3550.pdf
TRANSCRIPT
-
8/14/2019 3550.pdf
1/216
C H A P T E R
2-1
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
2
Catalyst 3550 Switch Cisco IOS Commands
aaa accounting dot1xUse the aaa accounting dot1x global configuration command to enable authentication, authorization,and accounting (AAA) accounting and to create method lists defining specific accounting methods on a
per-line or per-interface basis for 802.1x sessions. Use the noform of this command to disable 802.1xaccounting.
aaa accounting dot1x {name|default}start-stop {broadcast group {name|radius | tacacs+}
[group {name | radius | tacacs+} ... ] | group {name | radius | tacacs+} [group {name | radius| tacacs+}...]}
no aaa accounting dot1x{name | default}
Syntax Description name Name of a server group. This is optional when you enter it after thebroadcast groupand groupkeywords.
default Use the accounting methods that follow as the default list for accountingservices.
start-stop Send a start accounting notice at the beginning of a process and a stop
accounting notice at the end of a process. The start accounting record is sent
in the background. The requested-user process begins regardless of whether
or not the start accounting notice was received by the accounting server.
broadcast Enable accounting records to be sent to multiple AAA servers and sendaccounting records to the first server in each group. If the first server is
unavailable, the switch uses the list of backup servers to identify the first
server.
group Specify the server group to be used for accounting services. These are valid
server group names:
nameName of a server group.
radiusList of all RADIUS hosts.
tacacs+List of all TACACS+ hosts.
The group keyword is optional when you enter it after the broadcast groupand groupkeywords. You can enter more than optional groupkeyword.
radius (Optional) Enable RADIUS authorization.
tacacs+ (Optional) Enable TACACS+ accounting.
-
8/14/2019 3550.pdf
2/216
2-2
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
aaa accounting dot1x
Defaults AAA accounting is disabled.
Command Modes Global configuration
Command History
Usage Guidelines This command requires access to a RADIUS server.
Note We recommend that you enter the dot1x reauthenticationinterface configuration command beforeconfiguring 802.1x RADIUS accounting on an interface.
Examples This example shows how to configure 802.1x accounting:
Switch(config)# aaa accounting dot1x
Switch(config)#
Note The RADIUS authentication server must be properly configured to accept and log update or watchdog
packets from the AAA client.
Related Commands
Release Modification
12.2(20)SE This command was introduced.
Command Description
aaa authentication
dot1x
Specifies one or more AAA methods for use on interfaces running 802.1x.
dot1x
re-authentication
Sets the number of seconds between re-authentication attempts.
-
8/14/2019 3550.pdf
3/216
2-3
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
aaa authentication dot1x
aaa authentication dot1xUse the aaa authentication dot1x global configuration command to specify one or more authentication,
authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1x. Use the noform of this command to disable authentication.
aaa authentication dot1x{default}method1[method2...]
no aaa authentication dot1x{default}
Syntax Description
Defaults No authentication is performed.
Command Modes Global configuration
Command History
Usage Guidelines Themethodargument identifies the list of methods that the authentication algorithm tries in the givensequence to validate the password provided by the client. The only method that is truly 802.1x-compliant
is the group radiusmethod, in which the client data is validated against a RADIUS authenticationserver. The remaining methods enable AAA to authenticate the client by using locally configured data.
For example, the local and local-case methods use the username and password that are saved in the CiscoIOS configuration file. The enableand linemethods use the enableand linepasswords for
authentication.
If you specify group radius, you must configure the RADIUS server by entering the radius-server hostglobal configuration command.
If you are not using a RADIUS server, you can use the localor local-casemethods, which access thelocal username database to perform authentication. By specifying the enableor linemethods, you can
supply the clients with a password to provide access to the switch.
default Use the listed authentication methods that follow this argument as the default
list of methods when a user logs in.
method1
[method2...]
At least one of the these keywords:
enableUse the enable password for authentication.
group radiusUse the list of all RADIUS servers for authentication.
lineUse the line password for authentication. localUse the local username database for authentication.
local-caseUse the case-sensitive local username database forauthentication.
noneUse no authentication. The client is automatically authenticated by
the switch without using the information supplied by the client.
Release Modification
12.1(8)EA1 This command was introduced.
-
8/14/2019 3550.pdf
4/216
2-4
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
aaa authentication dot1x
Use the show running-configprivileged EXEC command to display the configured lists ofauthentication methods.
Examples This example shows how to enable AAA and how to create an authentication list for 802.1x. This
authentication first tries to contact a RADIUS server. If this action returns an error, the user is allowedaccess with no authentication.
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius none
You can verify your settings by entering theshow running-configprivileged EXEC command.
Related Commands Command Description
aaa new-model Enables the AAA access control model. For syntax information, refer to the
Cisco IOS Security Command Reference for Release 12.1 >Authentication, Authorization, and Accounting > Authentication
Commands.show running-config Displays thecurrent operatingconfiguration. Forsyntax information, refer to the
Cisco IOS Configuration Fundamentals Command Reference for
Release 12.1 > Cisco IOSFile Management Commands > ConfigurationFileCommands.
-
8/14/2019 3550.pdf
5/216
2-5
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
access-list hardware programnonblocking
access-list hardware programnonblockingUse the access-list hardware program nonblocking global configuration command to cause the system
to continue to forward frames even while a new security access-control list (ACL) configuration is being
programmed into the hardware. Use the no form of this command to return to the default behavior, where
traffic is blocked on affected interfaces when changes are made to the security ACL configuration whilethe hardware is updated with the new configuration.
access-list hardware program nonblocking
no access-list hardware program nonblocking
Syntax Description This command has no arguments or keywords.
Defaults Traffic is blocked on affected interfaces while a new ACL configuration is loaded into hardware.
Command Modes Global configuration
Command History
Usage Guidelines By default, when changes are made to the configuration of security ACLs, the system completely blockstraffic on the affected ports or VLANs while it is updating the hardware to the new configuration. This
includes any changes that affect the ternary content addressable memory (TCAM), including applyingan ACL to an interface or making changes to VLAN maps or ACLs that are used for security features.
This prevents the possibility of forwarding frames that should have been dropped because a partially
loaded configuration permitted a frame that the complete configuration would have blocked.
You can use the access-list hardware program nonblocking command to set the system to continue toforward frames while a new security ACL configuration is being programmed into the hardware.
Enabling this setting might cause less disruption to traffic that should be allowed while the hardware is
being updated, but might also temporarily allow some traffic that would be denied when the new
configuration is completely loaded.
Examples This example shows how to set the system to continue forwarding frames while a new security ACL
configuration is being programmed into hardware:
Switch (config)# access-list hardware program nonblocking
You can verify your setting by entering the show running-config | include access-list hardwareprivileged EXEC command.
Release Modification
12.1(11)EA1 This command was introduced.
-
8/14/2019 3550.pdf
6/216
2-6
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
access-list hardware programnonblocking
Related Commands Command Description
access-list{deny| permit} Configures a standard numbered ACL. For syntax information, refer
to the Cisco IOS IP and IP Routing Command Reference for IOS
Release 12.1 > IP Addressing and Services > IP ServicesCommands.
action(access mapconfiguration)
Defines or modifies the action for the VLAN access map entry.
ip access-group Applies an IP access list to a Layer 2 or Layer 3 interface.
ip access-list Configures a named access list. For syntax information, refer to the
Cisco IOS IP and IP Routing Command Reference for IOSRelease 12.1 > IP Addressing and Services > IP Services
Commands.
mac access-group Applies a MAC access list to a Layer 2 interface.
match (access-mapconfiguration)
Defines the match conditions for a VLAN map.
show running-config | include
access-list hardware
Displays the current operating configuration. For syntax information,
refer to the Cisco IOS Configuration Fundamentals CommandReference for Release 12.1 > Cisco IOS File Management
Commands > Configuration File Commands.
vlan access-map Creates a VLAN access map or enters access-map configurationmode.
vlan filter Applies a VLAN map to one or more VLANs.
http://cli3.pdf/http://cli3.pdf/http://cli3.pdf/http://cli3.pdf/ -
8/14/2019 3550.pdf
7/216
2-7
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
action
actionUse the action access map configuration command to set the action for the VLAN access map entry. Use
the noform of this command to return to the default setting.
action{drop| forward}
no action
Syntax Description
Defaults The default action is to forward packets.
Command Modes Access-map configuration
Command History
Usage Guidelines You enter access-map configuration mode by using the vlan access-map global configuration command
If the action is drop, you should define the access map, including configuring any access control list(ACL) names in match clauses, before applying the map to a VLAN, or all packets could be dropped.
In access map configuration mode, use the matchaccess map configuration command to define thematch conditions for a VLAN map. Use the action command to set the action that occurs when a packet
matches the conditions.
The drop and forward parameters are not used in the noform of the command.
Examples This example shows how to identify and apply a VLAN access mapvmap4 to VLANs 5 and 6 thatcausesthe VLAN to forward an IP packet if the packet matches the conditions defined in access list al2:
Switch(config)# vlan access-map vmap4
Switch(config-access-map)#match ip address al2
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan filter vmap4 vlan-list 5-6
You can verify your settings by entering the show vlan access-map privileged EXEC command.
drop Drop the packet when the specified conditions are matched.
forward Forward the packet when the specified conditions are matched.
Release Modification
12.1(4)EA1 This command was introduced.
http://cli3.pdf/http://cli3.pdf/ -
8/14/2019 3550.pdf
8/216
2-8
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
action
Related Commands Command Description
access-list{deny| permit} Configures a standard numbered ACL. For syntax information, refer
to the Cisco IOS IP and IP Routing Command Reference for IOS
Release 12.1 > IP Addressing and Services > IP ServicesCommands.
ip access-list Creates a named access list. For syntax information, refer to theCisco IOS IP and IP Routing Command Reference for IOSRelease 12.1 > IP Addressing and Services > IP Services
Commands.
mac access-list extended Creates a named MAC address access list.
match (access-map
configuration)
Defines the match conditions for a VLAN map.
show vlan access-map Displays the VLAN access maps created on the switch.
vlan access-map Creates a VLAN access map.
http://cli2.pdf/http://cli3.pdf/http://cli3.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
9/216
2-9
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
archive download-sw
archive download-swUse the archive download-sw privileged EXEC command to download a new image to the switch and
overwrite or keep the existing image.
archive download-sw{/force-reload | /imageonly | / leave-old-sw|/no-set-boot|/overwrite |/reload | /safe}source-url
Syntax Description
Defaults The current software image is not overwritten with the downloaded image.
Both the software image and HTML files are downloaded.
The new image is downloaded to the flash: file system.
The BOOT environment variable is changed to point to the new software image on the flash: file system
Image names are case sensitive; the image file is provided in tar format.
Command Modes Privileged EXEC
/force-reload Unconditionally force a system reload after successfully downloading the
software image.
/imageonly Download only the software image but not the HTML files associated with the
Cluster Management Suite (CMS). The HTML files for the existing version are
deleted only if the existing version is being overwritten or removed.
/leave-old-sw Keep the old software version after a successful download.
/no-set-boot Do not alter the setting of the BOOT environment variable to point to the newsoftware image after it is successfully downloaded.
/overwrite Overwrite the software image in flash with the downloaded one.
/reload Reload the system after successfully downloading the image unless theconfiguration has been changed and not been saved.
/safe Keep the current software image; do not delete it to make room for the newsoftware image before the new image is downloaded. The current image is
deleted after the download.
source-url The source URL alias for a local or network file system. These options are
supported:
The syntax for the local flash file system:
flash:
The syntax for the FTP:
ftp:[[//username[:password]@location]/directory]/image-name.tar
The syntax for the Remote Copy Protocol (RCP):
rcp:[[//username@location]/directory]/image-name.tar
The syntax for the TFTP:
tftp:[[//location]/directory]/image-name.tar
Theimage-name.taris the software image to download and install on theswitch.
-
8/14/2019 3550.pdf
10/216
2-10
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
archive download-sw
Command History
Usage Guidelines Use the/overwriteoption to overwrite the image on the flash device with the downloaded one.If the flash device has sufficient space to hold two images and you want to overwrite one of these images
with the same version, you must specify the /overwriteoption.
If you specify the command without the/overwrite option, the download algorithm verifies that the newimage is not the same as the one on the switch flash device. If the images are the same, the download
does not occur. If the images are different, the old image is deleted, and the new one is downloaded.
The/imageonly option removes the HTML files for the existing image if the existing image is beingremoved or replaced. Only the Cisco IOS image (without the HTML files) is downloaded.
Using the/safe or/leave-old-sw option can cause the new image download to fail if there is insufficientflash space.
If you used the/leave-old-sw option and did not overwrite the old image when you downloaded the new
one, you can remove the old image by using the deleteprivileged EXEC command. For moreinformation, see the delete section on page 2-64.
If you leave the existing software in place before downloading the new image, an error results if the
existing software will prevent the new image from fitting onto flash memory.
After downloading a new image, enter the reloadprivileged EXEC command to begin using the newimage, or specify the/reloador/force-reloadoption in the archive download-swcommand.
Examples This example shows how to download a new image from a TFTP server at 172.20.129.10 and overwritethe image on the switch:
Switch# archive download-sw /overwrite tftp://172.20.129.10/test-image.tar
This example shows how to download only the software image from a TFTP server at 172.20.129.10 to
the switch:
Switch# archive download-sw /image-only tftp://172.20.129.10/test-image.tar
This example shows how to keep the old software version after a successful download:
Switch# archive download-sw /leave-old-sw tftp://172.20.129.10/test-image.tar
Related Commands
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
archive tar Creates a tar file, lists the files in a tar file, or extracts the files from a tar file.
archive upload-sw Uploads an existing image on the switch to a server.
delete Deletes a file or directory on the flash memory device.
-
8/14/2019 3550.pdf
11/216
2-11
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
archive tar
archive tarUse the archive tarprivileged EXEC command to create a tar file, list files in a tar file, or extract the
files from a tar file.
archive tar{/createdestination-urlflash:/file-url} | {/tablesource-url} | {/xtractsource-urlflash:/file-url [dir/file...]}
Syntax Description /createdestination-urlflash:/file-url
Create a new tar file on the local or network file system.
Fordestination-url, specify the destination URL alias for the local or
network file system and the name of the tar file to create. These options
are supported:
The syntax for the local flash filesystem:
flash:
The syntax for the FTP:
ftp:[[//username[:password]@location]/directory]/tar-filename.tar The syntax for the Remote Copy Protocol (RCP):
rcp:[[//username@location]/directory]/tar-filename.tar
The syntax for the TFTP:
tftp:[[//location]/directory]/tar-filename.tar
Thetar-filename.taris the tar file to be created.
For flash:/file-url, specify the location on the local flash file system fromwhich the new tar file is created.
An optional list of files or directories within the source directory can be
specified to write to the new tar file. If none are specified, all files and
directories at this level are written to the newly created tar file.
-
8/14/2019 3550.pdf
12/216
2-12
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
archive tar
Defaults None
Command Modes Privileged EXEC
Command History
Usage Guidelines Filenames and directory names are case sensitive.
Image names are case sensitive.
/tablesource-url Display the contents of an existing tar file to the screen.
Forsource-url, specify the source URL alias for the local or network file
system. These options are supported:
The syntax for the local flash file system:
flash:
The syntax for the FTP:
ftp:[[//username[:password]@location]/directory]/tar-filename.tar
The syntax for the Remote Copy Protocol (RCP):
rcp:[[//username@location]/directory]/tar-filename.tar
The syntax for the TFTP:
tftp:[[//location]/directory]/tar-filename.tar
Thetar-filename.taris the tar file to display.
/xtractsource-urlflash:/file-url[dir/file...]
Extract files from a tar file to the local file system.
Forsource-url, specify the source URL alias for the local or network file
system. These options are supported:
The syntax for the local flash file system:
flash:
The syntax for the FTP:
ftp:[[//username[:password]@location]/directory]/tar-filename.tar
The syntax for the Remote Copy Protocol (RCP):
rcp:[[//username@location]/directory]/tar-filename.tar
The syntax for the TFTP:
tftp:[[//location]/directory]/tar-filename.tar
Thetar-filename.taris the tar file from which to extract.
For flash:/file-url, specify the location on the local flash file system into
which the tar file is extracted.For flash:/file-url[dir/file...], specify the location on the local flash file
system into which the tar file is extracted. Use thedir/file... option to
specify an optional list of files or directories within the tar file to be
extracted. If none are specified, all files and directories are extracted.
Release Modification
12.1(4)EA1 This command was introduced.
-
8/14/2019 3550.pdf
13/216
2-13
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
archive tar
Examples This example shows how to create a tar file. The command writes the contents of thenew-configsdirectory on the local flash device to a file namedsaved.taron the TFTP server at 172.20.10.30:
Switch# archive tar /create tftp:172.20.10.30/saved.tar flash:/new-configs
This example shows how to display the contents of thec3550-tv0-m.tarfile that is in flash memory. The
contents of the tar file appear on the screen:Switch# archive tar /table flash:c3550-tv0-m.tar
info (219 bytes)
c3550-tv0-mz-121/ (directory)
c3550-tv0-mz-121/html/ (directory)
c3550-tv0-mz-121/html/foo.html (0 bytes)
c3550-tv0-mz-121/vegas-tv0-mz-121.bin (610856 bytes)
c3550-tv0-mz-121/info (219 bytes)
info.ver (219 bytes)
This example shows how to display only thec3550-tv0-mz-121/htmldirectory and its contents:
Switch# archive tar /table flash:c3550-tv0-m.tar c3550-tv0-mz-121/html
c3550-tv0-mz-121/html/ (directory)
c3550-tv0-mz-121/html/foo.html (0 bytes)
This example shows how to extract the contents of a tar file on the TFTP server at 172.20.10.30. This
command extracts just thenew-configs directory into the root directory on the local flash file system. The
remaining files in thesaved.tarfile are ignored.
Switch# archive tar /xtract tftp:/172.20.10.30/saved.tar flash:/ new-configs
Related Commands Command Description
archive download-sw Downloads a new image to the switch.
archive upload-sw Uploads an existing image on the switch to a server.
-
8/14/2019 3550.pdf
14/216
2-14
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
archive upload-sw
archive upload-swUse the archive upload-swprivileged EXEC command to upload an existing switch image to a server.
archive upload-sw[/versionversion_string]destination-url
Syntax Description
Defaults Uploads the currently running image from the flash: file system.
Command Modes Privileged EXEC
Command History
Usage Guidelines The upload feature is available only if the HTML files associated with the Cluster Management Suite(CMS) have been installed with the existing image.
The files are uploaded in this sequence: info, the Cisco IOS image, the HTML files, and info.ver. After
these files are uploaded, the software creates the tar file.
Image names are case sensitive.
Examples This example shows how to upload the currently running image to a TFTP server at 172.20.140.2:
Switch# archive upload-sw tftp://172.20.140.2/test-image.tar
/versionversion_string (Optional) Specify the specify version string of the image to be uploaded.
destination-url The destination URL alias for a local or network file system. These options
are supported:
The syntax for the local flash file system:
flash:
The syntax for the FTP:
ftp:[[//username[:password]@location]/directory]/image-name.tar
The syntax for the Remote Copy Protocol (RCP):
rcp:[[//username@location]/directory]/image-name.tar
The syntax for the TFTP:
tftp:[[//location]/directory]/image-name.tar
Theimage-name.taris the name of the software image to be stored on the
server.
Release Modification
12.1(4)EA1 This command was introduced.
-
8/14/2019 3550.pdf
15/216
2-15
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
archive upload-sw
Related Commands Command Description
archive download-sw Downloads a new image to the switch.
archive tar Creates a tar file, lists the files in a tar file, or extracts the files from a tar file.
-
8/14/2019 3550.pdf
16/216
2-16
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
auto qos voip
auto qos voipUse the auto qos voipinterface configuration command to automatically configure quality of service
(auto-QoS) for voice over IP (VoIP) within a QoS domain. Use the no form of this command to changethe auto-QoS configuration settings to the standard QoS defaults.
auto qos voip{cisco-phone| cisco-softphone| trust}
no auto qos voip
Syntax Description
Defaults Auto-QoS is disabled on all interfaces.
When auto-QoS is enabled, it uses the ingress packet label to categorize traffic and class of service (CoS)
packet labels and to configure the egress queues as summarized in Table 2-1.
cisco-phone Identify this interface as connected to a Cisco IP Phone, and automatically configure
QoS for VoIP. The QoS labels of incoming packets are trusted only when the
telephone is detected.
cisco-softphone Identify this port as connected to a device running the Cisco SoftPhone, andautomatically configure QoS for VoIP.
trust Identify this interface as connected to a trusted switch or router, and automatically
configure QoS for VoIP. The QoS labels of incoming packets are trusted.
Table2-1 Traffic Types, Packet Labels, and Egress Queues
VoIP DataTraffic
VoIP ControlTraffic
RoutingProtocolTraffic
STP1BPDU2
Traffic
1. STP = Spanning Tree Protocol
2. BPDU = bridge protocol data unit
Real-TimeVideo Traffic All Other Traffic
DSCP3
3. DSCP = Differentiated Services Code Point
46 24, 26 48 56 34
CoS 5 3 6 7 4
CoS-to-Queue
Map
5 3, 6, 7 4 2 0, 1
Egress Queue Expedite
(queue 4)
70% WRR4(queue 3)
4. WRR = weighted round robin
20% WRR
(queue 2)
20% WRR
(queue 2)
10% WRR
(queue 1)
-
8/14/2019 3550.pdf
17/216
2-17
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
auto qos voip
Table 2-2lists the auto-QoS configuration for the egress queues.
Command Modes Interface configuration
Command History
Usage Guidelines Use this command to configure the QoS appropriate for VoIP traffic within the QoS domain. The QoSdomain includes the switch, the interior of the network, and the edge devices that can classify incoming
traffic for QoS.
In releases earlier than Cisco IOS Release 12.2(20)EA2, auto-QoS configures the switch only for VoIP
with Cisco IP Phones on switch ports.
In Cisco IOS Release 12.2(20)EA2 or later, auto-QoS configures the switch for VoIP with Cisco IP
Phones on switch and routed ports and for VoIP with devices running the Cisco SoftPhone application.
These releases support only Cisco IP SoftPhone Version 1.3(3) or later. Connected devices must use
Cisco Call Manager Version 4 or later.
To take advantage of the auto-QoS defaults, you should enable auto-QoS before you configure other QoS
commands. You can fine-tune the auto-QoS configurationafteryou enable auto-QoS.
Note The switch applies the auto-QoS-generated commands as if the commands were entered from the
command-line interface (CLI). An existing user configuration can cause the application of the generated
commands to fail or to be overridden by the generated commands. These actions occur without warning.
If all the generated commands are successfully applied, any user-entered configuration that was not
overridden remains in the running configuration. Any user-entered configuration that was overridden canbe retrieved by reloading the switch without saving the current configuration to memory. If the generated
commands fail to be applied, the previous running configuration is restored.
If this is the first port on which you have enabled auto-QoS, the auto-QoS-generated global configuration
commands are executed followed by the interface configuration commands. If you enable auto-QoS on
another port, only the auto-QoS-generated interface configuration commands for that port are executed
Table2-2 Auto-QoS Configuration for the Egress Queues
Egress Queue
Queue
Number
CoS-to-Queue
Map
Queue
Weight
Queue Size forGigabit-Capable
Ports
Queue Size (inpackets) for 10/100
Ethernet Ports
Expedite 4 5 10 percent 34 (10 percent)
70% WRR 3 3, 6, 7 70 percent 15 percent 51 (15 percent)
20% WRR 2 2, 4 20 percent 25 percent 82 (25 percent)
10% WRR 1 0, 1 10 percent 50 percent 170 (50 percent)
Release Modification
12.1(12c)EA1 This command was introduced.
12.1(20)EA2 The cisco-softphonekeyword was added, and the generated auto-QoSconfiguration changed.
-
8/14/2019 3550.pdf
18/216
2-18
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
auto qos voip
When you enable the auto-QoS feature on the first interface, these automatic actions occur:
QoS is globally enabled (mls qosglobal configuration command).
When you enter the auto qos voip cisco-phone interface configuration command on a port at the
edge of the network that is connected to a Cisco IP Phone, the switch enables the trusted boundary
feature. The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a
Cisco IP Phone. When a Cisco IP Phone is detected, the ingress classification on the interface is setto trust the QoS label received in the packet. When a Cisco IP Phone is absent, the ingress
classification is set to not trust the QoS label in the packet. The egress queues on the interface are
also reconfigured (see Table 2-2).
When you enter the auto qos voip cisco-softphone interface configuration command on a port at
the edge of the network that is connected to a device running the Cisco SoftPhone, the switch uses
policing to decide whether a packet is in or out of profile and to specify the action on the packet. If
the packet does not have a DSCP value of 24, 26, or 46 or is out of profile, the switch changes the
DSCP value to 0. The egress queues on the interface are also reconfigured (see Table 2-2).
When you enter the auto qos voip trust interface configuration command on a port connected to the
interior of the network, the ingress classification on the interface is set to trust the QoS label received
in the packet, and the egress queues on the interface are reconfigured (see Table 2-2).
You can enable auto-QoS on static, dynamic-access, voice VLAN access, and trunk ports. When
enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address to the IP
phone.
Note When a device running Cisco SoftPhone is connected to a switch or routed port, the switch supports only
one Cisco SoftPhone application per port.
After auto-QoS is enabled, do not modify a policy map or aggregate policer that includesAutoQoSin its
name. If you need to modify the policy map or aggregate policer, make a copy of it, and change the
copied policy map or policer. To use the new policy map instead of the generated one, remove the
generated policy from the interface, and apply the new policy map.
To display the QoS configuration that is automatically generated when auto-QoS is enabled, enable
debugging before you enable auto-QoS. Use the debug auto qos privileged EXEC command to enableauto-QoS debugging.
To disable auto-QoS on an interface, use the no auto qos voip interface configuration command. When
you enter this command, the switch enables standard QoS and changes the auto-QoS settings to the
standard-QoS default settings for that interface.
To disable auto-QoS on the switch, use the no mls qos global configuration command. When you enter
this command, the switch disables QoS on all interfaces and enables pass-through mode.
Examples This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets
when the switch or router connected to an interface is a trusted device:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# auto qos voip trust
This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets
when the device connected to an interface is detected as a Cisco IP Phone:
Switch(config)# interface fastethernet0/1
Switch(config-if)# auto qos voip cisco-phone
-
8/14/2019 3550.pdf
19/216
2-19
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
auto qos voip
This example shows how to display the QoS configuration that is automatically generated when
auto-QoS is enabled:
Switch# debug auto qos
AutoQoS debugging is on
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet0/1Switch(config-if)# auto qos voip trust
Switch(config-if)#
4d22h:mls qos map cos-dscp 0 8 16 26 32 46 48 56
4d22h:mls qos min-reserve 5 170
4d22h:mls qos min-reserve 6 85
4d22h:mls qos min-reserve 7 51
4d22h:mls qos min-reserve 8 34
4d22h:mls qos
4d22h:interface FastEthernet0/1
4d22h: mls qos trust cos
4d22h: wrr-queue bandwidth 10 20 70 1
4d22h: wrr-queue min-reserve 1 5
4d22h: wrr-queue min-reserve 2 6
4d22h: wrr-queue min-reserve 3 7
4d22h: wrr-queue min-reserve 4 84d22h: no wrr-queue cos-map
4d22h: wrr-queue cos-map 1 0 1
4d22h: wrr-queue cos-map 2 2 4
4d22h: wrr-queue cos-map 3 3 6 7
4d22h: wrr-queue cos-map 4 5
4d22h: priority-queue out
Switchconfig-if)# interface gigabitethernet0/1
Switch(config-if)# auto qos voip cisco-phone
Switch(config-if)#
4d22h:interface GigabitEthernet0/1
4d22h: mls qos trust device cisco-phone
4d22h: mls qos trust cos
4d22h: wrr-queue bandwidth 10 20 70 1
4d22h: wrr-queue queue-limit 50 25 15 10
4d22h: no wrr-queue cos-map
4d22h: wrr-queue cos-map 1 0 1
4d22h: wrr-queue cos-map 2 2 4
4d22h: wrr-queue cos-map 3 3 6 7
4d22h: wrr-queue cos-map 4 5
4d22h: priority-queue out
Switch(config-if)#
You can verify your settings by entering the show auto qos interfaceinterface-idprivileged EXECcommand.
Related Commands Command Description
debug auto qos Enables debugging of the auto-QoS feature.
mls qos map {cos-dscpdscp1 ... dscp8| dscp-cosdscp-listtocos}
Defines the CoS-to-DSCP map or the DSCP-to-CoS map.
mls qos trust Configures the port trust state.
show auto qos Displays auto-QoS information.
show mls qos Displays global QoS configuration information.
show mls qos interface Displays QoS information at the interface level.
show mls qos maps Displays QoS mapping information.
http://debug.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://debug.pdf/ -
8/14/2019 3550.pdf
20/216
2-20
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot boothlpr
boot boothlprUse the boot boothlprglobal configuration command to load a special Cisco IOS image, which when
loaded into memory, can load a second Cisco IOS image into memory and launch it. This variable is used
only for internal development and testing. Use the noform of this command to return to the default setting.
boot boothlprfilesystem:/file-url
no boot boothlpr
Syntax Description
Defaults No helper image is loaded.
Command Modes Global configuration
Command History
Usage Guidelines Filenames and directory names are case sensitive.
This command changes the setting of the BOOTHLPR environment variable. For more information, see
Appendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
filesystem: Alias for a flash file system. Use flash:for the system board flash device.
/file-url The path (directory) and name of a bootable helper image.
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
21/216
2-21
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot buffersize
boot buffersizeUse the boot buffersize global configuration command to specify the size of the file system-simulated
NVRAM in flash memory. The buffer holds a copy of the configuration file in memory. Use the no formof this command to return to the default setting.
boot buffersizesize
no boot buffersize
Syntax Description
Defaults The default is 32 KB.
Command Modes Global configuration
Command History
Usage Guidelines The configuration file cannot be larger than the buffer size allocation.
You must reload the switch by using the reloadprivileged EXEC command for this command to takeeffect.
This command changes the setting of the CONFIG_BUFSIZE environment variable. For moreinformation, see Appendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
size The buffer allocation size in bytes. The range is 4096 to 524288 bytes.
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
22/216
2-22
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot config-file
boot config-fileUse the boot config-fileglobal configuration command to specify the filename that Cisco IOS uses to
read and write a nonvolatile copy of the system configuration. Use the no form of this command to returnto the default setting.
boot config-file flash:/file-url
no boot config-file
Syntax Description
Defaults The default configuration file is flash:config.text.
Command Modes Global configuration
Command History
Usage Guidelines Filenames and directory names are case sensitive.
This command changes the setting of the CONFIG_FILE environment variable. For more information,
see Appendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
flash:/file-url The path (directory) and name of the configuration file.
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
23/216
2-23
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot enable-break
boot enable-breakUse the boot enable-breakglobal configuration command to enable interrupting the automatic boot
process. Use the noform of this command to return to the default setting.
boot enable-break
no boot enable-break
Syntax Description This command has no arguments or keywords.
Defaults Disabled. The automatic boot process cannot be interrupted by pressing the Break key on the console.
Command Modes Global configuration
Command History
Usage Guidelines When you enter this command, you can interrupt the automatic boot process by pressing the Break keyon the console after the flash file system is initialized.
Note Despite the setting of this command, you can interrupt the automatic boot process at any time by pressing
the MODE button on the switch front panel.
This command changes the setting of the ENABLE_BREAK environment variable. For more
information, see Appendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
24/216
2-24
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot helper
boot helperUse the boot helperglobal configuration command to dynamically load files during boot loader
initialization to extend or patch the functionality of the boot loader. Use the noform of this commandto return to the default setting.
boot helperfilesystem:/file-url ...
no boot helper
Syntax Description
Defaults No helper files are loaded.
Command Modes Global configuration
Command History
Usage Guidelines Filenames and directory names are case sensitive.
This command changes the setting of the HELPER environment variable. For more information, seeAppendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
filesystem: Alias for a flash file system. Use flash:for the system board flash device.
/file-url The path (directory) and a list of loadable files to dynamically load duringloader initialization. Separate each image name with a semicolon.
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
25/216
2-25
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot helper-config-file
boot helper-config-fileUse the boot helper-config-file global configuration command to specify the name of the configuration
file to be used by the Cisco IOS helper image. If this is not set, the file specified by the CONFIG_FILE
environment variable is used by all versions of Cisco IOS that are loaded. This variable is used only for
internal development and testing. Use the noform of this command to return to the default setting.
boot helper-config-filefilesystem:/file-url
no boot helper-config file
Syntax Description
Defaults No helper configuration file is specified.
Command Modes Global configuration
Command History
Usage Guidelines Filenames and directory names are case sensitive.
This command changes the setting of the HELPER_CONFIG_FILE environment variable. For moreinformation, see Appendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
filesystem: Alias for a flash file system. Use flash: for the system board flash device.
/file-url The path (directory) and helper configuration file to load.
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
26/216
2-26
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot manual
boot manualUse the boot manual global configuration command to enable manually booting the switch during the
next boot cycle. Use the noform of this command to return to the default setting.
boot manual
no boot manual
Syntax Description This command has no arguments or keywords.
Defaults Manual booting is disabled.
Command Modes Global configuration
Command History
Usage Guidelines The next time you reboot the system, the switch is in boot loader mode, which is shown by theswitch:prompt. To boot the system, use the boot boot loader command, and specify the name of the bootable
image.
This command changes the setting of the MANUAL_BOOT environment variable. For more
information, see Appendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
27/216
2-27
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot private-config-file
boot private-config-fileUse the boot private-config-file global configuration command to specify the filename that Cisco IOS
uses to read and write a nonvolatile copy of the private configuration. Use the no form of this commandto return to the default setting.
boot private-config-filefilename
no boot private-config-file
Syntax Description
Defaults The default configuration file isprivate-config.text.
Command Modes Global configuration
Command History
Usage Guidelines Only the Cisco IOS software can read and write a copy of the private configuration file. You cannot read,write, delete, or display a copy of this file.
Filenames are case sensitive.
Examples This example shows how to specify the name of the private configuration file to be pconfig:
Switch(config)#boot private-config-file pconfig
Related Commands
filename The name of the private configuration file.
Release Modification
12.1(11)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
28/216
2-28
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
boot system
boot systemUse the boot systemglobal configuration command to specify the Cisco IOS image to load during the
next boot cycle. Use the noform of this command to return to the default setting.
boot systemfilesystem:/file-url ...
no boot system
Syntax Description
Defaults The switch attempts to automatically boot the system by using information in the BOOT environmentvariable. If this variable is not set, the switch attempts to load and execute the first executable image it
can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search
of a directory, each encountered subdirectory is completely searched before continuing the search in the
original directory.
Command Modes Global configuration
Command History
Usage Guidelines Filenames and directory names are case sensitive.
If you are using the archive download-sw privileged EXEC command to maintain system images, you never
need to use the boot system command. The boot system command is automatically manipulated to load thedownloaded image.
This command changes the setting of the BOOT environment variable. For more information, see
Appendix A, Catalyst 3550 Switch Boot Loader Commands.
Related Commands
filesystem: Alias for a flash file system. Use flash:for the system board flash device.
/file-url The path (directory) and name of a bootable image. Separate image names
with a semicolon.
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show boot Displays the settings of the boot environment variables.
http://bootldr.pdf/http://cli2.pdf/http://bootldr.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
29/216
2-29
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
channel-group
channel-groupUse the channel-groupinterface configuration command to assign an Ethernet interface to an
EtherChannel group. Use the noform of this command to remove an Ethernet interface from anEtherChannel group.
channel-groupchannel-group-numbermode{auto[non-silent] | desirable[non-silent] | on|
active| passive}
no channel-group
Syntax Description channel-group-number Specify the channel group number. The range is 1 to 64.
mode Specify the EtherChannel Port Aggregation Protocol (PAgP) mode of
the interface.
active Unconditionally enable Link Aggregation Control Protocol (LACP).
Active mode places an interface into a negotiating state in which the
interface initiates negotiations with other interfaces by sending LACP
packets. A channel is formed with another port group in either the
active or passive mode. When active is enabled, silent operation is thedefault.
auto Enable PAgP only if a PAgP device is detected.
Auto mode places an interface into a passive negotiating state, in which
the interface responds to PAgP packets it receives but does not start
PAgP packet negotiation. A channel is formed only with another port
group in desirable mode. When auto is enabled, silent operation is thedefault.
desirable Unconditionally enable PAgP.
Desirable mode places an interface into an active negotiating state, inwhich the interface starts negotiations with other interfaces by sending
PAgP packets. A channel is formed with another port group in either
the desirable or auto mode. When desirable is enabled, silent operation
is the default.
non-silent (Optional) Used with the auto or desirable keyword when PAgP traffic
is expected from the other device.
on Force the interface to channel without PAgP or LACP.
With the on mode, a usable EtherChannel exists only when an interface
group in the on mode is connected to another interface group in the onmode.
passive Enable LACP only if a LACP device is detected.
Passive mode places an interface into a negotiating state in which the
interface responds to LACP packets it receives but does not initiate
LACP packet negotiation. A channel is formed only with another port
group in active mode. When passive is enabled, silent operation is the
default.
-
8/14/2019 3550.pdf
30/216
2-30
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
channel-group
Defaults No channel groups are assigned.
No mode is configured.
Command Modes Interface configuration
Command History
Usage Guidelines You do not have to create a port-channel interface before assigning a physical interface to a channelgroup. A port-channel interface is created automatically when the channel group gets its first physical
interface, if it is not already created.
You do not have to disable the IP address that is assigned to a physical interface that is part of a channelgroup, but we highly recommend that you do so.
For Layer 2 EtherChannels, you must configure the channel-groupinterface configuration command,
which automatically creates the port-channel logical interface. You cannot put Layer 2 interfaces into a
manually created port-channel interface.
You create Layer 3 port channels by using the interface port-channelcommand. You must manually
configure the port-channel logical interface before putting the interface into the channel group.
Any configuration or attribute changes you make to the port-channel interface are propagated to all
interfaces within the same channel group as the port channel (for example, configuration changes are
also propagated to the physical interfaces that are not part of the port channel, but are part of the channel
group).
If you do not specify non-silent with the auto or desirable mode, silent is assumed. The silent mode isused when the switch is connected to a device that is not PAgP-capable and seldom, if ever, sends
packets. A example of a silent partner is a file server or a packet analyzer that is not generating traffic.
In this case, running PAgP on a physical port prevents that port from ever becoming operational;
however, it allows PAgP to operate, to attach the interface to a channel group, and to use the interface
for transmission. Both ends of the link cannot be set to silent.
With the on mode, a usable PAgP EtherChannel exists only when a port group in on mode is connectedto another port group in on mode.
Caution You should exercise care when setting the mode to on(manual configuration). All ports configured in
the on mode are bundled together in the same group and are forced to have similar characteristics. If thegroup is misconfigured, packet loss or spanning-tree loops might occur.
Note You cannot enable both PAgP and LACP modes on an EtherChannel group.
Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an 802.1x
port. If you try to enable 802.1x on an EtherChannel port, an error message appears, and 802.1x is not
enabled.
Release Modification
12.1(4)EA1 This command was introduced.
12.1(12c)EA1 The activeand passivekeywords were added.
-
8/14/2019 3550.pdf
31/216
2-31
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
channel-group
Do not configure a secure port as part of an EtherChannel.
Caution Do not enable Layer 3 addresses on the physical EtherChannel interfaces. Do not assign bridge groups
on the physical EtherChannel interfaces because it creates loops.
Examples This example shows how to assign two interfaces as static-access ports in VLAN 10 to channel 5 withthe PAgP mode desirable:
Switch# configure terminal
Switch(config)# interface range gigabitethernet0/4 -5
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Switch(config-if-range)# channel-group 5 mode desirable
Switch(config-if-range)# end
This example shows how to set an EtherChannel into PAgP mode:
Switch(config-if)# channel-group 1 mode auto
Creating a port-channel interface Port-channel 1
This example shows how to set an EtherChannel into LACP mode:
Switch(config-if)# channel-group 1 mode passive
Creating a port-channel interface Port-channel 1
You can verify your settings by entering the show running-config privileged EXEC command.
Related Commands Command Description
interface port-channel Accesses or creates the port channel.
show lacp Display LACP information.
show pagp Display PAgP information.show running-config Displays the current operating configuration. For syntax information,
refer to the Cisco IOS Configuration Fundamentals Command
Reference for Release 12.1 > Cisco IOS File ManagementCommands > Configuration File Commands.
http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
32/216
2-32
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
channel-protocol
channel-protocolUse the channel-protocol interface configuration command to configure an EtherChannel for the Port
Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP). Use the noform of thiscommand to disable PAgP or LACP on the EtherChannel.
channel-protocol{lacp| pagp}
no channel-protocol
Syntax Description
Defaults No protocol is assigned to the EtherChannel.
Command Modes Interface configuration
Command History
Usage Guidelines Use the channel-protocol command only to restrict a channel to LACP or PAgP.
You must use the channel-groupinterface command to configure the EtherChannel parameters. The
channel-groupcommand can also set the EtherChannel for a channel.
Note You cannot enable both PAgP and LACP modes on an EtherChannel group.
Caution Do not enable Layer 3 addresses on the physical EtherChannel interfaces. To prevent loops, do not
assign bridge groups on the physical EtherChannel interfaces.
Examples This example shows how to set an EtherChannel into PAgP mode:
Switch(config-if)# channel-protocol pagp
This example shows how to set an EtherChannel into LACP mode:
Switch(config-if)# channel-protocol lacp
You can verify your settings by entering the show running-config privileged EXEC command.
lacp Configure an EtherChannel with the LACP protocol.
pagp Configure an EtherChannel with the PAgP protocol.
Release Modification
12.1(12c)EA1 This command was introduced.
-
8/14/2019 3550.pdf
33/216
2-33
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
channel-protocol
Related Commands Command Description
show lacp Display LACP information.
show pagp Display PAgP information.
show running-config Displays the current operating configuration. For syntax information,refer to the Cisco IOS Configuration Fundamentals CommandReference for Release 12.1 > Cisco IOS File Management
Commands > Configuration File Commands.
http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
34/216
2-34
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
class
classUse the classpolicy-map configuration command to define a traffic classification for the policy to act
on. Use the noform of this command to delete an existing class map.
classclass-map-name
no classclass-map-name
Syntax Description
Note Though visible in the command-line help strings, the classclass-defaultoption is not supported.
Defaults No policy map class-maps are defined.
Command Modes Policy-map configuration
Command History
Usage Guidelines Use the policy-mapglobal configuration command to identify the policy map and to enter policy-mapconfiguration mode before you use the classcommand. After you specify a policy map, you can
configure a policy for new classes or modify a policy for any existing classes in that policy map. You
attach the policy map to an interface by using the service-policyinterface configuration command.
The class name that you specify in the policy map ties the characteristics for that class to the class map
and its match criteria as configured by using the class-mapglobal configuration command.
The classcommand performs the same function as the class-mapglobal configuration command. Use
the class command when a new classification, which is not shared with any other ports, is needed. Usethe class-mapcommand when the map is shared among many ports.
After you enter the classcommand, the switch enters policy-map class configuration mode, and these
configuration commands are available:
bandwidth: Although this command appears, it is not supported on Catalyst 3550 switches.
exit: exits policy-map class configuration mode and returns to policy-map configuration mode.
no: returns a command to its default setting.
police: defines a policer or aggregate policer for the classified traffic. The policer specifies thebandwidth limitations and the action to take when the limits are exceeded. For more information,
see the policeand police aggregatepolicy-map class commands.
class-map-name Name of the class map.
Release Modification
12.1(4)EA1 This command was introduced.
12.1(9)EA1 The access-group, any, dscp, destination-address, input-interface,
precedence, protocol, and source-addresskeywords were removed.
-
8/14/2019 3550.pdf
35/216
2-35
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
class
set: specifies a value to be assigned to the classified traffic. For more information, see the setcommand.
trust: defines a trust state for traffic classified with the class or the class-map command. For moreinformation, see the trustcommand.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the endcommand.
Examples This example shows how to create a policy map calledpolicy1. When attached to the ingress direction,it matches all the incoming traffic defined inclass1, sets the IP DSCP to 10, and polices the traffic at an
average rate of 1 Mbps and for 20 KB bursts. Traffic exceeding the profile is marked down to a DSCP
value obtained from the policed-DSCP map and then sent.
Switch(config)#policy-map policy1
Switch(config-pmap)# class class1
Switch(config-pmap-c)# set ip dscp 10
Switch(config-pmap-c)#police 1000000 20000 exceed-action policed-dscp-transmit
Switch(config-pmap-c)# exit
You can verify your settings by entering the show policy-mapprivileged EXEC command.
Related Commands Command Description
class-map Creates a class map to be used for matching packets to the classwhose name you specify.
policy-map Creates or modifies a policy map that can be attached to multipleinterfaces to specify a service policy.
show policy-map Displays quality of service (QoS) policy maps.
http://cli2.pdf/http://cli3.pdf/http://cli2.pdf/http://cli3.pdf/http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
36/216
2-36
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
class-map
class-mapUse the class-map global configuration command to create a class map to be used for matching packets
to the class whose name you specify and to enter class-map configuration mode. Use the no form of thiscommand to delete an existing class map and to return to global configuration mode.
class-map [match-all| match-any]class-map-name
no class-map [match-all| match-any]class-map-name
Syntax Description
Defaults No class maps are defined.
When neither the match-allor match-anykeyword is specified, the default is match-all.
Command Modes Global configuration
Command History
Usage Guidelines Use this command to specify the name of the class for which you want to create or modify class-mapmatch criteria and to enter class-map configuration mode.
The class-mapcommand and its subcommands are used to define packet classification, marking, and
aggregate policing as part of a globally named service policy applied on a per-interface basis.
After you are in quality of service (QoS) class-map configuration mode, these configuration commands
are available:
description: describes the class map (up to 200 characters). The show class-map privileged EXECcommand displays the description and the name of the class-map.
exit: exits from QoS class-map configuration mode.
match: configures classification criteria. For more information, see the match (class-map
configuration)command.
no: removes a match statement from a class map.
rename: renames the current class map. If you rename a class map with a name that is already inuse, this message appears:
A class-map with this name already exists
match-all (Optional) Perform a logical-AND of all matching statements under this class
map. All criteria in the class map must be matched.
match-any (Optional) Perform a logical-OR of the matching statements under this class
map. One or more criteria must be matched.
class-map-name Name of the class map.
Release Modification
12.1(4)EA1 This command was introduced.
-
8/14/2019 3550.pdf
37/216
2-37
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
class-map
To define packet classification on a physical-port basis, only one matchcommand per class map issupported. In this situation, the match-alland match-anykeywords are equivalent.
To define packet classification on a per-port per-VLAN basis, you must use the match-all keyword withthe class-mapglobal configuration command. You also must enter the match vlanvlan-listand the
match class-mapclass-map-nameclass-map configuration commands. For more information, see the
match (class-map configuration) section on page 2-159.Only one access control list (ACL) can be configured in a class map. The ACL can have multiple access
control entries (ACEs).
Examples This example shows how to configure the class map calledclass1.class1 has one match criterion, whichis an access list called103.
Switch(config)# access-list 103 permit any any dscp 10
Switch(config)# class-map class1
Switch(config-cmap)#match access-group 103
Switch(config-cmap)# exit
This example shows how to delete the class mapclass1:
Switch(config)# no class-map class1
This example shows how to configure a class map calleddscp_class whose match criterion is to match
IP DSCP 9. A second class map, calledvlan_class, matches traffic on VLANs 10, 20 to 30, and 40 to
class mapdscp_class:
Switch(config)# class-map match-any dscp_class
Switch(config-cmap)#match ip dscp 9
Switch(config-cmap)# exit
Switch(config)# class-map match-all vlan_class
Switch(config-cmap)#match vlan 10 20-30 40
Switch(config-cmap)#match class-map dscp_class
Switch(config-cmap)# exit
You can verify your settings by entering the show class-mapprivileged EXEC command.
Related Commands Command Description
match (class-map configuration) Defines the match criteria to classify traffic.
policy-map Creates or modifies a policy map that can be attached to multipleinterfaces to specify a service policy.
show class-map Displays QoS class maps.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
38/216
2-38
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear lacp
clear lacpUse the clear lacp privileged EXEC command to clear Link Aggregation Control Protocol (LACP)
channel-group counters.
clear lacp{channel-group-number[counters]}
Syntax Description
Defaults This command has no default setting.
Command Modes Privileged EXEC
Command History
Examples This example shows how to clear channel-group information for a specific group:
Switch# clear lacp 4
This example shows how to clear channel-group traffic counters:
Switch# clear lacp counters
You can verify that the information was deleted by entering the show lacp privileged EXEC command.
Related Commands
channel-group-number Channel group number. The range is 1 to 64.
counters Clear traffic counters.
Release Modification
12.1(12c)EA1 This command was introduced.
Command Description
show lacp Displays LACP channel-group information.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
39/216
2-39
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear l2protocol-tunnel counters
clear l2protocol-tunnel countersUse the clear l2protocol-tunnel counters privileged EXEC command to clear the protocol counters in
protocol tunnel ports.
clear l2protocol-tunnel counters[interface-id]
Syntax Description
Defaults This command has no defaults.
Command Modes Privileged EXEC
Command History
Usage Guidelines Use this command to clear protocol tunnel counters on the switch or on the specified interface.
Examples This example shows how to clear Layer 2 protocol tunnel counters on an interface:
Switch# clear l2protocol-tunnel counters gigabitethernet0/3
Related Commands
interface-id (Optional) Specify interface for which protocol counters are to be cleared.
Release Modification
12.1(9)EA1 This command was introduced.
Command Description
show l2protocol-tunnel Displays information about ports configured for Layer 2 protocol
tunneling.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
40/216
2-40
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear mac address-table
clear mac address-tableUse the clear mac address-tableprivileged EXEC command to delete from the MAC address table a
specific dynamic address, all dynamic addresses on a particular interface, or all dynamic addresses on a
particular VLAN. This command also clears the MAC address notification global counters.
clear mac address-table{dynamic[addressmac-addr| interfaceinterface-id| vlanvlan-id] |
notification}
Note Beginning with Cisco IOS Release 12.1(11)EA1, the clear mac address-tablecommand replaces the
clear mac- address-tablecommand (with the hyphen).
Syntax Description
Command Modes Privileged EXEC
Command History
Examples This example shows how to remove a specific MAC address from the dynamic address table:
Switch# clear mac address-table dynamic address 0008.0070.0007
You can verify that information was deleted by entering the show mac address-table privileged EXECcommand.
dynamic Delete all dynamic MAC addresses.
dynamic addressmac-addr
(Optional) Delete the specified dynamic MAC address.
dynamic interface
interface-id
(Optional) Delete all dynamic MAC addresses on the specified physical port
or port channel.
dynamic vlanvlan-id (Optional) Delete all dynamic MAC addresses for the specified VLAN. Therange is 1 to 4096.
notification Clear the notifications in the history table and reset the counters.
Release Modification12.1(4)EA1 This command was introduced.
12.1(8)EA1 The notificationkeyword was added.
12.1(11)EA1 Theclear mac-address-table command was replaced by the clear macaddress-table command.
-
8/14/2019 3550.pdf
41/216
2-41
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear mac address-table
Related Commands Command Description
mac address-table notification Enables the MAC address notification feature.
show mac address-table Displays the MAC address table static and dynamic entries.
show mac address-table notification Displays the MAC address notification settings for allinterfaces or the specified interface.
snmp trap mac-notification Enables the Simple Network Management Protocol (SNMP)MAC address notification trap on a specific interface.
http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
42/216
-
8/14/2019 3550.pdf
43/216
2-43
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear port-security
clear port-securityUse the clear port-security privileged EXEC command to delete from the MAC address table all secure
addresses, all configured secure addresses, or a specific dynamic or sticky secure address on an interface
clear port-security {all| configured| dynamic| sticky} [addressmac-addr[vlanvlan-id]] |[interfaceinterface-id]
Syntax Description
Defaults No default is defined.
Command Modes Privileged EXEC
Command History
Usage Guidelines If you enter the clear port-security all privileged EXEC command, the switch removes all secure MACaddresses from the MAC address table.
If you enter the clear port-security configured addressmac-addrvlanvlan-idcommand, the switchremoves the specified secure MAC address from the specified VLAN.
If you enter the clear port-security configured addressmac-address command, the switch removes thespecified secure MAC address from the MAC address table.
If you enter the clear port-security dynamic interfaceinterface-idcommand, the switch removes alldynamic secure MAC addresses on an interface from the MAC address table.
If you enter the clear port-security stickycommand, the switch removes all sticky secure MACaddresses from the MAC address table.
all Delete all secure MAC addresses.
configured Delete all configured secure MAC addresses.
dynamic Delete all dynamic secure MAC addresses.
sticky Delete all sticky secure MAC addresses.
addressmac-addr (Optional) Delete the specified secure MAC address.
vlanvlan-id (Optional) Delete the specified secure MAC address from the specified
VLAN.
interfaceinterface-id (Optional) Delete secure MAC addresses on the specified physical port orport channel.
Release Modification
12.1(11)EA1 This command was introduced.
12.1(14)EA1 The all, configured, and vlankeywords were added.
-
8/14/2019 3550.pdf
44/216
2-44
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear port-security
Examples This example shows how to remove all secure addresses from the MAC address table:
Switch# clear port-security all
This example shows how to remove a configured secure address from the MAC address table:
Switch# clear port-security configured address 0008.0070.0007
This example shows how to remove all the dynamic secure addresses learned on an interface:
Switch# clear port-security dynamic interface gigabitethernet0/1
This example shows how to remove all the sticky secure addresses from the address table:
Switch# clear port-security sticky
You can verify that the information was deleted by entering the show port-security privileged EXEC
command.
Related Commands Command Description
show port-security Displays the port security settings for an interface or for the switch.switchport port-security Enables port security on an interface.
http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
45/216
2-45
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear setup express
clear setup expressUse the clear setup express privileged EXEC command to exit Express Setup mode without saving the
current configuration.
clear setup express
Syntax Description This command has no arguments or keywords.
Defaults No default is defined.
Command Modes Privileged EXEC
Command History
Usage Guidelines You can use theclear setup expressprivileged EXEC command to exit Express Setup mode. Forexample, if you activate Express Setup and then decide to connect to the switch through the console port
instead of through an Ethernet port, enter the clear setup expresscommand. The switch exits ExpressSetup mode. The IP address 10.0.0.1 is no longer valid on the switch, and your connection using this IP
address is ended.
This command is available only when the switch is in Express Setup mode.
Examples This example shows how to exit Express Setup mode:
Switch# clear setup express
You can verify that the switch has exited Express Setup mode by entering the show express setupprivileged EXEC command.
Related Commands
Release Modification
12.1(14)EA1 This command was introduced.
Command Description
setup express Enables Express Setup mode on the switch.
show setup express Displays if Express Setup mode is active on the switch.
http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
46/216
2-46
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear spanning-tree counters
clear spanning-tree countersUse the clear spanning-tree countersprivileged EXEC command to clear the spanning-tree counters.
clear spanning-tree counters [interfaceinterface-id]
Syntax Description
Defaults No default is defined.
Command Modes Privileged EXEC
Command History
Examples This example shows how to clear spanning-tree counters for all interfaces:
Switch#clear spanning-tree counters
Related Commands
interfaceinterface-id (Optional) Clear all spanning-tree counters on the specified interface. If
interface-idis not specified, spanning-tree counters are cleared for all
interfaces.
Release Modification
12.1(13)EA1 This command was introduced.
Command Description
show spanning-tree Displays spanning-tree state information.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
47/216
2-47
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear spanning-tree detected-protocols
clear spanning-tree detected-protocolsUse the clear spanning-tree detected-protocolsprivileged EXEC command to restart the protocol
migration process (force the renegotiation with neighboring switches) on all interfaces or on the
specified interface.
clear spanning-tree detected-protocols [interfaceinterface-id]
Syntax Description
Command Modes Privileged EXEC
Command History
Usage Guidelines A switch running the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol or the MultipleSpanning Tree Protocol (MSTP) supports a built-in protocol migration mechanism that enables it to
interoperate with legacy 802.1D switches. If a rapid-PVST+ switch or an MSTP switch receives a legacy
802.1D configuration bridge protocol data unit (BPDU) with the protocol version set to 0, it sends only
802.1D BPDUs on that port. A multiple spanning-tree (MST) switch can also detect that a port is at the
boundary of a region when it receives a legacy BPDU, an MST BPDU (version 3) associated with a
different region, or an RST BPDU (version 2).
However, the switch does not automatically revert to the rapid-PVST+ or MSTP mode if it no longer
receives 802.1D BPDUs because it cannot determine whether the legacy switch has been removed from
the link unless the legacy switch is the designated switch. Use the clear spanning-treedetected-protocolscommand in this situation.
Examples This example shows how to restart the protocol migration process on an interface:
Switch# clear spanning-tree detected-protocols interface fastethernet0/1
interfaceinterface-id (Optional) Restart the protocol migration process on the specified interface.
Valid interfaces include physical ports, VLANs, and port channels. The
VLAN range is 1 to 4094. The port-channel range is 1 to 64.
Release Modification
12.1(9)EA1 This command was introduced.
-
8/14/2019 3550.pdf
48/216
2-48
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear vmps statistics
clear vmps statisticsUse the clear vmps statistics privileged EXEC command to clear the statistics maintained by the VLAN
Query Protocol (VQP) client.
clear vmps statistics
Syntax Description This command has no arguments or keywords.
Defaults No default is defined.
Command Modes Privileged EXEC
Command History
Examples This example shows how to clear VLAN Membership Policy Server (VMPS) statistics:
Switch#clear vmps statistics
You can verify that information was deleted by entering the show vmps statistics privileged EXEC
command.
Related Commands
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show vmps Displays the VQP version, reconfirmation interval, retry count, VMPS IP
addresses, and the current and primary servers.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
49/216
2-49
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
clear vtp counters
clear vtp countersUse the clear vtp counters privileged EXEC command to clear the VLAN Trunking Protocol (VTP) and
pruning counters.
clear vtp counters
Syntax Description This command has no arguments or keywords.
Defaults No default is defined.
Command Modes Privileged EXEC
Command History
Examples This example shows how to clear the VTP counters:
Switch#clear vtp counters
You can verify that information was deleted by entering the show vtp counters privileged EXEC
command.
Related Commands
Release Modification
12.1(4)EA1 This command was introduced.
Command Description
show vtp Displays general information about the VTP management domain, status,
and counters.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
50/216
2-50
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
cluster commander-address
cluster commander-addressYou do not need to enter this command. The command switch automatically provides its MAC address
to member switches when these switches join the cluster. The member switch adds this information and
other cluster information to its running configuration file. Use the no form of this command from the
member switch console port to remove it from a cluster only during debugging or recovery procedures.
cluster commander-addressmac-address[membernumbernamename]
no cluster commander-address
Syntax Description
Defaults The switch is not a member of any cluster.
Command Modes Global configuration
Command History
Usage Guidelines A cluster member can have only one command switch.
The member switch retains the identity of the command switch during a system reload by using the
mac-addressparameter.
You can enter the noform on a member switch to remove it from the cluster during debugging or
recovery procedures. You would normally use this command from the member switch console port only
when the member has lost communication with the command switch. With normal switch configuration,
we recommend that you remove member switches only by entering the no cluster membernglobalconfiguration command on the command switch.
When a standby command switch becomes active (becomes the command switch), it removes the cluster
commander address line from its configuration.
mac-address MAC address of the cluster command switch.
membernumber (Optional) Number of a configured member switch. The range is from 0 to
15.
namename (Optional) Name of the configured cluster up to 31 characters.
Release Modification
12.1(4)EA1 This command was introduced.
-
8/14/2019 3550.pdf
51/216
2-51
Catalyst 3550 Multilayer Switch Command Reference
78-11195-10
Chapter2 Catalyst 3550 Switch Cisco IOS Commands
cluster commander-address
Examples This is partial sample output from the running configuration of a cluster member:
Switch(config)# show running-config
cluster commander-address 00e0.9bc0.a500 member 4 name my_cluster
This example shows how to remove a member from the cluster by using the cluster member console:
Switch # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# no cluster commander-address
You can verify your settings by entering the show clusterprivileged EXEC command.
Related Commands Command Description
show cluster Displays the cluster status and a summary of the cluster to which the switch
belongs.
http://cli2.pdf/http://cli2.pdf/ -
8/14/2019 3550.pdf
52/216
2-5