20 Router This is an example of output from the show ip igmp snooping querier detail command: Switch> show ip igmp snooping querier detail Vlan IP Address IGMP Version Port ------------------------------------------------------------- 1.1.1.1...
Use the show ip source binding user EXEC command to display the IP source bindings on the switch. show ip source binding [ip-address] [mac-address] [dhcp-snooping | static] [interface interface-id] [vlan vlan-id] [ | {begin | exclude | include} expression] Note This command is available only if your switch is running the IP services feature set.
Page 661
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip source binding Related Commands Command Description ip dhcp snooping binding Configures the DHCP snooping binding database. ip source binding Configures static IP source bindings on the switch. Catalyst 3750-X and 3560-X Switch Command Reference...
VLAN 10, IP source guard with IP address filtering is configured on the interface, and a binding exists on the interface. For VLANs 11 to 20, the second entry shows that a default port access control lists (ACLs) is applied on the interface for the VLANs on which IP source guard is not configured.
Page 663
On the Gigabit Ethernet 1/0/4 interface, IP source guard with source IP and MAC address filtering is enabled, and static IP source bindings are configured on VLANs 10 and 11. For VLANs 12 to 20, the default port ACL is applied on the interface for the VLANs on which IP source guard is not configured.
{mcast {appclass | groups | status} | nodes | ports [open] | queue | rpc | session {all | rx | tx} [verbose] | status [cumlulative] | zones} [ | {begin | exclude | include} expression] This command is not supported on switches running the LAN base feature set.
Page 665
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This example shows how to display the IPC routing status: Switch>...
Page 666
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ipc This example shows how to display the contents of the IPC retransmission queue: Switch> show ipc queue There are 0 IPC messages waiting for acknowledgement in the transmit queue.
Page 667
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ipc Total via Unreliable Connection-Less Service 12783 Total via Unreliable Sequenced Connection-Less Svc Total via Reliable Connection-Oriented Service <output truncated> Related Commands Command Description clear ipc Clears the IPC multicast routing statistics.
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ipv6 access-list show ipv6 access-list Use the show ipv6 access-list user EXEC command to display the contents of all current IPv6 access lists. show ipv6 access-list [access-list-name] Syntax Description access-list-name (Optional) Name of access list.
Page 669
Table 2-37 show ipv6 access-list Field Descriptions (continued) Field Description bgp (matches) Border Gateway Protocol. The protocol type that the packet is equal to and the number of matches. sequence 10 Sequence in which an incoming packet is compared to lines in an access list.
DECLINE message. If an address conflict is detected, the address is removed from the pool, and the address is not assigned until the administrator removes the address from the conflict list.
Use the show ipv6 mld snooping user EXEC command to display IP version 6 (IPv6) Multicast Listener Discovery (MLD) snooping configuration of the switch or the VLAN. show ipv6 mld snooping [vlan vlan-id] [ | {begin | exclude | include} expression]...
Page 672
Last listener query count Last listener query interval : 1000 This is an example of output from the show ipv6 mld snooping command. It displays snooping characteristics for all VLANs on the switch. Switch> show ipv6 mld snooping Global MLD Snooping configuration:...
Use the show ipv6 mld snooping address user EXEC command to display all or specified IP Version 6 (IPv6) multicast address information maintained by Multicast Listener Discovery (MLD) snooping. show ipv6 mld snooping address [[vlan vlan-id] [ipv6 address]] [vlan vlan-id] [count | dynamic...
Page 674
------------------------------------------------------------- FF12::3 user Gi1/0/2, Gi2/0/2, Gi3/0/1,Gi3/0/3 This is an example of output from the show snooping address count user EXEC command: Switch> show ipv6 mld snooping address count Total number of multicast groups: 2 This is an example of output from the show snooping address user user EXEC command: Switch>...
This command was introduced. Usage Guidelines Use this command to display MLD snooping router ports for the switch or for a specific VLAN. VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in MLD snooping.
Page 676
Related Commands Command Description ipv6 mld snooping Enables and configures MLD snooping on the switch or on a VLAN. ipv6 mld snooping vlan mrouter Configures multicast router ports for a VLAN. interface interface-id | static...
The show ipv6 mld snooping querier command output also shows the VLAN and interface on which the querier was detected. If the querier is the switch, the output shows the Port field as Router. If the querier is a router, the output shows the port number on which the querier is learned in the Port field.
Page 678
To configure the dual IPv4 and IPv6 template, enter the sdm prefer dual-ipv4-and-ipv6 {default | vlan) global configuration command and reload the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Use the show ipv6 route updated command in user EXEC command to display the current contents of the IPv6 routing table. show ipv6 route [protocol] updated [boot-up] {hh:mm | day{month [hh:mm]} [{hh:mm | day{month [hh:mm]}] [ | {begin | exclude | include} expression] This command is not supported on switches running the LAN base feature set.
Page 680
B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2 IA - ISIS interarea, IS - ISIS summary O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2...
This command was introduced. Usage Guidelines After enabling Layer 2 protocol tunneling on an access or IEEE 802.1Q tunnel port by using the l2protocol-tunnel interface configuration command, you can configure some or all of these parameters: Protocol type to be tunneled •...
Page 682
---- ---- 485220 udld ---- 44899 448980 This is an example of output from the show l2protocol-tunnel summary command: Switch> show l2protocol-tunnel summary COS for Encapsulated Packets: 5 Drop Threshold for Encapsulated Packets: 0 Port Protocol Shutdown Drop Status...
Page 683
Clears counters for protocol tunneling ports. l2protocol-tunnel Enables Layer 2 protocol tunneling for CDP, STP, or VTP packets on an interface. l2protocol-tunnel cos Configures a class of service (CoS) value for tunneled Layer 2 protocol packets. Catalyst 3750-X and 3560-X Switch Command Reference 2-651 OL-21522-02...
You can enter the channel-group-number option to specify a channel group for all keywords except sys-id. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 685
• LACP Port Priority Port priority setting. LACP uses the port priority to put ports s in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. Catalyst 3750-X and 3560-X Switch Command Reference...
Page 686
The administrative key defines the ability of a port to aggregate with other ports. A port’s ability to aggregate with other ports is determined by the port physical characteristics (for example, data rate and duplex capability) and configuration restrictions that you establish.
Page 687
Switch> show lacp sys-id 32765,0002.4b29.3a00 The system identification is made up of the system priority and the system MAC address. The first two bytes are the system priority, and the last six bytes are the globally administered individual MAC address associated to the system.
Enter the group number to display information specific to the group. Enter the detail keyword to display detailed information about the group. The output for the show link state group detail command displays only those link-state groups that have link-state tracking enabled or that have upstream or downstream interfaces (or both) configured.
Page 689
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show link state group Examples This is an example of output from the show link state group 1 command: Switch> show link state group 1 Link State Group: 1 Status: Enabled, Down This is an example of output from the show link state group detail command: Switch>...
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show lldp show lldp The show lldp command is documented at http://www.cisco.com/en/US/docs/ios/cether/command/reference/ce_04.html#wp1095571. Catalyst 3750-X and 3560-X Switch Command Reference 2-658 OL-21522-02...
Usage Guidelines Use the show location command to display location information for an endpoint. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 692
City : San Jose State : CA Country : US This is an example of output from the show location civic-location command that displays all the civic location information: Switch> show location civic-location static Civic location information -------------------------- Identifier County...
Page 693
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show location This is an example of output from the show location elin static command that displays all emergency location information: Switch> show location elin static Elin location information -------------------------- Identifier : 1...
(Optional) Display the data from the specified time and date. For more year information, see the “Usage Guidelines” section. end hh:mm:ss day month year (Optional) Display the data up to the specified time and date. For more information, see the “Usage Guidelines” section. detail (Optional) Display both the continuous and summary data.
Page 695
This command was introduced. Usage Guidelines When OBFL is enabled, the switch records OBFL data in a continuous file that contains all of the data. The continuous file is circular. When the continuous file is full, the switch combines the data into a summary file, which is also known as a historical file.
Page 696
-------------------------------------------------------------------------------- No historical data to display -------------------------------------------------------------------------------- This is an example of output from the show logging onboard poe continuous end 01:01:00 jan 2000 command on a switch: Switch# show logging onboard poe continuous end 01:01:00 1 jan 2000 --------------------------------------------------------------------------------...
Page 697
Application name voltage : Path : obfl0: CLI enable status : enabled Platform enable status: enabled This is an example of output from the show logging onboard temperature continuous command: Switch# show logging onboard temperature continuous -------------------------------------------------------------------------------- TEMPERATURE CONTINUOUS INFORMATION --------------------------------------------------------------------------------...
Page 698
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show logging onboard 05/13/2006 07:25:24 05/13/2006 08:25:24 <output truncated> This is an example of output from the show logging onboard uptime summary command: Switch# show logging onboard uptime summary -------------------------------------------------------------------------------- UPTIME SUMMARY INFORMATION --------------------------------------------------------------------------------...
Output appear. Examples This is a sample output from the show mac-access group user EXEC command. In this display, port 2 has the MAC access list macl_e1 applied; no MAC ACLs are applied to other interfaces.
Use the show mac address-table user EXEC command to display a specific MAC address table static and dynamic entry or the MAC address table static and dynamic entries on a specific interface or VLAN. show mac address-table [ | {begin | exclude | include} expression]...
Page 701
VLAN. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table address command: Switch# show mac address-table address 0002.4b28.c482...
Page 703
Related Commands Command Description show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN. show mac address-table dynamic Displays dynamic MAC address table entries only.
Use the show mac address-table aging-time user EXEC command to display the aging time of a specific address table instance, all address table instances on a specified VLAN or, if a specific VLAN is not specified, on all VLANs.
Page 705
Command Description mac address-table aging-time Sets the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. show mac address-table address Displays MAC address table information for the specified MAC address.
If no VLAN number is specified, the address count for all VLANs appears. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 707
Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table dynamic Displays dynamic MAC address table entries only. show mac address-table interface Displays the MAC address table information for the specified interface.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table dynamic command: Switch>...
Page 709
Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table interface command: Switch>...
Page 711
Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
VLANs and whether MAC address learning is enabled or disabled on them. The default is that MAC address learning is enabled on all VLANs. Use the command with a specific VLAN ID to display the learning status on an individual VLAN.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table move update command: Switch>...
Page 714
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mac address-table move update Related Commands Command Description clear mac address-table move Clears the MAC address-table move update counters. update mac address-table move update Configures MAC address-table move update on the switch.
Use the interface keyword to display the notifications for all interfaces. If the interface-id is included, only the flags for that interface appear. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 716
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mac address-table notification Examples This is an example of output from the show mac address-table notification change command: Switch> show mac address-table notification change MAC Notification Feature is Enabled on the switch...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table static command: Switch>...
Page 718
Adds static addresses to the MAC address table. mac address-table static drop Enables unicast MAC address filtering and configures the switch to drop traffic with a specific source or destination MAC address. show mac address-table address Displays MAC address table information for the specified MAC address.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table vlan 1 command: Switch>...
Page 720
Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is sample output of the show macsec interface command when there is no MACsec session...
Page 722
Ingress noSCI pkts 0 Unused pkts 0 Notusing pkts 0 Decrypt bytes 80914 Ingress miss pkts 1492 This is sample output of the show macsec summary command to see all established MACsec sessions: Switch# show macsec summary Interface Transmit SC Receive SC...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is sample output of the show mka default-policy command: Switch# show mka default-policy MKA Policy Summary...
Page 724
Policy-Name The name of the policy used at session start to set initial configuration values. Key Svr Status The key server: has value ‘Y’ for YES if the MKA session is the key server, otherwise, ‘N’ for NO. Audit-Session-ID The session ID.
To display a summary of all defined MACsec Key Agreement (MKA) protocol policies, including the MKA default policy, or to display a summary of a specified policy, use the show mka policy privileged EXEC command. show mka policy [policy-name [sessions] [detail]][ | {begin | exclude | include} expression]...
Page 726
The set value of the priority for becoming the key server (KS). The range is 0 to 255, with 0 as the highest priority and 255 as the lowest priority. A value of 0 means that the switch should always try to act as the key server, while a value of 255 means that it should never try to act as the server.
Page 727
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mka policy Related Commands Command Description mka policy (global Creates an MKA policy and enters MKA policy configuration mode. configuration) mka policy (interface Applies an MKA policy to the interface. configuration) Catalyst 3750-X and 3560-X Switch Command Reference...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is sample output of the show mka session command: Switch# show mka session Total MKA Sessions..
Page 729
The MAC address of the physical interface concatenated with the 16-bit Port-ID. Key Server Status The key server: has value ‘Y’ for YES if the MKA session is the key server, otherwise, ‘N’ for NO. Connectivity association key (CAK) name...
Page 730
--------------------------------------------------------- DA296D3E62E0961234BF39A6 001b.2140.ec4c/0000 Potential Peers List: Rx-SCI (Peer) --------------------------------------------------------- This is sample output of the show mka session interface command: Switch# show mka session interface gigabitethernet1/0/25 Summary of All Currently Active MKA Sessions on Interface GigabitEthernet1/0/25. Interface Peer-RxSCI Policy-Name Audit-Session-ID...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of the show mka statistics command output:...
Page 732
Pairwise secure connectivity association keys (CAKs) derived through EAP authentication. Pairwise CAK Rekeys Pairwise CAK rekeys after reauthentication. Group CAKs Generated Generated group CAKs while acting as a key server in a group CA. Catalyst 3750-X and 3560-X Switch Command Reference 2-700 OL-21522-02...
Page 733
Global Statistics Output Fields (continued) Field Description Group CAKs Received Received group CAKs while acting as a nonkey server member in a group SAK Rekeys Secure association key (SAK) rekeys that have been initiated as key servers or received as nonkey server members.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of the show mka summary command output: Switch# show mka summary Summary of All Currently Active MKA Sessions...
Page 736
Output Fields Field Description Group CAKs Generated Generated group CAKs while acting as a key server in a group CA. Group CAKs Received Received group CAKs while acting as a nonkey server member in a group SAK Rekeys Secure association key (SAK) rekeys that have been initiated as key servers or received as a non-key server members.
Output appear. Examples This is an example of output from the show mls qos command when QoS is enabled and Differentiated Services Code Point (DSCP) transparency is disabled: Switch> show mls qos...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mls qos aggregate-policer command: Switch>...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mls qos input-queue command: Switch>...
Page 740
Allocates the buffers between the ingress queues. mls qos srr-queue input cos-map Maps assigned class of service (CoS) values to an ingress queue and assigns CoS values to a queue and to a threshold mls qos srr-queue input dscp-map Maps assigned Differentiated Services Code Point (DSCP) values to an ingress queue and assigns DSCP values to a queue and to a threshold ID.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mls qos interface interface-id command when VLAN-based QoS is enabled: Switch>...
Page 742
DSCP Mutation Map:Default DSCP Mutation Map Trust device:none qos mode:vlan-based This is an example of output from the show mls qos interface interface-id command when VLAN-based QoS is disabled: Switch> show mls qos interface gigabitethernet1/0/2 GigabitEthernet1/0/2...
Page 743
Allocates the buffers between the ingress queues. mls qos srr-queue input cos-map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue input dscp-map Maps DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID.
Page 744
Assigns WTD threshold percentages to an ingress queue. mls qos srr-queue output cos-map Maps CoS values to an egress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue output dscp-map Maps DSCP values to an egress queue or maps DSCP values to a queue and to a threshold ID.
DSCP. The d2 row specifies the least-significant digit in the DSCP. The intersection of the d1 and d2 values provides the policed-DSCP, the CoS, or the mutated-DSCP value. For example, in the DSCP-to-CoS map, a DSCP value of 43 corresponds to a CoS value of 5.
Page 746
DSCP number. The intersection of the d1 and the d2 values provides the queue ID and threshold ID. For example, in the DSCP input queue threshold map, a DSCP value of 43 corresponds to queue 2 and threshold 1 (02-01).
Page 747
DSCP-to-DSCP-mutation map, IP-precedence-to-DSCP map, and the policed-DSCP map. mls qos srr-queue input cos-map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue input dscp-map Maps DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID.
Use the show mls qos queue-set user EXEC command to display quality of service (QoS) settings for the egress queues. show mls qos queue-set [qset-id] [ | {begin | exclude | include} expression]...
Page 749
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mls qos queue-set Related Commands Command Description mls qos queue-set output buffers Allocates buffers to the queue-set. mls qos queue-set output threshold Configures the weighted tail-drop (WTD) thresholds, guarantees the availability of buffers, and configures the maximum memory allocation of the queue-set.
Use the show mls qos vlan user EXEC command to display the policy maps attached to a switch virtual interface (SVI). show mls qos vlan vlan-id [ | {begin | exclude | include} expression]...
(SPAN) and Remote SPAN (RSPAN) sessions on the switch. Use the command with keywords to show a specific session, all sessions, all local sessions, or all remote sessions. show monitor [session {session_number | all | local | range list | remote} [detail]] [ | {begin | exclude | include} expression]...
Page 752
Both : Gi4/0/2-3,Gi4/0/5-6 Destination Ports : Gi4/0/20 Encapsulation : Replicate Ingress : Disabled This is an example of output for the show monitor session all user EXEC command when ingress traffic forwarding is enabled: Switch# show monitor session all Session 1...
MVR Global query response time: 5 (tenths of sec) MVR Mode: compatible In the preceding display, the maximum number of multicast groups is fixed at 256. The MVR mode is either compatible (for interoperability with Catalyst 2900 XL and Catalyst 3500 XL switches) or dynamic (where operation is consistent with IGMP snooping operation and dynamic MVR membership on source ports is supported).
Page 754
Displays all ports that are members of an MVR multicast group or, if there are no members, means the group is inactive. Catalyst 3750-X and 3560-X Switch Command Reference...
This command was introduced. Usage Guidelines If the entered port identification is a non-MVR port or a source port, the command returns an error message. For receiver ports, it displays the port type, per port status, and Immediate-Leave setting. If you enter the members keyword, all MVR group members on the interface appear. If you enter a VLAN ID, all MVR group members in the VLAN appear.
Page 756
Inactive means that the port is not yet part of any VLAN. • This is an example of output from the show mvr interface command for a specified port: Switch# show mvr interface gigabitethernet1/0/2 Type: RECEIVER Status: ACTIVE Immediate Leave: DISABLED...
Use the show mvr members privileged EXEC command to display all receiver and source ports that are currently members of an IP multicast group. show mvr members [ip-address] [ | {begin | exclude | include} expression]...
Page 758
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mvr members This is an example of output from the show mvr members ip-address command. It displays the members of the IP multicast group with that address: Switch# show mvr members 239.255.0.2 239.255.003.--22...
Use the show nmsp privileged EXEC command to display the Network Mobility Services Protocol (NMSP) information for the switch. show nmsp {attachment suppress interface | capability | notification interval | statistics {connection | summary} | status | subscription {detail | summary}} [ | {begin | exclude | include} expression] Syntax Description attachment suppress Display attachment suppress interfaces.
Page 761
NMSP Notification Intervals ---------------------------------- Attachment notify interval: 30 sec (default) Location notify interval: 30 sec (default) This is an example of output from the show nmsp statistics connection and show nmsp statistics summary commands: Switch# show nmsp statistics connection NMSP Connection Counters...
Page 762
TxEchoResp RxEchoReq TxData RxData 172.19.35.109 5 5 4 4 This is an example of output from the show nmsp show subscription detail and the show nmsp show subscription summary commands: Switch# show nmsp subscription detail Mobility Services Subscribed by 172.19.35.109:...
You can enter any show pagp command to display the active channel-group information. To display the nonactive information, enter the show pagp command with a channel-group number. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output are appear.
Page 764
Gi3/0/3 Gi1/0/2 Switch Gi3/0/4 <output truncated> This is an example of output from the show pagp 1 internal command: Switch> show pagp 1 internal Flags: S - Device is sending Slow hello. C - Device is in Consistent state. A - Device is in Auto mode.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show policy-map command: Switch>...
If you enter the vlan keyword, the command displays the configured maximum and the current number of secure MAC addresses for all VLANs on the interface. This option is visible only on interfaces that have the switchport mode set to trunk.
Page 767
---- ----- ------------- 0006.0700.0800 SecureConfigured Gi1/0/2 ------------------------------------------------------------------- Total Addresses: 1 This is an example of output from the show port-security interface interface-id vlan command: Switch# show port-security interface gigabitethernet1/0/2 vlan Default maximum:not set, using 5120 VLAN Maximum Current default default...
Page 768
Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface. switchport port-security Enables port security on a port, restricts the use of the port to a user-defined group of stations, and configures secure MAC addresses.
Use the show power inline user EXEC command to display the Power over Ethernet (PoE) status for the specified PoE port, the specified stack member, or for all PoE ports in the switch stack.
Page 770
Gi3/0/11 auto 30.0 Gi3/0/12 auto 30.0 <output truncated> This is an example of output from the show power inline interface-id command on a switch port. Table 2-46 describes the output fields. Switch> show power inline gigabitethernet0/5 Interface Admin Oper Power...
Page 771
IEEE classification, which is different than the real-time power that is monitored with the power sensing feature. The configured power values on a Catalyst 3750-E or 3560-E switch is the same as the actual power values on a Catalyst 3750 or 3560 switch.
Page 772
• message. The Gi1/0/3 port is shut down, but policing is enabled with a policing action is to shut down the port. • Device detection is disabled on the Gi1/0/4 port, power is not applied to the port, and policing is •...
Page 773
• The Gi1/0/12 port is up and connected to a powered device, and policing is enabled with a policing action to shut down the port. The policing action does not take effect because the real-time power consumption is less than the cutoff value.
Page 774
The real-time power consumption of the powered device. 1. The configured power is the power that you manually specify or that the switch specifies by using CDP power negotiation or the IEEE classification, which is different than the real-time power that is monitored with the power sensing feature. The configured power values on a Catalyst 3750-X, Catalyst 3750-E, Catalyst 3650-X, or Catalyst 3560-E switch is the same as the actual power values on a Catalyst 3750 or 3560 switch.
When you change the SDM template by using the sdm prefer global configuration command, you must reload the switch for the configuration to take effect. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.
Page 776
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show sdm prefer Examples This is an example of output from the show sdm prefer command, displaying the template in use. Note On switches running the LAN base feature set, routing values shown in all templates are not valid.
Page 777
IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: This is an example of output from the show sdm prefer command when you have configured a new template but have not reloaded the switch: Switch# show sdm prefer The current template is "desktop routing"...
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show setup express show setup express Use the show setup express privileged EXEC command to display if Express Setup mode is active on the switch. show setup express [ | {begin | exclude | include} expression]...
Page 780
ID, a range of IDs • separated by a hyphen, or a series of IDs separated by a comma. The range is 1 to 4094. The display shows the number of currently configured instances.
Page 781
If the vlan-id variable is omitted, the command applies to the spanning-tree instance for all VLANs. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 782
Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 0, received 72364 <output truncated> This is an example of output from the show spanning-tree interface interface-id command: Switch# show spanning-tree interface gigabitethernet2/0/1 Vlan Role Sts Cost Prio.Nbr Type...
Page 783
Vlans Mapped -------- ------------------ 1-9,21-4094 10-20 ---------------------------- This is an example of output from the show spanning-tree mst interface interface-id command: Switch# show spanning-tree mst interface gigabitethernet2/0/1 GigabitEthernet2/0/1 of MST00 is root forwarding Edge port: no (default) port guard : none...
Page 784
Enables the Port Fast feature on an interface and all its configuration) associated VLANs. spanning-tree uplinkfast Accelerates the choice of a new root port when a link or switch fails or when the spanning tree reconfigures itself. spanning-tree vlan Configures spanning tree on a per-VLAN basis.
To display the members of all StackPower stacks or the specified power stack and the power mode of the stack, use the show stack-power user EXEC command. show stack power [stack-id] [ | {begin | exclude | include} expression]...
Page 786
Configures the power management mode for the specified PoE port or for all PoE ports. stack-power Configures power stack parameters. show power inline Displays the power parameters for the specified PoE port or for all PoE ports. Catalyst 3750-X and 3560-X Switch Command Reference 2-754 OL-21522-02...
When you enter an interface-id, the storm control thresholds appear for the specified interface. If you do not enter an interface-id, settings appear for one traffic type for all ports on the switch. If you do not enter a traffic type, settings appear for broadcast storm control.
Page 788
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show storm-control This is an example of output from the show storm-control command for a specified interface. Because no traffic-type keyword was entered, the broadcast storm control settings appear. Switch> show storm-control gigabitethernet 1/0/1...
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show switch show switch Use the show switch user EXEC command to display information related to the stack member or the switch stack. show switch [stack-member-number | detail | neighbors | stack-ports [summary]| stack-ring activity [detail] | speed] [ | {begin | exclude | include} expression] This command is supported only on Catalyst 3750-X switches.
Page 790
Provisioned—The state of a preconfigured switch before it becomes an active member of a switch • stack, or the state of a stack member after it has left the switch stack. The MAC address and the priority number in the display are always 0 for the provisioned switch.
Page 791
Switch> show switch stack-ports Switch # Port A Port B -------- ------ ------ Down Down Table 2-49 shows the output for the show switch stack-ports summary command. Switch> show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync Port#...
Page 792
Yes—None of the stack ports on the member • has an attached stack cable. This example shows how to display detailed stack-ring activity information for a switch stack: Switch> show switch stack-ring activity detail Catalyst 3750-X and 3560-X Switch Command Reference...
Page 793
--------------------------- Switch 2 Total: 2213466 ------------------------------------------------------------------------- Total frames sent to stack ring : 5818507 Note: these counts do not include frames sent to the ring by certain output features, such as output SPAN and output ACLs. Related Commands Command Description reload Reloads the stack member and puts a configuration change into effect.
This command was introduced. Usage Guidelines If you have used the system mtu or system mtu jumbo global configuration command to change the MTU setting, the new setting does not take effect until you reset the switch. For information about the MTU values and the stack configurations that affect the MTU values, see the system mtu command.
If you do not enter an interface-id, administrative and operational UDLD status for all interfaces appear. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
Page 796
UDLD-capable, no cache entries appear. Device name The device name or the system serial number of the neighbor. The system serial number appears if the device name is not set or is set to the default (Switch). Port ID The neighbor port ID enabled for UDLD.
Page 797
Enables UDLD on an individual interface or prevents a fiber-optic interface from being enabled by the udld global configuration command. udld reset Resets all interfaces shutdown by UDLD and permits traffic to begin passing through them again. Catalyst 3750-X and 3560-X Switch Command Reference 2-765...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show version command that shows the software licenses installed on the switch.
Page 799
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
VLAN (if the VLAN ID or name is specified) on the switch. show vlan [brief | dot1q tag native | id vlan-id | internal usage | mtu | name vlan-name | private-vlan [type] | remote-span | summary] [ | {begin | exclude | include} expression]...
Page 801
VLAN have the same MTU. When yes appears in this column, it means that the VLAN has ports with different MTUs, and packets that are switched from a port with a larger MTU to a port with a smaller MTU might be dropped. If the VLAN does not have an SVI, the hyphen (-) symbol appears in the SVI_MTU column.
Page 802
VLAN ID, the secondary VLAN ID, the type of secondary VLAN (community or isolated), and the ports that belong to it. This is an example of output from the show vlan dot1q tag native command: Switch> show vlan dot1q tag native...
Page 803
1026 are being used as internal VLANs for Gigabit Ethernet routed ports 23 and 24 on stack member 1. If you want to use one of these VLAN IDs, you must first shut down the routed port, which releases the internal VLAN, and then create the extended-range VLAN. When you start up the routed port, another internal VLAN number is assigned to it.
Page 804
Related Commands Command Description private-vlan Configures a VLAN as a community, isolated, or primary VLAN or associates a primary VLAN with secondary VLANs. switchport mode Configures the VLAN membership mode of a port. vlan (global Enables VLAN configuration mode where you can configure VLANs 1 to configuration) 4094.
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vlan access-map command: Switch# show vlan access-map Vlan access-map "SecWiz"...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vlan filter command:...
12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vmps command: Switch>...
Page 808
This response means that the server and the client have not been configured with the same VTP management domain. VQP Wrong Version Number of times the version field in the query packet contains a value that is higher than the version supported by the VMPS. The VLAN assignment of the port is not changed.
This command was introduced. Usage Guidelines When you enter the show vtp password command when the switch is running VTP version 3, the display follows these rules: If the password password global configuration command did not specify the hidden keyword and •...
Page 810
Conflict that the responding server is in conflict with the local server for the feature; that is, when two switches in the same domain do not have the same primary server for a database. Switch# show vtp devices Retrieving information from the VTP domain.
Page 811
Revision errors increment whenever the switch receives an advertisement whose revision number matches the revision number of the switch, but the MD5 digest values do not match. This error means that the VTP password in the two switches is different or that the switches have different configurations.
Page 812
Displays the date and time of the last configuration modification. Displays the IP address of the Modified switch that caused the configuration change to the database. This is an example of output from the show vtp status command for a switch running VTP version 3. . Switch> show vtp status VTP Version capable...
Page 813
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Feature UNKNOWN: -------------- Related Commands Command Description clear vtp counters Clears the VTP and pruning counters. vtp (global configuration) Configures the VTP filename, interface name, domain name, and mode. Catalyst 3750-X and 3560-X Switch Command Reference 2-781 OL-21522-02...
Page 814
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show vtp Catalyst 3750-X and 3560-X Switch Command Reference 2-782 OL-21522-02...
The no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shut down. The port must first be a member of an active VLAN before it can be re-enabled.
Use the shutdown vlan global configuration command on the switch stack or on a standalone switch to shut down (suspend) local traffic on the specified VLAN. Use the no form of this command to restart local traffic on the VLAN.
(threshold) for an interface to be error disabled when it receives VLAN-tagged packets that are small frames (67 bytes or less) at the specified rate. Use the no form of this command to return to the default setting.
Page 818
Related Commands Command Description errdisable detect cause small-frame Allows any switch port to be put into the error-disabled state if an incoming frame is smaller than the minimum size and arrives at the specified rate (threshold). errdisable recovery cause Enables the recovery timer.
Use the snmp-server enable traps global configuration command on the switch stack or on a standalone switch to enable the switch to send Simple Network Management Protocol (SNMP) notifications for various traps or inform requests to the network management system (NMS). Use the no form of this command to return to the default setting.
Page 820
(Optional) Generate entity field-replaceable unit (FRU) control traps. In a switch stack, this trap refers to the insertion or removal of a switch in the stack. hsrp (Optional) Enable Hot Standby Router Protocol (HSRP) traps.
Page 821
(Optional) Enable port security traps. Use the trap-rate keyword to set the [trap-rate value] maximum number of port-security traps sent per second. The range is from 0 to 1000; the default is 0 (no limit imposed; a trap is sent at every occurrence). power-ethernet {group (Optional) Enable power-over-Ethernet traps.
Page 822
When supported, use the snmp-server enable traps command to enable sending of traps or informs. Informs are not supported in SNMPv1. Note To enable more than one type of trap, you must enter a separate snmp-server enable traps command for each trap type. Examples...
Page 823
Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_command _reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. snmp-server host Specifies the host that receives SNMP traps.
Page 825
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands snmp-server host notification-type (Optional) Type of notification to be sent to the host. If no type is specified, all notifications are sent. The notification type can be one or more of the these keywords: bgp—Send Border Gateway Protocol (BGP) state change traps.
Page 826
Defaults This command is disabled by default. No notifications are sent. If you enter this command with no keywords, the default is to send all trap types to the host. No informs are sent to this host. If no version keyword is present, the default is Version 1.
Page 827
The community string is defined as comaccess: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com comaccess snmp This example shows how to enable the switch to send all traps to the host myhost.cisco.com by using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
Use the snmp trap mac-notification change interface configuration command on the switch stack or on a standalone switch to enable the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific Layer 2 interface. Use the no form of this command to return to the default setting.
Page 829
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands snmp trap mac-notification change Related Commands Command Description clear mac address-table notification Clears the MAC address notification global counters. mac address-table notification Enables the MAC address notification feature. show mac address-table notification...
An inferior BPDU identifies a switch that declares itself as both the root bridge and the designated switch. When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated switch has lost its connection to the root switch.
You can enable the BPDU filtering feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode. Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in Caution spanning-tree loops.
Page 832
Port Fast-enabled interface or enables the Port Fast feature on all nontrunking interfaces. spanning-tree portfast (interface Enables the Port Fast feature on an interface and all its associated configuration) VLANs. Catalyst 3750-X and 3560-X Switch Command Reference 2-800...
Use the spanning-tree bpduguard interface configuration command on the switch stack or on a standalone switch to put an interface in the error-disabled state when it receives a bridge protocol data unit (BPDU). Use the no form of this command to return to the default setting.
Page 834
Port Fast-enabled interfaces or enables the Port Fast feature on all nontrunking interfaces. spanning-tree portfast (interface Enables the Port Fast feature on an interface and all its associated configuration) VLANs. Catalyst 3750-X and 3560-X Switch Command Reference 2-802...
If a loop occurs, spanning tree considers the path cost when selecting an interface to place in the forwarding state. Use the no form of this command to return to the default setting.
Page 836
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree cost Related Commands Command Description show spanning-tree interface Displays spanning-tree information for the specified interface. interface-id spanning-tree port-priority Configures an interface priority. spanning-tree vlan priority Sets the switch priority for the specified spanning-tree instance.
EXEC command on the remote device. When a port is in the error-disabled state because of an EtherChannel misconfiguration, you can bring it out of this state by entering the errdisable recovery cause channel-misconfig global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands.
Page 838
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree etherchannel guard misconfig Related Commands Command Description errdisable recovery cause Enables the timer to recover from the EtherChannel channel-misconfig misconfiguration error-disabled state. show etherchannel summary Displays EtherChannel information for a channel as a one-line summary per channel-group.
ID unique for each VLAN or multiple spanning-tree instance. Because the switch stack appears as a single switch to the rest of the network, all switches in the stack use the same bridge ID for a given spanning tree. If the stack master fails, the stack members recalculate their bridge IDs of all running spanning trees based on the new MAC address of the stack master.
Page 840
Command Description show spanning-tree summary Displays a summary of spanning-tree interface states. spanning-tree mst root Configures the MST root switch priority and timers based on the network diameter. spanning-tree vlan priority Sets the switch priority for the specified spanning-tree instance.
(blocked) state to prevent the customer’s switch from becoming the root switch or being in the path to the root. The root port provides the best path from the switch to the root switch.
Page 842
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree guard Loop guard is most effective when it is configured on the entire switched network. When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send bridge protocol data units (BPDUs) on root or alternate ports.
Multiple Spanning Tree Protocol (MSTP) or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol and be enabled for rapid transitions. Examples This example shows how to specify the link type as shared (regardless of the duplex setting) and to prevent rapid transitions to the forwarding state: Switch(config-if)# spanning-tree link-type shared You can verify your setting by entering the show spanning-tree mst interface interface-id or the show spanning-tree interface interface-id privileged EXEC command.
Page 844
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree link-type Related Commands Command Description clear spanning-tree detected-protocols Restarts the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface. show spanning-tree interface...
Use the spanning-tree loopguard default global configuration command on the switch stack or on a standalone switch to prevent alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link. Use the no form of this command to return to the default setting. spanning-tree loopguard default...
Page 846
Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. spanning-tree guard loop Enables the loop guard feature on all the VLANs associated with the specified interface. Catalyst 3750-X and 3560-X Switch Command Reference 2-814 OL-21522-02...
This command was introduced. Usage Guidelines The switch supports PVST+, rapid PVST+, and MSTP, but only one version can be active at any time: All VLANs run PVST+, all VLANs run rapid PVST+, or all VLANs run MSTP. All stack members run the same version of spanning-tree.
Page 848
Command Description show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_comm and_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command.
VLANs to an MST instance. The range for the • instance-id is 1 to 4094. The range for vlan-range is 1 to 4094. You can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma.
Page 850
VLANs that were previously mapped. To specify a range, use a hyphen; for example, instance 1 vlan 1-63 maps VLANs 1 to 63 to MST instance 1. To specify a series, use a comma; for example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1.
(MST) calculations. If a loop occurs, spanning tree considers the path cost when selecting an interface to put in the forwarding state. Use the no form of this command to return to the default setting.
Page 852
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree mst cost Related Commands Command Description show spanning-tree Displays MST information for the specified interface. interface interface-id spanning-tree mst Configures an interface priority. port-priority spanning-tree mst priority Configures the switch priority for the specified spanning-tree instance.
Changing the spanning-tree mst forward-time command affects all spanning-tree instances. Examples This example shows how to set the spanning-tree forwarding time to 18 seconds for all MST instances: Switch(config)# spanning-tree mst forward-time 18 You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
The max-age setting must be greater than the hello-time setting. Changing the spanning-tree mst hello-time command affects all spanning-tree instances. Examples This example shows how to set the spanning-tree hello time to 3 seconds for all multiple spanning-tree (MST) instances: Switch(config)# spanning-tree mst hello-time 3 You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
If a switch does not receive a bridge protocol data unit (BPDU) message from the root switch within this interval, it recomputes the spanning-tree topology. Use the no form of this command to return to the default setting.
Usage Guidelines The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a switch receives this BPDU, it decrements the received remaining hop count by one and propagates the decremented count as the remaining hop count in the generated M-records.
If a loop occurs, the Multiple Spanning Tree Protocol (MSTP) can find the interface to put in the forwarding state. Use the no form of this command to return to the default setting.
Page 858
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree mst port-priority Related Commands Command Description show spanning-tree mst interface Displays MST information for the specified interface. interface-id spanning-tree mst cost Sets the path cost for MST calculations. spanning-tree mst priority Sets the switch priority for the specified spanning-tree instance.
The port can accept both prestandard and standard BPDUs. If the neighbor types are mismatched, only the common and internal spanning tree (CIST) runs on this interface. If a switch port is connected to a switch running prestandard Cisco IOS software, you must use the Note spanning-tree mst pre-standard interface configuration command on the port.
Use the spanning-tree mst priority global configuration command on the switch stack or on a standalone switch to set the switch priority for the specified spanning-tree instance. Use the no form of this command to return to the default setting.
Because of the extended system ID support, the switch sets the switch priority for the instance to 24576 if this value will cause this switch to become the root for the specified instance. If any root switch for the specified instance has a switch priority lower than 24576, the switch sets its own priority to 4096 less than the lowest switch priority.
Page 862
ID, the software changes the switch priority from the default value (32768) to 28672. If the root switch fails, this switch becomes the next root switch (if the other switches in the network use the default switch priority of 32768 and are therefore unlikely to become the root switch).
If the variable vlan-id is omitted, the command applies to the spanning-tree instance associated with VLAN 1. You can set the priority on a VLAN that has no interfaces assigned to it. The setting takes effect when you assign the interface to the VLAN.
Page 864
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree port-priority Examples This example shows how to increase the likelihood that a port will be put in the forwarding state if a loop occurs: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# spanning-tree vlan 20 port-priority 0...
Port Fast feature is enabled, the interface changes directly from a blocking state to a forwarding state without making the intermediate spanning-tree state changes. Defaults The BPDU filtering, the BPDU guard, and the Port Fast features are disabled on all interfaces unless they are individually configured. Command Modes Global configuration...
Page 866
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree portfast (global configuration) Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in Caution spanning-tree loops. Use the spanning-tree portfast bpduguard default global configuration command to globally enable BPDU guard on interfaces that are in a Port Fast-operational state.
Page 867
Description spanning-tree bpduguard Puts an interface in the error-disabled state when it receives a BPDU. spanning-tree portfast (interface Enables the Port Fast feature on an interface in all its associated configuration) VLANs. Catalyst 3750-X and 3560-X Switch Command Reference 2-835...
Use the spanning-tree portfast interface configuration command on the switch stack or on a standalone switch to enable the Port Fast feature on an interface in all its associated VLANs. When the Port Fast feature is enabled, the interface changes directly from a blocking state to a forwarding state without making the intermediate spanning-tree state changes.
Page 869
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree portfast (interface configuration) Examples This example shows how to enable the Port Fast feature on a port: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# spanning-tree portfast You can verify your settings by entering the show running-config privileged EXEC command.
Use the spanning-tree transmit hold-count global configuration command to configure the number of bridge protocol data units (BPDUs) sent every second. Use the no form of this command to return to the default setting. spanning-tree transmit hold-count [value]...
Use the spanning-tree uplinkfast global configuration command on the switch stack or on a standalone switch to accelerate the choice of a new root port when a link or switch fails or when the spanning tree reconfigures itself. Use the no form of this command to return to the default setting.
Page 872
Do not enable the root guard on interfaces that will be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and prevented from reaching the forwarding state.
Use the spanning-tree vlan global configuration command on the switch stack or on a standalone switch to configure spanning tree on a per-VLAN basis. Use the no form of this command to return to the default setting. spanning-tree vlan vlan-id [forward-time seconds | hello-time seconds | max-age seconds |...
Page 874
The VLAN does not detect and prevent loops when STP is disabled. You can disable the STP on a VLAN that is not currently active and verify the change by using the show running-config or the show spanning-tree vlan vlan-id privileged EXEC command. The setting takes effect when the VLAN is activated.
Page 875
You can verify your setting by entering the show spanning-tree privileged EXEC command. In this instance, VLAN 5 does not appear in the list. This example shows how to set the spanning-tree forwarding time to 18 seconds for VLANs 20 and 25: Switch(config)# spanning-tree vlan 20,25 forward-time 18...
If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
Page 877
This example shows how to set a port to autonegotiate at only 10 Mb/s: Switch(config)# interface gigabitethernet1/0/118 Switch(config-if)# speed auto 10 This example shows how to set a port to autonegotiate at only 10 or 100 Mb/s: Switch(config)# interface gigabitethernet1/0/117 Switch(config-if)# speed auto 10 100 You can verify your settings by entering the show interfaces privileged EXEC command.
Usage Guidelines If you configure this command to 80 percent, the port is idle 20 percent of the time. The line rate drops to 80 percent of the connected speed. These values are not exact because the hardware adjusts the line rate in increments of six.
Page 879
CoS values to a queue and to a threshold ID. mls qos srr-queue output dscp-map Maps Differentiated Services Code Point (DSCP) values to an egress queue or maps DSCP values to a queue and to a threshold ID. mls qos queue-set output threshold...
(1/weight) specifies the shaping bandwidth for this queue. Separate each value with a space. The range is 0 to 65535. Defaults Weight1 is set to 25. Weight2, weight3, and weight4 are set to 0, and these queues are in shared mode. Command Modes Interface configuration...
Page 881
1 is 1/8, which is 12.5 percent. Queue 1 is guaranteed this bandwidth and limited to it; it does not extend its slot to the other queues even if the other queues have no traffic and are idle. Queues 2, 3, and 4 are in shared mode, and the setting for queue 1 is ignored.
The ratio of the weights is the ratio of frequency in which the shaped round robin (SRR) scheduler dequeues packets from each queue. Use the no form of this command to return to the default setting.
Page 883
2/(1+2+3+4), 3/(1+2+3+4), and 4/(1+2+3+4), which is 10 percent, 20 percent, 30 percent, and 40 percent for queues 1, 2, 3, and 4. This means that queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3.
During that time, if the previous stack master rejoins the stack as a stack member, the stack retains its MAC address for as long as the switch that has that MAC address is in the stack. If the previous stack master does not rejoin the stack, the switch stack takes the MAC address of the new stack master as the stack MAC address.
Page 885
Examples This examples shows how to enable persistent MAC address: Switch(config)# stack-mac persistent timer You can verify your settings by entering the show running-config privileged EXEC command. If enabled, stack-mac persistent timer is shown in the output. Related Commands Command...
To configure StackPower parameters for the power stack or for a switch in the power stack, use the stack power global configuration command. To return to the default setting, use the no form of the command, stack-power {stack power stack name | switch switch-number}...
Page 887
• stack-id name: enter the name of the power stack to which the switch belongs. If you do not enter the power stack-ID, the switch does not inherit the stack parameters. The name can be up to 31 characters.
Use the storm-control interface configuration command on the switch stack or on a standalone switch to enable broadcast, multicast, or unicast storm control and to set threshold levels on an interface. Use the no form of this command to return to the default setting.
Page 889
The storm-control suppression level can be entered as a percentage of total bandwidth of the port, as a rate in packets per second at which traffic is received, or as a rate in bits per second at which traffic is received.
Page 890
When a storm occurs and the action is to filter traffic, if the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. If the falling suppression level is specified, the switch blocks traffic until the traffic rate drops below this level.
12.2(53)SE2 This command was introduced. Usage Guidelines A stack is in the full-ring state when all members are connected through the stack ports and are in the ready state. The stack is in the partial-ring state when All members are connected through their stack ports, but some are not in the ready state.
Page 892
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switch Examples This example shows how to disable stack port 2 on member 4: Switch# switch 4 stack port 2 disable Related Commands Command Description show switch Displays information about the switch stack and the stack members.
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switch priority switch priority Use the switch priority global configuration command on the stack master to change the stack member priority value. switch stack-member-number priority new-priority-value Note This command is supported only on Catalyst 3750-X switches.
Use the switch provision global configuration command on the stack master to provision (to supply a configuration to) a new switch before it joins the switch stack. Use the no form of this command to delete all configuration information associated with the removed switch (a stack member that has left the stack).
Page 895
Examples This example shows how to provision a switch with a stack member number of 2 for the switch stack. The show running-config command output shows the interfaces associated with the provisioned switch: Switch(config)# switch 2 provision WS- xxxx...
If another stack member is already using the member number that you just specified, the stack master assigns the lowest available number when you reload the stack member. If you change the number of a stack member, and no configuration is associated with the new stack Note member number, that stack member loses its current configuration and resets to its default configuration.
Page 897
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switch renumber Related Commands Command Description reload Reloads the stack member and puts a configuration change into effect. session Accesses a specific stack member. switch priority Changes the stack member priority value. show switch Displays information about the switch stack and its stack members.
Use the switchport interface configuration command with no keywords on the switch stack or on a standalone switch to put an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration. Use the no form of this command to put an interface in Layer 3 mode.
Page 899
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport Examples This example shows how to cause an interface to cease operating as a Layer 2 port and become a Cisco-routed port: Switch(config-if)# no switchport This example shows how to cause the port interface to cease operating as a Cisco-routed port and convert...
Use the switchport access interface configuration command on the switch stack or on a standalone switch to configure a port as a static-access or dynamic-access port. If the switchport mode is set to access, the port operates as a member of the specified VLAN. If set to dynamic, the port starts discovery of VLAN assignment based on the incoming packets it receives.
Page 901
– Monitor ports. Examples This example shows how to change a switched port interface that is operating in access mode to operate in VLAN 2 instead of the default VLAN: Switch(config-if)# switchport access vlan 2 You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.
A VLAN interface (SVI) is up if ports are forwarding traffic in the associated VLAN. When all ports on a VLAN are down or blocking, the SVI is down. For the SVI to be up, at least one port in the VLAN must be up and forwarding.
Use the switchport backup interface interface configuration command on a Layer 2 interface on the switch stack or on a standalone switch to configure Flex Links, a pair of interfaces that provide backup to each other. Use the no form of this command to remove the Flex Links configuration.
Page 905
• interface from the active interface. • An interface can belong to only one Flex Link pair. An interface can be a backup link for only one active link. An active link cannot belong to another Flex Link pair. •...
Page 906
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport backup interface This example shows how to configure the Gigabit Ethernet interface as the MMU primary VLAN: Switch# configure terminal Switch(conf)# interface gigabitethernet1/0/1 Switch(conf-if)# switchport backup interface gigabitethernet1/0/2 mmu primary vlan 1021...
This command was introduced. Usage Guidelines By default, all traffic with unknown MAC addresses is sent to all ports. You can block unknown multicast or unicast traffic on protected or nonprotected ports. If unknown multicast or unicast traffic is not blocked on a protected port, there could be security issues.
Page 908
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport block Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. Catalyst 3750-X and 3560-X Switch Command Reference...
Use the switchport host interface configuration command on the switch stack or on a standalone switch to optimize a Layer 2 port for a host connection. The no form of this command has no affect on the system.
Use the switchport mode interface configuration command on the switch stack or on a standalone switch to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device.
Page 911
• If an IP ACL is applied to a trunk port in a VLAN that includes tunnel ports, or if a VLAN map is applied to a VLAN that includes tunnel ports, packets received from the tunnel port are treated as non-IP packets and are filtered with MAC access lists.
Page 912
This example shows how to configure a port for trunk mode: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# switchport mode trunk This example shows how to configure a port as an IEEE 802.1Q tunnel port: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# switchport mode dot1q-tunnel You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.
Use the switchport mode private-vlan interface configuration command on the switch stack or on a standalone switch to configure a port as a promiscuous or host private VLAN port. Use the no form of this command to reset the mode to the appropriate default for the device.
Page 914
This example shows how to configure an interface as a private-VLAN host port and associate it to primary VLAN 20. The interface is a member of secondary isolated VLAN 501 and primary VLAN 20. When you configure a port as a private VLAN host port, you should also enable BPDU guard and Port Note Fast by using the spanning-tree portfast bpduguard default global configuration command and the spanning-tree portfast interface configuration command.
Dynamic Trunking Protocol (DTP) negotiation packets are not sent on the Layer 2 interface. The switch does not engage in DTP negotiation on this interface. Use the no form of this command to return to the default setting.
Page 916
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport nonegotiate Examples This example shows how to cause a port to refrain from negotiating trunking mode and to act as a trunk or access port (depending on the mode set): Switch(config)# interface gigabitethernet2/0/1...
Use the keywords to configure secure MAC addresses, sticky MAC address learning, a maximum number of secure MAC addresses, or the violation mode. Use the no form of this command to disable port security or to set the parameters to their default states.
Page 918
VLAN on which the violation occurred is error-disabled. Defaults The default is to disable port security. When port security is enabled and no keywords are entered, the default maximum number of secure MAC addresses is 1. The default violation mode is shutdown.
Page 919
IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the Cisco IP phone.
Page 920
MAC address is not added to the running configuration. Examples This example shows how to enable port security on a port and to set the maximum number of secure addresses to 5. The violation mode is the default, and no secure MAC addresses are configured.
Page 921
Related Commands Command Description clear port-security Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface. show port-security address Displays all the secure addresses configured on the switch.
This command was introduced. Usage Guidelines To enable secure address aging for a particular port, set the aging time to a value other than 0 for that port. To allow limited time access to particular secure addresses, set the aging type as absolute. When the aging time lapses, the secure addresses are deleted.
Page 923
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport port-security aging Examples This example sets the aging time as 2 hours for absolute aging for all the secure addresses on the port: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# switchport port-security aging time 120...
IP phone connected to the specified port. Use the no form of this command to return to the default setting.
Page 925
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport priority extend Related Commands Command Description show interfaces Displays the administrative and operational status of a switching (nonrouting) port. switchport voice vlan Configures the voice VLAN on the port. Catalyst 3750-X and 3560-X Switch Command Reference...
Use the switchport private-vlan interface configuration command on the switch stack or on a standalone switch to define a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. Use the no form of this command to remove the private-VLAN association or mapping from the port.
Page 927
{host | promiscuous} interface configuration command. If the port is in private-VLAN host or promiscuous mode but the VLANs do not exist, the command is allowed, but the port is made inactive.
A protected port is different from a secure port. A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software.
Page 929
Related Commands Command Description show interfaces Displays the administrative and operational status of a switching (nonrouting) switchport port, including port blocking and port protection settings. switchport block Prevents unknown multicast or unicast traffic on the interface. Catalyst 3750-X and 3560-X Switch Command Reference...
Use the switchport trunk interface configuration command on the switch stack or on a standalone switch to set the trunk characteristics when the interface is in trunking mode. Use the no form of this command to reset a trunking characteristic to the default.
Page 931
• You cannot configure one end of the trunk as an IEEE 802.1Q trunk and the other end as an ISL or nontrunk port. However, you can configure one port as an ISL trunk and a different port on the same switch as an IEEE 802.1Q trunk.
Page 932
Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking Protocol (VTP) in VLAN 1. The no form of the allowed vlan command resets the list to the default list, which allows all VLANs. •...
Use the switchport voice detect interface configuration command on the switch stack or on a standalone switch to detect and recognize a Cisco IP phone. Use the no form of this command to return to the default setting.
Use the switchport voice vlan interface configuration command on the switch stack or on a standalone switch to configure voice VLAN on the port. Use the no form of this command to return to the default setting.
Page 935
IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required.
For example, if the red threshold is 60 degrees C and you want to configure the yellow threshold as 51 degrees C, set the difference between the thresholds as 15 by using the system env temperature threshold yellow 9 command.
Page 937
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands system env temperature threshold yellow Examples This example sets 15 as the difference between the yellow and red thresholds: Switch(config)# system env temperature threshold yellow 15 Switch(config)# Related Commands Command Description...
(MTU) size for Gigabit Ethernet (10/100/1000) ports, or for 10-Gigabit ports, or for routed ports. Use the no form of this command to restore the global MTU value to its default value. In a mixed hardware stack, you can also configure Fast Ethernet (10/100) ports on Catalyst 3750 members.
Page 939
The system mtu bytes global configuration command only affects the system MTU size on Fast Ethernet ports on Catalyst 3750 members in a mixed hardware switch stack. In this stack, you can use the system mtu bytes global configuration command on a Catalyst 3750-E or Catalyst 3750-X member to configure the system MTU size on a Catalyst 3750 member.
Page 940
MTU value (in bytes). Catalyst 3560 switch 1. If you use the system mtu bytes command on a Catalyst 3750-X or 3750-E member in a mixed hardware stack, the setting takes effect on the Fast Ethernet ports of Catalyst 3750 members.
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands test cable-diagnostics tdr test cable-diagnostics tdr Use the test cable-diagnostics tdr privileged EXEC command on the switch stack or on a standalone switch to run the Time Domain Reflector (TDR) feature on an interface. test cable-diagnostics tdr interface interface-id...
Do not disable CDP. When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
Page 943
Gi0/2 [auto, auto] => Fa0/1 [auto, auto] Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2) Layer 2 trace completed. This example shows how to display the Layer 2 path by specifying the interfaces on the source and destination switches: Switch# traceroute mac interface fastethernet0/1 0000.0201.0601 interface fastethernet0/3 0000.0201.0201...
Page 944
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands traceroute mac This example shows the Layer 2 path when the switch cannot find the destination port for the source MAC address: Switch# traceroute mac 0000.0011.1111 0000.0201.0201 Error:Source Mac address not found.
Do not disable CDP. When the switch detects an device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
Page 946
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands traceroute mac ip The Layer 2 traceroute feature is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears.
CoS value is used if the packet is tagged. If the packet is untagged, the port default CoS value is used to map CoS to DSCP. Defaults The action is not trusted. If no keyword is specified when the command is entered, the default is dscp. Command Modes Policy-map class configuration...
Page 948
IP-precedence-to-DSCP map. For non-IP packets that are tagged, QoS uses the received CoS value; for non-IP packets that are untagged, QoS uses the default port CoS value. In either case, the DSCP for the packet is derived from the CoS-to-DSCP map.
Use the udld global configuration command on the switch stack or on a standalone switch to enable aggressive or normal mode in the UniDirectional Link Detection (UDLD) and to set the configurable message timer time. Use the no form of the command to disable aggressive or normal mode UDLD on all fiber-optic ports.
Page 950
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands udld • The no udld port interface configuration command followed by the udld port or udld port aggressive interface configuration command to re-enable UDLD on the specified interface • The errdisable recovery cause udld and errdisable recovery interval interval global...
To enable UDLD in normal mode, use the udld port interface configuration command. To enable UDLD in aggressive mode, use the udld port aggressive interface configuration command. Use the no udld port command on fiber-optic ports to return control of UDLD to the udld enable global configuration command or to disable UDLD on nonfiber-optic ports.
Page 952
This example shows how to enable UDLD on an port: Switch(config)# interface gigabitethernet6/0/1 Switch(config-if)# udld port This example shows how to disable UDLD on a fiber-optic interface despite the setting of the udld global configuration command: Switch(config)# interface gigabitethernet6/0/1 Switch(config-if)# no udld port You can verify your settings by entering the show running-config or the show udld interface privileged EXEC command.
12.2(53)SE2 This command was introduced. Usage Guidelines If the interface configuration is still enabled for UDLD, these ports begin to run UDLD again and are disabled for the same reason if the problem has not been corrected. Examples This example shows how to reset all interfaces disabled by UDLD: Switch# udld reset 1 ports shutdown by UDLD were reset.
Switch# configure terminal Switch(config)# line console 0 Switch(config-line)# usb-inactivity-timeout 60 If there is no input on the USB console for 60 minutes, the console changes to RJ-45, and a system message log appears showing the inactivity timeout. Related Commands Command...
The VLAN database revision number remains unchanged in the VLAN database. If the VTP mode is server, or if the startup VTP mode or domain names do not match the VLAN • database, the VTP mode and the VLAN configuration for the first 1005 VLANs use the VLAN database information.
Page 956
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vlan (global configuration) With VTP version 1 and version 2, if you try to create an extended-range VLAN when the switch is not in VTP transparent mode, the VLAN is rejected, and you receive an error message.
Page 957
VLAN. This parameter identifies the TrBRF to which a TrCRF belongs and is required when defining a TrCRF. The range is 0 to 1005. The default parent VLAN ID is 0 (no parent VLAN) for FDDI and Token Ring VLANs. For both Token Ring and TrCRF VLANs, the parent VLAN ID must already exist in the database and be associated with a Token Ring-NET or TrBRF VLAN.
Page 958
{suspend | active}, said said-value, mtu mtu-size, bridge bridge-number, stp type {ieee | ibm | auto}, tb-vlan1 tb-vlan1-id, tb-vlan2 tb-vlan2-id If VTP v2 mode is disabled, do not set the stp type to auto. Token Ring VTP v1 mode is enabled.
Page 959
VLANxxx, where xxxx represents four numeric digits (including leading zeros) equal to the VLAN ID number. The default media option is ethernet; the state option is active. The default said-value variable is 100000 plus the VLAN ID; the mtu-size variable is 1500; the stp-type option is ieee.
VLAN access-map configuration, where you can use the match access-map configuration command to specify the access lists for IP or non-IP traffic to match and use the action command to set whether a match causes the packet to be forwarded or dropped.
Page 961
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vlan access-map You can use the no vlan access-map name [number] command with a sequence number to delete a single entry. In global configuration mode, use the vlan filter interface configuration command to apply the map to one or more VLANs.
Use the vlan dot1q tag native global configuration command on the switch stack or on a standalone switch to enable tagging of native VLAN frames on all IEEE 802.1Q trunk ports. Use the no form of this command to return to the default setting.
Page 963
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vlan dot1q tag native Related Commands Command Description show vlan dot1q tag native Displays IEEE 802.1Q native VLAN tagging status. Catalyst 3750-X and 3560-X Switch Command Reference 2-931 OL-21522-02...
Use the vlan filter global configuration command on the switch stack or on a standalone switch to apply a VLAN map to one or more VLANs. Use the no form of this command to remove the map. vlan filter mapname vlan-list {list | all} no vlan filter mapname vlan-list {list | all} This command is not supported on switches running the LAN base feature set.
Page 965
Related Commands Command Description show vlan access-map Displays information about a particular VLAN access map or all VLAN access maps. show vlan filter Displays information about all VLAN filters or about a particular VLAN or VLAN access map.
(privileged EXEC) vmps reconfirm (privileged EXEC) Use the vmps reconfirm privileged EXEC command on the switch stack or on a standalone switch to immediately send VLAN Query Protocol (VQP) queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS).
Use the vmps reconfirm global configuration command on the switch stack or on a standalone switch to change the reconfirmation interval for the VLAN Query Protocol (VQP) client. Use the no form of this command to return to the default setting.
Use the vmps retry global configuration command on the switch stack or on a standalone switch to configure the per-server retry count for the VLAN Query Protocol (VQP) client. Use the no form of this command to return to the default setting.
The first server address can be overridden by using primary in a subsequent command. If a member switch in a cluster configuration does not have an IP address, the cluster does not use the VMPS server configured for that member switch. Instead, the cluster uses the VMPS server on the command switch, and the command switch proxies the VMPS requests.
Page 970
This example shows how to delete the server with IP address 191.10.49.21: Switch(config)# no vmps server 191.10.49.21 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the VMPS Domain Server row. Related Commands...
Page 972
VLAN database information, and VLANs greater than 1005 are configured from the switch configuration file. The vtp file filename cannot be used to load a new database; it renames only the file in which the existing database is stored. Catalyst 3750-X and 3560-X Switch Command Reference...
Page 973
The no vtp mode command returns the switch to VTP server mode. • The vtp mode server command is the same as no vtp mode except that it does not return an error • if the switch is not in client or transparent mode.
Page 974
VTP Version 1 mode. • If all switches in a domain are VTP Version 2-capable, you need only to configure Version 2 on one switch; the version number is then propagated to the other Version-2 capable switches in the VTP domain.
Page 975
Switch(config)# vtp pruning Pruning switched ON This example shows how to enable Version 2 mode in the VLAN database: Switch(config)# vtp version 2 You can verify your settings by entering the show vtp status privileged EXEC command. Related Commands Command Description...
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vtp (interface configuration) vtp (interface configuration) Use the vtp interface configuration command to enable the VLAN Trunking Protocol (VTP) on a per-port basis. Use the no form of this command to disable VTP on the interface. no vtp This command is supported only when the switch is running VTP version 3.
NVRAM. By default, all devices come up as secondary servers. Primary server status is needed only for database updates when the administrator issues a takeover message in the domain. You can have a working VTP domain without any primary servers.
Page 978
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vtp primary Examples This example shows how to configure the switch as the primary VTP server for VLANs: Switch# vtp primary vlan Setting device to VTP TRANSPARENT mode. You can verify your settings by entering the show vtp status privileged EXEC command.
During normal boot loader operation, you are not presented with the boot loader command-line prompt. You gain access to the boot loader command line if the switch is set to manually boot, if an error occurs during power-on self test (POST) DRAM testing, or if an error occurs while loading the operating system (a corrupted Cisco IOS image).
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands Use the arp boot loader command to display the contents the Address Resolution Protocol (ARP) table. arp [ip_address] Syntax Description ip_address (Optional) Show the ARP table or the mapping for a specific IP address.
The switch attempts to automatically boot the system by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory.
Page 982
Catalyst 3750-X and 3560-X Switch Boot Loader Commands boot Related Commands Command Description Sets the BOOT environment variable to boot a specific image when the BOOT keyword is appended to the command. Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
If you specify a list of files, the contents of each file appears sequentially. Examples This example shows how to display the contents of an image file. An example of an image file is c3750e-universal-mz.122-53.SE2: switch: cat flash: image_file_name /info version_suffix: universal-122- xx .SE x...
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands copy copy Use the copy boot loader command to copy a file from a source to a destination. copy [-b block-size] filesystem:/source-file-url filesystem:/destination-file-url Syntax Description -b block-size (Optional) This option is used only for internal development and testing.
Page 985
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands delete delete Use the delete boot loader command to delete one or more files from the specified file system. delete filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands Use the dir boot loader command to display a list of files and directories on the specified file system. dir filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Page 987
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands Table A-1 dir Field Descriptions (continued) Field Description <date> Last modification date. env_vars Filename. Related Commands Command Description mkdir Creates one or more directories. rmdir Removes one or more directories.
Usage Guidelines During the normal boot process, the flash file system is automatically initialized. Use this command to manually initialize the flash file system. For example, you use this command during the recovery procedure for a lost or forgotten password.
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands format format Use the format boot loader command to format the specified file system and destroy all data in that file system. format filesystem: Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Modification 12.2(53)SE2 This command was introduced. Usage Guidelines To stop an in-progress file system consistency check, disconnect the switch power and then reconnect the power. Examples This example shows how to perform an extensive file system check on flash memory:...
Command Modes Boot loader Command History Release Modification 12.2(53)SE2 This command was introduced. Usage Guidelines You can also use the question mark (?) to display a list of available boot loader commands. Catalyst 3750-X and 3560-X Switch Command Reference A-13 OL-21522-02...
Text Beginning and ending address of the text storage area. Rotext Beginning and ending address of the read-only text storage area. This part of the data segment is grouped with the Text entry. Data Beginning and ending address of the data segment storage area.
Page 993
Field Descriptions (continued) Field Description Stack Beginning and ending address of the area in memory allocated to the software to store automatic variables, return addresses, and so forth. Heap Beginning and ending address of the area in memory that memory is dynamically allocated to and freed from.
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mgmt_clr mgmt_clr Use the mgmt_clr boot loader command to clear the Ethernet management port statistics. mgmt_clr Syntax Description This command has no arguments or keywords. Command Modes Boot loader Command History...
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mgmt_init mgmt_init Use the mgmt_init boot loader command to initialize the Ethernet management port. mgmt_init Syntax Description This command has no arguments or keywords. Command Modes Boot loader Command History...
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mgmt_show mgmt_show Use the mgmt_show boot loader command to display the Ethernet management port statistics. mgmt_show Syntax Description This command has no arguments or keywords. Command Modes Boot loader Command History...
Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mkdir mkdir Use the mkdir boot loader command to create one or more new directories on the specified file system. mkdir filesystem:/directory-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
Filenames and directory names are case sensitive. If you specify a list of files, the contents of each file appears sequentially. Examples This example shows how to display the contents of a file. An example of an image file is c3750e-universal-mz.122-53.SE2: switch: more flash: image_file_name /info version_suffix: universal-122- xx .SE x...
Usage Guidelines Filenames and directory names are case sensitive. Directory names are limited to 45 characters between the slashes (/); the name cannot contain control characters, spaces, deletes, slashes, quotes, semicolons, or colons. Filenames are limited to 45 characters; the name cannot contain control characters, spaces, deletes, slashes, quotes, semicolons, or colons.
Catalyst 3750-X and 3560-X Switch Boot Loader Commands reset reset Use the reset boot loader command to perform a hard reset on the system. A hard reset is similar to power-cycling the switch, clearing the processor, registers, and memory. reset Syntax Description This command has no arguments or keywords.