hit counter script
Cisco Catalyst 3560X-24P Command Reference Manual

Cisco Catalyst 3560X-24P Command Reference Manual

Cisco ios release 12.2(55)se
Hide thumbs Also See for Catalyst 3560X-24P:
Table of Contents

Advertisement

Quick Links

Catalyst 3750-X and 3560-X Switch
Command Reference
Cisco IOS Release 12.2(55)SE
August 2010
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-21522-02

Advertisement

Table of Contents
loading

Summary of Contents for Cisco Catalyst 3560X-24P

  • Page 1 Catalyst 3750-X and 3560-X Switch Command Reference Cisco IOS Release 12.2(55)SE August 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-21522-02...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.
  • Page 3: Table Of Contents

    C O N T E N T S Preface xxiii Audience xxiii Purpose xxiii Conventions xxiii Related Publications xxiv Obtaining Documentation and Submitting a Service Request Using the Command-Line Interface C H A P T E R Accessing the Switch...
  • Page 4 2-77 cdp forward 2-79 channel-group 2-81 channel-protocol 2-85 cisp enable 2-86 class 2-87 class-map 2-90 clear dot1x 2-92 clear eap sessions 2-93 clear errdisable interface 2-94 clear ip arp inspection log 2-95 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 5 2-129 copy logging onboard 2-130 confidentiality-offset 2-132 define interface-range 2-133 delete 2-135 deny (ARP access-list configuration) 2-136 deny (IPv6 access-list configuration) 2-138 deny (MAC access-list configuration) 2-143 diagnostic monitor 2-146 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 6 2-188 duplex 2-189 epm access-control open 2-191 errdisable detect cause 2-193 errdisable detect cause small-frame 2-195 errdisable recovery 2-197 errdisable recovery cause small-frame 2-200 exception crashinfo 2-201 fallback profile 2-202 flowcontrol 2-204 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 7 2-249 ip dhcp snooping trust 2-250 ip dhcp snooping verify 2-251 ip dhcp snooping vlan 2-252 ip dhcp snooping vlan information option format-type circuit-id string 2-253 ip igmp filter 2-255 ip igmp max-groups 2-257 ip igmp profile 2-259...
  • Page 8 2-313 l2protocol-tunnel 2-315 l2protocol-tunnel cos 2-318 lacp port-priority 2-319 lacp system-priority 2-321 link state group 2-323 link state track 2-325 location (global configuration) 2-326 location (interface configuration) 2-328 logging event 2-330 Catalyst 3750-X and 3560-X Switch Command Reference viii OL-21522-02...
  • Page 9 2-386 mls qos srr-queue input dscp-map 2-388 mls qos srr-queue input priority-queue 2-390 mls qos srr-queue input threshold 2-392 mls qos srr-queue output cos-map 2-394 mls qos srr-queue output dscp-map 2-396 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 10 2-447 power inline 2-449 power inline consumption 2-452 power inline police 2-455 power-priority 2-458 power rps 2-460 power supply 2-462 priority-queue 2-464 private-vlan 2-466 private-vlan mapping 2-469 queue-set 2-471 radius-server dead-criteria 2-472 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 11 2-532 show controllers cpu-interface 2-534 show controllers ethernet-controller 2-536 show controllers ethernet-controller fastethernet 2-543 show controllers ethernet phy macsec 2-546 show controllers power inline 2-549 show controllers tcam 2-551 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 12 2-628 show ip verify source 2-630 show ipc 2-632 show ipv6 access-list 2-636 show ipv6 dhcp conflict 2-638 show ipv6 mld snooping 2-639 show ipv6 mld snooping address 2-641 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 13 2-706 show mls qos input-queue 2-707 show mls qos interface 2-709 show mls qos maps 2-713 show mls qos queue-set 2-716 show mls qos vlan 2-718 show monitor 2-719 Catalyst 3750-X and 3560-X Switch Command Reference xiii OL-21522-02...
  • Page 14 2-787 snmp-server host 2-792 snmp trap mac-notification change 2-796 spanning-tree backbonefast 2-798 spanning-tree bpdufilter 2-799 spanning-tree bpduguard 2-801 spanning-tree cost 2-803 spanning-tree etherchannel guard misconfig 2-805 spanning-tree extend system-id 2-807 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 15 2-852 stack-power 2-854 storm-control 2-856 switch 2-859 switch priority 2-861 switch provision 2-862 switch renumber 2-864 switchport 2-866 switchport access 2-868 switchport autostate exclude 2-870 switchport backup interface 2-872 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 16 2-930 vlan filter 2-932 vmps reconfirm (privileged EXEC) 2-934 vmps reconfirm (global configuration) 2-935 vmps retry 2-936 vmps server 2-937 vtp (global configuration) 2-939 vtp (interface configuration) 2-944 vtp primary 2-945 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 17 Contents Catalyst 3750-X and 3560-X Switch Boot Loader Commands A P P E N D I X boot copy delete flash_init A-10 format A-11 fsck A-12 help A-13 memory A-14 mgmt_clr A-16 mgmt_init A-17 mgmt_show A-18 mkdir A-19 more A-20...
  • Page 18 B-45 debug platform fallback-bridging B-46 debug platform forw-tcam B-47 debug platform frontend-controller B-48 debug platform ip arp inspection B-49 debug platform ip dhcp B-50 debug platform ip igmp snooping B-51 Catalyst 3750-X and 3560-X Switch Command Reference xviii OL-21522-02...
  • Page 19 B-87 debug spanning-tree bpdu B-88 debug spanning-tree bpdu-opt B-89 debug spanning-tree mstp B-90 debug spanning-tree switch B-92 debug spanning-tree uplinkfast B-94 debug sw-vlan B-95 debug sw-vlan ifs B-97 debug sw-vlan notification B-98 Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 20 B-100 debug udld B-102 debug vqpc B-104 Catalyst 3750-X and 3560-X Show Platform Commands A P P E N D I X show platform acl show platform backup interface show platform configuration show platform dl show platform etherchannel show platform forward...
  • Page 21 Contents show platform tb C-45 show platform tcam C-47 show platform vlan C-50 Acknowledgments for Open-Source Software A P P E N D I X N D E X Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 22 Contents Catalyst 3750-X and 3560-X Switch Command Reference xxii OL-21522-02...
  • Page 23 Ethernet and local area networking. Purpose This guide provides the information that you need about the Layer 2 and Layer 3 commands that have been created or changed for use with the Catalyst 3750-X and 3560-X switches. For information about the standard Cisco IOS Release 12.2 commands, see the Cisco IOS documentation set available from the...
  • Page 24: Related Publications

    Preface • Braces ({}) group required choices, and vertical bars ( | ) separate the alternative elements. Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional • element. Interactive examples use these conventions: Terminal sessions and system displays are in font.
  • Page 25: Obtaining Documentation And Submitting A Service Request

    Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
  • Page 26 Preface Catalyst 3750-X and 3560-X Switch Command Reference xxvi OL-21522-02...
  • Page 27: Accessing The Switch

    For more information on Cisco IOS Release 12.2, see the Cisco IOS Release 12.2 Command Summary. For task-oriented configuration steps, see the software configuration guide for this release. In this document, IP refers to IP version 4 (IPv4) unless there is a specific reference to IP version 6 (IPv6). Accessing the Switch You manage the switch stack and the stack member interfaces through the stack master (such as a Catalyst 3750-X switch).
  • Page 28: C H A P T E R 1 Using The Command-Line Interface

    Line configuration • Table 1-1 lists the main command modes, how to access each mode, the prompt you see in that mode, and how to exit that mode. The prompts listed use the default name Switch. Table 1-1 Command Modes Summary...
  • Page 29: Cli Command Modes

    After you access the device, you are automatically in user EXEC command mode. The EXEC commands available at the user level are a subset of those available at the privileged level. In general, use the user EXEC commands to temporarily change terminal settings, perform basic tests, and list system information.
  • Page 30: Privileged Exec Mode

    The supported commands can vary depending on the version of software in use. To display a comprehensive list of commands, enter a question mark (?) at the prompt. Switch(config)# ? To exit global configuration command mode and to return to privileged EXEC mode, enter the end or exit command, or press Ctrl-Z. Interface Configuration Mode Interface configuration commands modify the operation of the interface.
  • Page 31: Global Configuration Mode

    For extended-range VLANs, all characteristics except the MTU size must remain at the default setting. To return to global configuration mode, enter exit; to return to privileged EXEC mode, enter end. All the commands except shutdown take effect when you exit config-vlan mode.
  • Page 32 Chapter 1 Using the Command-Line Interface CLI Command Modes Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 33: Aaa Accounting Dot1X

    IEEE 802.1x accounting. aaa accounting dot1x {name | default} start-stop {broadcast group {name | radius | tacacs+} [group {name | radius | tacacs+} ... ] | group {name | radius | tacacs+} [group {name | radius | tacacs+} ... ]}...
  • Page 34 This example shows how to configure IEEE 802.1x accounting: Switch(config)# aaa new-model Switch(config)# aaa accounting dot1x default start-stop group radius The RADIUS authentication server must be properly configured to accept and log update or watchdog Note packets from the AAA client.
  • Page 35: Aaa Authentication Dot1X

    The method argument identifies the method that the authentication algorithm tries in the given sequence to validate the password provided by the client. The only method that is truly IEEE 802.1x-compliant is the group radius method, in which the client data is validated against a RADIUS authentication server.
  • Page 36 This example shows how to enable AAA and how to create an IEEE 802.1x-compliant authentication list. This authentication first tries to contact a RADIUS server. If this action returns an error, the user is not allowed access to the network.
  • Page 37: Aaa Authorization Network

    Use the aaa authorization network global configuration command on the switch stack or on a standalone switch to the configure the switch to use user-RADIUS authorization for all network-related service requests, such as IEEE 802.1x per-user access control lists (ACLs) or VLAN assignment. Use the no form of this command to disable RADIUS user authorization.
  • Page 38: Action

    Use the action access-map configuration command on the switch stack or on a standalone switch to set the action for the VLAN access map entry. Use the no form of this command to return to the default setting. action {drop | forward} no action This command is not supported on switches running the LAN base feature set.
  • Page 39 Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands. ip access-list Creates a named access list. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands.
  • Page 40: Archive Copy-Sw

    Use the archive copy-sw privileged EXEC command on the stack master to copy the running image from the flash memory on one stack member to the flash memory on one or more other stack members. archive copy-sw [/destination-system destination-stack-member-number] [/force-reload] [leave-old-sw] [/no-set-boot] [/overwrite] [/reload] [/safe] source-stack-member-number This command is supported only on Catalyst 3750-X switches.
  • Page 41 If you specify the command without the /overwrite option, the algorithm verifies that the new image is not the same as the one on the switch flash device or is not running on any stack members. If the images are the same, the copy does not occur. If the images are different, the old image is deleted, and the new one is copied.
  • Page 42 This example shows how to copy the running image from stack member 6 to stack member 8: Switch# archive copy-sw /destination-system 8 6 This example shows how to copy the running image from stack member 6 to all the other stack members: Switch# archive copy-sw 6 This example shows how to copy the running image from stack member 5 to stack member 7.
  • Page 43: Archive Download-Sw

    Use the archive download-sw privileged EXEC command on the switch stack or on a standalone switch to download a new image from a TFTP server to the switch or switch stack and to overwrite or keep the existing image.
  • Page 44 The new image is downloaded to the flash: file system. The BOOT environment variable is changed to point to the new software image on the flash: file system. Image names are case sensitive; the image file is provided in tar format.
  • Page 45 If you specify the command without the /overwrite option, the download algorithm verifies that the new image is not the same as the one on the switch flash device or is not running on any stack members. If the images are the same, the download does not occur. If the images are different, the old image is deleted, and the new one is downloaded.
  • Page 46 Creates a tar file, lists the files in a tar file, or extracts the files from a tar file. archive upload-sw Uploads an existing image on the switch to a server.
  • Page 47: Archive Tar

    Use the archive tar privileged EXEC command on the switch stack or on a standalone switch to create a tar file, list files in a tar file, or extract the files from a tar file. archive tar {/create destination-url flash:/file-url} | {/table source-url} | {/xtract source-url flash:/file-url [dir/file...]}...
  • Page 48 For flash:/file-url [dir/file...], specify the location on the local flash file system into which the tar file is extracted. Use the dir/file... option to specify an optional list of files or directories within the tar file to be extracted. If none are specified, all files and directories are extracted.
  • Page 49 Switch# archive tar /create tftp:172.20.10.30/saved.tar flash:/new-configs This example shows how to display the contents of an image file that is in flash memory. An example of an image file name is c3750x-universal-tar.12-53.SE2. The contents of the tar file appear on the screen: Switch# archive tar /table flash: image_name .tar...
  • Page 50: Archive Upload-Sw

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands archive upload-sw archive upload-sw Use the archive upload-sw privileged EXEC command on the switch stack or on a standalone switch to upload an existing switch image to a server. archive upload-sw [/source-system-num stack member number | /version version_string]...
  • Page 51 Use the upload feature only if the HTML files associated with the embedded device manager have been installed with the existing image. The files are uploaded in this sequence: the Cisco IOS image, the HTML files, and info. After these files are uploaded, the software creates the tar file.
  • Page 52: Arp Access-List

    Use the permit and deny access-list configuration commands to forward and to drop ARP packets based on the specified matching criteria. When the ARP ACL is defined, you can apply it to a VLAN by using the ip arp inspection filter vlan global configuration command. ARP packets containing only IP-to-MAC address bindings are compared to the ACL.
  • Page 53 Examples This example shows how to define an ARP access list and to permit both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 00001.0000.abcd...
  • Page 54: Authentication Command Bounce-Port Ignore

    The CoA bounce port command causes a link flap, which triggers a DHCP renegotiation from the host. This is useful when a VLAN change occurs and the endpoint is a device such as a printer, that has no supplicant to detect the change. Use this command to configure the switch to ignore the bounce port command.
  • Page 55: Authentication Command Disable-Port Ignore

    Use the authentication command disable-port ignore global configuration command on the switch stack or on a standalone switch to allow the switch to ignore a command to disable a port. Use the no form of this command to return to the default status.
  • Page 56: Authentication Control-Direction

    Modification 12.2(53)SE2 This command was introduced. Usage Guidelines Use the both keyword or the no form of this command to return to the default setting (bidirectional mode). Examples This example shows how to enable bidirectional mode: Switch(config-if)# authentication control-direction both...
  • Page 57 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port with the maximum number of devices already connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 58: Authentication Event

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication event authentication event Use the authentication event interface configuration command to set the actions for specific authentication events on the port. authentication event {[linksec] fail [action [authorize vlan vlan-id | next-method] {| retry {retry...
  • Page 59 MDA mode. Authenticated hosts remain in the authenticated VLAN, and the reauthentication timers are disabled. If a client is running Windows XP and the critical port to which the client is connected is in the •...
  • Page 60 Switch(config-if)# authentication event server alive action reinitialize This example shows how to configure a port to send both new and existing hosts to the critical VLAN when the RADIUS server is unavailable. Use this command for ports in multiple authentication (multiauth)
  • Page 61 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 62: Authentication Event Linksec Fail Action

    When link-security authentication fails because of unrecognized user credentials, this command specifies that the switch authorizes a restricted VLAN on the port. Examples This example configures the interface so that the port is assigned to a restricted VLAN 40 after a failed authentication attempt: Switch(config)# interface gigabitethernet1/0/3...
  • Page 63: Authentication Fallback

    You must enter the authentication port-control auto interface configuration command before configuring a fallback method. You can only configure web authentication as a fallback method to 802.1x or MAB, so one or both of these authentication methods should be configured for the fallback to enable.
  • Page 64 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 65: Authentication Host-Mode

    This command was introduced. Usage Guidelines Single-host mode should be configured if only one data host is connected. Do not connect a voice device to authenticate on a single-host port. Voice device authorization fails if no voice VLAN is configured on the port.
  • Page 66 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 67: Authentication Linksec Policy

    This command was introduced. Usage Guidelines The linksec policy might change after a successful reauthentication started by a local timer or a change of authorization (CoA) reauthenticate command. If the policy changes from must-not-secure to must-secure after a reauthentication, the system attempts to secure the session. If the MACsec key does not renegotiate a MACsec connection after a reauthentication, the session is terminated, and all local states are removed.
  • Page 68: Authentication Mac-Move Permit

    The command enables authenticated hosts to move between 802.1x-enabled ports on a switch. For example, if there is a device between an authenticated host and port, and that host moves to another port, the authentication session is deleted from the first port, and the host is reauthenticated on the new port.
  • Page 69 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port with the maximum number of devices already connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 70: Authentication Open

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication open authentication open Use the authentication open interface configuration command to enable or disable open access on a port. Use the no form of this command to disable open access. authentication open...
  • Page 71 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 72: Authentication Order

    Each method can only be entered once. Flexible ordering is only possible between 802.1x and MAB. Web authentication can be configured as either a standalone method or as the last method in the order after either 802.1x or MAB. Web authentication should be configured only as fallback to dot1x or mab.
  • Page 73 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. Enables MAC authentication bypass on a port.
  • Page 74: Authentication Periodic

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication periodic authentication periodic Use the authentication periodic interface configuration command to enable or disable reauthentication on a port. Enter the no form of this command to disable reauthentication. authentication periodic no authentication periodic Command Default Reauthentication is disabled.
  • Page 75 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 76: Authentication Port-Control

    Trunk port—If you try to enable authentication on a trunk port, an error message appears, and is not • enabled. If you try to change the mode of an port to trunk, an error message appears, and the port mode is not changed.
  • Page 77 • EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an port. If you try to enable authentication on an EtherChannel port, an error message appears, and authentication is not enabled.
  • Page 78: Authentication Priority

    This command was introduced. Usage Guidelines Ordering sets the order of methods that the switch attempts when trying to authenticate a new device is connected to a port. When configuring multiple fallback methods on a port, set web authentication (webauth) last.
  • Page 79 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands authentication priority Examples This example shows how to set 802.1x as the first authentication method and web authentication as the second authentication method: Switch(config-if)# authentication priority dotx webauth This example shows how to set MAC authentication Bypass (MAB) as the first authentication method...
  • Page 80: Authentication Timer

    Interval in seconds after which an attempt is made to authenticate an unauthorized port. value Enter a value between 1 and 65535 (in seconds). Defaults The inactivity and restart keywords are set to off. The reauthenticate keyword is set to one hour. Command Modes Interface configuration Command History Release Modification 12.2(53)SE2...
  • Page 81 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. show authentication Displays information about authentication manager events on the switch.
  • Page 82: Authentication Violation

    Use the authentication violation interface configuration command to configure the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port.
  • Page 83 Sets the action for specific authentication events. authentication Configures a port to use web authentication as a fallback method for clients fallback that do not support 802.1x authentication. authentication Sets the authorization manager mode on a port.
  • Page 84: Auto Qos Classify

    Use the auto qos classify interface configuration command to automatically configure quality of service (QoS) classification for untrusted devices within a QoS domain. Use the no form of this command to return to the default setting. auto qos classify [police]...
  • Page 85 Usage Guidelines Use this command to configure the QoS for trusted interfaces within the QoS domain. The QoS domain includes the switch, the network interior, and edge devices that can classify incoming traffic for QoS. Auto-QoS configures the switch for connectivity with a trusted interface. The QoS labels of incoming packets are trusted.
  • Page 86 After auto-QoS is enabled, do not modify a policy map or aggregate policer that includes AutoQoS in its name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the copied policy map or policer. To use the new policy map instead of the generated one, remove the generated policy map from the interface, and apply the new policy map.
  • Page 87: Auto Qos Trust

    Use the auto qos trust interface configuration command on the switch stack or on a standalone switch to automatically configure quality of service (QoS) for trusted interfaces within a QoS domain. Use the no form of this command to return to the default setting.
  • Page 88 You can fine-tune the auto-QoS configuration after you enable auto-QoS. If the port is configured with auto-QoS trust, it trusts all the packets on the port. If the packets are not marked with a DSCP or CoS value, default marking takes affect.
  • Page 89 After auto-QoS is enabled, do not modify a policy map or aggregate policer that includes AutoQoS in its name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the copied policy map or policer. To use the new policy map instead of the generated one, remove the generated policy map from the interface, and apply the new policy map.
  • Page 90: Auto Qos Video

    Use the auto qos video interface configuration command on the switch stack or on a standalone switch to automatically configure quality of service (QoS) for video within a QoS domain. Use the no form of this command to return to the default setting.
  • Page 91 • in its name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the copied policy map or policer. To use the new policy map instead of the generated one, remove the generated policy map from the interface, and apply the new policy map.
  • Page 92 (to avoid disrupting traffic on other ports affected by the global configuration). You can use the no mls qos global configuration command to disable the auto-QoS-generated global configuration commands. With QoS disabled, there is no concept of trusted or untrusted ports because the packets are not modified (the CoS, DSCP, and IP precedence values in the packet are not changed).
  • Page 93: Auto Qos Voip

    Use the auto qos voip interface configuration command to automatically configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain. Use the no form of this command to return to the default setting.
  • Page 94 QoS. Auto-QoS configures the switch for VoIP with Cisco IP Phones on switch and routed ports and for VoIP with devices running the Cisco SoftPhone application. These releases support only Cisco IP SoftPhone Version 1.3(3) or later.
  • Page 95 If the packet does not have a DSCP value of 24, 26, or 46 or is out of profile, the switch changes the DSCP value to 0. When a Cisco IP Phone is absent, the ingress classification is set to not trust the QoS label in the packet.
  • Page 96 (to avoid disrupting traffic on other ports affected by the global configuration). You can use the no mls qos global configuration command to disable the auto-QoS-generated global configuration commands. With QoS disabled, there is no concept of trusted or untrusted ports because the packets are not modified (the CoS, DSCP, and IP precedence values in the packet are not changed).
  • Page 97 Switch(config-pmap-c)# set dscp default Switch(config-if)# service-policy input AUTOQOS-SRND4-SOFTPHONE-POLICY Examples This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to the port is a trusted device: Switch(config)# interface gigabitethernet2/0/1...
  • Page 98 Displays QoS information at the port level. srr-queue bandwidth shape Assigns the shaped weights and enables bandwidth shaping on the four egress queues mapped to a port. srr-queue bandwidth share Assigns the shared weights and enables bandwidth sharing on the four egress queues mapped to a port.
  • Page 99: Boot Auto-Copy-Sw

    Usage Guidelines A switch in VM mode is a switch that has a different minor version number than the version on the switch stack. A switch in VM mode cannot join the switch stack as a fully functioning member. If the switch stack has an image that can be copied to a switch in VM mode, the auto-upgrade process automatically copies the image from a stack member to the switch in VM mode.
  • Page 100: Boot Auto-Download-Sw

    Use the boot auto-download-sw global configuration command on the switch stack to specify a URL pathname to use for the automatic software upgrades. Use the no form of this command to remove the software image. boot auto-download-sw source-url no boot auto-download-sw This command is supported only on Catalyst 3750-X switches.
  • Page 101 This command was introduced. Usage Guidelines This command specifies a URL path to use for automatic software upgrades. You can use this command to configure the URL for the master switch to access in case of version-mismatch. Related Commands Command...
  • Page 102: Boot Buffersize

    After you configure the NVRAM buffer size, reload the switch or switch stack. When you add a switch to a stack and the NVRAM size differs, the new switch syncs with the stack and reloads automatically.
  • Page 103: Boot Config-File

    Use the boot config-file global configuration command on a standalone switch to specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration. Use the no form of this command to return to the default setting.
  • Page 104: Boot Enable-Break

    When you enter this command, you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized. Despite the setting of this command, you can interrupt the automatic boot process at any time by pressing Note the MODE button on the switch front panel.
  • Page 105: Boot Helper

    Use the boot helper global configuration command on the switch stack or on a standalone switch to dynamically load files during boot loader initialization to extend or patch the functionality of the boot loader. Use the no form of this command to return to the default.
  • Page 106: Boot Helper-Config-File

    Use the boot helper-config-file global configuration command on the switch stack or on a standalone switch to specify the name of the configuration file to be used by the Cisco IOS helper image. If this is not set, the file specified by the CONFIG_FILE environment variable is used by all versions of Cisco IOS that are loaded.
  • Page 107: Boot Manual

    Use the boot manual global configuration command on a standalone switch to enable manually booting the switch during the next boot cycle. Use the no form of this command to return to the default setting. boot manual no boot manual Syntax Description This command has no arguments or keywords.
  • Page 108: Boot Private-Config-File

    Use the boot private-config-file global configuration command on a standalone switch to specify the filename that Cisco IOS uses to read and write a nonvolatile copy of the private configuration. Use the no form of this command to return to the default setting.
  • Page 109: Boot System

    Use the boot system global configuration command on the switch stack or on a standalone switch to specify the Cisco IOS image to load during the next boot cycle. Use the no form of this command to return to the default setting.
  • Page 110 When you enter the boot system switch number or the boot system switch all command on the stack master, the stack master checks if a software image is already on the stack member (except on the stack master). If the software image does not exist on the stack member (for example, stack member 1), an...
  • Page 111: Cdp Forward

    Specifies the switch port that forwards the CDP packet to the Cisco TelePresence System. Defaults The default path for CDP packets through the switch is from any ingress port to the egress port connected to the Cisco Telepresence System. Command Modes...
  • Page 112 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cdp forward Related Commands Command Description show cdp forward Displays the CDP forwarding table. Catalyst 3750-X and 3560-X Switch Command Reference 2-80 OL-21522-02...
  • Page 113: Channel-Group

    Use the channel-group interface configuration command on the switch stack or on a standalone switch to assign an Ethernet port to an EtherChannel group, to enable an EtherChannel mode, or both. Use the no form of this command to remove an Ethernet port from an EtherChannel group.
  • Page 114 If you use a new number, the channel-group command dynamically creates a new port channel. You do not have to disable the IP address that is assigned to a physical port that is part of a channel group, but we strongly recommend that you do so.
  • Page 115 This example shows how to configure a cross-stack EtherChannel in a switch stack. It uses LACP passive mode and assigns two ports on stack member 2 and one port on stack member 3 as static-access ports in VLAN 10 to channel 5:...
  • Page 116 Displays PAgP channel-group information. show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_ command_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command.
  • Page 117: Channel-Protocol

    Use the channel-protocol interface configuration command on the switch stack or on a standalone switch to restrict the protocol used on a port to manage channeling. Use the no form of this command to return to the default setting.
  • Page 118: Cisp Enable

    This command was introduced. Usage Guidelines The link between the authenticator and supplicant switch is a trunk. When you enable VTP on both switches, the VTP domain name must be the same, and the VTP mode must be server. When you configure VTP mode, to avoid the MD5 checksum mismatch error, verify that: VLANs are not configured on two different.switches, which can be caused by two VTP servers in...
  • Page 119: Class

    After specifying a policy map, you can configure a policy for new classes or modify a policy for any existing classes in that policy map. You attach the policy map to a port by using the service-policy interface configuration command.
  • Page 120 IP Differentiated Services Code Point (DSCP) to 10, and polices the traffic at an average rate of 1 Mb/s and bursts at 20 KB. Traffic exceeding the profile is marked down to a DSCP value gotten from the policed-DSCP map and then sent.
  • Page 121 Related Commands Command Description class-map Creates a class map to be used for matching packets to the class whose name you specify. police Defines a policer for classified traffic. policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy.
  • Page 122: Class-Map

    Use the class-map global configuration command on the switch stack or on a standalone switch to create a class map to be used for matching packets to the class whose name you specify and to enter class-map configuration mode. Use the no form of this command to delete an existing class map and to return to global configuration mode.
  • Page 123 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands class-map If you enter the match-all or match-any keyword, you can only use it to specify an extended named access control list (ACL) with the match access-group acl-index-or-name class-map configuration command.
  • Page 124: Clear Dot1X

    12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all the information by using the clear dot1x all command, or you can clear only the information for the specified interface by using the clear dot1x interface interface-id command. Examples This example shows how to clear all IEEE 8021.x information:...
  • Page 125: Clear Eap Sessions

    12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all counters by using the clear eap sessions command, or you can clear only the specific information by using the keywords. Examples This example shows how to clear all EAP information:...
  • Page 126: Clear Errdisable Interface

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear errdisable interface clear errdisable interface Use the clear errdisable interface privileged EXEC command on the switch stack or on a standalone switch to re-enable a VLAN that was error disabled. clear errdisable interface interface-id vlan [vlan-list]...
  • Page 127: Clear Ip Arp Inspection Log

    Use the clear ip arp inspection log privileged EXEC command on the switch stack or on a standalone switch to clear the dynamic Address Resolution Protocol (ARP) inspection log buffer.
  • Page 128: Clear Ip Arp Inspection Statistics

    This example shows how to clear the statistics for VLAN 1: Switch# clear ip arp inspection statistics vlan 1 You can verify that the statistics were deleted by entering the show ip arp inspection statistics vlan 1 privileged EXEC command.
  • Page 129: Clear Ip Dhcp Snooping

    Use the clear ip dhcp snooping privileged EXEC command on the switch stack or on a standalone switch to clear the DHCP binding database agent statistics or the DHCP snooping statistics counters.
  • Page 130 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear ip dhcp snooping Related Commands Command Description ip dhcp snooping Enables DHCP snooping on a VLAN. ip dhcp snooping database Configures the DHCP snooping binding database agent or the binding file.
  • Page 131: Clear Ipc

    12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all statistics by using the clear ipc statistics command, or you can clear only the queue statistics by using the clear ipc queue-statistics command. Examples This example shows how to clear all statistics:...
  • Page 132: Clear Ipv6 Dhcp Conflict

    DECLINE message. If an address conflict is detected, the address is removed from the pool, and the address is not assigned until the administrator removes the address from the conflict list.
  • Page 133: Clear L2Protocol-Tunnel Counters

    12.2(53)SE2 This command was introduced. Usage Guidelines Use this command to clear protocol tunnel counters on the switch or on the specified interface. Examples This example shows how to clear Layer 2 protocol tunnel counters on an interface: Switch# clear l2protocol-tunnel counters gigabitethernet1/0/3...
  • Page 134: Clear Lacp

    12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all counters by using the clear lacp counters command, or you can clear only the counters for the specified channel group by using the clear lacp channel-group-number counters command. Examples...
  • Page 135: Clear Logging Onboard

    This command was introduced. Usage Guidelines We recommend that you keep OBFL enabled and do not erase the data stored in the flash memory. Examples This example shows how to clear all the OBFL information except for the uptime and CLI-command...
  • Page 136: Clear Mac Address-Table

    Use the clear mac address-table privileged EXEC command on the switch stack or on a standalone switch to delete from the MAC address table a specific dynamic address, all dynamic addresses on a particular interface, all dynamic addresses on stack members, or all dynamic addresses on a particular VLAN.
  • Page 137: Clear Mac Address-Table Move Update

    Use the clear mac address-table move update privileged EXEC command on the switch stack or on a standalone switch to clear the MAC address table move-update counters. clear mac address-table move update Syntax Description This command has no arguments or keywords.
  • Page 138: Clear Macsec Counters Interface

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear macsec counters interface clear macsec counters interface To clear Media Access Control Security (MACsec) counters for all interfaces or a specified interface, use the clear macsec counters interface privileged EXEC command. clear macsec counters interface [interface-id]...
  • Page 139: Clear Mka

    Modification 12.2(53)SE2 This command was introduced. Usage Guidelines When you enter the clear mka all command, the switch prompts for a confirmation and then deletes all active MKA sessions. Examples This example clears all active MKA sessions: Switch# clear mka all...
  • Page 140 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear mka Related Commands Command Description show mka policy Displays MKA policy configuration information. show mka sessions Displays a summary of MKA sessions. show mka statistics Displays global MKA statistics.
  • Page 141: Clear Nmsp Statistics

    12.2(53)SE2 This command was introduced. Examples This example shows how to clear NMSP statistics: Switch# clear nmsp statistics You can verify that information was deleted by entering the show nmsp statistics privileged EXEC command. Related Commands Command Description show nmsp Displays the NMSP information.
  • Page 142: Clear Pagp

    12.2(53)SE2 This command was introduced. Usage Guidelines You can clear all counters by using the clear pagp counters command, or you can clear only the counters for the specified channel group by using the clear pagp channel-group-number counters command. Examples...
  • Page 143: Clear Port-Security

    Use the clear port-security privileged EXEC command on the switch stack or on a standalone switch to delete from the MAC address table all secure addresses or all secure addresses of a specific type (configured, dynamic, or sticky) on the switch or on an interface.
  • Page 144 This example shows how to clear all secure addresses from the MAC address table: Switch# clear port-security all This example shows how to remove a specific configured secure address from the MAC address table: Switch# clear port-security configured address 0008.0070.0007...
  • Page 145: Clear Spanning-Tree Counters

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear spanning-tree counters clear spanning-tree counters Use the clear spanning-tree counters privileged EXEC command on the switch stack or on a standalone switch to clear the spanning-tree counters. clear spanning-tree counters [interface interface-id]...
  • Page 146: Clear Spanning-Tree Detected-Protocols

    IEEE 802.1D BPDUs on that port. A multiple spanning-tree (MST) switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (Version 3) associated with a different region, or a rapid spanning-tree (RST) BPDU (Version 2).
  • Page 147: Clear Vmps Statistics

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear vmps statistics clear vmps statistics Use the clear vmps statistics privileged EXEC command on the switch stack or on a standalone switch to clear the statistics maintained by the VLAN Query Protocol (VQP) client. clear vmps statistics Syntax Description This command has no arguments or keywords.
  • Page 148: Clear Vtp Counters

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands clear vtp counters clear vtp counters Use the clear vtp counters privileged EXEC command on the switch stack or on a standalone switch to clear the VLAN Trunking Protocol (VTP) and pruning counters. clear vtp counters Syntax Description This command has no arguments or keywords.
  • Page 149: Cluster Commander-Address

    The cluster member switch retains the identity of the cluster command switch during a system reload by using the mac-address parameter. You can enter the no form on a cluster member switch to remove it from the cluster during debugging or recovery procedures. You would normally use this command from the cluster member switch console port or Ethernet management port only when the member has lost communication with the cluster command switch.
  • Page 150 <output truncated> cluster commander-address 00e0.9bc0.a500 member 4 name my_cluster <output truncated> This example shows how to remove a member from the cluster by using the cluster member console. Switch # configure terminal Enter configuration commands, one per line. End with CNTL/Z.
  • Page 151: Cluster Discovery Hop-Count

    If the hop count is set to 1, it disables extended discovery. The cluster command switch discovers only candidates that are one hop from the edge of the cluster. The edge of the cluster is the point between the last discovered cluster member switch and the first discovered candidate switch.
  • Page 152: Cluster Enable

    Use the no form of the command to remove all members and to make the cluster command switch a candidate switch.
  • Page 153 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cluster enable Related Commands Command Description show cluster Displays the cluster status and a summary of the cluster to which the switch belongs. Catalyst 3750-X and 3560-X Switch Command Reference 2-121 OL-21522-02...
  • Page 154: Cluster Holdtime

    The holdtime is typically set as a multiple of the interval timer (cluster timer). For example, it takes (holdtime-in-secs divided by the interval-in-secs) number of heartbeat messages to be missed in a row to declare a switch down.
  • Page 155: Cluster Member

    You must enter a member number to remove a switch from the cluster. However, you do not need to enter a member number to add a switch to the cluster. The cluster command switch selects the next available member number and assigns it to the switch that is joining the cluster.
  • Page 156 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cluster member Examples This example shows how to add a switch as member 2 with MAC address 00E0.1E00.2222 and the password key to a cluster. The cluster command switch adds the candidate to the cluster through VLAN 3.
  • Page 157: Cluster Outside-Interface

    Network Address Translation (NAT) so that a member without an IP address can communicate with devices outside the cluster. Use the no form of this command to return to the default setting.
  • Page 158: Cluster Run

    Clustering is disabled, and the switch cannot become a candidate switch. When you enter the no cluster run command on a switch that is not part of a cluster, clustering is disabled on this switch. This switch cannot then become a candidate switch.
  • Page 159: Cluster Standby-Group

    The same group name should be used on all members of the HSRP standby group that is to be bound to the cluster. The same HSRP group name should also be used on all cluster-HSRP capable members for the HSRP group that is to be bound.
  • Page 160 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands cluster standby-group This example shows the error message when this command is executed on a cluster command switch and the specified HSRP standby group does not exist: Switch(config)# cluster standby-group my_hsrp...
  • Page 161: Cluster Timer

    Use the cluster timer global configuration command on the switch stack or on the a cluster command switch to set the interval in seconds between heartbeat messages. Use the no form of this command to set the interval to the default value.
  • Page 162: Copy Logging Onboard

    Specify the stack member number. If the switch is a standalone switch, the switch stack-member number is 1. If the switch is in a stack, the range is 1 to 9, depending on the switch member numbers in the stack.
  • Page 163 For information about OBFL, see the hw-module command. Examples This example shows how to copy the OBFL data messages to the obfl_file file on the flash file system for stack member 3: Switch# copy logging onboard module 3 flash:obfl_file OBFL copy successful...
  • Page 164: Confidentiality-Offset

    This example configures an MKA policy with a confidentiality offset of 30 bytes. Switch(config)# mka policy replay-policy Switch(config-mka-policy)# replay-protection window-size 300 Switch(config-mka-policy)# confidentiality offset 30 Switch(config-mka-policy)# end You can verify your setting by entering the show mka session detail privileged EXEC command. Related Commands Command Description show mka session detail Displays detailed information about active MKA sessions.
  • Page 165: Define Interface-Range

    A macro can contain up to five ranges. All interfaces in a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs, but you can combine multiple interface types in a macro.
  • Page 166 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands define interface-range For physical interfaces: stack member is the number used to identify the switch within the stack. The number ranges from 1 • to 9 and is assigned to the switch the first time the stack member initializes.
  • Page 167: Delete

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands delete delete Use the delete privileged EXEC command on the switch stack or on a standalone switch to delete a file or directory on the flash memory device. delete [/force] [/recursive] filesystem:/file-url...
  • Page 168: Deny (Arp Access-List Configuration)

    (Optional) Log a packet when it matches the ACE. Defaults There are no default settings. However, at the end of the ARP access list, there is an implicit deny ip any mac any command. Command Modes ARP access-list configuration...
  • Page 169 You can add deny clauses to drop ARP packets based on matching criteria. Examples This example shows how to define an ARP access list and to deny both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# deny ip host 1.1.1.1 mac host 0000.0000.abcd...
  • Page 170: Deny (Ipv6 Access-List Configuration)

    Use the deny command in IPv6 access list configuration mode on the switch stack or on a standalone switch to set deny conditions for an IPv6 access list. Use the no form of this command to remove the deny conditions.
  • Page 171 The optional port-number argument is a decimal number or the name of a TCP or a UDP port. A port number is a number from 0 to 65535. TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.
  • Page 172 (Optional) Specify an ICMP message type for filtering ICMP packets. ICMP packets can be filtered by an ICMP message type. The type is a number from 0 to 255. icmp-code (Optional) Specify an ICMP message code for filtering ICMP packets.
  • Page 173 You can add permit, deny, or remark statements to an existing access list without re-entering the entire list. To add a new statement anywhere other than at the end of the list, create a new statement with an appropriate entry number between two existing entry numbers to show where it belongs.
  • Page 174 This example configures the IPv6 access list named CISCO and applies the access list to outbound traffic on a Layer 3 interface. The first deny entry in the list prevents all packets that have a destination TCP port number greater than 5000 from leaving the interface. The second deny entry in the list prevents all packets that have a source UDP port number less than 5000 from leaving the interface.
  • Page 175: Deny (Mac Access-List Configuration)

    [type mask | aarp | amber | cos cos | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 | etype-8042 | lat | lavc-sca | lsap lsap mask | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp]...
  • Page 176 Though visible in the command-line help strings, appletalk is not supported as a matching condition. Note To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology...
  • Page 177 If you use the host keyword, you cannot enter an address mask; if you do not use the host keyword, you must enter an address mask. When an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list.
  • Page 178: Diagnostic Monitor

    Use the diagnostic monitor global configuration command to configure health-monitoring diagnostic testing. Use the no form of this command to disable testing and to return to the default settings. diagnostic monitor interval switch number test {name | test-id | test-id-range | all} hh:mm:ss...
  • Page 179 • ID list. Enter the range as integers separated by a comma and a hyphen (for example, 1,3-6 specifies test IDs 1, 3, 4, 5, and 6). •...
  • Page 180: Diagnostic Schedule

    Use the diagnostic schedule global configuration command to configure the diagnostic test schedule. Use the no form of this command to remove the schedule. diagnostic schedule switch number test {name | test-id | test-id-range | all | basic | non-disruptive} {daily hh:mm | on mm dd yyyy hh:mm | weekly day-of-week hh:mm}...
  • Page 181 • or lower case characters. If you are running a diagnostic test that has the reload attribute on a switch in a stack, you could Note potentially partition the stack depending on your cabling configuration. To avoid partitioning your stack,...
  • Page 182: Diagnostic Start

    Use the diagnostic start privileged EXEC command to run an online diagnostic test. diagnostic start switch number test {name | test-id | test-id-range | all | basic | non-disruptive} Syntax Description switch number Specify the switch number, which is the stack member number. If the switch is a standalone switch, the switch number is 1.
  • Page 183 When specifying a test name, use the show diagnostic content privileged EXEC command to display the test ID list. To specify test 3 by using the test name, enter the diagnostic start switch number test TestPortAsicCam privileged EXEC command.
  • Page 184 This message appears if the configured test can cause a stack partition: Switch 6: Running test(s) 2 will cause the switch under test to reload after completion of the test list. Switch 6: Running test(s) 2 will partition stack...
  • Page 185: Dot1X

    Use the dot1x global configuration command on the switch stack or on a standalone switch to globally enable IEEE 802.1x authentication. Use the no form of this command to return to the default setting. dot1x {guest-vlan supplicant} | {system-auth-control} no dot1x {guest-vlan supplicant} | {system-auth-control} Though visible in the command-line help strings, the credentials name keywords are not supported.
  • Page 186 This example shows how to globally enable IEEE 802.1x authentication on a switch: Switch(config)# dot1x system-auth-control This example shows how to globally enable the optional guest VLAN behavior on a switch: Switch(config)# dot1x guest-vlan supplicant You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC command.
  • Page 187: Dot1X Auth-Fail Max-Attempts

    Use the dot1x auth-fail max-attempts interface configuration command on the switch stack or on a standalone switch to configure the maximum allowable authentication attempts before a port is moved to the restricted VLAN. To return to the default setting, use the no form of this command. dot1x auth-fail max-attempts max-attempts...
  • Page 188 [vlan id] Enables the optional restricted VLAN feature. dot1x max-reauth-req [count] Sets the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state. show dot1x [interface interface-id] Displays IEEE 802.1x status for the specified port.
  • Page 189: Dot1X Auth-Fail Vlan

    Use the dot1x auth-fail vlan interface configuration command on the switch stack or on a standalone switch to enable the restricted VLAN on a port. To return to the default setting, use the no form of this command.
  • Page 190 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x auth-fail vlan You cannot configure a VLAN to be both a restricted VLAN and a voice VLAN. If you do this, a syslog message is generated. When a restricted VLAN port is moved to an unauthorized state, the authentication process restarts. If the supplicant fails the authentication process again, the authenticator waits in the held state.
  • Page 191: Dot1X Control-Direction

    The show dot1x all privileged EXEC command output is the same for all switches except for the port names and the state of the port. If a host is attached to the port but is not yet authenticated, a display similar to this appears: Supplicant MAC 0002.b39a.9275...
  • Page 192 = In If you enter the dot1x control-direction in interface configuration command and the port cannot support this mode due to a configuration conflict, this appears in the show dot1x all command output: ControlDirection = In (Disabled due to port settings)
  • Page 193: Dot1X Credentials (Global Configuration)

    12.2(53)SE2 This command was introduced. Usage Guidelines You must have another switch set up as the authenticator for this switch to be the supplicant. Examples This example shows how to configure a switch as a supplicant: Switch(config)# dot1x credentials profile You can verify your settings by entering the show running-config privileged EXEC command.
  • Page 194: Dot1X Critical (Global Configuration)

    (global configuration) dot1x critical (global configuration) Use the dot1x critical global configuration command on the switch stack or on a standalone switch to configure the parameters for the inaccessible authentication bypass feature, also referred to as critical authentication or the authentication, authorization, and accounting (AAA) fail policy. To return to default settings, use the no form of this command.
  • Page 195 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x critical (global configuration) Related Commands Command Description dot1x critical (interface Enables the inaccessible authentication bypass feature, and configuration) configures the access VLAN for the feature. show dot1x Displays IEEE 802.1x status for the specified port.
  • Page 196: Dot1X Critical (Interface Configuration)

    If the critical port is a routed port, you can specify a VLAN, but this is optional. • If the client is running Windows XP and the critical port to which the client is connected is in the critical-authentication state, Windows XP might report that the interface is not authenticated.
  • Page 197 You can configure the inaccessible authentication bypass feature and the restricted VLAN on an IEEE 802.1x port. If the switch tries to re-authenticate a critical port in a restricted VLAN and all the RADIUS servers are unavailable, the switch changes the port state to the critical authentication state, and it remains in the restricted VLAN.
  • Page 198: Dot1X Default

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x default dot1x default Use the dot1x default interface configuration command on the switch stack or on a standalone switch to reset the IEEE 802.1x parameters to their default values. dot1x default Syntax Description This command has no arguments or keywords.
  • Page 199: Dot1X Fallback

    Use the dot1xfallback interface configuration command on the switch stack or on a standalone switch to configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. To return to the default setting, use the no form of this command.
  • Page 200: Dot1X Guest-Vlan

    Use the dot1x guest-vlan interface configuration command on the switch stack or on a standalone switch to specify an active VLAN as an IEEE 802.1x guest VLAN. Use the no form of this command to return to the default setting.
  • Page 201 Switch(config-if)# dot1x guest-vlan 5 This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request, and to enable VLAN 2 as an IEEE 802.1x guest VLAN when an IEEE 802.1x port is connected...
  • Page 202: Dot1X Host-Mode

    This command was introduced. Usage Guidelines Use this command to limit an IEEE 802.1x-enabled port to a single client or to attach multiple clients to an IEEE 802.1x-enabled port. In multiple-hosts mode, only one of the attached hosts needs to be successfully authorized for all hosts to be granted network access.
  • Page 203: Dot1X Initialize

    This command was introduced. Usage Guidelines Use this command to initialize the IEEE 802.1x state machines and to set up a fresh environment for authentication. After you enter this command, the port status becomes unauthorized. There is not a no form of this command.
  • Page 204: Dot1X Mac-Auth-Bypass

    Unless otherwise stated, the MAC authentication bypass usage guidelines are the same as the IEEE 802.1x authentication guidelines. If you disable MAC authentication bypass from a port after the port has been authenticated with its MAC address, the port state is not affected.
  • Page 205 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x mac-auth-bypass Examples This example shows how to enable MAC authentication bypass and to configure the switch to use EAP for authentication: Switch(config-if)# dot1x mac-auth-bypass eap You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC command.
  • Page 206: Dot1X Max-Reauth-Req

    Use the dot1x max-reauth-req interface configuration command on the switch stack or on a standalone switch to set the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state. Use the no form of this command to return to the default setting. dot1x max-reauth-req count...
  • Page 207 Command Description dot1x timeout tx-period Sets the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request. show dot1x [interface Displays IEEE 802.1x status for the specified port.
  • Page 208: Dot1X Max-Req

    Examples This example shows how to set 5 as the number of times that the switch sends an EAP frame from the authentication server to the client before restarting the authentication process:...
  • Page 209: Dot1X Pae

    Use the dot1x pae interface configuration command on the switch stack or on a standalone switch to configure the port as an IEEE 802.1x port access entity (PAE) authenticator. Use the no form of this command to disable IEEE 802.1x authentication on the port.
  • Page 210: Dot1X Port-Control

    Use the dot1x port-control interface configuration command on the switch stack or on a standalone switch to enable manual control of the authorization state of the port. Use the no form of this command to return to the default setting.
  • Page 211 (VLAN Query Protocol [VQP]) port, an error message appears, and IEEE 802.1x authentication is not enabled. If you try to change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed.
  • Page 212: Dot1X Re-Authenticate

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands dot1x re-authenticate dot1x re-authenticate Use the dot1x re-authenticate privileged EXEC command on the switch stack or on a standalone switch to manually initiate a re-authentication of the specified IEEE 802.1x-enabled port. dot1x re-authenticate [interface interface-id]...
  • Page 213: Dot1X Reauthentication

    Use the dot1x reauthentication interface configuration command on the switch stack or on a standalone switch to enable periodic re-authentication of the client. Use the no form of this command to return to the default setting. dot1x reauthentication...
  • Page 214: Dot1X Supplicant Force-Multicast

    Use the dot1x supplicant force-multicast global configuration command to force a supplicant switch to send only multicast Extensible Authentication Protocol over LAN (EAPOL) packets whenever it receives multicast or unicast EAPOL packets. Use the no form of this command to return to the default setting.
  • Page 215: Dot1X Test Eapol-Capable

    There is not a no form of this command. Examples This example shows how to enable the IEEE 802.1x readiness check on a switch to query a port. It also shows the response received from the queried port verifying that the device connected to it is IEEE 802.1x-capable:...
  • Page 216: Dot1X Test Timeout

    Use the dot1x test timeout global configuration command on the switch stack or on a standalone switch to configure the timeout used to wait for EAPOL response from a port being queried for IEEE 802.1x readiness. dot1x test timeout timeout...
  • Page 217: Dot1X Timeout

    Use the dot1x timeout interface configuration command on the switch stack or on a standalone switch to set IEEE 802.1x timers. Use the no form of this command to return to the default setting. dot1x timeout {quiet-period seconds | ratelimit-period seconds | reauth-period {seconds |...
  • Page 218 Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as the number of seconds to wait for a response to an EAP-request/identity frame from the client before re-transmitting the request: Switch(config-if)# dot1x timeout tx-period 60...
  • Page 219 Related Commands Command Description dot1x max-req Sets the maximum number of times that the switch sends an EAP-request/identity frame before restarting the authentication process. dot1x reauthentication Enables periodic re-authentication of the client. show dot1x Displays IEEE 802.1x status for all ports.
  • Page 220: Dot1X Violation-Mode

    Use the dot1x violation-mode interface configuration command on the switch stack or on a standalone switch to configure the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port.
  • Page 221: Duplex

    Use the duplex interface configuration command on the switch stack or on a standalone switch to specify the duplex mode of operation for a port. Use the no form of this command to return the port to its default value.
  • Page 222 If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
  • Page 223: Epm Access-Control Open

    ACL. If you do not configure this command, the port applies the policies of the configured ACL to the traffic. If no static ACL is configured on a port, both the default and open directives allow access to the port.
  • Page 224 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands epm access-control open Examples This example shows how to configure an open directive. Switch(config)# epm access-control open You can verify your settings by entering the show running-config privileged EXEC command. Related Commands Command Description show running-config Displays the operating configuration.
  • Page 225: Errdisable Detect Cause

    Use the errdisable detect cause global configuration command on the switch stack or on a standalone switch to enable error-disabled detection for a specific cause or all causes. Use the no form of this command to disable the error-disabled detection feature.
  • Page 226 When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. For the BPDU guard, voice aware 802.1x security, and port-security features, you can configure the switch to shut down just the offending VLAN on the port when a violation occurs, instead of shutting down the entire port.
  • Page 227: Errdisable Detect Cause Small-Frame

    VLAN-tagged packets are small frames (67 bytes or less) and arrive at the minimum configured rate (the threshold). Use the no form of this command to return to the default setting.
  • Page 228 Displays the interface settings on the switch, including input and output flow control. small-frame violation rate Configures the rate (threshold) for incoming small frames to cause a port to be put into the error-disabled state. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 229: Errdisable Recovery

    Use the errdisable recovery global configuration command on the switch stack or on a standalone switch to configure the recover mechanism variables. Use the no form of this command to return to the default setting. errdisable recovery {cause {all | arp-inspection | bpduguard | channel-misconfig |...
  • Page 230 When a port is error-disabled, it is effectively shut down, and no traffic is sent or received on the port. For the BPDU guard and port-security features, you can configure the switch to shut down just the offending VLAN on the port when a violation occurs, instead of shutting down the entire port.
  • Page 231 Displays interface status or a list of interfaces in error-disabled err-disabled state. clear errdisable interface Clears the error-disabled state from a port or VLAN that was error disabled by the per-VLAN error disable feature. Catalyst 3750-X and 3560-X Switch Command Reference 2-199...
  • Page 232: Errdisable Recovery Cause Small-Frame

    Use the errdisable recovery cause small-frame global configuration command on the switch stack or on a standalone switch to enable the recovery timer for ports to be automatically re-enabled after they are error disabled by the arrival of small frames. Use the no form of this command to return to the default setting.
  • Page 233: Exception Crashinfo

    This command was introduced. Usage Guidelines The basic crashinfo file includes the Cisco IOS image name and version that failed, and a list of the processor registers, and a stack trace. The extended crashinfo file includes additional information that can help determine the cause of the switch failure.
  • Page 234: Fallback Profile

    Use the fallback profile global configuration command on the switch stack or on a standalone switch to create a fallback profile for web authentication. To return to the default setting, use the no form of this command. fallback profile profile...
  • Page 235 Related Commands Command Description dot1x fallback Configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. ip admission Enable web authentication on a switch port ip admission name proxy http...
  • Page 236: Flowcontrol

    When flow control receive is on for a device and it receives a pause frame, it stops sending any data packets.
  • Page 237 Does not send or receive Does not send or receive Examples This example shows how to configure the local port to not support flow control by the remote port: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# flowcontrol receive off You can verify your settings by entering the show interfaces privileged EXEC command.
  • Page 238: Hw-Module

    We recommend that you keep OBFL enabled and do not erase the data stored in the flash memory. To ensure that the time stamps in the OBFL data logs are accurate, you should manually set the system clock, or configure it by using Network Time Protocol (NTP).
  • Page 239 Examples This example shows how to enable OBFL on a Catalyst 3750-X-only switch stack and to specify that all the hardware-related messages on stack member 4 are stored in the flash memory when this command is entered on the stack master:...
  • Page 240: Interface Port-Channel

    Caution ports that are assigned to the channel group. Do not assign bridge groups on the physical ports in a channel group used as a Layer 3 port-channel Caution interface because it creates loops. You must also disable spanning tree.
  • Page 241 • port and not on the port-channel interface. Do not configure a port that is an active member of an EtherChannel as an IEEE 802.1x port. If • IEEE 802.1x is enabled on a not-yet active port of an EtherChannel, the port does not join the EtherChannel.
  • Page 242: Interface Range

    Specifying a previously defined interface-range macro • All interfaces in a range must be the same type; that is, all Fast Ethernet ports, all Gigabit Ethernet ports, all EtherChannel ports, or all VLANs. However, you can define up to five interface ranges with a single command, with each range separated by a comma.
  • Page 243 Note channel number in the range must be active port channels. When you define a range, you must enter a space between the first entry and the hyphen (-): interface range gigabitethernet1/0/1 -2 When you define multiple ranges, you must still enter a space after the first entry and before the...
  • Page 244: Interface Configuration Mode

    This command was introduced. Usage Guidelines SVIs are created the first time that you enter the interface vlan vlan-id command for a particular VLAN. The vlan-id corresponds to the VLAN-tag associated with data frames on an ISL or IEEE 802.1Q encapsulated trunk or the VLAN ID configured for an access port.
  • Page 245 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands interface vlan Examples This example shows how to create a new SVI with VLAN ID 23 and to enter interface configuration mode: Switch(config)# interface vlan 23 Switch(config-if)# You can verify your setting by entering the...
  • Page 246: Ip Access-Group

    Use the ip access-group interface configuration command on the switch stack or on a standalone switch to control access to a Layer 2 or Layer 3 interface. Use the no form of this command to remove all access groups or the specified access group from the interface.
  • Page 247 ACL or VLAN map: • When an input port ACL is applied to an interface and a VLAN map is applied to a VLAN that the interface is a member of, incoming packets received on ports with the ACL applied are filtered by the port ACL.
  • Page 248 IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands ip access-list Configures a named ACL. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands.
  • Page 249: Ip Address

    IP address for the Layer 2 switch or an IP address for each switch virtual interface (SVI) or routed port on the Layer 3 switch. Use the no form of this command to remove an IP address or to disable IP processing.
  • Page 250 BOOTP or the DHCP server cannot reassign the address. A Layer 3 switch can have an IP address assigned to each routed port and SVI. The number of routed ports and SVIs that you can configure is not limited by software; however, the interrelationship between this number and the number of other features being configured might have an impact on CPU utilization due to hardware limitations.
  • Page 251: Ip Admission

    Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip admission rule1 This example shows how to apply a web authentication rule to a fallback profile for use on an IEEE 802.1x enabled switch port. Switch# configure terminal Switch(config)# fallback profile profile1...
  • Page 252: Ip Admission Name Proxy Http

    The ip admission name proxy http command globally enables web authentication on a switch. After you enable web authentication on a switch, use the ip access-group in and ip admission web-rule interface configuration commands to enable web authentication on a specific interface.
  • Page 253 Related Commands Command Description dot1x fallback Configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. fallback profile Create a web authentication fallback profile. ip admission...
  • Page 254: Ip Arp Inspection Filter Vlan

    All other packet types are bridged in the ingress VLAN without validation. If the switch denies a packet because of an explicit deny statement in the ACL, the packet is dropped. If the switch denies a packet because of an implicit deny statement, the packet is then compared against the list of DHCP bindings (unless the ACL is static, which means that packets are not compared against the bindings).
  • Page 255 Examples This example shows how to apply the ARP ACL static-hosts to VLAN 1 for dynamic ARP inspection: Switch(config)# ip arp inspection filter static-hosts vlan 1 You can verify your settings by entering the show ip arp inspection vlan 1 privileged EXEC command.
  • Page 256: Ip Arp Inspection Limit

    After you configure the rate limit, the interface retains the rate limit even when its trust state is changed. If you enter the no ip arp inspection limit interface configuration command, the interface reverts to its default rate limit.
  • Page 257 EtherChannel, this means that the actual rate limit might be higher than the configured value. For example, if you set the rate limit to 30 pps on an EtherChannel that has one port on switch 1 and one port on switch 2, each port can receive packets at 29 pps without causing the EtherChannel to become error-disabled.
  • Page 258: Ip Arp Inspection Log-Buffer

    If the log buffer overflows, it means that a log event does not fit into the log buffer, and the output display for the show ip arp inspection log privileged EXEC command is affected. A -- in the output display appears in place of all data except the packet count and the time.
  • Page 259 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip arp inspection log-buffer In a switch stack, the log buffer configuration applies to each stack member in the stack. Each stack member has the specified logs number entries and generates system messages at the configured rate. For example, if the interval (rate) is one entry per second, up to five system messages are generated per second in a five-member switch stack.
  • Page 260: Ip Arp Inspection Trust

    This command was introduced. Usage Guidelines The switch does not check ARP packets that it receives on the trusted interface; it simply forwards the packets. For untrusted interfaces, the switch intercepts all ARP requests and responses. It verifies that the intercepted packets have valid IP-to-MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination.
  • Page 261 Configures the dynamic ARP inspection logging buffer. log-buffer show inventory Displays the trust state and the rate limit of ARP packets for the specified interfaces interface or all interfaces. show inventory Displays the configuration and contents of the dynamic ARP inspection log buffer.
  • Page 262: Ip Arp Inspection Validate

    Use the ip arp inspection validate global configuration command on the switch stack or on a standalone switch to perform specific checks for dynamic Address Resolution Protocol (ARP) inspection. Use the no form of this command to return to the default settings.
  • Page 263 • inspection validate ip command, ARP probes are dropped unless you enter the allow-zeros keyword. The no form of the command disables only the specified checks. If none of the options are enabled, all checks are disabled. Examples This example show how to enable source MAC validation:...
  • Page 264: Ip Arp Inspection Vlan

    Use the ip arp inspection vlan global configuration command on the switch stack or on a standalone switch to enable dynamic Address Resolution Protocol (ARP) inspection on a per-VLAN basis. Use the no form of this command to return to the default setting.
  • Page 265: Ip Arp Inspection Vlan Logging

    Use the ip arp inspection vlan logging global configuration command on the switch stack or on a standalone switch to control the type of packets that are logged per VLAN. Use the no form of this command to disable this logging control.
  • Page 266 If neither the acl-match or the dhcp-bindings keywords are specified, all denied packets are logged. The implicit deny at the end of an ACL does not include the log keyword. This means that when you use the static keyword in the ip arp inspection filter vlan global configuration command, the ACL overrides the DHCP bindings.
  • Page 267: Ip Device Tracking

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip device tracking ip device tracking To enable IP device tracking, use the ip device tracking global configuration command. Use the no form of this command to disable this feature. ip device tracking...
  • Page 268: Ip Device Tracking Maximum

    Use the ip device tracking maximum command to enable IP port security binding tracking on a Layer 2 port. Use the no form of this command to disable IP port security on untrusted Layer 2 interfaces.
  • Page 269: Ip Device Tracking Probe

    The use-svi keyword was added. Usage Guidelines Use the count keyword option to set the number of times that the switch sends the ARP probe. The range is from 1 to 255. Use the interval keyword option to set the number of seconds that the switch waits for a response before resending the ARP probe.
  • Page 270 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip device tracking probe Related Commands Command Description show ip device Displays information about the entries in the IP device tracking table. tracking all Catalyst 3750-X and 3560-X Switch Command Reference 2-238 OL-21522-02...
  • Page 271: Ip Dhcp Snooping

    Usage Guidelines For any DHCP snooping configuration to take effect, you must globally enable DHCP snooping. DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan vlan-id global configuration command. Examples...
  • Page 272: Ip Dhcp Snooping Binding

    Use the ip dhcp snooping binding privileged EXEC command on the switch stack or on a standalone switch to configure the DHCP snooping binding database and to add binding entries to the database. Use the no form of this command to delete entries from the binding database.
  • Page 273 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip dhcp snooping binding You can verify your settings by entering the show ip dhcp snooping binding or the show ip dhcp source binding privileged EXEC command. Related Commands Command...
  • Page 274: Ip Dhcp Snooping Database

    Use the ip dhcp snooping database global configuration command on the switch stack or on a standalone switch to configure the DHCP snooping binding database agent. Use the no form of this command to disable the agent, to reset the timeout value, or to reset the write-delay value.
  • Page 275 Use the no ip dhcp snooping database write-delay command to reset the write-delay value. Examples This example shows how to store a binding file at an IP address of 10.1.1.1 that is in a directory called directory. A file named file must be present on the TFTP server.
  • Page 276: Ip Dhcp Snooping Information Option

    ID suboption). The switch forwards the DHCP request that includes the option-82 field to the DHCP server. When the DHCP server receives the packet, it can use the remote ID, the circuit ID, or both to assign IP addresses and implement policies, such as restricting the number of IP addresses that can be assigned to a single remote ID or a circuit ID.
  • Page 277 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip dhcp snooping information option Related Commands Command Description show ip dhcp snooping Displays the DHCP snooping configuration. show ip dhcp snooping binding Displays the DHCP snooping binding information. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 278: Ip Dhcp Snooping Information Option Allow-Untrusted

    Use the ip dhcp snooping information option allow-untrusted global configuration command on an aggregation switch to configure it to accept DHCP packets with option-82 information that are received on untrusted ports that might be connected to an edge switch. Use the no form of this command to return to the default setting.
  • Page 279 Examples This example shows how to configure an access switch to not check the option-82 information in untrusted packets from an edge switch and to accept the packets: Switch(config)# ip dhcp snooping information option allow-untrusted You can verify your settings by entering the show ip dhcp snooping user EXEC command.
  • Page 280: Ip Dhcp Snooping Information Option Format Remote-Id

    When the option-82 feature is enabled, the default remote-ID suboption is the switch MAC address. This command allows you to configure either the switch hostname or a string of up to 63 ASCII characters (but no spaces) to be the remote ID.
  • Page 281: Ip Dhcp Snooping Limit Rate

    Normally, the rate limit applies to untrusted interfaces. If you want to configure rate limiting for trusted interfaces, keep in mind that trusted interfaces might aggregate DHCP traffic on multiple VLANs (some of which might not be snooped) in the switch, and you will need to adjust the interface rate limits to a higher value.
  • Page 282: Ip Dhcp Snooping Trust

    Use the ip dhcp snooping trust interface configuration command on the switch stack or on a standalone switch to configure a port as trusted for DHCP snooping purposes. Use the no form of this command to return to the default setting.
  • Page 283: Ip Dhcp Snooping Verify

    Use the ip dhcp snooping verify global configuration command on the switch stack or on a standalone switch to configure the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. Use the no form of this command to configure the switch to not verify the MAC addresses.
  • Page 284: Ip Dhcp Snooping Vlan

    Use the ip dhcp snooping vlan global configuration command on the switch stack or on a standalone switch to enable DHCP snooping on a VLAN. Use the no form of this command to return to the default setting.
  • Page 285: Ip Dhcp Snooping Vlan Information Option Format-Type Circuit-Id String

    DHCP snooping configuration to take effect. When the option-82 feature is enabled, the default circuit-ID suboption is the switch VLAN and the port identifier, in the format vlan-mod-port. This command allows you to configure a string of ASCII characters to be the circuit ID.
  • Page 286 Switch(config-if)# ip dhcp snooping vlan 250 information option format-type circuit-id override string testcustomer You can verify your settings by entering the show ip dhcp snooping user EXEC command. Note The show ip dhcp snooping user EXEC command only displays the global command output, including a remote-ID configuration.
  • Page 287: Ip Igmp Filter

    Use the ip igmp filter interface configuration command on the switch stack or on a standalone switch to control whether or not all hosts on a Layer 2 interface can join one or more IP multicast groups by applying an Internet Group Management Protocol (IGMP) profile to the interface. Use the no form of this command to remove the specified profile from the interface.
  • Page 288 Displays the running configuration on the switch interface, including interface-id the IGMP profile (if any) that is applied to an interface. For syntax information, select Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 > File Management Commands >...
  • Page 289: Ip Igmp Max-Groups

    Layer 2 interface can join or to configure the IGMP throttling action when the maximum number of entries is in the forwarding table. Use the no form of this command to set the maximum back to the default, which is to have no maximum limit, or to return to the default throttling action, which is to drop the report.
  • Page 290 After these entries are aged out, when the maximum number of entries is in the forwarding table, the switch drops the next IGMP report received on the interface.
  • Page 291: Ip Igmp Profile

    • • permit: specifies that matching addresses are permitted. range: specifies a range of IP addresses for the profile. This can be a single IP address or a range • with a start and an end address. When entering a range, enter the low IP multicast address, a space, and the high IP multicast address.
  • Page 292 Related Commands Command Description ip igmp filter Applies the IGMP profile to the specified interface. show ip igmp profile Displays the characteristics of all IGMP profiles or the specified IGMP profile number. Catalyst 3750-X and 3560-X Switch Command Reference 2-260 OL-21522-02...
  • Page 293: Ip Igmp Snooping

    When IGMP snooping is enabled globally, it is enabled in all the existing VLAN interfaces. When IGMP snooping is globally disabled, it is disabled on all the existing VLAN interfaces. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping.
  • Page 294 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip igmp snooping Command Description show ip igmp snooping mrouter Displays the IGMP snooping router ports. show ip igmp snooping querier Displays the configuration and operation information for the IGMP querier configured on a switch.
  • Page 295: Ip Igmp Snooping Last-Member-Query-Interval

    When IGMP snooping is globally disabled, IGMP snooping is disabled on all the existing VLAN interfaces. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Configuring the leave timer on a VLAN overrides the global setting.
  • Page 296 Configures a Layer 2 port as a multicast router port. ip igmp snooping vlan static Configures a Layer 2 port as a member of a group. show ip igmp snooping Displays the IGMP snooping configuration.
  • Page 297: Ip Igmp Snooping Querier

    Use the ip igmp snooping querier global configuration command on the switch stack or on a standalone switch to globally enable the Internet Group Management Protocol (IGMP) querier function in Layer 2 networks.
  • Page 298 Usage Guidelines Use this command to enable IGMP snooping to detect the IGMP version and IP address of a device that sends IGMP query messages, which is also called a querier. By default, the IGMP snooping querier is configured to detect devices that use IGMP Version 2 (IGMPv2) but does not detect clients that are using IGMP Version 1 (IGMPv1).
  • Page 299: Ip Igmp Snooping Report-Suppression

    When IGMP router suppression is enabled (the default), the switch sends the first IGMP report from all hosts for a group to all the multicast routers. The switch does not send the remaining IGMP reports for the group to the multicast routers. This feature prevents duplicate reports from being sent to the multicast devices.
  • Page 300 Related Commands Command Description ip igmp snooping Enables IGMP snooping on the switch or on a VLAN. show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN. Catalyst 3750-X and 3560-X Switch Command Reference 2-268 OL-21522-02...
  • Page 301: Ip Igmp Snooping Tcn

    Use ip igmp snooping tcn flood query count global configuration command to control the time that multicast traffic is flooded after a TCN event. If you set the TCN flood query count to 1 by using the ip igmp snooping tcn flood query count command, the flooding stops after receiving 1 general query. If you set the count to 7, the flooding of multicast traffic due to the TCN event lasts until 7 general queries are received.
  • Page 302 Specifies flooding on an interface as the IGMP snooping spanning-tree TCN behavior. show ip igmp snooping Displays the IGMP snooping configuration of the switch or the VLAN. Catalyst 3750-X and 3560-X Switch Command Reference 2-270 OL-21522-02...
  • Page 303: Ip Igmp Snooping Tcn Flood

    This command was introduced. Usage Guidelines When the switch receives a TCN, multicast traffic is flooded to all the ports until two general queries are received. If the switch has many ports with attached hosts that are subscribed to different multicast groups, the flooding might exceed the capacity of the link and cause packet loss.
  • Page 304: Ip Igmp Snooping Vlan Immediate-Leave

    This command was introduced. Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. You should configure the Immediate- Leave feature only when there is a maximum of one receiver on every port in the VLAN.
  • Page 305: Ip Igmp Snooping Vlan Mrouter

    12.2(53)SE2 This command was introduced. Usage Guidelines VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. The CGMP learn method is useful for reducing control traffic. The configuration is saved in NVRAM.
  • Page 306 This example shows how to specify the multicast router learning method as CGMP: Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp You can verify your settings by entering the show ip igmp snooping privileged EXEC command. Related Commands Command...
  • Page 307: Ip Igmp Snooping Vlan Static

    Internet Group Management Protocol (IGMP) snooping and to statically add a Layer 2 port as a member of a multicast group. Use the no form of this command to remove ports specified as members of a static multicast group.
  • Page 308 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ip igmp snooping vlan static Related Commands Command Description ip igmp snooping report-suppression Enables IGMP report suppression. show ip igmp snooping Displays the snooping configuration. show ip igmp snooping groups Displays IGMP snooping multicast information.
  • Page 309: Ip Snap Forwarding

    SNAP encapsulation. If a switch that is joining the stack does not support forwarding of IPv4 and IPv6 frames with SNAP encapsulation, all the switches in the stack do not forward the IPv4 and IPv6 frames, and this forwarding feature is disabled.
  • Page 310: Ip Source Binding

    Use the ip source binding global configuration command on the switch stack or on a standalone switch to configure static IP source bindings on the switch. Use the no form of this command to delete static bindings.
  • Page 311 Enables IP source guard on an interface. show ip source binding Displays the IP source bindings on the switch. show ip verify source Displays the IP source guard configuration on the switch or on a specific interface. Catalyst 3750-X and 3560-X Switch Command Reference 2-279...
  • Page 312: Ip Ssh

    Use the ip ssh global configuration command on the switch stack or on a standalone switch to configure the switch to run Secure Shell (SSH) Version 1 or SSH Version 2. Use the no form of this command to return to the default setting.
  • Page 313 Features > Secure Shell Commands. show ssh Displays the status of the SSH server. For syntax information, select Cisco IOS Release 12.2 Configuration Guides and Command References > Cisco IOS Security Command Reference, Release 12.2 > Other Security Features >...
  • Page 314: Ip Sticky-Arp (Global Configuration)

    (global configuration) Use the ip sticky-arp global configuration command to enable sticky Address Resolution Protocol (ARP) on a switch virtual interface (SVI) that belongs to a private VLAN. Use the no form of this command to disable sticky ARP.
  • Page 315 (global configuration) • Use the no sticky-arp global configuration command to disable sticky ARP on the switch. Use the no sticky-arp interface configuration command to disable sticky ARP on an interface when • sticky ARP is disabled on the switch.
  • Page 316: Ip Sticky-Arp (Interface Configuration)

    (interface configuration) Use the ip sticky-arp interface configuration command to enable sticky Address Resolution Protocol (ARP) on a switch virtual interface (SVI) or a Layer 3 interface. Use the no form of this command to disable sticky ARP.
  • Page 317 ARP entries. • If you disconnect the switch from a device and then connect it to another device with a different MAC address but with the same IP address, the ARP entry is not created, and this message appears: *Mar 2 00:26:06.967: %IP-3-STCKYARPOVR: Attempt to overwrite Sticky ARP entry:...
  • Page 318: Ip Verify Source

    Use the ip verify source interface configuration command on the switch stack or on a standalone switch to enable IP source guard on an interface. Use the no form of this command to disable IP source guard. ip verify source {vlan dhcp-snooping | tracking} [port-security]...
  • Page 319 11-20 Switch# This example shows how to enable IP port security with IP-MAC filters on a Layer 2 access port: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip device tracking Switch(config)# interface gigabitethernet1/0/3...
  • Page 320: Ipv6 Access-List

    Use the ipv6 access-list global configuration command on the switch stack or on a standalone switch to define an IPv6 access list and to place the switch in IPv6 access list configuration mode. To remove the access list, use the no form of this command.
  • Page 321 To disallow ICMPv6 neighbor discovery and to deny icmp any any nd-na or icmp any any nd-ns, there must be an explicit deny entry in the ACL. For the implicit deny ipv6 any any statement to take effect, an IPv6 ACL must contain at least one entry.
  • Page 322 Command Description deny (IPv6 access-list Sets deny conditions for an IPv6 access list. configuration) ipv6 traffic-filter Filters incoming or outgoing IPv6 traffic on an interface. permit (IPv6 Sets permit conditions for an IPv6 access list. access-list configuration) show ipv6 access-list Displays the contents of all current IPv6 access lists.
  • Page 323: Ipv6 Address Dhcp

    Use the ipv6 address dhcp interface configuration command on the switch stack or on a standalone switch to acquire an IPv6 address on an interface from the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server. To remove the address from the interface, use the no form of this command. ipv6 address dhcp [rapid-commit]...
  • Page 324: Ipv6 Dhcp Client Request Vendor

    When enabled, the command is checked only when an IPv6 address is acquired from DHCP. If you enter the command after the interface has acquired an IPv6 address, it does not take effect until the next time the client acquires an IPv6 address from DHCP.
  • Page 325: Ipv6 Dhcp Ping Packets

    Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server sends to a pool address as part of a ping operation. To prevent the server from pinging pool addresses, use the no form of this command.
  • Page 326 Clears an address conflict from the DHCPv6 server database. conflict show ipv6 dhcp Displays address conflicts found by a DHCPv6 server, or reported through conflict a DECLINE message from a client. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 327: Ipv6 Dhcp Pool

    • hexadecimal, using 16-bit values between colons. lifetime t1 t2: sets a valid and a preferred time interval (in seconds) for the IPv6 address. The range • is 5 to 4294967295 seconds. The valid default is 2 days. The preferred default is 1 day. The valid lifetime must be greater than or equal to the preferred lifetime.
  • Page 328 After you create the DHCPv6 configuration information pool, use the ipv6 dhcp server interface configuration command to associate the pool with a server on an interface. However, if you do not configure an information pool, you still need to use the ipv6 dhcp server interface configuration command to enable the DHCPv6 server function on an interface.
  • Page 329 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 dhcp pool Related Commands Command Description ipv6 dhcp server Enables DHCPv6 service on an interface. show ipv6 dhcp pool Displays DHCPv6 configuration pool information. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 330: Ipv6 Dhcp Server

    When an IPv6 DHCP packet is received by the server, the server determines if it was received from a DHCP relay or if it was directly received from the client. If the packet was received from a relay, the server verifies the link-address field inside the packet associated with the first relay that is closest to the client.
  • Page 331 The prefix address is valid if it is in the associated local prefix address pool and it is not assigned to a device. If the allow-hint keyword is not specified, the server ignores the client hint, and an address is allocated from the free list in the pool.
  • Page 332: Ipv6 Mld Snooping

    Use the ipv6 mld snooping global configuration command on the switch stack or on a standalone switch without keywords to enable IP version 6 (IPv6) Multicast Listener Discovery (MLD) snooping globally or on the specified VLAN. Use the no form of this command to disable MLD snooping on the switch or switch stack or the VLAN.
  • Page 333 Switch(config)# ipv6 mld snooping This example shows how to disable MLD snooping on a VLAN: Switch(config)# no ipv6 mld snooping vlan 11 You can verify your settings by entering the show ipv6 mld snooping user EXEC command. Related Commands Command...
  • Page 334: Ipv6 Mld Snooping Last-Listener-Query-Count

    In MLD snooping, the IPv6 multicast router periodically sends out queries to hosts belonging to the multicast group. If a host wants to leave a multicast group, it can silently leave or it can respond to the query with a Multicast Listener Done message (equivalent to an IGMP Leave message). When...
  • Page 335 This example shows how to set the last-listener query count for VLAN 10: Switch(config)# ipv6 mld snooping vlan 10 last-listener-query-count 3 You can verify your settings by entering the show ipv6 mld snooping [vlan vlan-id] user EXEC command. Related Commands...
  • Page 336: Ipv6 Mld Snooping Last-Listener-Query-Interval

    VLAN. This time interval is the maximum time that a multicast router waits after issuing a Mulitcast Address Specific Query (MASQ) before deleting a port from the multicast group. Use the no form of this command to reset the query time to the default settings.
  • Page 337 This example shows how to globally set the last-listener query interval to 2 seconds: Switch(config)# ipv6 mld snooping last-listener-query-interval 2000 This example shows how to set the last-listener query interval for VLAN 1 to 5.5 seconds: Switch(config)# ipv6 mld snooping vlan 1 last-listener-query-interval 5500 You can verify your settings by entering the show ipv6 MLD snooping [vlan vlan-id] user EXEC command.
  • Page 338: Ipv6 Mld Snooping Listener-Message-Suppression

    MLD snooping listener message suppression is equivalent to IGMP snooping report suppression. When enabled, received MLDv1 reports to a group are forwarded to IPv6 multicast routers only once in every report-forward time. This prevents the forwarding of duplicate reports.
  • Page 339: Ipv6 Mld Snooping Robustness-Variable

    (MLD) queries that the switch sends before deleting a listener that does not respond, or enter a VLAN ID to configure on a per-VLAN basis. Use the no form of this command to reset the variable to the default settings.
  • Page 340 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 mld snooping robustness-variable Examples This example shows how to configure the global robustness variable so that the switch sends out three queries before it deletes a listener port that does not respond: Switch(config)# ipv6 mld snooping robustness-variable 3 This example shows how to configure the robustness variable for VLAN 1.
  • Page 341: Ipv6 Mld Snooping Tcn

    Use the ipv6 mld snooping tcn global configuration commands on the switch stack or on a standalone switch to configure IP version 6 (IPv6) Multicast Listener Discovery (MLD) Topology Change Notifications (TCNs). Use the no form of the commands to reset the default settings.
  • Page 342 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 mld snooping tcn Related Commands Command Description sdm prefer Configures an SDM template to support IPv6 functions. dual-ipv4-and-ipv6 show ipv6 mld snooping Displays MLD snooping configuration. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 343: Ipv6 Mld Snooping Vlan

    Use the ipv6 mld snooping vlan global configuration command on the switch stack or on a standalone switch to configure IP version 6 (IPv6) Multicast Listener Discovery (MLD) snooping parameters on the VLAN interface.
  • Page 344 Catalyst 3750-X or Catalyst 3560-X switch to receive queries on the VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch.
  • Page 345: Ipv6 Traffic-Filter

    Layer 2 interfaces (router ACLs). If any port ACL (IPv4, IPv6, or MAC) is applied to an interface, that port ACL is used to filter packets, and any router ACLs attached to the SVI of the port VLAN are ignored.
  • Page 346 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands ipv6 traffic-filter Examples This example filters inbound IPv6 traffic on an IPv6-configured interface as defined by the access list named cisco: Switch (config)# interface gigabitethernet1/0/1 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64...
  • Page 347: L2Protocol-Tunnel

    Use the l2protocol-tunnel interface configuration command on the switch stack or on a standalone switch to enable tunneling of Layer 2 protocols on an access port, IEEE 802.1Q tunnel port, or a port channel. You can enable tunneling for Cisco Discovery Protocol (CDP), Spanning Tree Protocol (STP), or VLAN Trunking Protocol (VTP) packets.
  • Page 348 When no protocol option is specified with the keyword, the threshold is applied to each of the tunneled Layer 2 protocol types. If you also set a drop threshold on the interface, the shutdown-threshold value must be greater than or equal to the drop-threshold value.
  • Page 349 For more information about Layer 2 protocol tunneling, see the software configuration guide for this release. Examples This example shows how to enable protocol tunneling for CDP packets and to configure the shutdown threshold as 50 packets per second: Switch(config-if)# l2protocol-tunnel cdp...
  • Page 350: L2Protocol-Tunnel Cos

    5. The range is 0 to 7, with 7 being the highest priority. Defaults The default is to use the CoS value configured for data on the interface. If no CoS value is configured, the default is 5 for all tunneled Layer 2 protocol packets.
  • Page 351: Lacp Port-Priority

    LACP channel group. An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode.
  • Page 352 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands lacp port-priority Examples This example shows how to configure the LACP port priority on a port: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# lacp port-priority 1000 You can verify your settings by entering the show lacp [channel-group-number] internal privileged EXEC command.
  • Page 353: Lacp System-Priority

    The lacp system-priority command determines which switch in an LACP link controls port priorities. An LACP channel group can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. When there are more than eight ports in an LACP channel-group, the switch on the controlling end of the link uses port priorities to determine which ports are bundled into the channel and which ports are put in hot-standby mode.
  • Page 354 Command Description channel-group Assigns an Ethernet port to an EtherChannel group. lacp port-priority Configures the LACP port priority. show lacp sys-id Displays the system identifier that is being used by LACP. Catalyst 3750-X and 3560-X Switch Command Reference 2-322 OL-21522-02...
  • Page 355: Link State Group

    An interface can be an aggregation of ports (an EtherChannel), a single physical port in access or trunk mode, or a routed port. In a link-state group, these interfaces are bundled together. The downstream interfaces are bound to the upstream interfaces. Interfaces connected to servers are referred to as downstream interfaces, and interfaces connected to distribution switches and network devices are referred to as upstream interfaces.
  • Page 356 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands link state group Examples This example shows how to configure the interfaces as upstream in group 2: Switch# configure terminal Switch(config)# interface range gigabitethernet1/0/11 - 14 Switch(config-if-range)# link state group 2 upstream...
  • Page 357: Link State Track

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands link state track link state track Use the link state track user EXEC command to enable a link-state group. Use the no form of this command to disable a link-state group. link state track [number]...
  • Page 358: Location (Global Configuration)

    Usage Guidelines After entering the location civic-location identifier id global configuration command, you enter civic location configuration mode. In this mode, you can enter the civic location and the postal location information. The civic-location identifier must not exceed 250 bytes.
  • Page 359 You can verify your settings by entering the show location civic-location command. This example shows how to configure the emergency location information location on the switch: Switch (config)# location elin-location 14085553881 identifier 1 You can verify your settings by entering the show location elin privileged EXEC command.
  • Page 360: Location (Interface Configuration)

    (interface configuration) location (interface configuration) Use the location interface command to enter location information for an interface. Use the no form of this command to remove the interface location information. location {additional-location-information word | civic-location-id id | elin-location-id id}...
  • Page 361 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands location (interface configuration) You can verify your settings by entering the show location civic interface privileged EXEC command. This example shows how to enter emergency location information for an interface: Switch(config)# interface gigabitethernet2/0/2...
  • Page 362: Logging Event

    Use the logging event interface configuration command to enable notification of interface link status changes. Use the no form of this command to disable notification. logging event {bundle-status | link-status | spanning-tree | status | trunk status}...
  • Page 363: Logging Event Power-Inline-Status

    Use the logging event power-inline-status interface configuration command to enable the logging of Power over Ethernet (PoE) events. Use the no form of this command to disable the logging of PoE status events; however, the no form of this command does not disable PoE error events.
  • Page 364: Logging File

    Use the logging file global configuration command on the switch stack or on a standalone switch to set logging file parameters. Use the no form of this command to return to the default setting. logging file filesystem:filename [max-file-size | nomax [min-file-size]] [severity-level-number |...
  • Page 365 On the Catalyst 3750-switch, the log file is stored in ASCII text format in an internal buffer on a standalone switch, and in the case of a switch stack, on the stack master. If a standalone switch or the stack master fails, the log is lost unless you had previously saved it to flash memory by using the logging file flash:filename global configuration command.
  • Page 366: Mab Request Format Attribute 32

    This command was introduced. Usage Guidelines Use this command to allow a RADIUS server to authenticate a new user based on the host MAC address and VLAN. Use this feature on networks with the Microsoft IAS RADIUS server. The Cisco ACS ignores this command.
  • Page 367 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port with the maximum number of devices already connected to that port. Enables MAC-based authentication on a port.
  • Page 368: Mac Access-Group

    ACL replaces the previously configured one. If you apply an ACL to a Layer 2 interface on a switch, and the switch has an input Layer 3 ACL or a VLAN map applied to a VLAN that the interface is a member of, the ACL applied to the Layer 2 interface takes precedence.
  • Page 369 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac access-group Examples This example shows how to apply a MAC extended ACL named macacl2 to an interface: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# mac access-group macacl2 in You can verify your settings by entering the show mac access-group privileged EXEC command. You can see configured ACLs on the switch by entering the show access-lists privileged EXEC command.
  • Page 370: Mac Access-List Extended

    Use the mac access-list extended global configuration command on the switch stack or on a standalone switch to create an access list based on MAC addresses for non-IP traffic. Using this command puts you in the extended MAC access-list configuration mode. Use the no form of this command to return to the default setting.
  • Page 371 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac access-list extended This example shows how to delete MAC named extended access list mac1: Switch(config)# no mac access-list extended mac1 You can verify your settings by entering the show access-lists privileged EXEC command. Related Commands Command Description...
  • Page 372: Mac Address-Table Aging-Time

    MAC address table after the entry is used or updated. Use the no form of this command to return to the default setting. The aging time applies to all VLANs or a specified VLAN.
  • Page 373: Mac Address-Table Learning Vlan

    Use the mac address-table learning global configuration command to enable MAC address learning on a VLAN. This is the default state. Use the no form of this command to disable MAC address learning on a VLAN to control which VLANs can learn MAC addresses.
  • Page 374 If you disable MAC address learning on a VLAN that includes a secure port, MAC address learning is not disabled on the secure port. If you later disable port security on the interface, the disabled MAC address learning state is enabled.
  • Page 375: Mac Address-Table Move Update

    You can configure the access switch to send the MAC address-table move update messages if the primary link goes down and the standby link comes up. You can configure the uplink switches to receive and process the MAC address-table move update messages.
  • Page 376 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac address-table move update Related Commands Command Description clear mac address-table move Clears the MAC address-table move update global counters. update debug matm move update Debugs the MAC address-table move update message processing.
  • Page 377: Mac Address-Table Notification

    Use the mac address-table notification global configuration command on the switch stack or on a standalone switch to enable the MAC address notification feature on the switch or the switch stack. Use the no form of this command to return to the default setting.
  • Page 378 MAC address traps to the NMS by using the snmp-server enable traps mac-notification change global configuration command. You can also enable traps whenever a MAC address is moved from one port to another in the same VLAN by entering the mac address-table notification mac-move command and the snmp-server enable traps mac-notification move global configuration command.
  • Page 379: Mac Address-Table Static

    Use the mac address-table static global configuration command on the switch stack or on a standalone switch to add static addresses to the MAC address table. Use the no form of this command to remove static entries from the table.
  • Page 380: Mac Address-Table Static Drop

    Use the mac address-table static drop global configuration command on the switch stack or on a standalone switch to enable unicast MAC address filtering and to configure the switch to drop traffic with a specific source or destination MAC address. Use the no form of this command to return to the default setting.
  • Page 381 Examples This example shows how to enable unicast MAC address filtering and to configure the switch to drop packets that have a source or destination address of c2f3.220a.12f4. When a packet is received in VLAN 4 with this MAC address as its source or destination, the packet is dropped: Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 drop...
  • Page 382: Mac Sec

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mac sec mac sec To enable 802.1ae Media Access Control Security (MACsec) on an interface, use the macsec interface configuration command. To disable MACsec on the interface, use the no form of this command. macsec...
  • Page 383: Match (Access-Map Configuration)

    Use the match access-map configuration command on the switch stack or on a standalone switch to set the VLAN map to match packets against one or more access lists. Use the no form of this command to remove the match parameters.
  • Page 384 Examples This example shows how to define and apply a VLAN access map vmap4 to VLANs 5 and 6 that will cause the interface to drop an IP packet if the packet matches the conditions defined in access list al2.
  • Page 385: Match (Class-Map Configuration)

    Use the match class-map configuration command on the switch stack or on a standalone switch to define the match criteria to classify traffic. Use the no form of this command to remove the match criteria. match {access-group acl-index-or-name | input-interface interface-id-list | ip dscp dscp-list | ip...
  • Page 386 For example, you can enter the match ip dscp af11 command, which is the same as entering the match ip dscp 10 command. You can enter the match ip precedence critical command, which is the same as entering the match ip precedence 5 command. For a list of supported mnemonics, enter the match ip dscp ? or the match ip precedence ? command to see the command-line help strings.
  • Page 387 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands match (class-map configuration) This example shows how to specify a range of physical ports to which an interface-level class map in a hierarchical policy map applies: Switch(config)# class-map match-all class4...
  • Page 388: Mdix Auto

    This command was introduced. Usage Guidelines When you enable auto-MDIX on an interface, you must also set the interface speed and duplex to auto so that the feature operates correctly. When auto-MDIX (and autonegotiation of speed and duplex) is enabled on one or both of connected interfaces, link up occurs, even if the cable type (straight-through or crossover) is incorrect.
  • Page 389 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mdix auto Related Commands Command Description Displays general information about internal registers of an interface, show controllers including the operational state of auto-MDIX. ethernet-controller interface-id phy Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 390: Media-Type Rj45

    Use the media-type rj45 line configuration command to manually select the RJ-45 console connection for input, whether or not there is a device connected to the USB console port. Use the no form of this command to return to the default setting. The USB console takes precedence if devices are connected to both consoles.
  • Page 391: Mka Default-Policy

    To remove any MKA policy from the interface, including the default, enter the no mka policy interface configuration command. Examples This example shows what you see if you apply the default policy to an interface that already has a policy applied: Switch(config)# interface gigabitethernet 1/0/6...
  • Page 392: Mka Policy (Global Configuration)

    This command was introduced. Usage Guidelines If you enter the name of an existing policy, you see a warning that any changes to the policy deletes all active MKA sessions with that policy. Whenever you change an MKA policy, active MKA sessions with that policy applied are cleared.
  • Page 393 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mka policy (global configuration) Examples This example shows what you see if you create a policy name that already exists: Switch(config)# mka policy test-policy Switch(config-mks-policy)# exit Switch(config)# mka policy test-policy %MKA policy “test-policy”...
  • Page 394: Mka Policy (Interface Configuration)

    If a different MKA policy was applied to the interface, entering this command clears all active MKA sessions running on the interface. If you enter a a policy name that is already applied to the interface, you are notified that the policy was already applied and no sessions are cleared.
  • Page 395 (interface configuration) Related Commands Command Description mka policy (global Creates an MKA policy and enters MKA policy configuration mode. configuration) show mka policy Displays MKA policies configured on the switch. Catalyst 3750-X and 3560-X Switch Command Reference 2-363...
  • Page 396: Mls Qos

    (QoS) for the entire switch. When the mls qos command is entered, QoS is enabled with the default parameters on all ports in the system. Use the no form of this command to reset all the QoS-related statistics and to disable the QoS features for the entire switch.
  • Page 397 IPv6 qos aces: 0.5K number of IPv6 security aces: 0.5K Switch# configure terminal Switch(config)# mls qos You can verify your settings by entering the show mls qos privileged EXEC command. Related Commands Command Description show mls qos Displays QoS information.
  • Page 398: Mls Qos Aggregate-Policer

    A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded. Use the no form of this command to delete an aggregate policer.
  • Page 399 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos aggregate-policer You cannot delete an aggregate policer if it is being used in a policy map. You must first use the no police aggregate aggregate-policer-name policy-map class configuration command to delete the aggregate policer from all policy maps before using the no mls qos aggregate-policer aggregate-policer-name command.
  • Page 400: Mls Qos Cos

    Use the mls qos cos interface configuration command on the switch stack or on a standalone switch to define the default class of service (CoS) value of a port or to assign the default CoS to all incoming packets on the port. Use the no form of this command to return to the default setting.
  • Page 401 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos cos This example shows how to assign all the packets entering a port to the default port CoS value of 4 on a port: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# mls qos cos 4 Switch(config-if)# mls qos cos override You can verify your settings by entering the show mls qos interface privileged EXEC command.
  • Page 402: Mls Qos Dscp-Mutation

    Use the mls qos dscp-mutation interface configuration command on the switch stack or on a standalone switch to apply a Differentiated Services Code Point (DSCP)-to-DSCP-mutation map to a DSCP-trusted port. Use the no form of this command to return the map to the default settings (no DSCP mutation). mls qos dscp-mutation dscp-mutation-name...
  • Page 403 This example show how to remove the DSCP-to-DSCP-mutation map name dscpmutation1 from the port and to reset the map to the default: Switch(config-if)# no mls qos dscp-mutation dscpmutation1 You can verify your settings by entering the show mls qos maps privileged EXEC command. Related Commands Command...
  • Page 404: Mls Qos Map

    Use the mls qos map global configuration command on the switch stack or on a standalone switch to define the class of service (CoS)-to-Differentiated Services Code Point (DSCP) map, DSCP-to-CoS map, the DSCP-to-DSCP-mutation map, the IP-precedence-to-DSCP map, and the policed-DSCP map.
  • Page 405 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos map Defaults Table 2-14 shows the default CoS-to-DSCP map: Table 2-14 Default CoS-to-DSCP Map CoS Value DSCP Value Table 2-15 shows the default DSCP-to-CoS map: Table 2-15 Default DSCP-to-CoS Map...
  • Page 406 Switch(config)# mls qos map ip-prec-dscp 0 10 20 30 40 50 55 60 This example shows how to define the policed-DSCP map. DSCP values 1, 2, 3, 4, 5, and 6 are marked down to DSCP value 0. Marked DSCP values that not explicitly configured are not modified:...
  • Page 407 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos map Related Commands Command Description mls qos dscp-mutation Applies a DSCP-to-DSCP-mutation map to a DSCP-trusted port. show mls qos maps Displays quality of service (QoS) mapping information. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 408: Mls Qos Queue-Set Output Buffers

    Use the mls qos queue-set output buffers global configuration command on the switch stack or on a standalone switch to allocate buffers to a queue-set (four egress queues per port). Use the no form of this command to return to the default setting.
  • Page 409 Examples This example shows how to map a port to queue-set 2. It allocates 40 percent of the buffer space to egress queue 1 and 20 percent to egress queues 2, 3, and 4: Switch(config)# mls qos queue-set output 2 buffers 40 20 20 20...
  • Page 410: Mls Qos Queue-Set Output Threshold

    Use the mls qos queue-set output threshold global configuration command on the switch stack or on a standalone switch to configure the weighted tail-drop (WTD) thresholds, to guarantee the availability of buffers, and to configure the maximum memory allocation to a queue-set (four egress queues per port).
  • Page 411 (free buffers). If the queue is not over-limit, the switch can allocate buffer space from the reserved pool or from the common pool (if it is not empty). If there are no free buffers in the common pool or if the queue is over-limit, the switch drops the frame.
  • Page 412: Mls Qos Rewrite Ip Dscp

    DSCP field in the incoming packet, and the DSCP field in the outgoing packet is the same as that in the incoming packet.
  • Page 413 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos rewrite ip dscp Examples This example shows how to enable DSCP transparency and configure the switch to not change the DSCP value of the incoming IP packet: Switch(config)# mls qos...
  • Page 414: Mls Qos Srr-Queue Input Bandwidth

    Switch(config)# mls qos srr-queue input priority-queue 2 bandwidth 0 Switch(config)# mls qos srr-queue input bandwidth 25 75 In this example, queue 2 has three times the bandwidth of queue 1; queue 2 is serviced three times as often as queue 1.
  • Page 415 This example shows how to assign the ingress bandwidths for the queues in the stack. Queue 1 is the priority queue with 10 percent of the bandwidth allocated to it. The bandwidth ratio allocated to queues 1 and 2 is 4/(4+4).
  • Page 416: Mls Qos Srr-Queue Input Buffers

    Percentage of buffers allocated to ingress queues 1 and 2. The range is 0 to percentage2 100. Separate each value with a space. Defaults Ninety percent of the buffers is allocated to queue 1, and 10 percent of the buffers is allocated to queue 2. Command Modes Global configuration Command History...
  • Page 417 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands mls qos srr-queue input buffers Command Description mls qos srr-queue input threshold Assigns weighted tail-drop (WTD) threshold percentages to an ingress queue. show mls qos input-queue Displays ingress queue settings.
  • Page 418: Mls Qos Srr-Queue Input Cos-Map

    Use the mls qos srr-queue input cos-map global configuration command on the switch stack or on a standalone switch to map class of service (CoS) values to an ingress queue or to map CoS values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
  • Page 419 Examples This example shows how to map CoS values 0 to 3 to ingress queue 1 and to threshold ID 1 with a drop threshold of 50 percent. It maps CoS values 4 and 5 to ingress queue 1 and to threshold ID 2 with a drop...
  • Page 420: Mls Qos Srr-Queue Input Dscp-Map

    Differentiated Services Code Point (DSCP) values to an ingress queue or to map DSCP values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
  • Page 421 Examples This example shows how to map DSCP values 0 to 6 to ingress queue 1 and to threshold 1 with a drop threshold of 50 percent. It maps DSCP values 20 to 26 to ingress queue 1 and to threshold 2 with a drop...
  • Page 422: Mls Qos Srr-Queue Input Priority-Queue

    Use the no form of this command to return to the default setting. mls qos srr-queue input priority-queue queue-id bandwidth weight...
  • Page 423 Examples This example shows how to assign the ingress bandwidths for the queues in the stack. Queue 1 is the priority queue with 10 percent of the bandwidth allocated to it. The bandwidth ratio allocated to queues 1 and 2 is 4/(4+4).
  • Page 424: Mls Qos Srr-Queue Input Threshold

    (CoS) or Differentiated Services Code Points (DSCPs) values are mapped to threshold 1 and to threshold 2. If threshold 1 is exceeded, packets with CoS or DSCPs assigned to this threshold are dropped until the threshold is no longer exceeded. However, packets assigned to threshold 2 continue to be queued and sent as long as the second threshold is not exceeded.
  • Page 425 Allocates the buffers between the ingress queues. mls qos srr-queue input cos-map Maps class of service (CoS) values to an ingress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue input dscp-map Maps Differentiated Services Code Point (DSCP) values to an ingress queue or maps DSCP values to a queue and to a threshold ID.
  • Page 426: Mls Qos Srr-Queue Output Cos-Map

    Use the mls qos srr-queue output cos-map global configuration command on the switch stack or on a standalone switch to map class of service (CoS) values to an egress queue or to map CoS values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
  • Page 427 Examples This example shows how to map a port to queue-set 1. It maps CoS values 0 to 3 to egress queue 1 and to threshold ID 1. It configures the drop thresholds for queue 1 to 50 and 70 percent of the allocated memory, guarantees (reserves) 100 percent of the allocated memory, and configures 200 percent as the maximum memory that this queue can have before packets are dropped.
  • Page 428: Mls Qos Srr-Queue Output Dscp-Map

    Differentiated Services Code Point (DSCP) values to an egress or to map DSCP values to a queue and to a threshold ID. Use the no form of this command to return to the default setting.
  • Page 429 Examples This example shows how to map a port to queue-set 1. It maps DSCP values 0 to 3 to egress queue 1 and to threshold ID 1. It configures the drop thresholds for queue 1 to 50 and 70 percent of the allocated memory, guarantees (reserves) 100 percent of the allocated memory, and configures 200 percent as the maximum memory that this queue can have before packets are dropped.
  • Page 430: Mls Qos Trust

    CoS can be the packet CoS for trunk ports or the port default CoS for nontrunk ports. If the DSCP is trusted, the DSCP field of the IP packet is not modified. However, it is still possible that the CoS value of the packet is modified (according to DSCP-to-CoS map).
  • Page 431 The trusted boundary feature prevents security problems if users disconnect their PCs from networked Cisco IP Phones and connect them to the switch port to take advantage of trusted CoS or DSCP settings. You must globally enable the Cisco Discovery Protocol (CDP) on the switch and on the port connected to the IP phone.
  • Page 432: Mls Qos Vlan-Based

    Use the mls qos vlan-based interface configuration command on the switch stack or on a standalone switch to enable VLAN-based quality of service (QoS) on the physical port. Use the no form of this command to disable this feature.
  • Page 433: Mode

    Entering the no mode command sets the switch to the defaults of power-shared and non-strict mode. For stack power, available power is the total power available for PoE from all power supplies in the Note power stack, budgeted power is the power allocated to all powered devices connected to PoE ports in the stack, and consumed power is the actual power consumed by the powered devices.
  • Page 434 This reduces the available power in the pool for switches and powered devices, but in case of a failure or an extreme power load, there is less chance of having to shut down switches or powered devices.
  • Page 435: Monitor Session

    (such as a Cisco IDS Sensor Appliance), to add or delete interfaces or VLANs to or from an existing SPAN or RSPAN session, and to limit (filter) SPAN source traffic to specific VLANs. Use the no form of this command to remove the SPAN or RSPAN session or to remove source or destination interfaces or filters from the SPAN or RSPAN session.
  • Page 436 Specify a list of VLANs as filters on trunk source ports to limit SPAN source traffic to specific VLANs. The vlan-id range is 1 to 4094. source Specify the SPAN or RSPAN source. A source can be a physical port, a port channel, or a VLAN. both, rx, tx (Optional) Specify the traffic direction to monitor.
  • Page 437 VSPAN, and only packets with the monitored VLAN ID are sent to the destination port. You can monitor traffic on a single port or VLAN or on a series or range of ports or VLANs. You select a series or range of interfaces or VLANs by using the [, | -] options.
  • Page 438 SPAN only; RSPAN does not support encapsulation replication.) Examples This example shows how to create a local SPAN session 1 to monitor both sent and received traffic on source port 1 on stack member 1 to destination port 2 on stack member 2:...
  • Page 439 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands monitor session This example shows how to configure the destination port for ingress traffic on VLAN 5 by using a security device that supports IEEE 802.1Q encapsulation. Egress traffic replicates the source; ingress traffic uses IEEE 802.1Q encapsulation.
  • Page 440: Mvr (Global Configuration)

    MVR mode for a switch, configure the MVR IP multicast address, set the maximum time to wait for a query reply before removing a port from group membership, and to specify the MVR multicast VLAN. Use the no form of this command to return to the default settings.
  • Page 441 A maximum of 256 MVR multicast groups can be configured on a switch. Use the mvr group command to statically set up all the IP multicast addresses that will take part in MVR. Any multicast data sent to a configured multicast address is sent to all the source ports on the switch and to all receiver ports that have registered to receive data on that IP multicast address.
  • Page 442 Displays all ports that are members of an MVR multicast group; if the group has no members, its status is shown as Inactive. Catalyst 3750-X and 3560-X Switch Command Reference 2-410...
  • Page 443: Mvr (Interface Configuration)

    Layer 2 port as a multicast VLAN registration (MVR) receiver or source port, to set the Immediate Leave feature, and to statically assign a port to an IP multicast VLAN and IP address. Use the no form of this command to return to the default settings.
  • Page 444 VLAN. A port that is not taking part in MVR should not be configured as an MVR receiver port or a source port. A non-MVR port is a normal switch port, able to send and receive multicast data with normal switch behavior.
  • Page 445 Displays MVR global parameters or port parameters. show mvr interface Displays the configured MVR interfaces or displays the multicast groups to which a receiver port belongs. Also displays all MVR groups of which the interface is a member. show mvr members Displays all receiver ports that are members of an MVR multicast group.
  • Page 446: Network-Policy

    Use the network-policy profile number interface configuration command to apply a profile to an interface. If you first configure a network-policy profile on an interface, you cannot apply the switchport voice vlan command on the interface. If switchport voice vlan vlan-id is already configured on an interface, you can apply a network-policy profile on the interface.
  • Page 447: Network-Policy Profile (Global Configuration)

    (global configuration) Use the network-policy profile global configuration command to create a network-policy profile and to enter network-policy configuration mode. Use the no form of this command to delete the policy and to return to global configuration mode.
  • Page 448: Network-Policy Profile (Network-Policy Configuration)

    The voice-signaling application type is for network topologies that require a different policy for voice signaling than for voice media. This application type should not be advertised if all the same network policies apply as those advertised in the voice policy TLV.
  • Page 449 This example shows how to configure the voice application type for VLAN 100 with a priority 4 CoS: Switch(config)# network-policy profile 1 Switch(config-network-policy)# voice vlan 100 cos 4 This example shows how to configure the voice application type for VLAN 100 with a DSCP value of 34: Switch(config)# network-policy profile 1 Switch(config-network-policy)# voice vlan 100 dscp 34...
  • Page 450: Nmsp

    Use the nmsp global configuration command to enable the switch to send NMSP location and attachment notifications to a Cisco Mobility Services Engine (MSE). Examples This example shows how to enable NMSP on a switch and set the location notification time to 10 seconds: Switch(config)# nmsp enable...
  • Page 451: Nmsp Attachment Suppress

    Use the nmsp attachment suppress interface configuration mode command to suppress the reporting of attachment information from a specified interface. Use the no form of this command to return to the default setting. nmsp attachment suppress...
  • Page 452: No Authentication Logging Verbose

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands no authentication logging verbose no authentication logging verbose Use the no authentication logging verbose global configuration command on the switch stack or on a standalone switch to filter detailed information from authentication system messages. no authentication logging verbose Defaults All details are displayed in the system messages.
  • Page 453: No Dot1X Logging Verbose

    Catalyst 3750-X and 3560-X Switch Cisco IOS Commands no dot1x logging verbose no dot1x logging verbose Use the no dot1x logging verbose global configuration command on the switch stack or on a standalone switch to filter detailed information from 802.1x system messages. no dot1x logging verbose Defaults All details are displayed in the system messages.
  • Page 454: No Mab Logging Verbose

    Use the no mab logging verbose global configuration command on the switch stack or on a standalone switch to filter detailed information from MAC authentication bypass (MAB) system messages. no mab logging verbose Defaults All details are displayed in the system messages.
  • Page 455: Nsf

    Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands Use the nsf router configuration command on a switch stack or standalone switch to enable and configure Cisco nonstop forwarding (NSF) for Open Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP) routing.
  • Page 456 Enables a routing process. Displays the current operating configuration. For syntax information, select Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 > EIGRP Commands and Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 > OSFP Commands.
  • Page 457: Pagp Learn-Method

    Catalyst 1900 switch. When the link partner to the switch is a physical learner, we recommend that you configure the switch as a physical-port learner by using the pagp learn-method physical-port interface configuration command and to set the load-distribution method based on the source MAC address by using the port-channel load-balance src-mac global configuration command.
  • Page 458 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands pagp learn-method Examples This example shows how to set the learning method to learn the address on the physical port within the EtherChannel: Switch(config-if)# pagp learn-method physical-port This example shows how to set the learning method to learn the address on the port-channel within the...
  • Page 459: Pagp Port-Priority

    If all unused ports in the EtherChannel are in hot-standby mode, they can be placed into operation if the currently selected port and link fails. Use the no form of this command to return to the default setting.
  • Page 460 Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_command_r eference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. Catalyst 3750-X and 3560-X Switch Command Reference 2-428...
  • Page 461: Permit (Arp Access-List Configuration)

    Use the permit Address Resolution Protocol (ARP) access-list configuration command to permit an ARP packet based on matches against the Dynamic Host Configuration Protocol (DHCP) bindings. Use the no form of this command to remove the specified access control entry (ACE) from the access control list.
  • Page 462 You can add permit clauses to forward ARP packets based on some matching criteria. Examples This example shows how to define an ARP access list and to permit both ARP requests and ARP responses from a host with an IP address of 1.1.1.1 and a MAC address of 0000.0000.abcd: Switch(config)# arp access-list static-hosts Switch(config-arp-nacl)# permit ip host 1.1.1.1 mac host 0000.0000.abcd...
  • Page 463: Permit (Ipv6 Access-List Configuration)

    (IPv6 access-list configuration) Use the permit IPv6 access list configuration command on the switch stack or on a standalone switch to set permit conditions for an IPv6 access list. Use the no form of this command to remove the permit conditions.
  • Page 464 The optional port-number argument is a decimal number or the name of a TCP or a UDP port. A port number is a number from 0 to 65535. TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.
  • Page 465 (Optional) Specify an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by the ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. icmp-message (Optional) Specify an ICMP message name for filtering ICMP packets.
  • Page 466 You can add permit, deny, or remark statements to an existing access list without re-entering the entire list. To add a new statement anywhere other than at the end of the list, create a new statement with an appropriate entry number that falls between two existing entry numbers to show where it belongs.
  • Page 467 Switch(config-if)# ipv6 traffic-filter OUTBOUND out Switch(config-if)# ipv6 traffic-filter INBOUND in Given that a permit any any statement is not included as the last entry in the OUTBOUND or the Note INBOUND access list, only TCP, UDP, and ICMP packets are permitted out of and into the interface (the implicit deny-all condition at the end of the access list denies all other packet types on the interface).
  • Page 468 Related Commands Command Description ipv6 access-list Defines an IPv6 access list and enters IPv6 access list configuration mode. ipv6 traffic-filter Filters incoming or outgoing IPv6 traffic on an interface. deny (IPv6 access-list Sets deny conditions for an IPv6 access list.
  • Page 469: Permit (Mac Access-List Configuration)

    Use the permit MAC access-list configuration command on the switch stack or on a standalone switch to allow non-IP traffic to be forwarded if the conditions are matched. Use the no form of this command to remove a permit condition from the extended MAC access list.
  • Page 470 (Optional) Select EtherType Xerox Network Systems (XNS) protocol suite. To filter IPX traffic, you use the type mask or lsap lsap mask keywords, depending on the type of IPX encapsulation being used. Filter criteria for IPX encapsulation types as specified in Novell terminology...
  • Page 471 If you use the host keyword, you cannot enter an address mask; if you do not use the any or host keywords, you must enter an address mask. After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list.
  • Page 472: Police

    A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded. Use the no form of this command to remove an existing policer.
  • Page 473 Examples This example shows how to configure a policer that drops packets if traffic exceeds 1 Mb/s average rate with a burst size of 20 KB. The DSCPs of incoming packets are trusted, and there is no packet modification. Switch(config)# policy-map policy1...
  • Page 474: Police Aggregate

    A policer defines a maximum permissible rate of transmission, a maximum burst size for transmissions, and an action to take if either maximum is exceeded. Use the no form of this command to remove the specified policer.
  • Page 475 Switch(config-pmap-c)# exit Switch(config-pmap)# class class3 Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate agg_policer2 Switch(config-pmap-c)# exit You can verify your settings by entering the show mls qos aggregate-policer privileged EXEC command. Related Commands Command Description mls qos aggregate-policer Defines policer parameters, which can be shared by multiple classes within a policy map.
  • Page 476: Policy-Map

    No policy maps are defined. The default behavior is to set the Differentiated Services Code Point (DSCP) to 0 if the packet is an IP packet and to set the class of service (CoS) to 0 if the packet is tagged. No policing is performed.
  • Page 477 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands policy-map Only one policy map per ingress port or SVI is supported. You can apply the same policy map to multiple physical ports or SVIs. You can apply a nonhierarchical policy maps to physical ports or to SVIs. A nonhierarchical policy map is the same as a port-based policy maps in Catalyst 3750 and 3560 switches.
  • Page 478 Defines a traffic classification match criteria (through the police, set, and trust policy-map class configuration command) for the specified class-map name. class-map Creates a class map to be used for matching packets to the class whose name you specify. service-policy Applies a policy map to a port.
  • Page 479: Port-Channel Load-Balance

    Use the port-channel load-balance global configuration command on the switch stack or on a standalone switch to set the load-distribution method among the ports in the EtherChannel. Use the no form of this command to return to the default setting.
  • Page 480 Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_comman d_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. Catalyst 3750-X and 3560-X Switch Command Reference 2-448...
  • Page 481: Power Inline

    {high | low} Configures the power priority of a StackPower port. In case of a power supply failure, ports configured as low priority are turned off first. The default priority is low.
  • Page 482 The switch reserves the power on a static port even when there is no connected device and whether or not the port is in a shutdown or in a no shutdown state. The switch allocates the configured maximum wattage to the port, and the amount is never adjusted through the IEEE class or by CDP messages from the powered device.
  • Page 483 Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# power inline never This example shows how to set the priority of a port to high, so that it would be one of the last ports to be shut down in case of power supply failure:...
  • Page 484: Power Inline Consumption

    IEEE classification. If the powered device is a class 0 (class status unknown) or a class 3, the switch budgets 15400 mW for the device, regardless of the CDP-specific amount of power needed.
  • Page 485 The initial allocation for Class 0, Class 3, and Class 4 powered devices is 15.4 W. When a device starts Note up and uses CDP or LLDP to send a request for more than 15.4 W, it can be allocated up to the maximum of 30 W.
  • Page 486 Take precaution not to oversubscribe the power supply. It is recommended to enable power policing if the switch supports it. Refer to documentation. You can verify your settings by entering the show power inline consumption privileged EXEC command. Related Commands Command...
  • Page 487: Power Inline Police

    This command is supported only on Power over Ethernet (PoE)-capable ports. If you enter this command on a switch or port that does not support PoE, an error message appears. In a switch stack, this command is supported on all switches or ports in the stack that support PoE and real-time power-consumption monitoring.
  • Page 488 If the port continuously draws more than 15.4 W, the cycle repeats. When a powered device connected to a PoE+ port restarts and sends a CDP or LLDP packet with a power Note TLV, the switch locks to the power-negotiation protocol of that first packet and does not respond to power requests from the other protocol.
  • Page 489 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands power inline police Examples This example shows how to enable policing of the power consumption and configuring the switch to generate a syslog message on the PoE port on a switch: Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# power inline police action log You can verify your settings by entering the show power inline police privileged EXEC command.
  • Page 490: Power-Priority

    We recommend that you configure different priority values for each switch and for its high priority ports and low priority ports to limit the number of devices shut down at one time during a loss of power. If you try to configure the same priority value on different switches in a power stack, the configuration is allowed, but you receive a warning message.
  • Page 491 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands power-priority Examples This is an example of setting the power priority for switch 1 in power stack a to 7, for the high-priority ports to 11, and for the low-priority ports to 20. Switch(config)# stack-power switch 1...
  • Page 492: Power Rps

    RPS is not providing power to a switch. • priority priority Set the priority of the RPS port. The range is from 1 to 6, where 1 is the highest priority and 6 is the lowest priority. Defaults The name of the RPS 2300 is not configured.
  • Page 493 If you do not want the RPS to provide power to a switch connected to the specified RPS port but do not want to disconnect the RPS cable between the switch and the redundant power system, use the power rps switch-number port rps-port-id mode standby command.
  • Page 494: Power Supply

    Use the power supply user EXEC command on the switch stack or on a standalone switch to configure and manage the internal power supplies on the switch. power supply switch-number {reset {hard | soft} slot {A | B} {off | on}}...
  • Page 495 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands power supply This example shows how to set the power supply in slot A of stack member 2 in a switch stack to off: Switch> power supply 2 slot A off This example shows how to set power supply B of a standalone switch to on: Switch>...
  • Page 496: Priority-Queue

    SRR. This means that weight1 in the srr-queue bandwidth shape or the srr-queue bandwidth shape interface configuration command is ignored (not used in the ratio calculation). The expedite queue is a priority queue, and it is serviced until empty before the other queues are serviced.
  • Page 497 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands priority-queue This example shows how to disable the egress expedite queue after the SRR shaped and shared weights are configured. The shaped mode overrides the shared mode. Switch(config)# interface gigabitethernet1/0/2...
  • Page 498: Private-Vlan

    VLAN, you should not change the VTP mode to client or server. VTP does not propagate private-VLAN configuration. You must manually configure private VLANs on all switches in the Layer 2 network to merge their Layer 2 databases and to prevent flooding of private-VLAN traffic.
  • Page 499 An isolated VLAN is used by isolated ports to communicate with promiscuous ports. It does not carry traffic to other community ports or isolated ports with the same primary vlan domain. A primary VLAN is the VLAN that carries traffic from a gateway to customer end stations on private ports.
  • Page 500 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands private-vlan Switch(config-vlan)# private-vlan association 501-503 Switch(config-vlan)# end You can verify your setting by entering the show vlan private-vlan or show interfaces status privileged EXEC command. Related Commands Command Description show interfaces...
  • Page 501: Private-Vlan Mapping

    Traffic that is received on the secondary VLAN is routed by the SVI of the primary VLAN. A secondary VLAN can be mapped to only one primary SVI. IF you configure the primary VLAN as a secondary VLAN, all SVIs specified in this command are brought down.
  • Page 502 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands private-vlan mapping Examples This example shows how to map the interface of VLAN 20 to the SVI of VLAN 18: Switch# configure terminal Switch# interface vlan 18 Switch(config-if)# private-vlan mapping 20...
  • Page 503: Queue-Set

    Use the queue-set interface configuration command on the switch stack or on a standalone switch to map a port to a queue-set. Use the no form of this command to return to the default setting. queue-set qset-id no queue-set qset-id...
  • Page 504: Radius-Server Dead-Criteria

    The tries parameter should be the same as the number of retransmission attempts. • Examples This example shows how to configure 60 as the time and 10 as the number of tries, the conditions that determine when a RADIUS server is considered unavailable Switch(config)# radius-server dead-criteria time 60 tries 10 You can verify your settings by entering the show running-config privileged EXEC command.
  • Page 505 Specifies the number of times that the switch tries to reach the RADIUS servers before considering the servers to be unavailable. For syntax information, select Cisco IOS Security Command Reference, Release 12.2 >...
  • Page 506: Radius-Server Host

    Always configure the key as the last item in this command. Leading spaces are ignored, but spaces within and at the end of the key are used. If there are spaces in your key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
  • Page 507 Examples This example shows how to configure 1500 as the UDP port for the accounting server and 1510 as the UDP port for the authentication server: Switch(config)# radius-server host 1.1.1.1 acct-port 1500 auth-port 1510...
  • Page 508: Rcommand

    Use the rcommand user EXEC command on the switch stack or on the cluster command switch to start a Telnet session and to execute commands on a cluster member switch from the cluster command switch or the switch stack. To end the session, enter the exit command.
  • Page 509 This command will not work if the vty lines of the cluster command switch have access-class configurations. You are not prompted for a password because the cluster member switches inherited the password of the cluster command switch when they joined the cluster.
  • Page 510: Reload

    12.2(53)SE2 This command was introduced. Usage Guidelines If there is more than one switch in the switch stack, and you enter the reload slot stack-member-number command, you are not prompted to save the configuration. Examples This example shows how to reload the switch stack: Switch(config)# reload System configuration has been modified.
  • Page 511 Accesses a specific stack member. switch priority Changes the stack member priority value. switch renumber Changes the stack member number. show switch Displays information about the switch stack and its stack members. Catalyst 3750-X and 3560-X Switch Command Reference 2-479 OL-21522-02...
  • Page 512: Remote Command

    12.2(53)SE2 This command was introduced. Usage Guidelines The commands (such as debug, show, or clear) you use in the LINE command-to-execute string apply to a specific stack member or to the switch stack. Examples This example shows how to execute the undebug command on the switch stack:...
  • Page 513 Accesses a specific stack member. switch priority Changes the stack member priority value. switch renumber Changes the stack member number. show switch Displays information about the switch stack and its stack members. Catalyst 3750-X and 3560-X Switch Command Reference 2-481 OL-21522-02...
  • Page 514: Remote-Span

    If VLAN Trunking Protocol (VTP) is enabled, the RSPAN feature is propagated by VTP for VLAN-IDs that are lower than 1005. If the RSPAN VLAN ID is in the extended range, you must manually configure intermediate switches (those in the RSPAN VLAN between the source switch and the destination switch).
  • Page 515 Switch(config-vlan)# remote-span This example shows how to remove the RSPAN feature from a VLAN. Switch(config)# vlan 901 Switch(config-vlan)# no remote-span You can verify your settings by entering the show vlan remote-span user EXEC command. Related Commands Command Description monitor session Enables Switched Port Analyzer (SPAN) and RSPAN monitoring on a port and configures a port as a source or destination port.
  • Page 516: Renew Ip Dhcp Snooping Database

    This command was introduced. Usage Guidelines If you do not specify a URL, the switch tries to read the file from the configured URL. Examples This example shows how to renew the DHCP snooping binding database without checking CRC values...
  • Page 517 Enables DHCP snooping on a VLAN. ip dhcp snooping binding Configures the DHCP snooping binding database. show ip dhcp snooping database Displays the status of the DHCP snooping database agent. Catalyst 3750-X and 3560-X Switch Command Reference 2-485 OL-21522-02...
  • Page 518: Replay-Protection

    MKA policy configuration command. When replay protection is set, you must configure a window size in number of frames. Use the no form of the command to disable replay protection. Use the default form of this command to return to the default window size of 0 frames.
  • Page 519: Reserved-Only

    Entering the reserved-only command restricts assignments from the DHCP pool to preconfigured reservations. Unreserved addresses that are part of the network or on pool ranges are not offered to the client, and other clients are not served by the pool.
  • Page 520 Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands reserved-only Catalyst 3750-X and 3560-X Switch Command Reference 2-488 OL-21522-02...
  • Page 521: Rmon Collection Stats

    Use the rmon collection stats interface configuration command on the switch stack or on a standalone switch to collect Ethernet group statistics, which include usage statistics about broadcast and multicast packets, and error statistics about cyclic redundancy check (CRC) alignment errors and collisions. Use the no form of this command to return to the default setting.
  • Page 522: Sdm Prefer

    Use a template to provide maximum system usage for unicast routing or for VLAN configuration or to select the dual IPv4 and IPv6 template to support IPv6 forwarding. Use the no form of this command to return to the default template.
  • Page 523 Follow these guidelines for switch stacks: In a switch stack, all stack members use the same SDM desktop template that is stored on the stack •...
  • Page 524 IPv4-and IPv6templates for a switch. Note On switches running the LAN base feature set, routing values shown in all templates are not valid. Table 2-24 Approximate Feature Resources Allowed by Dual IPv4-IPv6 Templates...
  • Page 525 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands sdm prefer Switch# reload This example shows how to configure the routing template on a switch running the IP base or IP services feature set: Switch(config)# sdm prefer routing Switch(config)# exit...
  • Page 526: Service Password-Recovery

    To use the password-recovery procedure, a user with physical access to the switch holds down the Mode button while the unit powers up and for a second or two after the LED above port 1X turns off. When the button is released, the system continues with initialization.
  • Page 527 Note recommend that you save a copy of the config file in a location away from the switch in case the end user uses the password recovery procedure and sets the system back to default values. Do not keep a backup copy of the config file on the switch.
  • Page 528: Service-Policy

    Use the service-policy interface configuration command on the switch stack or on a standalone switch to apply a policy map defined by the policy-map command to the input of a physical port or a switch virtual interface (SVI). Use the no form of this command to remove the policy map and port association.
  • Page 529 This example shows how to remove plcmap2 from a physical port: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# no service-policy input plcmap2 This example shows how to apply plcmap1 to an ingress SVI when VLAN-based QoS is enabled: Switch(config)# interface vlan 10 Switch(config-if)# service-policy input plcmap1 This example shows how to create a hierarchical policy map and attach it to an SVI: Switch>...
  • Page 530 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands service-policy Related Commands Command Description policy-map Creates or modifies a policy map that can be attached to multiple ports to specify a service policy. show policy-map Displays QoS policy maps. show running-config Displays the operating configuration.
  • Page 531: Session

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands session session Use the session privileged EXEC command on the stack master to access a specific stack member. session stack-member-number Note This command is supported only on Catalyst 3750-X switches. Syntax Description stack-member-number Specify the stack member number.
  • Page 532: Set

    For example, you can enter the set dscp af11 command, which is the same as entering the set dscp 10 command. You can enter the set ip precedence critical command, which is the same as entering the set ip precedence 5 command. For a list of supported mnemonics, enter the set dscp ? or the set ip precedence ? command to see the command-line help strings.
  • Page 533 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands Examples This example shows how to assign DSCP 10 to all FTP traffic without any policers: Switch(config)# policy-map policy_ftp Switch(config-pmap)# class ftp_class Switch(config-pmap-c)# set dscp 10 Switch(config-pmap)# exit You can verify your settings by entering the show policy-map privileged EXEC command.
  • Page 534: Setup

    EXEC command. Help text is provided for each prompt. To access help text, press the question mark (?) key at a prompt. To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C.
  • Page 535 Enter virtual terminal password: terminal-password Configure SNMP Network Management? [no]: yes Community string [public]: Current interface summary Any interface listed with OK? value “NO” does not have a valid configuration Interface IP-Address OK? Method Status Protocol Vlan1 172.20.135.202...
  • Page 536 Use this configuration? [yes/no]: yes [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]:...
  • Page 537: Setup Express

    (CLI)-based setup program. When you press the Mode button for 2 seconds on a configured switch, the LEDs above the Mode button start blinking. If you press the Mode button for a total of 10 seconds, the switch configuration is deleted, and the switch reboots.
  • Page 538 On a configured switch, the mode LEDs begin blinking after 2 seconds and turn solid green after 10 seconds. If you hold the Mode button down for a total of 10 seconds, the configuration is deleted, and the switch Caution reboots.
  • Page 539: Show Access-Lists

    Use the show access-lists privileged EXEC command to display access control lists (ACLs) configured on the switch. show access-lists [name | number | hardware counters | ipc] [ | {begin | exclude | include} expression] Syntax Description name (Optional) Name of the ACL.
  • Page 540 60 permit ip host 10.91.28.64 any 70 permit ip host 10.99.75.128 any 80 permit ip host 10.38.49.0 any This is an example of output from the show access-lists hardware counters command: Switch# show access-lists hardware counters L2 ACL INPUT Statistics...
  • Page 541 Related Commands Command Description access-list Configures a standard or extended numbered access list on the switch. For syntax information, select Cisco IOS IP Command Reference, Volume 1 of 3:Addressing and Services, Release 12.2 > IP Services Commands. ip access list Configures a named IP access list on the switch.
  • Page 542: Show Archive Status

    If you do not have a TFTP server, you can use Network Assistant or the embedded device manager to download the image by using HTTP. The show archive status command shows the progress of the download.
  • Page 543: Show Arp Access-List

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show arp access-list command: Switch>...
  • Page 544: Show Authentication

    Table 2-25 describes the significant fields shown in the output of the show authentication command. The possible values for the status of sessions are shown below. For a session in terminal state, Authz Note Success or Authz Failed is displayed along with No methods if no method has provided a result.
  • Page 545 For a session in a terminal state, Authc Success, Authc Failed, or Failed over are displayed. Failed over means that an authentication method ran and then failed over to the next method, which did not provide a result. Not run appears for sessions that synchronized on standby.
  • Page 546 0xCC000008 Runnable methods list: Method State dot1x Failed over This is an example of the show authentication sessions command for a specified MAC address: Switch# show authentication sessions mac 000e.84af.59bd Interface: GigabitEthernet1/23 MAC Address: 000e.84af.59bd Status: Authz Success Domain: DATA...
  • Page 547 Configures the violation modes that occur when a new device connects to a violation port or when a new device connects to a port after the maximum number of devices are connected to that port. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 548: Show Auto Qos

    • show running-config • Examples This is an example of output from the show auto qos command after the auto qos voip cisco-phone and the auto qos voip cisco-softphone interface configuration commands are entered: Switch> show auto qos GigabitEthernet2/0/4 auto qos voip cisco-softphone...
  • Page 549 GigabitEthernet2/0/6 auto qos voip cisco-phone This is an example of output from the show auto qos interface interface-id command when the auto qos voip cisco-phone interface configuration command is entered: Switch> show auto qos interface gigabitethernet 2/0/5...
  • Page 550 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show auto qos class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 policy-map AutoQoS-Police-SoftPhone class AutoQoS-VoIP-RTP-Trust set dscp ef police 320000 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust...
  • Page 551 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show auto qos This is an example of output from the show auto qos interface interface-id command when the auto qos voip cisco-phone interface configuration command is entered: Switch> show auto qos interface gigabitethernet1/0/2...
  • Page 552: Show Boot

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show boot command for all stack members.
  • Page 553 Enable Break Displays whether a break during booting is enabled or disabled. If it is set to yes, on, or 1, you can interrupt the automatic boot process by pressing the Break key on the console after the flash file system is initialized.
  • Page 554 Specifies the software image to use in the auto-upgrade process. auto-download-sw This command is available only on stacking-capable switches. boot config-file Specifies the filename that Cisco IOS uses to read and write a nonvolatile copy of the system configuration. boot enable-break Enables interrupting the automatic boot process.
  • Page 555: Show Cable-Diagnostics Tdr

    (SFP) module ports. For more information about TDR, see the software configuration guide for this release. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 556 The cable has a short. • Remote pair Name of the pair of wires to which the local pair is connected. TDR can learn about the remote pair only when the cable is properly connected and the link is up. Pair status The status of the pair of wires on which TDR is running: Normal—The pair of wires is properly connected.
  • Page 557: Show Cdp Forward

    To display the CDP forwarding table, use the show cdp forward user EXEC command. show cdp forward [entry | forward | interface interface-id | neighbor | traffic] [ | {begin | exclude | include} expression] Note This command is not supported on switches running the LAN base feature set.
  • Page 558: Show Cisp

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cisp show cisp Use the show cisp privileged EXEC command to display CISP information for a specified interface. show cisp {[interface interface-id] | clients | summary} | {[begin | exclude | include} expression]} Syntax Description...
  • Page 559: Show Class-Map

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show class-map command: Switch>...
  • Page 560: Show Cluster

    Use the show cluster user EXEC command to display the cluster status and a summary of the cluster to which the switch belongs. This command can be entered on the cluster command switch and cluster member switches.
  • Page 561 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cluster This is an example of output when the show cluster command is entered on a cluster member switch: Switch1> show cluster Member switch for cluster “hapuna” Member number: Management IP address: 192.192.192.192...
  • Page 562: Show Cluster Candidates

    If the switch is not a cluster command switch, the command displays an empty line at the prompt. The SN in the display means switch member number. If E appears in the SN column, it means that the switch is discovered through extended discovery. If E does not appear in the SN column, it means that the switch member number is the upstream neighbor of the candidate switch.
  • Page 563 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cluster candidates This is an example of output from the show cluster candidates command that uses the MAC address of a cluster member switch directly connected to the cluster command switch: Switch>...
  • Page 564: Show Cluster Members

    Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show cluster members command. The SN in the display means switch number. Switch# show cluster members...
  • Page 565 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show cluster members This is an example of output from the show cluster members detail command: Switch# show cluster members detail Device 'StLouis1' with member number 0 (Command Switch) Device type:...
  • Page 566: Show Controllers Cpu-Interface

    This display provides information that might be useful for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 567 89800400 <output truncated> Related Commands Command Description show controllers Displays per-interface send and receive statistics read from the hardware or ethernet-controller the interface internal registers. show interfaces Displays the administrative and operational status of all interfaces or a specified interface.
  • Page 568: Show Controllers Ethernet-Controller

    When you enter the phy or port-asic keywords, the displayed information is useful primarily for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 569 Deferred frames The number of frames that are not sent after the time exceeds 2*maximum-packet time. MTU exceeded frames The number of frames that are larger than the maximum allowed frame size. 1 collision frames The number of frames that are successfully sent on an interface after one collision occurs.
  • Page 570 The number of frames that could not be sent on an interface after 16 collisions occur. Late collisions After a frame is sent, the number of frames dropped because late collisions were detected while the frame was sent. VLAN discard frames The number of frames dropped on an interface because the CFI bit is set.
  • Page 571 The total number of frames received on an interface that have alignment errors. FCS errors The total number of frames received on an interface that have a valid length (in bytes) but do not have the correct FCS values. Oversize frames The number of frames received on an interface that are larger than the maximum allowed frame size.
  • Page 572 Field Description System FCS error frames The total number of frames received on an interface that have a valid length (in bytes) but that do not have the correct FCS values. RxPortFifoFull drop The total number of frames received on an interface that are dropped because the ingress queue frames is full.
  • Page 573 Fibre Type : Fibre Type Byte 0 :0x20 =SM, Generic Fibre Type Byte 1 :0x0 =Unspecified <output truncated> This is an example of output from the show controllers ethernet-controller port-asic configuration command: Switch# show controllers ethernet-controller port-asic configuration ======================================================================== Switch 1, PortASIC 0 Registers...
  • Page 574 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers ethernet-controller This is an example of output from the show controllers ethernet-controller port-asic statistics command: Switch# show controllers ethernet-controller port-asic statistics =========================================================================== Switch 1, PortASIC 0 Statistics --------------------------------------------------------------------------- 0 RxQ-0, wt-0 enqueue frames...
  • Page 575: Show Controllers Ethernet-Controller Fastethernet

    The output display provides information that might be useful for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 576 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers ethernet-controller fastethernet Examples This is an example of output from the show controllers ethernet-controller fastethernet 0 command. Table 2-29 Table 2-30 for descriptions of the Transmit and Receive fields.
  • Page 577 0x120 malrxctp0r 0x0F0272C0 0x140 malrcbs0 0x00000060 0x160 <output truncated> This is an example of output from the show controllers ethernet-controller fastethernet 0 stack command on a stack member: Switch# show controller ethernet-controller fastethernet 0 stack Switch Interface-Name Duplex Speed Link-State...
  • Page 578: Show Controllers Ethernet Phy Macsec

    The displayed information is useful s for Cisco technical support representatives troubleshooting the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 579 IGR_UNKSCI : 0x0 IGR_MISS : 0x52B 00-10-18, 03-06, 01-02 This is an example output from the show controllers ethernet phy macsec registers command: Switch# show controllers ethernet g1/0/1 phy macsec registers GigabitEthernet1/0/1 (gpn: 1, port-number: 1) ----------------------------------------------------------- Macsec Registers -----------------------------------------------------------...
  • Page 580 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers ethernet phy macsec Related Commands Command Description debug macsec Enables MACsec debugging. show macsec Displays MACsec information. Catalyst 3750-X and 3560-X Switch Command Reference 2-548 OL-21522-02...
  • Page 581: Show Controllers Power Inline

    Use the show controllers power inline user EXEC command to display the values in the registers of the specified Power over Ethernet (PoE) controller. show controllers power inline [instance] [module switch-number] [ | {begin | exclude | include}...
  • Page 582 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers power inline Disconnect : N N N N N N N N N N N N N N N N Detection Status : 55 55 55 55 55 55 55 55...
  • Page 583: Show Controllers Tcam

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers tcam show controllers tcam Use the show controllers tcam privileged EXEC command to display the state of the registers for all hardware memory in the system and for all hardware interface ASICs that are content-addressable memory-controllers.
  • Page 584 00000000 00012800 00012900 Related Commands Command Description show controllers Displays the state of the CPU network ASIC and send and receive statistics cpu-interface for packets reaching the CPU. show controllers Displays per-interface send and receive statistics read from the hardware or ethernet-controller the interface internal registers.
  • Page 585: Show Controllers Utilization

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show controllers utilization command.
  • Page 586 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show controllers utilization This is an example of output from the show controllers utilization command on a specific port: Switch> show controllers gigabitethernet1/0/1 utilization Receive Bandwidth Percentage Utilization Transmit Bandwidth Percentage Utilization...
  • Page 587: Show Diagnostic

    [number | all] [ | {begin | exclude | include} expression] show diagnostic post [ |{begin | exclude | include} expression] show diagnostic result switch [number | all] [detail | test {name | test-id | test-id-range | all} [detail]] [ | {begin | exclude | include} expression]...
  • Page 588 The show diagnostic post command output is the same as the show post command output. In Catalyst 3750-X switch stacks, if you do not enter the switch number parameter with the content, result, schedule, and switch keywords, information for all stack members is displayed.
  • Page 589 Note information about test 7, TestInlinePwrCtlr, does not appear in the command output. This example shows how to display the diagnostic test results on a switch. You can also use the show diagnostic switch command to display these diagnostic results.
  • Page 590 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show diagnostic This example shows how to display the detailed switch results for all the switches in stack. You can also use the show diagnostic result switch all detail command to display these results.
  • Page 591 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show diagnostic Total run count -------------> 0 Last test execution time ----> n/a First test failure time -----> n/a Last test failure time ------> n/a Last test pass time ---------> n/a Total failure count --------->...
  • Page 592: Show Dot1Q-Tunnel

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples These are examples of output from the show dot1q-tunnel command: Switch>...
  • Page 593 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show dot1q-tunnel Related Commands Command Description show vlan dot1q tag native Displays IEEE 802.1Q native VLAN tagging status. switchport mode dot1q-tunnel Configures an interface as an IEEE 802.1Q tunnel port. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 594: Show Dot1X

    This command was introduced. Usage Guidelines If you do not specify a port, global parameters and a summary appear. If you specify a port, details for that port appear. If the port control is configured as unidirectional or bidirectional control and this setting conflicts with...
  • Page 595 = 3600 (Locally configured) ReAuthMax MaxReq TxPeriod = 30 RateLimitPeriod This is an example of output from the show dot1x interface interface-id details user EXEC command: Switch# show dot1x interface gigabitethernet1/0/2 details Dot1x Info for GigabitEthernet1/0/2 ----------------------------------- = AUTHENTICATOR PortControl...
  • Page 596 RateLimitPeriod Dot1x Authenticator Client List Empty This is an example of output from the show dot1x interface interface-id details commmand when a port is assigned to a guest VLAN and the host mode changes to multiple-hosts mode: Switch# show dot1x interface gigabitethernet1/0/1 details...
  • Page 597 Number of EAPOL frames that have been received and have an unrecognized frame type. RxLenError Number of EAPOL frames that have been received in which the packet body length field is invalid. RxTotal Number of valid EAPOL frames of any type that have been received.
  • Page 598: Show Dtp

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show dtp command:...
  • Page 599 ---------- 3160 packets received (3160 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 other 6320 packets output (6320 good) 3160 native, 3160 software encap isl, 0 isl hardware native 0 output errors...
  • Page 600: Show Eap

    {{registrations [method [name] | transport [name]]} | {sessions [credentials name [interface interface-id] | interface interface-id | method name | transport name]}} [credentials name | interface interface-id | transport name] [ | {begin | exclude | include} expression] Syntax Description registrations Display EAP registration information.
  • Page 601 • transport name keyword—The specified lower layer. • Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output appear. Examples This is an example of output from the show eap registrations privileged EXEC command: Switch>...
  • Page 602 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show eap This is an example of output from the show eap sessions interface interface-id privileged EXEC command: Switch# show eap sessions gigabitethernet1/0/1 Role: Authenticator Decision: Fail Lower layer: Dot1x-AuthenticaInterface: Gi1/0/1...
  • Page 603: Show Env

    Use the show env user EXEC command to display fan, temperature, redundant power system (RPS) availability, and power information for the switch or the switch stack. show env {all | fan | power [all | switch [switch-number]] | rps | stack [switch-number] | temperature [status]} [ | {begin | exclude | include} expression]...
  • Page 604 You can also use the show env temperature command to display the switch temperature status. The command output shows the green and yellow states as OK and the red state as FAULTY. If you enter the show env all command, the command output is the same as the show env temperature status command output.
  • Page 605 : 59 Degree Celsius POWER is OK RPS is AVAILABLE <output truncated> This example shows how to display the temperature value, state, and the threshold values on a standalone switch. Table 2-33 describes the temperature states in the command output.
  • Page 606: Show Errdisable Detect

    (SFP) module. gbic-invalid Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 607 Enables error-disabled detection for a specific cause or all causes. show errdisable flap-values Displays error condition recognition information. show errdisable recovery Displays error-disabled recovery timer information. show interfaces status Displays interface status or a list of interfaces in error-disabled state. Catalyst 3750-X and 3560-X Switch Command Reference 2-575 OL-21522-02...
  • Page 608: Show Errdisable Flap-Values

    The Flaps column in the display shows how many changes to the state within the specified time interval will cause an error to be detected and a port to be disabled. See the “Examples” section for an example of the display.
  • Page 609: Show Errdisable Recovery

    A gbic-invalid error-disable reason refers to an invalid small form-factor pluggable (SFP) module interface. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 610 Interface Errdisable reason Time left(sec) --------- ----------------- -------------- Gi1/0/2 link-flap Though visible in the output, the unicast-flood field is not valid. Note Related Commands Command Description errdisable recovery Configures the recover mechanism variables. show errdisable detect Displays error-disabled detection status.
  • Page 611: Show Etherchannel

    In the output, the Passive port list field is displayed only for Layer 3 port channels. This field means that the physical port, which is still not up, is configured to be in the channel group (and indirectly is in the only port channel in the channel group).
  • Page 612 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show etherchannel Examples This is an example of output from the show etherchannel 1 detail command: Switch> show etherchannel 1 detail Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16...
  • Page 613 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show etherchannel This is an example of output from the show etherchannel 1 summary command: Switch> show etherchannel 1 summary Flags: D - down P - in port-channel I - stand-alone s - suspended...
  • Page 614: Show Fallback Profile

    Use the show fallback profile privileged EXEC command to display profiles that are configured on the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 615 Related Commands Command Description dot1x fallback Configure a port to use web authentication as a fallback method for clients that do not support IEEE 802.1x authentication. fallback profile Create a web authentication fallback profile. ip admission Enable web authentication on a switch port...
  • Page 616: Show Flowcontrol

    This command was introduced. Usage Guidelines Use this command to display the flow control status and statistics on the switch or for a specific interface. Use the show flowcontrol command to display information about all the switch interfaces. For a standalone switch, the output from the show flowcontrol command is the same as the output from the show flowcontrol module number command.
  • Page 617 -------- -------- -------- -------- ------- ------- Gi2/0/1 Unsupp. Unsupp. Gi2/0/2 desired Gi2/0/3 desired <output truncated> This is an example of output from the show flowcontrol interface interface-id command: Switch> show flowcontrol gigabitethernet2/0/2 Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper...
  • Page 618: Show Idprom Interface

    This command applies only to 10-Gigabit Ethernet interfaces and to the SFP module interfaces. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 619 Basic Field Checksum :0x63 Customer Writable Area : 0x00: 58 32 2D 31 30 47 42 2D 43 58 34 20 20 20 20 20 0x10: 20 56 30 31 20 4F 53 41 30 39 33 39 30 30 4A 4B...
  • Page 620: Show Interfaces

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces show interfaces Use the show interfaces privileged EXEC command to display the administrative and operational status of all interfaces or a specified interface. show interfaces [interface-id | vlan vlan-id] [accounting | capabilities [module number] |...
  • Page 621 On Catalyst 3750-X switches, use the show interface capabilities module number command to • display the capabilities of all interfaces on that switch in the stack. If there is no switch with that module number in the stack, there is no output.
  • Page 622 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces Examples This is an example of output from the show interfaces command for an interface on stack member 3: Switch# show interfaces gigabitethernet3/0/2 GigabitEthernet3/0/2 is down, line protocol is down Hardware is Gigabit Ethernet, address is 0009.43a7.d085 (bia 0009.43a7.d085)
  • Page 623 Switch# show interfaces gigabitethernet1/0/2 description Interface Status Protocol Description Gi1/0/2 down Connects to Marketing This is an example of output from the show interfaces etherchannel command when port channels are configured on the switch: Switch# show interfaces etherchannel ---- Port-channel1: Age of the Port-channel...
  • Page 624 570800 91731594 Route cache Total 1165354 136205310 570800 91731594 This is an example of partial output from the show interfaces status command. It displays the status of all interfaces. Switch# show interfaces status Port Name Status Vlan Duplex Speed Type...
  • Page 625 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces This is an example of output from the show interfaces switchport command for a port. Table 2-34 describes the fields in the display. Private VLAN trunks are not supported in this release, so those fields are not applicable.
  • Page 626 Displays the class of service (CoS) setting of the data packets of the IP phone. This is an example of output from the show interfaces switchport command for a port configured as a private VLAN promiscuous port. The primary VLAN 20 is mapped to secondary VLANs 25, 30 and 35:...
  • Page 627 When a Flex Link interface goes down (LINK_DOWN), VLANs preferred on this interface are moved to the peer interface of the Flex Link pair. In this example, if interface Gi2/0/6 goes down, Gi2/0/8 carries all VLANs of the Flex Link pair.
  • Page 628 Active Down/Backup Up Vlans Preferred on Active Interface: 1-50 Vlans Preferred on Backup Interface: 60, 100-120 This is an example of output from the show interfaces interface-id trunk command. It displays trunking information for the port. Switch# show interfaces gigabitethernet1/0/1 trunk...
  • Page 629 Transceiver is internally calibrated. mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable. ++ : high alarm, + : high warning, - : low warning, -- : low alarm. A2D readouts (if they differ), are reported in parentheses. The threshold values are calibrated.
  • Page 630 Configures a port as a static-access or a dynamic-access port. switchport block Blocks unknown unicast or multicast traffic on an interface. switchport backup interface Configures Flex Links, a pair of Layer 2 interfaces that provide mutual backup. switchport mode Configures the VLAN membership mode of a port.
  • Page 631: Show Interfaces Counters

    If you do not enter any keywords, all counters for all interfaces are included. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 632 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces counters Examples This is an example of partial output from the show interfaces counters command. It displays all counters for the switch. Switch# show interfaces counters Port InOctets InUcastPkts...
  • Page 633 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces counters This is an example of output from the show interfaces counters trunk command. It displays trunk counters for all interfaces. Switch# show interfaces counters trunk Port TrunkFramesTx TrunkFramesRx...
  • Page 634: Show Interfaces Transceivers

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of output from the show interfaces interface-id transceiver properties command:...
  • Page 635 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces transceivers This is an example of output from the show interfaces interface-id transceiver detail command: Switch# show interfaces gigabitethernet1/0/3 transceiver detail ITU Channel not available (Wavelength not available), Transceiver is externally calibrated.
  • Page 636 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show interfaces transceivers XFP_ER XENPAK_LR 10-1838-04 X2_LR <output truncated> This is an example of output from the show interfaces transceiver threshold-table command: Optical Tx Optical Rx Temp Laser Bias Voltage current...
  • Page 637: Show Inventory

    If there is no PID, no output appears when you enter the show inventory command. Note Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed.
  • Page 638: Show Ip Arp Inspection

    Use the show ip arp inspection privileged EXEC command to display the configuration and the operating state of dynamic Address Resolution Protocol (ARP) inspection or the status of this feature for all VLANs or for the specified interface or VLAN.
  • Page 639 -------------- Gi1/0/1 Untrusted This is an example of output from the show ip arp inspection log command. It shows the contents of the log buffer before the buffers are cleared: Switch# show ip arp inspection log Total Log Buffer Size : 32 Syslog rate : 10 entries per 300 seconds.
  • Page 640 Mon Mar 1 1993 If the log buffer overflows, it means that a log event does not fit into the log buffer, and the display for the show ip arp inspection log privileged EXEC command is affected. A -- in the display appears in place of all data except the packet count and the time.
  • Page 641 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip arp inspection This is an example of output from the show ip arp inspection vlan 5 command. It shows the configuration and the operating state of dynamic ARP inspection for VLAN 5.
  • Page 642: Show Ip Dhcp Snooping

    Output appear. This command displays only the results of global configuration. Therefore, in this example, the circuit ID suboption appears in its default format of vlan-mod-port, even if a string is configured for the circuit Examples This is an example of output from the show ip dhcp snooping command: Switch>...
  • Page 643: Show Ip Dhcp Snooping Binding

    Use the show ip source binding privileged EXEC command to display the dynamically and statically configured bindings in the DHCP snooping binding database. If DHCP snooping is enabled and an interface changes to the down state, the switch does not delete the statically configured bindings.
  • Page 644 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip dhcp snooping binding This example shows how to display the DHCP snooping binding entries for a specific IP address: Switch> show ip dhcp snooping binding 10.1.2.150 MacAddress IpAddress Lease(sec)
  • Page 645: Show Ip Dhcp Snooping Database

    Use the show ip dhcp snooping database user EXEC command to display the status of the DHCP snooping binding database agent. show ip dhcp snooping database [detail] [ | {begin | exclude | include} expression] This command is available only if your switch is running the IP services feature set.
  • Page 646 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip dhcp snooping database This is an example of output from the show ip dhcp snooping database detail command: Switch# show ip dhcp snooping database detail Agent URL : tftp://10.1.1.1/directory/file...
  • Page 647: Show Ip Dhcp Snooping Statistics

    Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. In a switch stack, all statistics are generated on the stack master. If a new stack master is elected, the statistics counters reset.
  • Page 648 Packets Processed by DHCP Snooping Total number of packets handled by DHCP snooping, including forwarded and dropped packets. Packets Dropped Because IDB not known Number of errors when the input interface of the packet cannot be determined. Queue full Number of errors when an internal queue used to process the packets is full.
  • Page 649 DHCP Snooping Statistic Description Interface Down Number of times the packet is a reply to the DHCP relay agent, but the SVI interface for the relay agent is down. This is an unlikely error that occurs if the SVI goes down between sending the client request to the DHCP server and receiving the response.
  • Page 650: Show Ip Igmp Profile

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples These are examples of output from the show ip igmp profile privileged EXEC command, with and without specifying a profile number.
  • Page 651: Show Ip Igmp Snooping

    Usage Guidelines Use this command to display snooping configuration for the switch or for a specific VLAN. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 652 CGMP interoperability mode :IGMP_ONLY Last member query interval : 100 This is an example of output from the show ip igmp snooping command. It displays snooping characteristics for all VLANs on the switch. Switch> show ip igmp snooping Global IGMP Snooping configuration:...
  • Page 653 Command Description ip igmp snooping vlan static Statically adds a Layer 2 port as a member of a multicast group. show ip igmp snooping groups Displays the IGMP snooping multicast table for the switch. show ip igmp snooping mrouter Displays IGMP snooping multicast router ports for the switch or for the specified multicast VLAN.
  • Page 654: Show Ip Igmp Snooping Groups

    Usage Guidelines Use this command to display multicast information or the multicast table. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 655 224.1.4.3 igmp Gi2/0/1, Gi2/0/2 This is an example of output from the show ip igmp snooping groups count command. It displays the total number of multicast groups on the switch. Switch# show ip igmp snooping groups count Total number of multicast groups: 2 This is an example of output from the show ip igmp snooping groups dynamic command.
  • Page 656: Show Ip Igmp Snooping Mrouter

    Usage Guidelines Use this command to display multicast router ports on the switch or for a specific VLAN. VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in IGMP snooping. When multicast VLAN registration (MVR) is enabled, the show ip igmp snooping mrouter command displays MVR multicast router information and IGMP snooping information.
  • Page 657 Adds a multicast router port. ip igmp snooping vlan static Statically adds a Layer 2 port as a member of a multicast group. show ip igmp snooping Displays the IGMP snooping configuration of the switch or the...
  • Page 658: Show Ip Igmp Snooping Querier

    The show ip igmp snooping querier command output also shows the VLAN and the interface on which the querier was detected. If the querier is the switch, the output shows the Port field as Router. If the querier is a router, the output shows the port number on which the querier is learned in the Port field.
  • Page 659 IP Address IGMP Version Port --------------------------------------------------- 172.20.50.11 Gi1/0/1 172.20.40.20 Router This is an example of output from the show ip igmp snooping querier detail command: Switch> show ip igmp snooping querier detail Vlan IP Address IGMP Version Port ------------------------------------------------------------- 1.1.1.1...
  • Page 660: Show Ip Source Binding

    Use the show ip source binding user EXEC command to display the IP source bindings on the switch. show ip source binding [ip-address] [mac-address] [dhcp-snooping | static] [interface interface-id] [vlan vlan-id] [ | {begin | exclude | include} expression] Note This command is available only if your switch is running the IP services feature set.
  • Page 661 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ip source binding Related Commands Command Description ip dhcp snooping binding Configures the DHCP snooping binding database. ip source binding Configures static IP source bindings on the switch. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 662: Show Ip Verify Source

    VLAN 10, IP source guard with IP address filtering is configured on the interface, and a binding exists on the interface. For VLANs 11 to 20, the second entry shows that a default port access control lists (ACLs) is applied on the interface for the VLANs on which IP source guard is not configured.
  • Page 663 On the Gigabit Ethernet 1/0/4 interface, IP source guard with source IP and MAC address filtering is enabled, and static IP source bindings are configured on VLANs 10 and 11. For VLANs 12 to 20, the default port ACL is applied on the interface for the VLANs on which IP source guard is not configured.
  • Page 664: Show Ipc

    {mcast {appclass | groups | status} | nodes | ports [open] | queue | rpc | session {all | rx | tx} [verbose] | status [cumlulative] | zones} [ | {begin | exclude | include} expression] This command is not supported on switches running the LAN base feature set.
  • Page 665 12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This example shows how to display the IPC routing status: Switch>...
  • Page 666 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ipc This example shows how to display the contents of the IPC retransmission queue: Switch> show ipc queue There are 0 IPC messages waiting for acknowledgement in the transmit queue.
  • Page 667 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ipc Total via Unreliable Connection-Less Service 12783 Total via Unreliable Sequenced Connection-Less Svc Total via Reliable Connection-Oriented Service <output truncated> Related Commands Command Description clear ipc Clears the IPC multicast routing statistics.
  • Page 668: Show Ipv6 Access-List

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show ipv6 access-list show ipv6 access-list Use the show ipv6 access-list user EXEC command to display the contents of all current IPv6 access lists. show ipv6 access-list [access-list-name] Syntax Description access-list-name (Optional) Name of access list.
  • Page 669 Table 2-37 show ipv6 access-list Field Descriptions (continued) Field Description bgp (matches) Border Gateway Protocol. The protocol type that the packet is equal to and the number of matches. sequence 10 Sequence in which an incoming packet is compared to lines in an access list.
  • Page 670: Show Ipv6 Dhcp Conflict

    DECLINE message. If an address conflict is detected, the address is removed from the pool, and the address is not assigned until the administrator removes the address from the conflict list.
  • Page 671: Show Ipv6 Mld Snooping

    Use the show ipv6 mld snooping user EXEC command to display IP version 6 (IPv6) Multicast Listener Discovery (MLD) snooping configuration of the switch or the VLAN. show ipv6 mld snooping [vlan vlan-id] [ | {begin | exclude | include} expression]...
  • Page 672 Last listener query count Last listener query interval : 1000 This is an example of output from the show ipv6 mld snooping command. It displays snooping characteristics for all VLANs on the switch. Switch> show ipv6 mld snooping Global MLD Snooping configuration:...
  • Page 673: Show Ipv6 Mld Snooping Address

    Use the show ipv6 mld snooping address user EXEC command to display all or specified IP Version 6 (IPv6) multicast address information maintained by Multicast Listener Discovery (MLD) snooping. show ipv6 mld snooping address [[vlan vlan-id] [ipv6 address]] [vlan vlan-id] [count | dynamic...
  • Page 674 ------------------------------------------------------------- FF12::3 user Gi1/0/2, Gi2/0/2, Gi3/0/1,Gi3/0/3 This is an example of output from the show snooping address count user EXEC command: Switch> show ipv6 mld snooping address count Total number of multicast groups: 2 This is an example of output from the show snooping address user user EXEC command: Switch>...
  • Page 675: Show Ipv6 Mld Snooping Mrouter

    This command was introduced. Usage Guidelines Use this command to display MLD snooping router ports for the switch or for a specific VLAN. VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs and cannot be used in MLD snooping.
  • Page 676 Related Commands Command Description ipv6 mld snooping Enables and configures MLD snooping on the switch or on a VLAN. ipv6 mld snooping vlan mrouter Configures multicast router ports for a VLAN. interface interface-id | static...
  • Page 677: Show Ipv6 Mld Snooping Querier

    The show ipv6 mld snooping querier command output also shows the VLAN and interface on which the querier was detected. If the querier is the switch, the output shows the Port field as Router. If the querier is a router, the output shows the port number on which the querier is learned in the Port field.
  • Page 678 To configure the dual IPv4 and IPv6 template, enter the sdm prefer dual-ipv4-and-ipv6 {default | vlan) global configuration command and reload the switch. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 679: Show Ipv6 Route Updated

    Use the show ipv6 route updated command in user EXEC command to display the current contents of the IPv6 routing table. show ipv6 route [protocol] updated [boot-up] {hh:mm | day{month [hh:mm]} [{hh:mm | day{month [hh:mm]}] [ | {begin | exclude | include} expression] This command is not supported on switches running the LAN base feature set.
  • Page 680 B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2 IA - ISIS interarea, IS - ISIS summary O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2...
  • Page 681: Show L2Protocol-Tunnel

    This command was introduced. Usage Guidelines After enabling Layer 2 protocol tunneling on an access or IEEE 802.1Q tunnel port by using the l2protocol-tunnel interface configuration command, you can configure some or all of these parameters: Protocol type to be tunneled •...
  • Page 682 ---- ---- 485220 udld ---- 44899 448980 This is an example of output from the show l2protocol-tunnel summary command: Switch> show l2protocol-tunnel summary COS for Encapsulated Packets: 5 Drop Threshold for Encapsulated Packets: 0 Port Protocol Shutdown Drop Status...
  • Page 683 Clears counters for protocol tunneling ports. l2protocol-tunnel Enables Layer 2 protocol tunneling for CDP, STP, or VTP packets on an interface. l2protocol-tunnel cos Configures a class of service (CoS) value for tunneled Layer 2 protocol packets. Catalyst 3750-X and 3560-X Switch Command Reference 2-651 OL-21522-02...
  • Page 684: Show Lacp

    You can enter the channel-group-number option to specify a channel group for all keywords except sys-id. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 685 • LACP Port Priority Port priority setting. LACP uses the port priority to put ports s in standby mode when there is a hardware limitation that prevents all compatible ports from aggregating. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 686 The administrative key defines the ability of a port to aggregate with other ports. A port’s ability to aggregate with other ports is determined by the port physical characteristics (for example, data rate and duplex capability) and configuration restrictions that you establish.
  • Page 687 Switch> show lacp sys-id 32765,0002.4b29.3a00 The system identification is made up of the system priority and the system MAC address. The first two bytes are the system priority, and the last six bytes are the globally administered individual MAC address associated to the system.
  • Page 688: Show Link State Group

    Enter the group number to display information specific to the group. Enter the detail keyword to display detailed information about the group. The output for the show link state group detail command displays only those link-state groups that have link-state tracking enabled or that have upstream or downstream interfaces (or both) configured.
  • Page 689 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show link state group Examples This is an example of output from the show link state group 1 command: Switch> show link state group 1 Link State Group: 1 Status: Enabled, Down This is an example of output from the show link state group detail command: Switch>...
  • Page 690: Show Lldp

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show lldp show lldp The show lldp command is documented at http://www.cisco.com/en/US/docs/ios/cether/command/reference/ce_04.html#wp1095571. Catalyst 3750-X and 3560-X Switch Command Reference 2-658 OL-21522-02...
  • Page 691: Show Location

    Usage Guidelines Use the show location command to display location information for an endpoint. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 692 City : San Jose State : CA Country : US This is an example of output from the show location civic-location command that displays all the civic location information: Switch> show location civic-location static Civic location information -------------------------- Identifier County...
  • Page 693 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show location This is an example of output from the show location elin static command that displays all emergency location information: Switch> show location elin static Elin location information -------------------------- Identifier : 1...
  • Page 694: Show Logging Onboard

    (Optional) Display the data from the specified time and date. For more year information, see the “Usage Guidelines” section. end hh:mm:ss day month year (Optional) Display the data up to the specified time and date. For more information, see the “Usage Guidelines” section. detail (Optional) Display both the continuous and summary data.
  • Page 695 This command was introduced. Usage Guidelines When OBFL is enabled, the switch records OBFL data in a continuous file that contains all of the data. The continuous file is circular. When the continuous file is full, the switch combines the data into a summary file, which is also known as a historical file.
  • Page 696 -------------------------------------------------------------------------------- No historical data to display -------------------------------------------------------------------------------- This is an example of output from the show logging onboard poe continuous end 01:01:00 jan 2000 command on a switch: Switch# show logging onboard poe continuous end 01:01:00 1 jan 2000 --------------------------------------------------------------------------------...
  • Page 697 Application name voltage : Path : obfl0: CLI enable status : enabled Platform enable status: enabled This is an example of output from the show logging onboard temperature continuous command: Switch# show logging onboard temperature continuous -------------------------------------------------------------------------------- TEMPERATURE CONTINUOUS INFORMATION --------------------------------------------------------------------------------...
  • Page 698 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show logging onboard 05/13/2006 07:25:24 05/13/2006 08:25:24 <output truncated> This is an example of output from the show logging onboard uptime summary command: Switch# show logging onboard uptime summary -------------------------------------------------------------------------------- UPTIME SUMMARY INFORMATION --------------------------------------------------------------------------------...
  • Page 699: Show Mac Access-Group

    Output appear. Examples This is a sample output from the show mac-access group user EXEC command. In this display, port 2 has the MAC access list macl_e1 applied; no MAC ACLs are applied to other interfaces.
  • Page 700: Show Mac Address-Table

    Use the show mac address-table user EXEC command to display a specific MAC address table static and dynamic entry or the MAC address table static and dynamic entries on a specific interface or VLAN. show mac address-table [ | {begin | exclude | include} expression]...
  • Page 701 VLAN. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
  • Page 702: Show Mac Address-Table Address

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table address command: Switch# show mac address-table address 0002.4b28.c482...
  • Page 703 Related Commands Command Description show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN. show mac address-table dynamic Displays dynamic MAC address table entries only.
  • Page 704: Show Mac Address-Table Aging-Time

    Use the show mac address-table aging-time user EXEC command to display the aging time of a specific address table instance, all address table instances on a specified VLAN or, if a specific VLAN is not specified, on all VLANs.
  • Page 705 Command Description mac address-table aging-time Sets the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated. show mac address-table address Displays MAC address table information for the specified MAC address.
  • Page 706: Show Mac Address-Table Count

    If no VLAN number is specified, the address count for all VLANs appears. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 707 Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table dynamic Displays dynamic MAC address table entries only. show mac address-table interface Displays the MAC address table information for the specified interface.
  • Page 708: Show Mac Address-Table Dynamic

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table dynamic command: Switch>...
  • Page 709 Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
  • Page 710: Show Mac Address-Table Interface

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table interface command: Switch>...
  • Page 711 Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
  • Page 712: Show Mac Address-Table Learning

    VLANs and whether MAC address learning is enabled or disabled on them. The default is that MAC address learning is enabled on all VLANs. Use the command with a specific VLAN ID to display the learning status on an individual VLAN.
  • Page 713: Show Mac Address-Table Move Update

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table move update command: Switch>...
  • Page 714 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mac address-table move update Related Commands Command Description clear mac address-table move Clears the MAC address-table move update counters. update mac address-table move update Configures MAC address-table move update on the switch.
  • Page 715: Show Mac Address-Table Notification

    Use the interface keyword to display the notifications for all interfaces. If the interface-id is included, only the flags for that interface appear. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 716 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mac address-table notification Examples This is an example of output from the show mac address-table notification change command: Switch> show mac address-table notification change MAC Notification Feature is Enabled on the switch...
  • Page 717: Show Mac Address-Table Static

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table static command: Switch>...
  • Page 718 Adds static addresses to the MAC address table. mac address-table static drop Enables unicast MAC address filtering and configures the switch to drop traffic with a specific source or destination MAC address. show mac address-table address Displays MAC address table information for the specified MAC address.
  • Page 719: Show Mac Address-Table Vlan

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mac address-table vlan 1 command: Switch>...
  • Page 720 Displays MAC address table information for the specified MAC address. show mac address-table aging-time Displays the aging time in all VLANs or the specified VLAN. show mac address-table count Displays the number of addresses present in all VLANs or the specified VLAN.
  • Page 721: Show Macsec

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is sample output of the show macsec interface command when there is no MACsec session...
  • Page 722 Ingress noSCI pkts 0 Unused pkts 0 Notusing pkts 0 Decrypt bytes 80914 Ingress miss pkts 1492 This is sample output of the show macsec summary command to see all established MACsec sessions: Switch# show macsec summary Interface Transmit SC Receive SC...
  • Page 723: Show Mka Default-Policy

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is sample output of the show mka default-policy command: Switch# show mka default-policy MKA Policy Summary...
  • Page 724 Policy-Name The name of the policy used at session start to set initial configuration values. Key Svr Status The key server: has value ‘Y’ for YES if the MKA session is the key server, otherwise, ‘N’ for NO. Audit-Session-ID The session ID.
  • Page 725: Show Mka Policy

    To display a summary of all defined MACsec Key Agreement (MKA) protocol policies, including the MKA default policy, or to display a summary of a specified policy, use the show mka policy privileged EXEC command. show mka policy [policy-name [sessions] [detail]][ | {begin | exclude | include} expression]...
  • Page 726 The set value of the priority for becoming the key server (KS). The range is 0 to 255, with 0 as the highest priority and 255 as the lowest priority. A value of 0 means that the switch should always try to act as the key server, while a value of 255 means that it should never try to act as the server.
  • Page 727 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mka policy Related Commands Command Description mka policy (global Creates an MKA policy and enters MKA policy configuration mode. configuration) mka policy (interface Applies an MKA policy to the interface. configuration) Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 728: Show Mka Session

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is sample output of the show mka session command: Switch# show mka session Total MKA Sessions..
  • Page 729 The MAC address of the physical interface concatenated with the 16-bit Port-ID. Key Server Status The key server: has value ‘Y’ for YES if the MKA session is the key server, otherwise, ‘N’ for NO. Connectivity association key (CAK) name...
  • Page 730 --------------------------------------------------------- DA296D3E62E0961234BF39A6 001b.2140.ec4c/0000 Potential Peers List: Rx-SCI (Peer) --------------------------------------------------------- This is sample output of the show mka session interface command: Switch# show mka session interface gigabitethernet1/0/25 Summary of All Currently Active MKA Sessions on Interface GigabitEthernet1/0/25. Interface Peer-RxSCI Policy-Name Audit-Session-ID...
  • Page 731: Show Mka Statistics

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of the show mka statistics command output:...
  • Page 732 Pairwise secure connectivity association keys (CAKs) derived through EAP authentication. Pairwise CAK Rekeys Pairwise CAK rekeys after reauthentication. Group CAKs Generated Generated group CAKs while acting as a key server in a group CA. Catalyst 3750-X and 3560-X Switch Command Reference 2-700 OL-21522-02...
  • Page 733 Global Statistics Output Fields (continued) Field Description Group CAKs Received Received group CAKs while acting as a nonkey server member in a group SAK Rekeys Secure association key (SAK) rekeys that have been initiated as key servers or received as nonkey server members.
  • Page 734: Show Mka Summary

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output are not displayed, but the lines that contain Output are displayed. Examples This is an example of the show mka summary command output: Switch# show mka summary Summary of All Currently Active MKA Sessions...
  • Page 735 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mka summary SAKs Generated... 61 SAKs Rekeyed..... 54 SAKs Received.... 0 SAK Responses Received... 59 MKPDU Statistics MKPDUs Validated & Rx..75774 "Distributed SAK"..0 "Distributed CAK"..0 MKPDUs Transmitted..75049 "Distributed SAK"..
  • Page 736 Output Fields Field Description Group CAKs Generated Generated group CAKs while acting as a key server in a group CA. Group CAKs Received Received group CAKs while acting as a nonkey server member in a group SAK Rekeys Secure association key (SAK) rekeys that have been initiated as key servers or received as a non-key server members.
  • Page 737: Show Mls Qos

    Output appear. Examples This is an example of output from the show mls qos command when QoS is enabled and Differentiated Services Code Point (DSCP) transparency is disabled: Switch> show mls qos...
  • Page 738: Show Mls Qos Aggregate-Policer

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mls qos aggregate-policer command: Switch>...
  • Page 739: Show Mls Qos Input-Queue

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mls qos input-queue command: Switch>...
  • Page 740 Allocates the buffers between the ingress queues. mls qos srr-queue input cos-map Maps assigned class of service (CoS) values to an ingress queue and assigns CoS values to a queue and to a threshold mls qos srr-queue input dscp-map Maps assigned Differentiated Services Code Point (DSCP) values to an ingress queue and assigns DSCP values to a queue and to a threshold ID.
  • Page 741: Show Mls Qos Interface

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show mls qos interface interface-id command when VLAN-based QoS is enabled: Switch>...
  • Page 742 DSCP Mutation Map:Default DSCP Mutation Map Trust device:none qos mode:vlan-based This is an example of output from the show mls qos interface interface-id command when VLAN-based QoS is disabled: Switch> show mls qos interface gigabitethernet1/0/2 GigabitEthernet1/0/2...
  • Page 743 Allocates the buffers between the ingress queues. mls qos srr-queue input cos-map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue input dscp-map Maps DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID.
  • Page 744 Assigns WTD threshold percentages to an ingress queue. mls qos srr-queue output cos-map Maps CoS values to an egress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue output dscp-map Maps DSCP values to an egress queue or maps DSCP values to a queue and to a threshold ID.
  • Page 745: Show Mls Qos Maps

    DSCP. The d2 row specifies the least-significant digit in the DSCP. The intersection of the d1 and d2 values provides the policed-DSCP, the CoS, or the mutated-DSCP value. For example, in the DSCP-to-CoS map, a DSCP value of 43 corresponds to a CoS value of 5.
  • Page 746 DSCP number. The intersection of the d1 and the d2 values provides the queue ID and threshold ID. For example, in the DSCP input queue threshold map, a DSCP value of 43 corresponds to queue 2 and threshold 1 (02-01).
  • Page 747 DSCP-to-DSCP-mutation map, IP-precedence-to-DSCP map, and the policed-DSCP map. mls qos srr-queue input cos-map Maps CoS values to an ingress queue or maps CoS values to a queue and to a threshold ID. mls qos srr-queue input dscp-map Maps DSCP values to an ingress queue or maps DSCP values to a queue and to a threshold ID.
  • Page 748: Show Mls Qos Queue-Set

    Use the show mls qos queue-set user EXEC command to display quality of service (QoS) settings for the egress queues. show mls qos queue-set [qset-id] [ | {begin | exclude | include} expression]...
  • Page 749 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mls qos queue-set Related Commands Command Description mls qos queue-set output buffers Allocates buffers to the queue-set. mls qos queue-set output threshold Configures the weighted tail-drop (WTD) thresholds, guarantees the availability of buffers, and configures the maximum memory allocation of the queue-set.
  • Page 750: Show Mls Qos Vlan

    Use the show mls qos vlan user EXEC command to display the policy maps attached to a switch virtual interface (SVI). show mls qos vlan vlan-id [ | {begin | exclude | include} expression]...
  • Page 751: Show Monitor

    (SPAN) and Remote SPAN (RSPAN) sessions on the switch. Use the command with keywords to show a specific session, all sessions, all local sessions, or all remote sessions. show monitor [session {session_number | all | local | range list | remote} [detail]] [ | {begin | exclude | include} expression]...
  • Page 752 Both : Gi4/0/2-3,Gi4/0/5-6 Destination Ports : Gi4/0/20 Encapsulation : Replicate Ingress : Disabled This is an example of output for the show monitor session all user EXEC command when ingress traffic forwarding is enabled: Switch# show monitor session all Session 1...
  • Page 753: Show Mvr

    MVR Global query response time: 5 (tenths of sec) MVR Mode: compatible In the preceding display, the maximum number of multicast groups is fixed at 256. The MVR mode is either compatible (for interoperability with Catalyst 2900 XL and Catalyst 3500 XL switches) or dynamic (where operation is consistent with IGMP snooping operation and dynamic MVR membership on source ports is supported).
  • Page 754 Displays all ports that are members of an MVR multicast group or, if there are no members, means the group is inactive. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 755: Show Mvr Interface

    This command was introduced. Usage Guidelines If the entered port identification is a non-MVR port or a source port, the command returns an error message. For receiver ports, it displays the port type, per port status, and Immediate-Leave setting. If you enter the members keyword, all MVR group members on the interface appear. If you enter a VLAN ID, all MVR group members in the VLAN appear.
  • Page 756 Inactive means that the port is not yet part of any VLAN. • This is an example of output from the show mvr interface command for a specified port: Switch# show mvr interface gigabitethernet1/0/2 Type: RECEIVER Status: ACTIVE Immediate Leave: DISABLED...
  • Page 757: Show Mvr Members

    Use the show mvr members privileged EXEC command to display all receiver and source ports that are currently members of an IP multicast group. show mvr members [ip-address] [ | {begin | exclude | include} expression]...
  • Page 758 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show mvr members This is an example of output from the show mvr members ip-address command. It displays the members of the IP multicast group with that address: Switch# show mvr members 239.255.0.2 239.255.003.--22...
  • Page 759: Show Network-Policy Profile

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show network-policy profile show network-policy profile Use the show network policy profile privileged EXEC command to display the network-policy profiles. show network-policy profile [profile number] [detail] [ | {begin | exclude | include} expression] Syntax Description profile (Optional) Display the network-policy profile number.
  • Page 760: Show Nmsp

    Use the show nmsp privileged EXEC command to display the Network Mobility Services Protocol (NMSP) information for the switch. show nmsp {attachment suppress interface | capability | notification interval | statistics {connection | summary} | status | subscription {detail | summary}} [ | {begin | exclude | include} expression] Syntax Description attachment suppress Display attachment suppress interfaces.
  • Page 761 NMSP Notification Intervals ---------------------------------- Attachment notify interval: 30 sec (default) Location notify interval: 30 sec (default) This is an example of output from the show nmsp statistics connection and show nmsp statistics summary commands: Switch# show nmsp statistics connection NMSP Connection Counters...
  • Page 762 TxEchoResp RxEchoReq TxData RxData 172.19.35.109 5 5 4 4 This is an example of output from the show nmsp show subscription detail and the show nmsp show subscription summary commands: Switch# show nmsp subscription detail Mobility Services Subscribed by 172.19.35.109:...
  • Page 763: Show Pagp

    You can enter any show pagp command to display the active channel-group information. To display the nonactive information, enter the show pagp command with a channel-group number. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output are appear.
  • Page 764 Gi3/0/3 Gi1/0/2 Switch Gi3/0/4 <output truncated> This is an example of output from the show pagp 1 internal command: Switch> show pagp 1 internal Flags: S - Device is sending Slow hello. C - Device is in Consistent state. A - Device is in Auto mode.
  • Page 765: Show Policy-Map

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show policy-map command: Switch>...
  • Page 766: Show Port-Security

    If you enter the vlan keyword, the command displays the configured maximum and the current number of secure MAC addresses for all VLANs on the interface. This option is visible only on interfaces that have the switchport mode set to trunk.
  • Page 767 ---- ----- ------------- 0006.0700.0800 SecureConfigured Gi1/0/2 ------------------------------------------------------------------- Total Addresses: 1 This is an example of output from the show port-security interface interface-id vlan command: Switch# show port-security interface gigabitethernet1/0/2 vlan Default maximum:not set, using 5120 VLAN Maximum Current default default...
  • Page 768 Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface. switchport port-security Enables port security on a port, restricts the use of the port to a user-defined group of stations, and configures secure MAC addresses.
  • Page 769: Show Power Inline

    Use the show power inline user EXEC command to display the Power over Ethernet (PoE) status for the specified PoE port, the specified stack member, or for all PoE ports in the switch stack.
  • Page 770 Gi3/0/11 auto 30.0 Gi3/0/12 auto 30.0 <output truncated> This is an example of output from the show power inline interface-id command on a switch port. Table 2-46 describes the output fields. Switch> show power inline gigabitethernet0/5 Interface Admin Oper Power...
  • Page 771 IEEE classification, which is different than the real-time power that is monitored with the power sensing feature. The configured power values on a Catalyst 3750-E or 3560-E switch is the same as the actual power values on a Catalyst 3750 or 3560 switch.
  • Page 772 • message. The Gi1/0/3 port is shut down, but policing is enabled with a policing action is to shut down the port. • Device detection is disabled on the Gi1/0/4 port, power is not applied to the port, and policing is •...
  • Page 773 • The Gi1/0/12 port is up and connected to a powered device, and policing is enabled with a policing action to shut down the port. The policing action does not take effect because the real-time power consumption is less than the cutoff value.
  • Page 774 The real-time power consumption of the powered device. 1. The configured power is the power that you manually specify or that the switch specifies by using CDP power negotiation or the IEEE classification, which is different than the real-time power that is monitored with the power sensing feature. The configured power values on a Catalyst 3750-X, Catalyst 3750-E, Catalyst 3650-X, or Catalyst 3560-E switch is the same as the actual power values on a Catalyst 3750 or 3560 switch.
  • Page 775: Show Sdm Prefer

    When you change the SDM template by using the sdm prefer global configuration command, you must reload the switch for the configuration to take effect. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.
  • Page 776 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show sdm prefer Examples This is an example of output from the show sdm prefer command, displaying the template in use. Note On switches running the LAN base feature set, routing values shown in all templates are not valid.
  • Page 777 IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: This is an example of output from the show sdm prefer command when you have configured a new template but have not reloaded the switch: Switch# show sdm prefer The current template is "desktop routing"...
  • Page 778: Show Setup Express

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show setup express show setup express Use the show setup express privileged EXEC command to display if Express Setup mode is active on the switch. show setup express [ | {begin | exclude | include} expression]...
  • Page 779: Show Spanning-Tree

    {vlan vlan-id | bridge-group} root [address | cost | detail | forward-time | hello-time | id | max-age | port | priority [system-id] [ | {begin | exclude | include} expression] show spanning-tree interface interface-id [active [detail] | cost | detail [active] | inconsistency |...
  • Page 780 ID, a range of IDs • separated by a hyphen, or a series of IDs separated by a comma. The range is 1 to 4094. The display shows the number of currently configured instances.
  • Page 781 If the vlan-id variable is omitted, the command applies to the spanning-tree instance for all VLANs. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 782 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 0, received 72364 <output truncated> This is an example of output from the show spanning-tree interface interface-id command: Switch# show spanning-tree interface gigabitethernet2/0/1 Vlan Role Sts Cost Prio.Nbr Type...
  • Page 783 Vlans Mapped -------- ------------------ 1-9,21-4094 10-20 ---------------------------- This is an example of output from the show spanning-tree mst interface interface-id command: Switch# show spanning-tree mst interface gigabitethernet2/0/1 GigabitEthernet2/0/1 of MST00 is root forwarding Edge port: no (default) port guard : none...
  • Page 784 Enables the Port Fast feature on an interface and all its configuration) associated VLANs. spanning-tree uplinkfast Accelerates the choice of a new root port when a link or switch fails or when the spanning tree reconfigures itself. spanning-tree vlan Configures spanning tree on a per-VLAN basis.
  • Page 785: Show Stack-Power

    To display the members of all StackPower stacks or the specified power stack and the power mode of the stack, use the show stack-power user EXEC command. show stack power [stack-id] [ | {begin | exclude | include} expression]...
  • Page 786 Configures the power management mode for the specified PoE port or for all PoE ports. stack-power Configures power stack parameters. show power inline Displays the power parameters for the specified PoE port or for all PoE ports. Catalyst 3750-X and 3560-X Switch Command Reference 2-754 OL-21522-02...
  • Page 787: Show Storm-Control

    When you enter an interface-id, the storm control thresholds appear for the specified interface. If you do not enter an interface-id, settings appear for one traffic type for all ports on the switch. If you do not enter a traffic type, settings appear for broadcast storm control.
  • Page 788 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show storm-control This is an example of output from the show storm-control command for a specified interface. Because no traffic-type keyword was entered, the broadcast storm control settings appear. Switch> show storm-control gigabitethernet 1/0/1...
  • Page 789: Show Switch

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show switch show switch Use the show switch user EXEC command to display information related to the stack member or the switch stack. show switch [stack-member-number | detail | neighbors | stack-ports [summary]| stack-ring activity [detail] | speed] [ | {begin | exclude | include} expression] This command is supported only on Catalyst 3750-X switches.
  • Page 790 Provisioned—The state of a preconfigured switch before it becomes an active member of a switch • stack, or the state of a stack member after it has left the switch stack. The MAC address and the priority number in the display are always 0 for the provisioned switch.
  • Page 791 Switch> show switch stack-ports Switch # Port A Port B -------- ------ ------ Down Down Table 2-49 shows the output for the show switch stack-ports summary command. Switch> show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync Port#...
  • Page 792 Yes—None of the stack ports on the member • has an attached stack cable. This example shows how to display detailed stack-ring activity information for a switch stack: Switch> show switch stack-ring activity detail Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 793 --------------------------- Switch 2 Total: 2213466 ------------------------------------------------------------------------- Total frames sent to stack ring : 5818507 Note: these counts do not include frames sent to the ring by certain output features, such as output SPAN and output ACLs. Related Commands Command Description reload Reloads the stack member and puts a configuration change into effect.
  • Page 794: Show System Mtu

    This command was introduced. Usage Guidelines If you have used the system mtu or system mtu jumbo global configuration command to change the MTU setting, the new setting does not take effect until you reset the switch. For information about the MTU values and the stack configurations that affect the MTU values, see the system mtu command.
  • Page 795: Show Udld

    If you do not enter an interface-id, administrative and operational UDLD status for all interfaces appear. Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear.
  • Page 796 UDLD-capable, no cache entries appear. Device name The device name or the system serial number of the neighbor. The system serial number appears if the device name is not set or is set to the default (Switch). Port ID The neighbor port ID enabled for UDLD.
  • Page 797 Enables UDLD on an individual interface or prevents a fiber-optic interface from being enabled by the udld global configuration command. udld reset Resets all interfaces shutdown by UDLD and permits traffic to begin passing through them again. Catalyst 3750-X and 3560-X Switch Command Reference 2-765...
  • Page 798: Show Version

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show version command that shows the software licenses installed on the switch.
  • Page 799 If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
  • Page 800: Show Vlan

    VLAN (if the VLAN ID or name is specified) on the switch. show vlan [brief | dot1q tag native | id vlan-id | internal usage | mtu | name vlan-name | private-vlan [type] | remote-span | summary] [ | {begin | exclude | include} expression]...
  • Page 801 VLAN have the same MTU. When yes appears in this column, it means that the VLAN has ports with different MTUs, and packets that are switched from a port with a larger MTU to a port with a smaller MTU might be dropped. If the VLAN does not have an SVI, the hyphen (-) symbol appears in the SVI_MTU column.
  • Page 802 VLAN ID, the secondary VLAN ID, the type of secondary VLAN (community or isolated), and the ports that belong to it. This is an example of output from the show vlan dot1q tag native command: Switch> show vlan dot1q tag native...
  • Page 803 1026 are being used as internal VLANs for Gigabit Ethernet routed ports 23 and 24 on stack member 1. If you want to use one of these VLAN IDs, you must first shut down the routed port, which releases the internal VLAN, and then create the extended-range VLAN. When you start up the routed port, another internal VLAN number is assigned to it.
  • Page 804 Related Commands Command Description private-vlan Configures a VLAN as a community, isolated, or primary VLAN or associates a primary VLAN with secondary VLANs. switchport mode Configures the VLAN membership mode of a port. vlan (global Enables VLAN configuration mode where you can configure VLANs 1 to configuration) 4094.
  • Page 805: Show Vlan Access-Map

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vlan access-map command: Switch# show vlan access-map Vlan access-map "SecWiz"...
  • Page 806: Show Vlan Filter

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vlan filter command:...
  • Page 807: Show Vmps

    12.2(53)SE2 This command was introduced. Usage Guidelines Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain output do not appear, but the lines that contain Output appear. Examples This is an example of output from the show vmps command: Switch>...
  • Page 808 This response means that the server and the client have not been configured with the same VTP management domain. VQP Wrong Version Number of times the version field in the query packet contains a value that is higher than the version supported by the VMPS. The VLAN assignment of the port is not changed.
  • Page 809: Show Vtp

    This command was introduced. Usage Guidelines When you enter the show vtp password command when the switch is running VTP version 3, the display follows these rules: If the password password global configuration command did not specify the hidden keyword and •...
  • Page 810 Conflict that the responding server is in conflict with the local server for the feature; that is, when two switches in the same domain do not have the same primary server for a database. Switch# show vtp devices Retrieving information from the VTP domain.
  • Page 811 Revision errors increment whenever the switch receives an advertisement whose revision number matches the revision number of the switch, but the MD5 digest values do not match. This error means that the VTP password in the two switches is different or that the switches have different configurations.
  • Page 812 Displays the date and time of the last configuration modification. Displays the IP address of the Modified switch that caused the configuration change to the database. This is an example of output from the show vtp status command for a switch running VTP version 3. . Switch> show vtp status VTP Version capable...
  • Page 813 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Feature UNKNOWN: -------------- Related Commands Command Description clear vtp counters Clears the VTP and pruning counters. vtp (global configuration) Configures the VTP filename, interface name, domain name, and mode. Catalyst 3750-X and 3560-X Switch Command Reference 2-781 OL-21522-02...
  • Page 814 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands show vtp Catalyst 3750-X and 3560-X Switch Command Reference 2-782 OL-21522-02...
  • Page 815: Shutdown

    The no shutdown command has no effect if the port is a static-access port assigned to a VLAN that has been deleted, suspended, or shut down. The port must first be a member of an active VLAN before it can be re-enabled.
  • Page 816: Shutdown Vlan

    Use the shutdown vlan global configuration command on the switch stack or on a standalone switch to shut down (suspend) local traffic on the specified VLAN. Use the no form of this command to restart local traffic on the VLAN.
  • Page 817: Small-Frame Violation Rate

    (threshold) for an interface to be error disabled when it receives VLAN-tagged packets that are small frames (67 bytes or less) at the specified rate. Use the no form of this command to return to the default setting.
  • Page 818 Related Commands Command Description errdisable detect cause small-frame Allows any switch port to be put into the error-disabled state if an incoming frame is smaller than the minimum size and arrives at the specified rate (threshold). errdisable recovery cause Enables the recovery timer.
  • Page 819: Snmp-Server Enable Traps

    Use the snmp-server enable traps global configuration command on the switch stack or on a standalone switch to enable the switch to send Simple Network Management Protocol (SNMP) notifications for various traps or inform requests to the network management system (NMS). Use the no form of this command to return to the default setting.
  • Page 820 (Optional) Generate entity field-replaceable unit (FRU) control traps. In a switch stack, this trap refers to the insertion or removal of a switch in the stack. hsrp (Optional) Enable Hot Standby Router Protocol (HSRP) traps.
  • Page 821 (Optional) Enable port security traps. Use the trap-rate keyword to set the [trap-rate value] maximum number of port-security traps sent per second. The range is from 0 to 1000; the default is 0 (no limit imposed; a trap is sent at every occurrence). power-ethernet {group (Optional) Enable power-over-Ethernet traps.
  • Page 822 When supported, use the snmp-server enable traps command to enable sending of traps or informs. Informs are not supported in SNMPv1. Note To enable more than one type of trap, you must enter a separate snmp-server enable traps command for each trap type. Examples...
  • Page 823 Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_command _reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. snmp-server host Specifies the host that receives SNMP traps.
  • Page 824: Snmp-Server Host

    [informs | traps] [version {1 | 2c | 3 {auth | noauth| priv}] [vrf vrf-instance] {community-string [notification-type]} no snmp-server host host-addr [informs | traps] [version {1 | 2c | 3 {auth | noauth | priv}] [vrf vrf-instance] community-string...
  • Page 825 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands snmp-server host notification-type (Optional) Type of notification to be sent to the host. If no type is specified, all notifications are sent. The notification type can be one or more of the these keywords: bgp—Send Border Gateway Protocol (BGP) state change traps.
  • Page 826 Defaults This command is disabled by default. No notifications are sent. If you enter this command with no keywords, the default is to send all trap types to the host. No informs are sent to this host. If no version keyword is present, the default is Version 1.
  • Page 827 The community string is defined as comaccess: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com comaccess snmp This example shows how to enable the switch to send all traps to the host myhost.cisco.com by using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
  • Page 828: Snmp Trap Mac-Notification Change

    Use the snmp trap mac-notification change interface configuration command on the switch stack or on a standalone switch to enable the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific Layer 2 interface. Use the no form of this command to return to the default setting.
  • Page 829 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands snmp trap mac-notification change Related Commands Command Description clear mac address-table notification Clears the MAC address notification global counters. mac address-table notification Enables the MAC address notification feature. show mac address-table notification...
  • Page 830: Spanning-Tree Backbonefast

    An inferior BPDU identifies a switch that declares itself as both the root bridge and the designated switch. When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated switch has lost its connection to the root switch.
  • Page 831: Spanning-Tree Bpdufilter

    You can enable the BPDU filtering feature when the switch is operating in the per-VLAN spanning-tree plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode. Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in Caution spanning-tree loops.
  • Page 832 Port Fast-enabled interface or enables the Port Fast feature on all nontrunking interfaces. spanning-tree portfast (interface Enables the Port Fast feature on an interface and all its associated configuration) VLANs. Catalyst 3750-X and 3560-X Switch Command Reference 2-800...
  • Page 833: Spanning-Tree Bpduguard

    Use the spanning-tree bpduguard interface configuration command on the switch stack or on a standalone switch to put an interface in the error-disabled state when it receives a bridge protocol data unit (BPDU). Use the no form of this command to return to the default setting.
  • Page 834 Port Fast-enabled interfaces or enables the Port Fast feature on all nontrunking interfaces. spanning-tree portfast (interface Enables the Port Fast feature on an interface and all its associated configuration) VLANs. Catalyst 3750-X and 3560-X Switch Command Reference 2-802...
  • Page 835: Spanning-Tree Cost

    If a loop occurs, spanning tree considers the path cost when selecting an interface to place in the forwarding state. Use the no form of this command to return to the default setting.
  • Page 836 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree cost Related Commands Command Description show spanning-tree interface Displays spanning-tree information for the specified interface. interface-id spanning-tree port-priority Configures an interface priority. spanning-tree vlan priority Sets the switch priority for the specified spanning-tree instance.
  • Page 837: Spanning-Tree Etherchannel Guard Misconfig

    EXEC command on the remote device. When a port is in the error-disabled state because of an EtherChannel misconfiguration, you can bring it out of this state by entering the errdisable recovery cause channel-misconfig global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands.
  • Page 838 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree etherchannel guard misconfig Related Commands Command Description errdisable recovery cause Enables the timer to recover from the EtherChannel channel-misconfig misconfiguration error-disabled state. show etherchannel summary Displays EtherChannel information for a channel as a one-line summary per channel-group.
  • Page 839: Spanning-Tree Extend System-Id

    ID unique for each VLAN or multiple spanning-tree instance. Because the switch stack appears as a single switch to the rest of the network, all switches in the stack use the same bridge ID for a given spanning tree. If the stack master fails, the stack members recalculate their bridge IDs of all running spanning trees based on the new MAC address of the stack master.
  • Page 840 Command Description show spanning-tree summary Displays a summary of spanning-tree interface states. spanning-tree mst root Configures the MST root switch priority and timers based on the network diameter. spanning-tree vlan priority Sets the switch priority for the specified spanning-tree instance.
  • Page 841: Spanning-Tree Guard

    (blocked) state to prevent the customer’s switch from becoming the root switch or being in the path to the root. The root port provides the best path from the switch to the root switch.
  • Page 842 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree guard Loop guard is most effective when it is configured on the entire switched network. When the switch is operating in PVST+ or rapid-PVST+ mode, loop guard prevents alternate and root ports from becoming designated ports, and spanning tree does not send bridge protocol data units (BPDUs) on root or alternate ports.
  • Page 843: Spanning-Tree Link-Type

    Multiple Spanning Tree Protocol (MSTP) or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol and be enabled for rapid transitions. Examples This example shows how to specify the link type as shared (regardless of the duplex setting) and to prevent rapid transitions to the forwarding state: Switch(config-if)# spanning-tree link-type shared You can verify your setting by entering the show spanning-tree mst interface interface-id or the show spanning-tree interface interface-id privileged EXEC command.
  • Page 844 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree link-type Related Commands Command Description clear spanning-tree detected-protocols Restarts the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface. show spanning-tree interface...
  • Page 845: Spanning-Tree Loopguard Default

    Use the spanning-tree loopguard default global configuration command on the switch stack or on a standalone switch to prevent alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link. Use the no form of this command to return to the default setting. spanning-tree loopguard default...
  • Page 846 Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command. spanning-tree guard loop Enables the loop guard feature on all the VLANs associated with the specified interface. Catalyst 3750-X and 3560-X Switch Command Reference 2-814 OL-21522-02...
  • Page 847: Spanning-Tree Mode

    This command was introduced. Usage Guidelines The switch supports PVST+, rapid PVST+, and MSTP, but only one version can be active at any time: All VLANs run PVST+, all VLANs run rapid PVST+, or all VLANs run MSTP. All stack members run the same version of spanning-tree.
  • Page 848 Command Description show running-config Displays the operating configuration. For syntax information, use this link to the Cisco IOS Release 12.2 Command Reference listing page: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_comm and_reference_list.html Select the Cisco IOS Commands Master List, Release 12.2 to navigate to the command.
  • Page 849: Spanning-Tree Mst Configuration

    VLANs to an MST instance. The range for the • instance-id is 1 to 4094. The range for vlan-range is 1 to 4094. You can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma.
  • Page 850 VLANs that were previously mapped. To specify a range, use a hyphen; for example, instance 1 vlan 1-63 maps VLANs 1 to 63 to MST instance 1. To specify a series, use a comma; for example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1.
  • Page 851: Spanning-Tree Mst Cost

    (MST) calculations. If a loop occurs, spanning tree considers the path cost when selecting an interface to put in the forwarding state. Use the no form of this command to return to the default setting.
  • Page 852 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree mst cost Related Commands Command Description show spanning-tree Displays MST information for the specified interface. interface interface-id spanning-tree mst Configures an interface priority. port-priority spanning-tree mst priority Configures the switch priority for the specified spanning-tree instance.
  • Page 853: Spanning-Tree Mst Forward-Time

    Changing the spanning-tree mst forward-time command affects all spanning-tree instances. Examples This example shows how to set the spanning-tree forwarding time to 18 seconds for all MST instances: Switch(config)# spanning-tree mst forward-time 18 You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
  • Page 854: Spanning-Tree Mst Hello-Time

    The max-age setting must be greater than the hello-time setting. Changing the spanning-tree mst hello-time command affects all spanning-tree instances. Examples This example shows how to set the spanning-tree hello time to 3 seconds for all multiple spanning-tree (MST) instances: Switch(config)# spanning-tree mst hello-time 3 You can verify your setting by entering the show spanning-tree mst privileged EXEC command.
  • Page 855: Spanning-Tree Mst Max-Age

    If a switch does not receive a bridge protocol data unit (BPDU) message from the root switch within this interval, it recomputes the spanning-tree topology. Use the no form of this command to return to the default setting.
  • Page 856: Spanning-Tree Mst Max-Hops

    Usage Guidelines The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a switch receives this BPDU, it decrements the received remaining hop count by one and propagates the decremented count as the remaining hop count in the generated M-records.
  • Page 857: Spanning-Tree Mst Port-Priority

    If a loop occurs, the Multiple Spanning Tree Protocol (MSTP) can find the interface to put in the forwarding state. Use the no form of this command to return to the default setting.
  • Page 858 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree mst port-priority Related Commands Command Description show spanning-tree mst interface Displays MST information for the specified interface. interface-id spanning-tree mst cost Sets the path cost for MST calculations. spanning-tree mst priority Sets the switch priority for the specified spanning-tree instance.
  • Page 859: Spanning-Tree Mst Pre-Standard

    The port can accept both prestandard and standard BPDUs. If the neighbor types are mismatched, only the common and internal spanning tree (CIST) runs on this interface. If a switch port is connected to a switch running prestandard Cisco IOS software, you must use the Note spanning-tree mst pre-standard interface configuration command on the port.
  • Page 860: Spanning-Tree Mst Priority

    Use the spanning-tree mst priority global configuration command on the switch stack or on a standalone switch to set the switch priority for the specified spanning-tree instance. Use the no form of this command to return to the default setting.
  • Page 861: Spanning-Tree Mst Root

    Because of the extended system ID support, the switch sets the switch priority for the instance to 24576 if this value will cause this switch to become the root for the specified instance. If any root switch for the specified instance has a switch priority lower than 24576, the switch sets its own priority to 4096 less than the lowest switch priority.
  • Page 862 ID, the software changes the switch priority from the default value (32768) to 28672. If the root switch fails, this switch becomes the next root switch (if the other switches in the network use the default switch priority of 32768 and are therefore unlikely to become the root switch).
  • Page 863: Spanning-Tree Port-Priority

    If the variable vlan-id is omitted, the command applies to the spanning-tree instance associated with VLAN 1. You can set the priority on a VLAN that has no interfaces assigned to it. The setting takes effect when you assign the interface to the VLAN.
  • Page 864 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree port-priority Examples This example shows how to increase the likelihood that a port will be put in the forwarding state if a loop occurs: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# spanning-tree vlan 20 port-priority 0...
  • Page 865: Spanning-Tree Portfast (Global Configuration)

    Port Fast feature is enabled, the interface changes directly from a blocking state to a forwarding state without making the intermediate spanning-tree state changes. Defaults The BPDU filtering, the BPDU guard, and the Port Fast features are disabled on all interfaces unless they are individually configured. Command Modes Global configuration...
  • Page 866 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree portfast (global configuration) Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in Caution spanning-tree loops. Use the spanning-tree portfast bpduguard default global configuration command to globally enable BPDU guard on interfaces that are in a Port Fast-operational state.
  • Page 867 Description spanning-tree bpduguard Puts an interface in the error-disabled state when it receives a BPDU. spanning-tree portfast (interface Enables the Port Fast feature on an interface in all its associated configuration) VLANs. Catalyst 3750-X and 3560-X Switch Command Reference 2-835...
  • Page 868: Spanning-Tree Portfast (Interface Configuration)

    Use the spanning-tree portfast interface configuration command on the switch stack or on a standalone switch to enable the Port Fast feature on an interface in all its associated VLANs. When the Port Fast feature is enabled, the interface changes directly from a blocking state to a forwarding state without making the intermediate spanning-tree state changes.
  • Page 869 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands spanning-tree portfast (interface configuration) Examples This example shows how to enable the Port Fast feature on a port: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# spanning-tree portfast You can verify your settings by entering the show running-config privileged EXEC command.
  • Page 870: Spanning-Tree Transmit Hold-Count

    Use the spanning-tree transmit hold-count global configuration command to configure the number of bridge protocol data units (BPDUs) sent every second. Use the no form of this command to return to the default setting. spanning-tree transmit hold-count [value]...
  • Page 871: Spanning-Tree Uplinkfast

    Use the spanning-tree uplinkfast global configuration command on the switch stack or on a standalone switch to accelerate the choice of a new root port when a link or switch fails or when the spanning tree reconfigures itself. Use the no form of this command to return to the default setting.
  • Page 872 Do not enable the root guard on interfaces that will be used by the UplinkFast feature. With UplinkFast, the backup interfaces (in the blocked state) replace the root port in the case of a failure. However, if root guard is also enabled, all the backup interfaces used by the UplinkFast feature are placed in the root-inconsistent state (blocked) and prevented from reaching the forwarding state.
  • Page 873: Spanning-Tree Vlan

    Use the spanning-tree vlan global configuration command on the switch stack or on a standalone switch to configure spanning tree on a per-VLAN basis. Use the no form of this command to return to the default setting. spanning-tree vlan vlan-id [forward-time seconds | hello-time seconds | max-age seconds |...
  • Page 874 The VLAN does not detect and prevent loops when STP is disabled. You can disable the STP on a VLAN that is not currently active and verify the change by using the show running-config or the show spanning-tree vlan vlan-id privileged EXEC command. The setting takes effect when the VLAN is activated.
  • Page 875 You can verify your setting by entering the show spanning-tree privileged EXEC command. In this instance, VLAN 5 does not appear in the list. This example shows how to set the spanning-tree forwarding time to 18 seconds for VLANs 20 and 25: Switch(config)# spanning-tree vlan 20,25 forward-time 18...
  • Page 876: Speed

    If the speed is set to auto, the switch negotiates with the device at the other end of the link for the speed setting and then forces the speed setting to the negotiated value. The duplex setting remains as configured on each end of the link, which could result in a duplex setting mismatch.
  • Page 877 This example shows how to set a port to autonegotiate at only 10 Mb/s: Switch(config)# interface gigabitethernet1/0/118 Switch(config-if)# speed auto 10 This example shows how to set a port to autonegotiate at only 10 or 100 Mb/s: Switch(config)# interface gigabitethernet1/0/117 Switch(config-if)# speed auto 10 100 You can verify your settings by entering the show interfaces privileged EXEC command.
  • Page 878: Srr-Queue Bandwidth Limit

    Usage Guidelines If you configure this command to 80 percent, the port is idle 20 percent of the time. The line rate drops to 80 percent of the connected speed. These values are not exact because the hardware adjusts the line rate in increments of six.
  • Page 879 CoS values to a queue and to a threshold ID. mls qos srr-queue output dscp-map Maps Differentiated Services Code Point (DSCP) values to an egress queue or maps DSCP values to a queue and to a threshold ID. mls qos queue-set output threshold...
  • Page 880: Srr-Queue Bandwidth Shape

    (1/weight) specifies the shaping bandwidth for this queue. Separate each value with a space. The range is 0 to 65535. Defaults Weight1 is set to 25. Weight2, weight3, and weight4 are set to 0, and these queues are in shared mode. Command Modes Interface configuration...
  • Page 881 1 is 1/8, which is 12.5 percent. Queue 1 is guaranteed this bandwidth and limited to it; it does not extend its slot to the other queues even if the other queues have no traffic and are idle. Queues 2, 3, and 4 are in shared mode, and the setting for queue 1 is ignored.
  • Page 882: Srr-Queue Bandwidth Share

    The ratio of the weights is the ratio of frequency in which the shaped round robin (SRR) scheduler dequeues packets from each queue. Use the no form of this command to return to the default setting.
  • Page 883 2/(1+2+3+4), 3/(1+2+3+4), and 4/(1+2+3+4), which is 10 percent, 20 percent, 30 percent, and 40 percent for queues 1, 2, 3, and 4. This means that queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3.
  • Page 884: Stack-Mac Persistent Timer

    During that time, if the previous stack master rejoins the stack as a stack member, the stack retains its MAC address for as long as the switch that has that MAC address is in the stack. If the previous stack master does not rejoin the stack, the switch stack takes the MAC address of the new stack master as the stack MAC address.
  • Page 885 Examples This examples shows how to enable persistent MAC address: Switch(config)# stack-mac persistent timer You can verify your settings by entering the show running-config privileged EXEC command. If enabled, stack-mac persistent timer is shown in the output. Related Commands Command...
  • Page 886: Stack-Power

    To configure StackPower parameters for the power stack or for a switch in the power stack, use the stack power global configuration command. To return to the default setting, use the no form of the command, stack-power {stack power stack name | switch switch-number}...
  • Page 887 • stack-id name: enter the name of the power stack to which the switch belongs. If you do not enter the power stack-ID, the switch does not inherit the stack parameters. The name can be up to 31 characters.
  • Page 888: Storm-Control

    Use the storm-control interface configuration command on the switch stack or on a standalone switch to enable broadcast, multicast, or unicast storm control and to set threshold levels on an interface. Use the no form of this command to return to the default setting.
  • Page 889 The storm-control suppression level can be entered as a percentage of total bandwidth of the port, as a rate in packets per second at which traffic is received, or as a rate in bits per second at which traffic is received.
  • Page 890 When a storm occurs and the action is to filter traffic, if the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. If the falling suppression level is specified, the switch blocks traffic until the traffic rate drops below this level.
  • Page 891: Switch

    12.2(53)SE2 This command was introduced. Usage Guidelines A stack is in the full-ring state when all members are connected through the stack ports and are in the ready state. The stack is in the partial-ring state when All members are connected through their stack ports, but some are not in the ready state.
  • Page 892 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switch Examples This example shows how to disable stack port 2 on member 4: Switch# switch 4 stack port 2 disable Related Commands Command Description show switch Displays information about the switch stack and the stack members.
  • Page 893: Switch Priority

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switch priority switch priority Use the switch priority global configuration command on the stack master to change the stack member priority value. switch stack-member-number priority new-priority-value Note This command is supported only on Catalyst 3750-X switches.
  • Page 894: Switch Provision

    Use the switch provision global configuration command on the stack master to provision (to supply a configuration to) a new switch before it joins the switch stack. Use the no form of this command to delete all configuration information associated with the removed switch (a stack member that has left the stack).
  • Page 895 Examples This example shows how to provision a switch with a stack member number of 2 for the switch stack. The show running-config command output shows the interfaces associated with the provisioned switch: Switch(config)# switch 2 provision WS- xxxx...
  • Page 896: Switch Renumber

    If another stack member is already using the member number that you just specified, the stack master assigns the lowest available number when you reload the stack member. If you change the number of a stack member, and no configuration is associated with the new stack Note member number, that stack member loses its current configuration and resets to its default configuration.
  • Page 897 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switch renumber Related Commands Command Description reload Reloads the stack member and puts a configuration change into effect. session Accesses a specific stack member. switch priority Changes the stack member priority value. show switch Displays information about the switch stack and its stack members.
  • Page 898: Switchport

    Use the switchport interface configuration command with no keywords on the switch stack or on a standalone switch to put an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration. Use the no form of this command to put an interface in Layer 3 mode.
  • Page 899 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport Examples This example shows how to cause an interface to cease operating as a Layer 2 port and become a Cisco-routed port: Switch(config-if)# no switchport This example shows how to cause the port interface to cease operating as a Cisco-routed port and convert...
  • Page 900: Switchport Access

    Use the switchport access interface configuration command on the switch stack or on a standalone switch to configure a port as a static-access or dynamic-access port. If the switchport mode is set to access, the port operates as a member of the specified VLAN. If set to dynamic, the port starts discovery of VLAN assignment based on the incoming packets it receives.
  • Page 901 – Monitor ports. Examples This example shows how to change a switched port interface that is operating in access mode to operate in VLAN 2 instead of the default VLAN: Switch(config-if)# switchport access vlan 2 You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.
  • Page 902: Switchport Autostate Exclude

    A VLAN interface (SVI) is up if ports are forwarding traffic in the associated VLAN. When all ports on a VLAN are down or blocking, the SVI is down. For the SVI to be up, at least one port in the VLAN must be up and forwarding.
  • Page 903 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport autostate exclude Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none...
  • Page 904: Switchport Backup Interface

    Use the switchport backup interface interface configuration command on a Layer 2 interface on the switch stack or on a standalone switch to configure Flex Links, a pair of interfaces that provide backup to each other. Use the no form of this command to remove the Flex Links configuration.
  • Page 905 • interface from the active interface. • An interface can belong to only one Flex Link pair. An interface can be a backup link for only one active link. An active link cannot belong to another Flex Link pair. •...
  • Page 906 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport backup interface This example shows how to configure the Gigabit Ethernet interface as the MMU primary VLAN: Switch# configure terminal Switch(conf)# interface gigabitethernet1/0/1 Switch(conf-if)# switchport backup interface gigabitethernet1/0/2 mmu primary vlan 1021...
  • Page 907: Switchport Block

    This command was introduced. Usage Guidelines By default, all traffic with unknown MAC addresses is sent to all ports. You can block unknown multicast or unicast traffic on protected or nonprotected ports. If unknown multicast or unicast traffic is not blocked on a protected port, there could be security issues.
  • Page 908 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport block Related Commands Command Description show interfaces switchport Displays the administrative and operational status of a switching (nonrouting) port, including port blocking and port protection settings. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 909: Switchport Host

    Use the switchport host interface configuration command on the switch stack or on a standalone switch to optimize a Layer 2 port for a host connection. The no form of this command has no affect on the system.
  • Page 910: Switchport Mode

    Use the switchport mode interface configuration command on the switch stack or on a standalone switch to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device.
  • Page 911 • If an IP ACL is applied to a trunk port in a VLAN that includes tunnel ports, or if a VLAN map is applied to a VLAN that includes tunnel ports, packets received from the tunnel port are treated as non-IP packets and are filtered with MAC access lists.
  • Page 912 This example shows how to configure a port for trunk mode: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# switchport mode trunk This example shows how to configure a port as an IEEE 802.1Q tunnel port: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# switchport mode dot1q-tunnel You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC command and examining information in the Administrative Mode and Operational Mode rows.
  • Page 913: Switchport Mode Private-Vlan

    Use the switchport mode private-vlan interface configuration command on the switch stack or on a standalone switch to configure a port as a promiscuous or host private VLAN port. Use the no form of this command to reset the mode to the appropriate default for the device.
  • Page 914 This example shows how to configure an interface as a private-VLAN host port and associate it to primary VLAN 20. The interface is a member of secondary isolated VLAN 501 and primary VLAN 20. When you configure a port as a private VLAN host port, you should also enable BPDU guard and Port Note Fast by using the spanning-tree portfast bpduguard default global configuration command and the spanning-tree portfast interface configuration command.
  • Page 915: Switchport Nonegotiate

    Dynamic Trunking Protocol (DTP) negotiation packets are not sent on the Layer 2 interface. The switch does not engage in DTP negotiation on this interface. Use the no form of this command to return to the default setting.
  • Page 916 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport nonegotiate Examples This example shows how to cause a port to refrain from negotiating trunking mode and to act as a trunk or access port (depending on the mode set): Switch(config)# interface gigabitethernet2/0/1...
  • Page 917: Switchport Port-Security

    Use the keywords to configure secure MAC addresses, sticky MAC address learning, a maximum number of secure MAC addresses, or the violation mode. Use the no form of this command to disable port security or to set the parameters to their default states.
  • Page 918 VLAN on which the violation occurred is error-disabled. Defaults The default is to disable port security. When port security is enabled and no keywords are entered, the default maximum number of secure MAC addresses is 1. The default violation mode is shutdown.
  • Page 919 IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the Cisco IP phone.
  • Page 920 MAC address is not added to the running configuration. Examples This example shows how to enable port security on a port and to set the maximum number of secure addresses to 5. The violation mode is the default, and no secure MAC addresses are configured.
  • Page 921 Related Commands Command Description clear port-security Deletes from the MAC address table a specific type of secure address or all the secure addresses on the switch or an interface. show port-security address Displays all the secure addresses configured on the switch.
  • Page 922: Switchport Port-Security Aging

    This command was introduced. Usage Guidelines To enable secure address aging for a particular port, set the aging time to a value other than 0 for that port. To allow limited time access to particular secure addresses, set the aging type as absolute. When the aging time lapses, the secure addresses are deleted.
  • Page 923 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport port-security aging Examples This example sets the aging time as 2 hours for absolute aging for all the secure addresses on the port: Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# switchport port-security aging time 120...
  • Page 924: Switchport Priority Extend

    IP phone connected to the specified port. Use the no form of this command to return to the default setting.
  • Page 925 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands switchport priority extend Related Commands Command Description show interfaces Displays the administrative and operational status of a switching (nonrouting) port. switchport voice vlan Configures the voice VLAN on the port. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 926: Switchport Private-Vlan

    Use the switchport private-vlan interface configuration command on the switch stack or on a standalone switch to define a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. Use the no form of this command to remove the private-VLAN association or mapping from the port.
  • Page 927 {host | promiscuous} interface configuration command. If the port is in private-VLAN host or promiscuous mode but the VLANs do not exist, the command is allowed, but the port is made inactive.
  • Page 928: Switchport Protected

    A protected port is different from a secure port. A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software.
  • Page 929 Related Commands Command Description show interfaces Displays the administrative and operational status of a switching (nonrouting) switchport port, including port blocking and port protection settings. switchport block Prevents unknown multicast or unicast traffic on the interface. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 930: Switchport Trunk

    Use the switchport trunk interface configuration command on the switch stack or on a standalone switch to set the trunk characteristics when the interface is in trunking mode. Use the no form of this command to reset a trunking characteristic to the default.
  • Page 931 • You cannot configure one end of the trunk as an IEEE 802.1Q trunk and the other end as an ISL or nontrunk port. However, you can configure one port as an ISL trunk and a different port on the same switch as an IEEE 802.1Q trunk.
  • Page 932 Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking Protocol (VTP) in VLAN 1. The no form of the allowed vlan command resets the list to the default list, which allows all VLANs. •...
  • Page 933: Switchport Voice Detect

    Use the switchport voice detect interface configuration command on the switch stack or on a standalone switch to detect and recognize a Cisco IP phone. Use the no form of this command to return to the default setting.
  • Page 934: Switchport Voice Vlan

    Use the switchport voice vlan interface configuration command on the switch stack or on a standalone switch to configure voice VLAN on the port. Use the no form of this command to return to the default setting.
  • Page 935 IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required.
  • Page 936: System Env Temperature Threshold Yellow

    For example, if the red threshold is 60 degrees C and you want to configure the yellow threshold as 51 degrees C, set the difference between the thresholds as 15 by using the system env temperature threshold yellow 9 command.
  • Page 937 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands system env temperature threshold yellow Examples This example sets 15 as the difference between the yellow and red thresholds: Switch(config)# system env temperature threshold yellow 15 Switch(config)# Related Commands Command Description...
  • Page 938: System Mtu

    (MTU) size for Gigabit Ethernet (10/100/1000) ports, or for 10-Gigabit ports, or for routed ports. Use the no form of this command to restore the global MTU value to its default value. In a mixed hardware stack, you can also configure Fast Ethernet (10/100) ports on Catalyst 3750 members.
  • Page 939 The system mtu bytes global configuration command only affects the system MTU size on Fast Ethernet ports on Catalyst 3750 members in a mixed hardware switch stack. In this stack, you can use the system mtu bytes global configuration command on a Catalyst 3750-E or Catalyst 3750-X member to configure the system MTU size on a Catalyst 3750 member.
  • Page 940 MTU value (in bytes). Catalyst 3560 switch 1. If you use the system mtu bytes command on a Catalyst 3750-X or 3750-E member in a mixed hardware stack, the setting takes effect on the Fast Ethernet ports of Catalyst 3750 members.
  • Page 941: Test Cable-Diagnostics Tdr

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands test cable-diagnostics tdr test cable-diagnostics tdr Use the test cable-diagnostics tdr privileged EXEC command on the switch stack or on a standalone switch to run the Time Domain Reflector (TDR) feature on an interface. test cable-diagnostics tdr interface interface-id...
  • Page 942: Traceroute Mac

    Do not disable CDP. When the switch detects a device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
  • Page 943 Gi0/2 [auto, auto] => Fa0/1 [auto, auto] Destination 0000.0201.0201 found on con2[WS-C3550-24] (2.2.2.2) Layer 2 trace completed. This example shows how to display the Layer 2 path by specifying the interfaces on the source and destination switches: Switch# traceroute mac interface fastethernet0/1 0000.0201.0601 interface fastethernet0/3 0000.0201.0201...
  • Page 944 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands traceroute mac This example shows the Layer 2 path when the switch cannot find the destination port for the source MAC address: Switch# traceroute mac 0000.0011.1111 0000.0201.0201 Error:Source Mac address not found.
  • Page 945: Traceroute Mac Ip

    Do not disable CDP. When the switch detects an device in the Layer 2 path that does not support Layer 2 traceroute, the switch continues to send Layer 2 trace queries and lets them time out.
  • Page 946 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands traceroute mac ip The Layer 2 traceroute feature is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears.
  • Page 947: Trust

    CoS value is used if the packet is tagged. If the packet is untagged, the port default CoS value is used to map CoS to DSCP. Defaults The action is not trusted. If no keyword is specified when the command is entered, the default is dscp. Command Modes Policy-map class configuration...
  • Page 948 IP-precedence-to-DSCP map. For non-IP packets that are tagged, QoS uses the received CoS value; for non-IP packets that are untagged, QoS uses the default port CoS value. In either case, the DSCP for the packet is derived from the CoS-to-DSCP map.
  • Page 949: Udld

    Use the udld global configuration command on the switch stack or on a standalone switch to enable aggressive or normal mode in the UniDirectional Link Detection (UDLD) and to set the configurable message timer time. Use the no form of the command to disable aggressive or normal mode UDLD on all fiber-optic ports.
  • Page 950 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands udld • The no udld port interface configuration command followed by the udld port or udld port aggressive interface configuration command to re-enable UDLD on the specified interface • The errdisable recovery cause udld and errdisable recovery interval interval global...
  • Page 951: Udld Port

    To enable UDLD in normal mode, use the udld port interface configuration command. To enable UDLD in aggressive mode, use the udld port aggressive interface configuration command. Use the no udld port command on fiber-optic ports to return control of UDLD to the udld enable global configuration command or to disable UDLD on nonfiber-optic ports.
  • Page 952 This example shows how to enable UDLD on an port: Switch(config)# interface gigabitethernet6/0/1 Switch(config-if)# udld port This example shows how to disable UDLD on a fiber-optic interface despite the setting of the udld global configuration command: Switch(config)# interface gigabitethernet6/0/1 Switch(config-if)# no udld port You can verify your settings by entering the show running-config or the show udld interface privileged EXEC command.
  • Page 953: Udld Reset

    12.2(53)SE2 This command was introduced. Usage Guidelines If the interface configuration is still enabled for UDLD, these ports begin to run UDLD again and are disabled for the same reason if the problem has not been corrected. Examples This example shows how to reset all interfaces disabled by UDLD: Switch# udld reset 1 ports shutdown by UDLD were reset.
  • Page 954: Usb-Inactivity-Timeout

    Switch# configure terminal Switch(config)# line console 0 Switch(config-line)# usb-inactivity-timeout 60 If there is no input on the USB console for 60 minutes, the console changes to RJ-45, and a system message log appears showing the inactivity timeout. Related Commands Command...
  • Page 955: Vlan (Global Configuration)

    The VLAN database revision number remains unchanged in the VLAN database. If the VTP mode is server, or if the startup VTP mode or domain names do not match the VLAN • database, the VTP mode and the VLAN configuration for the first 1005 VLANs use the VLAN database information.
  • Page 956 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vlan (global configuration) With VTP version 1 and version 2, if you try to create an extended-range VLAN when the switch is not in VTP transparent mode, the VLAN is rejected, and you receive an error message.
  • Page 957 VLAN. This parameter identifies the TrBRF to which a TrCRF belongs and is required when defining a TrCRF. The range is 0 to 1005. The default parent VLAN ID is 0 (no parent VLAN) for FDDI and Token Ring VLANs. For both Token Ring and TrCRF VLANs, the parent VLAN ID must already exist in the database and be associated with a Token Ring-NET or TrBRF VLAN.
  • Page 958 {suspend | active}, said said-value, mtu mtu-size, bridge bridge-number, stp type {ieee | ibm | auto}, tb-vlan1 tb-vlan1-id, tb-vlan2 tb-vlan2-id If VTP v2 mode is disabled, do not set the stp type to auto. Token Ring VTP v1 mode is enabled.
  • Page 959 VLANxxx, where xxxx represents four numeric digits (including leading zeros) equal to the VLAN ID number. The default media option is ethernet; the state option is active. The default said-value variable is 100000 plus the VLAN ID; the mtu-size variable is 1500; the stp-type option is ieee.
  • Page 960: Vlan Access-Map

    VLAN access-map configuration, where you can use the match access-map configuration command to specify the access lists for IP or non-IP traffic to match and use the action command to set whether a match causes the packet to be forwarded or dropped.
  • Page 961 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vlan access-map You can use the no vlan access-map name [number] command with a sequence number to delete a single entry. In global configuration mode, use the vlan filter interface configuration command to apply the map to one or more VLANs.
  • Page 962: Vlan Dot1Q Tag Native

    Use the vlan dot1q tag native global configuration command on the switch stack or on a standalone switch to enable tagging of native VLAN frames on all IEEE 802.1Q trunk ports. Use the no form of this command to return to the default setting.
  • Page 963 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vlan dot1q tag native Related Commands Command Description show vlan dot1q tag native Displays IEEE 802.1Q native VLAN tagging status. Catalyst 3750-X and 3560-X Switch Command Reference 2-931 OL-21522-02...
  • Page 964: Vlan Filter

    Use the vlan filter global configuration command on the switch stack or on a standalone switch to apply a VLAN map to one or more VLANs. Use the no form of this command to remove the map. vlan filter mapname vlan-list {list | all} no vlan filter mapname vlan-list {list | all} This command is not supported on switches running the LAN base feature set.
  • Page 965 Related Commands Command Description show vlan access-map Displays information about a particular VLAN access map or all VLAN access maps. show vlan filter Displays information about all VLAN filters or about a particular VLAN or VLAN access map.
  • Page 966: Vmps Reconfirm (Privileged Exec)

    (privileged EXEC) vmps reconfirm (privileged EXEC) Use the vmps reconfirm privileged EXEC command on the switch stack or on a standalone switch to immediately send VLAN Query Protocol (VQP) queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS).
  • Page 967: Vmps Reconfirm (Global Configuration)

    Use the vmps reconfirm global configuration command on the switch stack or on a standalone switch to change the reconfirmation interval for the VLAN Query Protocol (VQP) client. Use the no form of this command to return to the default setting.
  • Page 968: Vmps Retry

    Use the vmps retry global configuration command on the switch stack or on a standalone switch to configure the per-server retry count for the VLAN Query Protocol (VQP) client. Use the no form of this command to return to the default setting.
  • Page 969: Vmps Server

    The first server address can be overridden by using primary in a subsequent command. If a member switch in a cluster configuration does not have an IP address, the cluster does not use the VMPS server configured for that member switch. Instead, the cluster uses the VMPS server on the command switch, and the command switch proxies the VMPS requests.
  • Page 970 This example shows how to delete the server with IP address 191.10.49.21: Switch(config)# no vmps server 191.10.49.21 You can verify your setting by entering the show vmps privileged EXEC command and examining information in the VMPS Domain Server row. Related Commands...
  • Page 971: Vtp (Global Configuration)

    [mst | unknown | vlan] | password password [hidden | secret] | pruning | version number} no vtp {file | interface | mode [client | off | server | transparent] [mst | unknown | vlan] | password | pruning | version}...
  • Page 972 VLAN database information, and VLANs greater than 1005 are configured from the switch configuration file. The vtp file filename cannot be used to load a new database; it renames only the file in which the existing database is stored. Catalyst 3750-X and 3560-X Switch Command Reference...
  • Page 973 The no vtp mode command returns the switch to VTP server mode. • The vtp mode server command is the same as no vtp mode except that it does not return an error • if the switch is not in client or transparent mode.
  • Page 974 VTP Version 1 mode. • If all switches in a domain are VTP Version 2-capable, you need only to configure Version 2 on one switch; the version number is then propagated to the other Version-2 capable switches in the VTP domain.
  • Page 975 Switch(config)# vtp pruning Pruning switched ON This example shows how to enable Version 2 mode in the VLAN database: Switch(config)# vtp version 2 You can verify your settings by entering the show vtp status privileged EXEC command. Related Commands Command Description...
  • Page 976: Vtp (Interface Configuration)

    Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vtp (interface configuration) vtp (interface configuration) Use the vtp interface configuration command to enable the VLAN Trunking Protocol (VTP) on a per-port basis. Use the no form of this command to disable VTP on the interface. no vtp This command is supported only when the switch is running VTP version 3.
  • Page 977: Vtp Primary

    NVRAM. By default, all devices come up as secondary servers. Primary server status is needed only for database updates when the administrator issues a takeover message in the domain. You can have a working VTP domain without any primary servers.
  • Page 978 Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands vtp primary Examples This example shows how to configure the switch as the primary VTP server for VLANs: Switch# vtp primary vlan Setting device to VTP TRANSPARENT mode. You can verify your settings by entering the show vtp status privileged EXEC command.
  • Page 979: Appendix

    During normal boot loader operation, you are not presented with the boot loader command-line prompt. You gain access to the boot loader command line if the switch is set to manually boot, if an error occurs during power-on self test (POST) DRAM testing, or if an error occurs while loading the operating system (a corrupted Cisco IOS image).
  • Page 980: Arp

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands Use the arp boot loader command to display the contents the Address Resolution Protocol (ARP) table. arp [ip_address] Syntax Description ip_address (Optional) Show the ARP table or the mapping for a specific IP address.
  • Page 981: Boot

    The switch attempts to automatically boot the system by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory.
  • Page 982 Catalyst 3750-X and 3560-X Switch Boot Loader Commands boot Related Commands Command Description Sets the BOOT environment variable to boot a specific image when the BOOT keyword is appended to the command. Catalyst 3750-X and 3560-X Switch Command Reference OL-21522-02...
  • Page 983: Cat

    If you specify a list of files, the contents of each file appears sequentially. Examples This example shows how to display the contents of an image file. An example of an image file is c3750e-universal-mz.122-53.SE2: switch: cat flash: image_file_name /info version_suffix: universal-122- xx .SE x...
  • Page 984: Copy

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands copy copy Use the copy boot loader command to copy a file from a source to a destination. copy [-b block-size] filesystem:/source-file-url filesystem:/destination-file-url Syntax Description -b block-size (Optional) This option is used only for internal development and testing.
  • Page 985 Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands delete delete Use the delete boot loader command to delete one or more files from the specified file system. delete filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
  • Page 986: Dir

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands Use the dir boot loader command to display a list of files and directories on the specified file system. dir filesystem:/file-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
  • Page 987 Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands Table A-1 dir Field Descriptions (continued) Field Description <date> Last modification date. env_vars Filename. Related Commands Command Description mkdir Creates one or more directories. rmdir Removes one or more directories.
  • Page 988: Flash_Init

    Usage Guidelines During the normal boot process, the flash file system is automatically initialized. Use this command to manually initialize the flash file system. For example, you use this command during the recovery procedure for a lost or forgotten password.
  • Page 989: Format

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands format format Use the format boot loader command to format the specified file system and destroy all data in that file system. format filesystem: Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
  • Page 990: Fsck

    Modification 12.2(53)SE2 This command was introduced. Usage Guidelines To stop an in-progress file system consistency check, disconnect the switch power and then reconnect the power. Examples This example shows how to perform an extensive file system check on flash memory:...
  • Page 991: Help

    Command Modes Boot loader Command History Release Modification 12.2(53)SE2 This command was introduced. Usage Guidelines You can also use the question mark (?) to display a list of available boot loader commands. Catalyst 3750-X and 3560-X Switch Command Reference A-13 OL-21522-02...
  • Page 992: Memory

    Text Beginning and ending address of the text storage area. Rotext Beginning and ending address of the read-only text storage area. This part of the data segment is grouped with the Text entry. Data Beginning and ending address of the data segment storage area.
  • Page 993 Field Descriptions (continued) Field Description Stack Beginning and ending address of the area in memory allocated to the software to store automatic variables, return addresses, and so forth. Heap Beginning and ending address of the area in memory that memory is dynamically allocated to and freed from.
  • Page 994: Mgmt_Clr

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mgmt_clr mgmt_clr Use the mgmt_clr boot loader command to clear the Ethernet management port statistics. mgmt_clr Syntax Description This command has no arguments or keywords. Command Modes Boot loader Command History...
  • Page 995: Mgmt_Init

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mgmt_init mgmt_init Use the mgmt_init boot loader command to initialize the Ethernet management port. mgmt_init Syntax Description This command has no arguments or keywords. Command Modes Boot loader Command History...
  • Page 996: Mgmt_Show

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mgmt_show mgmt_show Use the mgmt_show boot loader command to display the Ethernet management port statistics. mgmt_show Syntax Description This command has no arguments or keywords. Command Modes Boot loader Command History...
  • Page 997: Mkdir

    Appendix A Catalyst 3750-X and 3560-X Switch Boot Loader Commands mkdir mkdir Use the mkdir boot loader command to create one or more new directories on the specified file system. mkdir filesystem:/directory-url ... Syntax Description filesystem: Alias for a flash file system. Use flash: for the system board flash device.
  • Page 998: More

    Filenames and directory names are case sensitive. If you specify a list of files, the contents of each file appears sequentially. Examples This example shows how to display the contents of a file. An example of an image file is c3750e-universal-mz.122-53.SE2: switch: more flash: image_file_name /info version_suffix: universal-122- xx .SE x...
  • Page 999: Rename

    Usage Guidelines Filenames and directory names are case sensitive. Directory names are limited to 45 characters between the slashes (/); the name cannot contain control characters, spaces, deletes, slashes, quotes, semicolons, or colons. Filenames are limited to 45 characters; the name cannot contain control characters, spaces, deletes, slashes, quotes, semicolons, or colons.
  • Page 1000: Reset

    Catalyst 3750-X and 3560-X Switch Boot Loader Commands reset reset Use the reset boot loader command to perform a hard reset on the system. A hard reset is similar to power-cycling the switch, clearing the processor, registers, and memory. reset Syntax Description This command has no arguments or keywords.

Table of Contents

Save PDF