2
Table of ContentsIntroduction.............................................................................. 8 Overview............................................................................................. 8 User Privelege Levels/CLI Command Modes........................ 8 User Exec Mode/Priveleged Exec Mode................................. 9 GlobalConfigMode..........................................................................9 Interface/LineConfigurationMode......................................10 AccessingTheCLI/Shortcuts..................................................11Chapter 1 802.1X....................................................................12 dot1x.................................................................................13 dot1x Reauthentication.............................................................18 dot1xTimeoutReauthentication-Period.............................20 dot1xTimoutQuiet-Period.........................................................22 dot1xTimeoutSupp-Timeout..................................................24 dot1xTimeoutMax-Req............................................................26 dot1xGuestVLAN........................................................................28 Show dot1x.................................................................................. 30 Show dot1x Authentication-Hosts..................................... 31 Show dot1x Interface................................................................ 33 Showdot1xGuestVLAN...........................................................35Chapter 2 AAA.........................................................................38 AAAAuthentication......................................................................39 LoginAuthentication...................................................................42 IP http Authentication.............................................................. 45 EnableAuthentication................................................................48 ShowAAAAuthentication.......................................................51 ShowLineLists..............................................................................53 tacacsDefaultConfig..................................................................55 tacacs Host.................................................................................... 58 Show tacacs Default ............................................................... 60 Show tacacs................................................................................... 61 RADIUSDefault.............................................................................62
RADIUSHost.................................................................................. 64 ShowRADIUSDefaultConfiguration...................................66 Show RADIUS................................................................................ 67Chapter 3 ACL.........................................................................69 MACACL...........................................................................................70 Permit (MAC).................................................................................. 72 Deny (MAC)..................................................................................... 74 IPACL.................................................................................................76 Permit (IP)....................................................................................... 78 Deny (IPv6).....................................................................................82 IPv6 ACL...........................................................................................85 Permit(IPv6)....................................................................................87 Deny(IP)...........................................................................................90 BindACL...........................................................................................94 Show ACL....................................................................................... 96 Show ACL Utilization............................................................... 98Chapter 4 Administration...................................................102 Enable............................................................................................ 103 Exit...................................................................................................105 Configure........................................................................................107 Interface........................................................................................108 Line..................................................................................................110 End.................................................................................................. 112 Reboot........................................................................................... 114 SystemName..............................................................................115 System Contact......................................................................... 117 System Location........................................................................ 119 Username....................................................................................... 121 Enable Password........................................................................ 123 IPAddress......................................................................................125 IPDefaultGateway..................................................................127
3
IPDNS..............................................................................................129 IPDHCP...........................................................................................131 IPv6Autoconfiguration............................................................133 IPv6Address.................................................................................135 IPv6DefaultGateway...............................................................137 IPv6 DHCP.....................................................................................139 IPService.......................................................................................141 IPSession-Timeout...................................................................144 Exec-Timeout............................................................................. 146 Password-Thresh...................................................................... 150 Silent-Time.................................................................................. 154 History............................................................................................157 ClearService.................................................................................162 SSL................................................................................................... 163 Ping...................................................................................................165 Traceroute.................................................................................... 167 ClearARP........................................................................................169 ShowVersion................................................................................171 ShowInfo.......................................................................................173 ShowHistory.................................................................................175 Show Username ...................................................................... 177 Show IP......................................................................................... 179 Show IPDHCP............................................................................ 181 ShowIPv6.....................................................................................182 Show IPv6DHCP.......................................................................184 ShowLine.......................................................................................185Chapter 5 Cable Diagnostics................................................187 Show Cable Diag Interfaces.................................................... 188Chapter 6 DHCP Snooping.................................................... 190 IPDHCPSnooping........................................................................191 IPDHCPSnoopingVLAN...........................................................193
IPDHCPSnoopingTrust.............................................................196 IP DHCP Snooping Verify......................................................198 IP DHCP Snooping Rate Limit......................................... 200 Clear IPDHCPSnoopingStatistics....................................202 Show IPDHCPSnooping....................................................... 204 Show IP DHCP Snooping Interface................................ 206 Show IP DHCP Snooping Binding..................................... 208 IPDHCPSnoopingOption..........................................................210 IPDHCPSnoopingOptionAction........................................212 IPDHCPSnoopingOptionCircut-ID....................................214 IPDHCPSnoopingOptionRemote-ID..............................216 Show IPDHCPSnoopingOption........................................218 IP DHCP Snooping Database............................................ 219 IP DHCP Snooping Database Write-Delay.................... 221 IP DHCP Snooping Database Timeout........................... 224 ClearIPDHCPSnoopingDatabaseStatistics.................226 Renew IP DHCP Snooping Database............................. 228 Show IP DHCP Snooping Database................................ 230Chapter 7 DOS...................................................................... 232 DOS.................................................................................................. 233 Show DOS.................................................................................. 238Chapter 8 Dynamic ARP Inspection.................................240 IPARPInspection.......................................................................241 IP ARP Inspection VLAN.................................................... 243 IP ARP Inspection Trust................................................... 245 IPARPInspectionValidate...................................................247 IPARP InspectionRateLimit..............................................248 Clear IP ARP Inspection Statistics............................... 251 Show IPARP Inspection........................................................253 Show IPARP Inspection Interface....................................254Chapter 9 IGMP Snooping..................................................256
4
IPIGMPSnooping.......................................................................257 IPIGMPSnoopingReport-Suppression..............................259 IPIGMPSnoopingVersion.......................................................261 IGMP Snooping Unknown Multicast Action................ 262 IPIGMPSnoopingForwardMethod....................................265 IPIGMPSnoopingQuerier.........................................................267 IPIGMPSnoopingVLAN...........................................................270 IPIGMPSnoopingVLANParameters..................................273 IPIGMPSnoopingStaticReport............................................277 IPIGMPSnoopingVLANStaticRouterPort.....................279 IPIGMPSnoopingStaticGroup............................................281 IPIGMPProfile.............................................................................284 IPIGMPFilter...............................................................................288 IPIGMPMax-Groups....................................................................291 ClearIPIGMPSnoopingGroups............................................294 Clear IGMP Snooping Statistics......................................... 296 ClearIPIGMPSnoopingCounters.......................................297 ShowIP IGMPSnoopingGroups.........................................298 ShowIPIGMPSnoopingRouter............................................300 ShowIPIGMPSnoopingQuerier.............................................302 ShowIPIGMPSnooping...........................................................303 ShowIPIGMPSnoopingVLAN...............................................305 ShowIPIGMPSnoopingForward-All....................................307 ShowIPIGMPProfile................................................................309 ShowIPIGMPSnoopingPortFilter....................................311 ShowIPIGMPSnoopingMax-Group..................................313 ShowIPIGMPSnoopingPortMax-GroupAction.........315Chapter 10 IP Source Guard.................................................317 IPSourceVerify............................................................................318 IPSourceBinding.........................................................................320 Show IP Source Interface.................................................... 322
Show IP Source Binding........................................................ 323Chapter 11 Link Aggregation..............................................325 Lag Load-Balance......................................................................326 LACP System-Priority.............................................................. 328 LACP Port Priority.................................................................... 325 LACPTimeout..............................................................................331 Lag................................................................................................... 333 Show LAG..................................................................................... 333Chapter 12 LLDP....................................................................337 LLDP......................................................................................338 LLDPTX-Interval........................................................................340 LLDPReInit-Delay......................................................................342 LLDP Holdtime-Multiplier...................................................... 344 LLDP TX-Delay........................................................................... 346 LLDP TLV-Select....................................................................... 348 LLDP TLV-Select PVID........................................................... 351 LLDPTLV-SelectVLANName...............................................354 LLDPLLDPU.................................................................................357 LLDP Rx/Tx................................................................................ 359 LLDP Med....................................................................................363 LLDPMedTLV-Select...............................................................366 LLDPMedFast-Start-Repeat-Count...................................369 LLDP Med Network-Policy................................................... 371 LLDPMedNetwork-PolicyAdd/Remove........................ 374 LLDPMed Network-Policy Auto........................................ 377 LLDP Med Location................................................................ 379 Show LLDP................................................................................... 382 Show LLDP Local Drive......................................................... 385 Show LLDPNeighbor.............................................................. 390 Show LLDP MED....................................................................... 395 Show LLDP Statistics............................................................. 399
5
Clear IPv6MLDSnoopingGroups......................................473 ClearIPv6MLDSnoopingStatistics...................................475 Show IPv6MLDSnooping Counters................................ 476 Show IPv6MLD SnoopingGroups.................................... 477 Show IPv6MLD Snooping Router.................................... 479 ShowIPv6MLDSnooping.....................................................481 Show IPv6MLDSnoopingVLAN....................................... 483 ShowIPv6MLDSnoopingVLANForward-All....................485 ShowIPv6MLDProfile............................................................487 ShowIPv6MLDPortFilter...................................................489 ShowIPv6MLDPortMax-Group........................................491 ShowIPv6MLDPortMax-GroupAction..............................493Chapter 17 Port Security.................................................495 Port-Security............................................................................496 Port-SecurityAddressLimit...................................................498 ShowPort-SecurityInterface...............................................502Chapter 18 Port Error Disable...........................................501 ERRdisableRecoveryCause...................................................502 ERRdisableRecovery Interval............................................. 505 Show ERRdisable Recovery................................................. 507Chapter 19 Port...................................................................509 Description....................................................................................510 Speed...............................................................................................512 Duplex.............................................................................................515 Flow-Control..................................................................................518 Shutdown......................................................................................520 Jumbo-Frame................................................................................522 Protected.......................................................................................524 EEE....................................................................................................526 Clear Interface............................................................................528 ShowInterface...........................................................................530
ShowLLDPTLV-Overloading................................................403Chapter 13 Logging.............................................................405 Logging..............................................................................406 Logging Flash/Buffered...........................................................409 LoggingHost................................................................................413 ShowLogging...............................................................................416 ShowLoggingFlash/Buffered..............................................418 Clear Logging Flash/Buffered............................................. 420Chapter 14 MAC Address Table.........................................422 ClearMACAddress-Table..........................................................423 MACAddress-TableAging-Time..........................................425 MACAddress-TableStatic........................................................427 MACAddress-TableDrop..........................................................429 ShowMACAddress-Table.......................................................431 ShowMACAddress-TableCounters...................................433 ShowMACAddress-TableAgingTime..............................434Chapter 15 Mirror.................................................................435 MirrorSession...............................................................................436 ShowMirror................................................................................. 439Chapter 16 MLD Snooping..................................................441 IPv6MLD Snooping...................................................................442 IPv6MLDSnoopingReport-Suppression........................445 IPv6 MLD Snooping Version............................................... 447 IPv6 MLD Snooping VLAN.................................................. 449 IPv6 MLD Snooping VLAN Parameters........................ 452 IPv6 MLD Snooping Static Port...................................... 456 IPv6MLDSnoopingVLANStaticRouterPort................458 IPv6MLDSnoopingStaticGroup...................................... 460 IPv6 MLD Profile...................................................................... 463 IPv6MLDFilter.......................................................................... 467 IPv6MLDMax-Groups..............................................................470
6
Chapter 20 QoS...................................................................533 QoS...........................................................................................534 QoSTrust(1).................................................................................536 QoS Map.........................................................................................539 QoSQueue.....................................................................................545 QoSCoS...........................................................................................548 QoSTrust (2) .............................................................................550 QoSRemark..................................................................................552 ShowQoS.......................................................................................554 ShowQoSMap............................................................................555 ShowQoSMapInterface........................................................558Chapter 21 Rate Limit........................................................559 Rate Limit......................................................................................560 VLANRateLimit.........................................................................563 Show Rate-Limit VLAN.......................................................... 565Chapter 22 RMON................................................................567 RMONEvent..................................................................................568 RMONAlarm................................................................................ 571 RMONHistory............................................................................. 575 Clear RMON Interface Statistics........................................ 578 Show RMON Interface Statistics.................................... 581 ShowRMONEvent...................................................................583 Show RMON Event Log......................................................... 585 Show RMON Alarm.................................................................. 587 Show RMON History............................................................... 589 Show RMON Statistics.......................................................... 591Chapter 23 SNMP.................................................................594 SNMP...............................................................................................595 SNMPTrap......................................................................................597 SNMPView.....................................................................................599 SNMP Access Group..................................................................601
SNMPCommunity........................................................................603 SNMPUser.....................................................................................605 SNMP EngineID............................................................................607 SNMPHost.....................................................................................609 Show SNMP...................................................................................612 ShowSNMPTrap.........................................................................613 ShowSNMPView.......................................................................614 ShowSNMPGroup......................................................................615 ShowSNMPCommunity..........................................................616 Show SNMP Host.......................................................................617 ShowSNMPUser........................................................................618 ShowSNMPEngineID................................................................619Chapter 24 Storm Control...................................................620 Storm-ControlUnit......................................................................621 Storm-ControlIFG........................................................................623 Storm-Control...........................................................................625 Storm-Control Action................................................................628 ShowStorm-Control...................................................................630Chapter 25 Spanning Tree..................................................632 Spanning-Tree..............................................................................633 Spanning-TreeBPDU.................................................................635 Spanning-TreeMode..................................................................637 Spanning-TreePriority..............................................................640 Spanning-TreeHello-Time.......................................................642 Spanning-TreeMax-Hops.......................................................645. Spanning-TreeForward-Delay................................................647 Spanning-TreeMaximum-Age................................................650 Spanning-TreeTXHold-Count...............................................653 Spanning-TreePathcostMethod.........................................658 Spanning-Tree Port-Priority...................................................661 Spanning-Tree Cost...................................................................661
7
Spanning-Tree Edge..................................................................664 Spanning-Tree BPDU-Filter....................................................667 Spanning-Tree BPDU-Guard...................................................670 Spanning-Tree Link-Type........................................................673 Spanning-TreeMSTConfiguration......................................676 Spanning-TreeMSTPriority...................................................679 Spanning-TreeMSTCost.........................................................682 Spanning-Tree Port-Priority...................................................685Chapter 26 System File......................................................688 BootSystem..................................................................................689 Save.................................................................................................691 Copy.................................................................................................693 Delete............................................................................................. 697 Restore-Defaults...................................................................... 700 ShowConfig.................................................................................701 ShowFlash...................................................................................704Chapter 27 Time...................................................................706 ClockSet.........................................................................................707 ClockTimezone...........................................................................709 ClockSource.................................................................................712 ClockSummer-Time..................................................................714 ShowClock....................................................................................717 SNTP................................................................................................720 ShowSNTP.................................................................................. 722Chapter 28 VLAN..................................................................724 VLAN............................................................................725 VLAN Name................................................................................. 727 SwitchportMode....................................................................... 729 SwitchportHybrid PVID......................................................... 732 SwitchportHybridIngress-FilteringDisable..................735 SwitchportHybridAcceptable-Frame-Type....................738
Switchport Hybrid AllowedVLANAdd........................... 741 SwitchportHybridAllowedVLANRemove...................744 SwitchportAccessVLAN.........................................................747 Switchport Tunnel VLAN...................................................... 750 Switchport Trunk Native VLAN........................................ 753 Switchport Trunk Allowed VLAN.................................... 756 SwitchportDefault-VLANTagged.......................................759 SwitchportForbiddenDefault-VLAN................................762 Switchport Forbidden VLAN................................................ 765 ManagementVLAN....................................................................768 ShowManagementVLAN......................................................770 MAC VLAN MAC........................................................................ 771 MAC VLAN Enable.................................................................... 773 Show VLAN MAC-VLAN......................................................... 775 ShowMACVLAN-Interfaces.................................................777 Protocol-VLAN Group............................................................ 779 Protocol VLAN Binding........................................................ 781 Show Protocol VLAN Group................................................ 784 Show Protocol VLAN Interfaces...................................... 786Chapter 29 Voice VLAN.......................................................788 VoiceVLANState.......................................................................789 Voice VLAN ID........................................................................... 791 Voice VLAN VPT..................................................................... 793 Voice VLAN DSCP................................................................... 795 Voice VLAN OUI-Table....................................................... 797 Voice VLAN CoS........................................................................ 800 Voice VLAN Aging-Time........................................................ 802 Voice VLAN CoS Mode...................................................... 804 Voice VLAN Enable................................................................. 807 Show Voice VLAN................................................................... 810
8
Introduction
OverviewThe CLI is divided into variousmodes. Eachmode has agroupofcommandsavailableinit.
Usersareassignedprivilegelevels.EachprivilegelevelcanaccesstheCLImodespermittedtothatlevel.Userprivilegelevels are described in the section below.
User (Privilege) LevelsUsersmaybecreatedwithoneofthefollowinguserlevels:
•Level1—Userswiththis levelcanonlyrunUserEXECmode commands. Users at this level cannot access the web GUI.
•Level7—UserswiththislevelcanruncommandsintheUserEXECmodeandasubsetofcommandsinthePrivilegedEXEC mode. Users at this level cannot access the web GUI.
•Level15—Userswiththis levelcanrunallcommands.OnlyusersatthislevelcanaccessthewebGUI.
A system administrator (user with level 15) can createpasswords that allow a lower level user to temporarilybecomeahigherleveluser.Forexample,theusermaygofromlevel1tolevel7,level1to15,orlevel7tolevel15.
CLI Command ModesThe Command Line Interface (CLI) is divided into fourcommand modes. The command modes are (in the order in whichtheyareaccessed):
•UserEXECmode
•PrivilegedEXECmode
•GlobalConfigurationmode
•InterfaceConfigurationmode
Eachcommandmodehas itsownuniqueconsolepromptandsetofCLIcommands.Enteringaquestionmarkattheconsolepromptdisplaysa listofavailablecommandsforthe currentmode and for the level of the user. Specificcommandsareusedtoswitchfromonemodetoanother.Users are assigned privilege levels that determine themodes and commands available to them.
9
User EXEC ModeUsers with level 1 initially log into User EXEC mode. User EXEC mode is used for tasks that do not change theconfiguration, such as performing basic tests and listingsystem information.
Theuser-levelprompt(defaulthostname)istheswitch’smodel name followed by a #. Eg.
EGS7228P#
ThedefaulthostnamecanbechangedviathehostnamecommandinGlobalConfigurationmode.
Privileged EXEC ModeAuserwithlevel7or15automaticallylogsintoPrivilegedEXEC mode. Users with level 1 can enter Privileged Exec modebyenteringtheenablecommandandwhenprompted,thepasswordforlevel15.
ToreturnfromthePrivilegedEXECmodetotheUserEXECmode,usethedisablecommand.
Global Configuration ModeTheGlobalConfigurationmode isusedto runcommandsthatconfigurefeaturesatthesystemlevel,asopposedtotheinterfacelevel.Onlyuserswithcommandlevelof7or15canaccess thismode.ToaccessGlobalConfigurationmode from Privileged EXEC mode, enter the configurecommandatthePrivilegedEXECmodepromptandpressEnter.TheGlobalConfigurationmodeprompt,consistingofthedevicehostnamefollowedby(config)#,isdisplayed:
EGS7228P(config)#
UseanyofthefollowingcommandstoreturnfromGlobalConfigurationmodetothePrivilegedEXECmode:
•exit
•end
•Ctrl+Z
10
Interface or Line Configuration ModesVarioussubmodesmaybeenteredfromGlobalConfigurationmode.Thesesubmodesenableperformingcommandsonagroupofinterfacesorlines.Forinstancetoperformseveraloperations on a specific port or range of ports, you canentertheInterfaceConfigurationmodeforthatinterface.
Thefollowingsubmodesareavailable:
•Interface—Containscommandsthatconfigureaspecificinterface (port, VLAN, port channel, or tunnel) or rangeof interfaces. The Global Configuration mode commandinterface is used to enter the Interface Configurationmode.TheinterfaceGlobalConfigurationcommandisusedto enter this mode.
•LineInterface—Containscommandsusedtoconfigurethemanagementconnectionsfortheconsole,TelnetandSSH.Theseincludecommandssuchaslinetimeoutsettings,etc.ThelineGlobalConfigurationcommandisusedtoentertheLineConfigurationcommandmode.
•VLANDatabase—ContainscommandsusedtoconfigureaVLANasawhole.ThevlandatabaseGlobalConfigurationmode command is used to enter the VLAN Database
InterfaceConfigurationmode.
•ManagementAccessList—Containscommandsusedtodefinemanagementaccess-lists.Themanagementaccess-listGlobalConfigurationmodecommandisusedtoentertheManagementAccessListConfigurationmode.
•PortChannel—Containscommandsusedtoconfigureport-channels; forexample,assigningports toaport-channel.Most of these commands are the same as the commands in theEthernetinterfacemode,andareusedtomanagethememberportsasasingleentity.Theinterfaceport-channelGlobalConfigurationmodecommandisusedtoenterthePortChannelInterfaceConfigurationmode.
•QoS—Containscommandsrelatedtoservicedefinitions.The qos Global Configurationmode command is used toentertheQoSservicesconfigurationmode.
•MACAccess-List—ConfiguresconditionsrequiredtoallowtrafficbasedonMACaddresses.Themacaccess-listGlobalConfigurationmode command is used to enter theMACaccess-listconfigurationmode.
To return from any Interface Configurationmode to theGlobalConfigurationmode,usetheexitcommand.
11
Accessing the CLITheSwitch’sserialport’sdefaultsettingsareasfollows:
•115200baud
•noparity
•8databits
•1stopbit
AcomputerrunningaterminalemulationprogramcapableofemulatingaVT-100terminalandaserialportconfiguredasabovearethenconnectedtotheSwitch’sConsoleport.Withtheserialportproperlyconnectedtoamanagementcomputer,presstheEnterkeyandentertheusernameandpassword.
ShortcutsThistableidentifiessomeshortcutsintheCLI.
Key(s) Description(up/downarrowkeys)
Scrollsthroughthelistofrecently-usedcommands.Youcaneditanycommandorpress[ENTER]torunitagain.
[TAB] Auto-completesthekeywordyouaretypingifpossible.Forexample,typeconfig,andpress[TAB].TheSwitchfinishesthewordconfigure.
[CTRL]+A Movesthecursortothebeginningof the command line.
[CTRL]+E Movesthecursortotheendofthecommand line.
[CTRL]+U Clearsthecurrentcommand.[CTRL]+Z/End ReturnsbacktothePrivilegedEXEC
modefromanyconfigurationmode.
13
dot1x
Syntax
dot1x
no dot1x
Parameter
None
Default
Defaultisdisabled
Usage
The“dot1x”commandenablestheglobalsettingsofIEEE802.1Xport-basednetworkaccesscontrol.Onlywhenitisenabled,cantheport-basedsettingwork.
Use the no form of this command to disable.
Example
Thefollowingexampleshowshowtoenable802.1Xaccesscontrolonport1:
Switch(config)#
dot1x
switch(config)#interfacefa1
14
switch(config-if)#
dot1xauto
switch(config-if)#
exit
switch(config)#
show dot1x
802.1xprotocolis:Enabled
802.1xprotocolversion:2
switch(config)#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1Authentication|Initialize|Enabled|3600
QuietPeriod:60Second
Supplicanttimeout:30Second
Maxreq:2
SessionTime(HH:MM:SS):0:0:0:0
15
Syntax
dot1x(auto|force-auth|force-unauth)
no dot1x
Parameter
auto Portcontrolwilldependsontheoutcomeofauthentication.force-auth Forcethisporttobeunconditionalauthorized.force-unauth Forcethisporttobeunconditionalunauthorized
Default
Defaultisdisabled.
Mode
InterfaceConfiguration
Usage
The“dot1x”commandenablestheglobalsettingsofIEEE802.1Xport-basednetworkaccesscontrol.Onlywhenitisenabledcantheport-basedsettingwork.Usethenoformofthiscommandtodisableit.
Example
Thefollowingexampleshowshowtoenable802.1Xaccesscontrolonport1:
Switch(config)#
dot1x
16
switch(config)#
interface fa1
switch(config-if)#
dot1xauto
switch(config-if)#
exit
switch(config)#
show dot1x
802.1xprotocolis:Enabled
802.1xprotocolversion:2
switch(config)#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1Authentication|Initialize|Enabled|3600
QuietPeriod:60Second
Supplicanttimeout:30Second
Maxreq:2
SessionTime(HH:MM:SS):0:0:0:0
17
dot1x Reauthentication
Syntax
dot1xreauth
nodot1xreauth
Parameter
None
Default
Defaultisdisabled
Mode
InterfaceConfiguration
Usage
Usethe“dot1xreauth”commandtoenable802.1Xperiodicalreauthenticationfunctiononport.Usethenoformofthiscommandtodisablethisfunction.
‘Example
Thefollowingexampleshowshowtoenable802.1Xaccesscontrolonport1.
switch(config)#i
nterface fa1
18
switch(config-if)#
dot1xreauth
switch(config-if)#
exit
switch(config)#
show dot1x
802.1xprotocolis:Enabled
802.1xprotocolversion:2
switch(config)#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1Authentication|Initialize|Enabled|3600
QuietPeriod:60Second
Supplicanttimeout:30Second
Maxreq:2
SessionTime(HH:MM:SS):0:0:0:0
19
dot1x Timeout Reauth-Period
Syntax
dot1xtimeoutreauth-period<30-65535>
nodot1xtimeoutreauth-period
Parameter
<30-65535>Specifythere-authenticationperiod.
Default
3600seconds
Mode
InterfaceConfiguration
Usage
Usethe “dot1xtimeout reauth-period”commandtoconfigurethe re-authenticationperiod.Usethenoformof thiscommandtorestoretheperiodtodefaultvalue.
Example
Theexampleshowshowtoconfigurere-authenticationperiodto300sec.onport1
switch(config)#
interface fa1
20
switch(config-if)#
dot1xtimeoutreauth-period300
switch(config-if)#
exit
switch(config)#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1Authentication|Initialize|Enabled|300
QuietPeriod:60Second
Supplicanttimeout:30Second
Maxreq:2
SessionTime(HH:MM:SS):0:0:0:0
21
dot1x Timeout Quiet-Period
Syntax
dot1xtimeoutquiet-period<0-65535>
nodot1xtimeoutquiet-period
Parameter
<0-65535>Specifythequietperiod
Default
60seconds
Mode
InterfaceConfiguration
Usage
Usethe“dot1xtimeoutquiet-period”commandtoconfigurethequietperiod.Usethenoformofthiscommandtorestoretheperiodtoitsdefaultvalue.
Example
Theexampleshowshowtoconfigurequietperiodto300sec.onport1.
switch(config)#
interface fa1
22
switch(config-if)#
dot1xtimeoutquiet-period300
switch(config-if)#
exit
switch(config)#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1Authentication|Initialize|Enabled|3600
QuietPeriod:300Second
Supplicanttimeout:30Second
Maxreq:2
SessionTime(HH:MM:SS):0:0:0:0
23
dot1x Timeout Supp-Timeout
Syntax
dot1xtimeoutsupp-timeout<1-65535>
nodot1xtimeoutquiet-period
Parameter
<1-65535>Specifythesupplicantperiod.
Default
30seconds
Mode
InterfaceConfiguration
Usage
Usethe“dot1xtimeoutsupp-timeout”commandtoconfigurethesupplicantperiod.Usethenoformofthiscommandtorestoretheperiodtodefaultvalue
Example
Theexampleshowshowtoconfiguresupplicantperiodto300sec.onport1.
switch(config)#
interface fa1
24
switch(config-if)#
dot1xtimeoutsupp-timeout300
switch(config-if)#
exit
switch(config)#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1Authentication|Initialize|Enabled|3600
QuietPeriod:60Second
Supplicanttimeout:300Second
Maxreq:2
SessionTime(HH:MM:SS):0:0:0:0
25
dot1x Timeout Max-Req
Syntax
dot1xmax-req<1-10>
nodot1xmax-req
Parameter
<1-10>Specifythemaximumrequestretries.
Default
2 times
Mode
InterfaceConfiguration
Usage
Usethe“dot1xtimeoutsupp-timeout”commandtoconfigurethesupplicantperiod.Usethenoformofthiscommandtorestoretheperiodtoitsdefaultvalue.
Example
Theexampleshowshowtoconfiguremaximumrequestretriesto4timesonport1.
switch(config)#
interface fa1
26
switch(config-if)#
dot1xmax-req4
switch(config-if)#
exit
switch(config)#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1Authentication|Initialize|Enabled|3600
QuietPeriod:60Second
Supplicanttimeout:30Second
Maxreq:4
SessionTime(HH:MM:SS):0:0:0:0
27
dot1x Guest VLAN
Syntax
dot1xguest-vlan<1-4094>
nodot1xguest-vlan
Parameter
<1-4094>SpecifyVLANIDtoenable802.1Xguestvlan
Default
Defaultisdisabled
Mode
GlobalConfiguration
Usage
Usethedot1xguest-vlancommandtogloballyenabletheguestVLANfunction.UsethenoformofthiscommandtodisabletheguestVLANfunction.ForaporttobecomeamemberofthyeguestVLANafteranauthenticationfailure,youshouldalsoenableguestVLANonthatport.
Example
TheexampleshowshowtoconfigureVLAN2asguestVLANandenableguestVLANonport1.
switch(config)#
dot1xguest-vlan2
28
switch(config)#
interface fa1
switch(config-if)#
dot1xauto
switch(config-if)#
dot1xguest-vlan
switch(config-if)#
exit
switch(config)#
showdot1xguest-vlan
GuestVLANID:2
Port|GuestVLAN|InGuestVLAN
fa1|Enabled|No
fa2|Disabled|---
fa3|Disabled|---
fa4|Disabled|---
fa5|Disabled|---
fa6|Disabled|---
fa7|Disabled|---
29
Show dot1x
Syntax
show dot1x
Parameter
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showdot1x”commandtoshowdot1xenablingstatus.
Example
Thisexampleshowshowtoshowthedot1xenablingstatus.
Switch#
show dot1x
802.1xprotocolis:Disabled
802.1xprotocolversion:2
30
Show dot1x Authentication-Hosts
Syntax
showdot1xauth-hosts
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showdot1xauth-hosts”commandtoshowalldot1xauthorizedhosts.
Example
Thisexampleshowshowtoshowthedot1xauthorizedhosts.
Switch#
showdot1xauth-hosts
UserName|Port|SessionTime|
AuthenticationMethod|MACAddress
32
Show dot1x Interface
Syntax
showdot1xinterfaceIF_PORTS
Parameter
IF_PORTSSelectporttoshowdot1xconfigurations.
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showdot1xinterfaces”commandtoshowdot1xinformationofthespecifiedport.
Example
Thisexampleshowshowtoshowdot1xconfigurationsoninterfacefa1.
Switch#
show dot1x interfaces fa1
Port|Mode|CurrentState|ReauthControl|ReauthPeriod
fa1|802.1XDisabled|-|Enabled|
34
Show dot1x Guest VLAN
Syntax
showdot1xguest-vlan
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showdot1xguest-vlan”commandtoshowdot1xguest-vlanstatus.
Example
Thisexampleshowshowtoshowthedot1xguest-vlanstatus.
Switch#:showdot1xguest-vlan
GuestVLANID:2
35
Thisexampleshowshowtoshowthedot1xguest-vlanstatus.
Switch#
showdot1xguest-vlan
GuestVLANID:2
Port|GuestVLAN|InGuestVLAN
fa1|Enabled|No
fa2|Disabled|---
fa3|Disabled|---
fa4|Disabled|---
fa5|Disabled|---
fa6|Disabled|---
fa7|Disabled|---
fa8|Disabled|---
fa9|Disabled|---
fa10|Disabled|---
fa11|Disabled|---
fa12|Disabled|---
fa13|Disabled|---
fa14|Disabled|---
36
fa15|Disabled|---
fa16|Disabled|---
fa17|Disabled|---
fa18|Disabled|---
fa19|Disabled|---
fa20|Disabled|---
fa21|Disabled|---
fa22|Disabled|---
fa23|Disabled|---
fa24|Disabled|---
gi1|Disabled|---
gi2|Disabled|---
gi3|Disabled|---
gi4|Disabled|---
38
AAA Authentication
Syntax
aaaauthentication(login|enable)(default|LISTNAME)METHODLIST[METHODLIST][METHODLIST][METHODLIST]
noaaaauthentication(login|enable)LISTNAME
Parameter
login Add/Editloginauthenticationlistenable Add/Editenableauthenticationlistdefault EditdefaultauthenticationlistLISTNAME SpecifythelistnameforauthenticationtypeMETHODLIST Specifytheauthenticatemethod,includingnone,local,enable,tacacs+,radius.
Default
Defaultauthenticationlistnamefortypeloginis“default”anddefaultmethodis“local”.
Defaultauthenticationlistnamefortypeenableis“default”anddefaultmethodis“enable”
Mode
GlobalConfiguration
Usage
Loginauthenticationisusedwhenusertrytologinintotheswitch.SuchasCLIlogindialogandWEBUIloginwebpage.EnableauthenticationisusedonlyonCLIforusertryingtoswitchfromUserEXECmodetoPrivilegedEXECmode.Bothofthemsupportfollowingauthenticatemethods.
39
Local:Uselocaluseraccountdatabasetoauthenticate.(Thismethodisnotsupportedforenableauthentication)
Enable:Uselocalenablepassworddatabasetoauthenticate.
Tacacs+:UseremoteTacas+servertoauthenticate.
Radius:UseremoteRadiusservertoauthenticate.
None:Donothingandjustmakeusertobeauthenticated.
Eachlistallowsyoutocombinethesemethodswithdifferentorders.Forexample,IfyouwanttoauthenticatealoginuserwiththeremoteTacacs+server,butservermayhavecrashed,you’llneedabackupplan,suchasanotherRadiusserver.YoucanconfigurethelistwiththeTacacs+serverasthefirstauthenticationmethodandtheRadiusserverasasecondone.Usethenoformtodeletetheexistinglist.However,the“default”listisnotallowedtoberemoved.
Example
Thisexampleshowshowtoaddaloginauthenticationlisttoauthenticatewithordertacacs+,radius,local.
Switch(config)#
aaaauthenticationlogintest1
tacacs+radiuslocal
Thisexampleshowshowtoshowexistingloginauthenticationlists
Switch#
showaaaauthenticationloginlists
LoginListName|AuthenticationMethodList
default|local
test1|tacacs+radiuslocal
40
Thisexampleshowshowtoaddanenableauthenticationlisttoauthenticate
withordertacacs+,radius,enable.
Switch(config)#
aaaauthenticationenabletest1
tacacs+radiusenable
Thisexampleshowshowtoshowexistingenableauthenticationlists
Switch#
showaaaauthenticationloginlists
EnableListName|AuthenticationMethodList
default|enable
test2|tacacs+radiusenable
41
Login Authentication
Syntax
loginauthenticationLISTNAME
nologinauthentication
Parameter
LISTNAMESpecifytheloginauthenticationlistnametouse.
Default
Defaultloginauthenticationlistforeachlineis“default”.
Mode
LineConfiguration
Usage
Differentaccessmethodsareallowedtobinddifferentloginauthenticationlists.Use“loginauthentication”commandtobindthelisttospecificline(console,telnet,ssh).
Usenoformtobindthe“default”listback.
Example
Thisexampleshowshowtocreateanewloginauthenticationlistandbindtotelnetline.
Switch(config)#
aaaauthenticationlogintest1
42
tacacs+radiuslocal
Switch(config)#
line telnet
Switch(config-line)#
loginauthenticationtest1
Thisexampleshowshowtoshowlinebindinglists.
Switch#
show line lists
LineType|AAAType|ListName
console|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
telnet | login | test1
|enable|default
|exec|default
|commands|default
|accounting-exec|default
43
ssh|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
http|login|default
https|login|default
44
IP http Login Authentication
Syntax
ip(http|https)loginauthenticationLISTNAME
noip(http|https)loginauthentication
http BindloginauthenticationlisttouseraccessWEBUIwithhttpprotocol.https BindloginauthenticationlisttouseraccessWEBUIwithhttpsprotocol.LISTNAME Specifytheloginauthenticationlistnametouse.
Default
Defaultloginauthenticationlistforeachlineis“default”.Mode
Mode
GlobalConfiguration
Usage
Different access methods are allowed to bind different login authentication lists. Use the “ip (http | https) loginauthentication”commandtobindthelisttoWEBUIaccessfromhttporhttps.Usenoformtobindthe“default”listback.
Example
Thisexampleshowshowtocreatetwonewloginauthenticationlistsandbindtohttpandhttps.
45
Thisexampleshowshowtocreatetwonewloginauthenticationlistsandbind
tohttpandhttps.
Switch(config)#
aaaauthenticationlogintest1
tacacs+radiuslocal
Switch(config)#
aaaauthenticationlogintest2
radiuslocal
Switch(config)#
iphttploginauthenticationtest1
Switch(config)#
iphttpsloginauthenticationtest2
Thisexampleshowshowtoshowlinebindinglists.
Switch#
show line lists
LineType|AAAType|ListName
console|login|default
|enable|default
|exec|default
46
|commands|default
|accounting-exec|default
telnet|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
ssh|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
http|login|test1
https|login|test2
47
Enable Authentication
Syntax
enableauthenticationLISTNAME
noenableauthentication
Parameter
LISTNAMESpecifytheenableauthenticationlistnametouse.
Default
Defaultenableauthenticationlistforeachlineis“default”.
Mode
LineConfiguration
Usage
Different accessmethods are allowed to bind different enable authentication lists. Use the “enable authentication”commandtobindthelisttospecificline(console,telnet,ssh).Usenoformtobindthe“default”listback.
Example
Thisexampleshowshowtocreateanewenableauthenticationlistandbindittothetelnetline.
Switch(config)#
aaaauthenticationenabletest1
tacacs+radiusenable
48
Switch(config)#
line telnet
Switch(config-line)#
enableauthenticationtest1
Thisexampleshowshowtoshowlinebindinglists.
Switch#
show line lists
LineType|AAAType|ListName
console|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
telnet|login|default
| enable | test1
|exec|default
|commands|default
|accounting-exec|default
ssh|login|default
49
|enable|default
|exec|default
|commands|default
|accounting-exec|default
http|login|default
https|login|default
50
Show AAA Authentication
Syntax
showaaaauthentication(login|enable)lists
Parameter
login Showloginauthenticationlistenable Showenableauthenticationlist
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Use“showaaaauthentication”commandtoshowloginauthenticationorenableauthenticationmethodlists.
Example
Thisexampleshowshowtoshowexistingloginauthenticationlists.
Switch#
showaaaauthenticationloginlists
51
LoginListName|AuthenticationMethodList
default|local
test1|tacacs+radiuslocal
Thisexampleshowshowtoshowexistingenableauthenticationlists
Switch#
showaaaauthenticationloginlists
EnableListName|AuthenticationMethodList
default|enable
test2|tacacs+radiusenable
52
Show Line Lists
Syntax
Show line lists
Parameter
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Usethe“showlinelists”commandtoshowallofthelines’bindinglistofallauthentication,authorization,andaccountingfunctions.
Example
Thisexampleshowshowtoshowlinebindinglists.
Switch#
show line lists
53
LineType|AAAType|ListName
console|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
telnet|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
ssh|login|default
|enable|default
|exec|default
|commands|default
|accounting-exec|default
http|login|default
https|login|default
54
tacacs Default-Config
Syntax
tacacsdefault-config[keyTACACSKEY][timeout<1-30>]
Parameter
Key TACACSKEYSpecifydefaulttacacs+serverkeystringTimeout <1-30>Specifydefaulttacacs+servertimeoutvalue
Default
Defaulttacacs+keyis“”.
Defaulttacacs+timeoutis5seconds.
Mode
GlobalConfiguration
Usage
Usethe“tacacsdefault-config”commandtomodifythedefaultvaluesofthetacacs+server.Thesedefaultvalueswillbeusedwhenausertriestocreateanewtacacs+serveranddoesn’tassignthesevalues.
Example
Thisexampleshowshowmodifydefaulttacacs+configuration
55
Thisexampleshowshowmodifydefaulttacacs+configuration
Switch(config)#
tacacsdefault-configtimeout20
Switch(config)#
tacacsdefault-configkeytackey
Thisexampleshowshowtoshowdefaulttacacs+configurations.
Switch#
showtacacsdefault-config
Timeout|Key
10|tackey
Thisexampleshowshowtocreateanewtacacs+serverwithabovedefault
configandshowresults.
Switch(config)#
tacacshost192.168.1.111
Switch#
show tacacs
Prio|Timeout|IPAddress|Port|
Key
57
tacacs Host
Syntax
tacacshostHOSTNAME[port<0-65535>][keyTACPLUSKEY][priority<0-65535>][timeout<1-30>]
notacacs[hostHOSTNAME]
Parameter
Host HOSTNAMESpecifytacacs+serverhostname,bothIPaddressanddomainnameareavailable.Port<0-65535> Specifytacacs+serverudpportKey TACPLUSKEYSpecifytacacs+serverkeystringPriority<0-65535> Specifytacacs+serverpriority
Timeout <1-30> Specifytacacs+servertimeoutvalue
Default
Defaulttacacs+keyis“”.
Defaulttacacs+timeoutis5seconds
Mode
GlobalConfiguration
Usage
Use“tacacshost”commandtoaddoredittacacs+serverforauthentication,authorizationoraccounting.Usenoformtodeleteoneoralltacacs+serversfromdatabase.
58
Example
Thisexampleshowshowtocreateanewtacacs+server
Switch(config)#
tacacshost192.168.1.111port12345
keytacacs+priority100timeout10
Thisexampleshowshowtoshowexistingtacacs+server.
Switch#
show tacacs
Prio|Timeout|IPAddress|Port|Key
100|10|192.168.1.111|12345|
tacacs+
59
Show tacacs Default-Config
Syntax
showtacacsdefault-config
Parameter
None
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Use“showtacacsdefault-config”commandtoshowtacacs+defaultconfigurations.
Example
Thisexampleshowshowtoshowdefaulttacacs+configurations.
Switch#
showtacacsdefault-config
Timeout|Key
10|tackey
60
Show tacacs
Syntax
Show tacacs
Parameter
None
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Use“showtacacs”commandtoshowexistingtacacs+servers.
Example
Thisexampleshowshowtoshowexistingtacacs+server.
Switch#
show tacacs
Prio|Timeout|IPAddress|Port|Key
100|10|192.168.1.111|12345|tacacs+
61
Radius Default-Config
Syntax
radiusdefault-config[keyRADIUSKEY][retransmit<1-10>][timeout<1-30>]
Parameter
Key RADIUSKEYSpecifydefaultradiusserverkeystringRetransmit <1-10>SpecifydefaultradiusserverretransmitvalueTimeout <1-30>Specifydefaultradiusservertimeoutvalue
Default
Defaultradiuskeyis“”.
Defaultradiusretransmitis3times.
Defaultradiustimeoutis3seconds.
Mode
GlobalConfiguration
Usage
Usethe“radiusdefault-config”commandtomodifythedefaultvaluesoftheradiusserver.Thesedefaultvalueswillbeusedwhenausertriestocreateanewradiusserverandisn’tassignedthesevalues.
62
Example
Thisexampleshowshowmodifydefaultradiusconfiguration
Switch(config)#
radiusdefault-configtimeout20
Switch(config)#
radiusdefault-configkeyradiuskey
Switch(config)#
radiusdefault-configretransmit5
Thisexampleshowshowtoshowdefaultradiusconfigurations.
Switch#
showradiusdefault-config
Retries|Timeout|Key
5|20|radiuskey
Thisexampleshowshowtocreateanewradiusserverwithabovedefault
configandshowresults.
Switch(config)#
radiushost192.168.1.111
Switch#
showradius
63
Prio|IPAddress|Auth-Port|Retries|
Timeout|Usage-Type|Key
1|192.168.1.111|1812|5|
20|All|radiuskey
64
Radius Host
Syntax
radiushostHOSTNAME[auth-port<0-65535>][keyRADIUSKEY][priority<0-65535>][retransmit<1-10>][timeout<1-30>][type(login|802.1x|all)]
noradius[hostHOSTNAME]
Parameter
Host HOSTNAMESpecifyradiusserverhostname,bothIPaddressanddomainnameareavailable.Auth-port <0- 65535> SpecifyradiusserverudpportKey RADIUSKEY Specifyradiusserverkeystringpriority <0-65535> Specifyradiusserverpriority
Retransmit <1-10> Specifyradiusserverretransmittimes Timeout <1-30> SpecifyradiusservertimeoutvalueType
Login
802.1X
All
Usagetypeofthisserver
Use for login
Usefor802.1Xauthentication
Useforbothloginand802.1Xauthentication
Default
Defaultradiuskeyis“”.
Defaultradiustimeoutis3seconds.
65
Mode
GlobalConfiguration
Usage
Use“radiushost”commandtoaddoreditanexistingradiusserver.Usenoformtodeleteoneorallradiusserversfromdatabase.
Example
Thisexampleshowshowtocreateanewradiusserver
Switch(config)#
radiushost192.168.1.111auth-port12345keyradiuskeypriority100retransmit5timeout10typeall
Thisexampleshowshowtoshowexistingradiusserver.
Switch#
showradius
Prio|IPAddress|Auth-Port|Retries|
Timeout|Usage-Type|Key
100|192.168.1.111|12345|5|10
|All|radiuskey
66
Show Radius Default-Config
Syntax
showradiusdefault-config
Parameter
None
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Usethe“showradiusdefault-config”commandtoshowradiusdefaultconfigurations.
Example
Thisexampleshowshowtoshowdefaultradiusconfigurations.
Switch#
showradiusdefault-config
Retries|Timeout|Key
5|20|radiuskey
67
Show Radius
Syntax
Showradius
Parameter
None
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Use“showradius”commandtoshowexistingradiusservers.
Example
Thisexampleshowshowtoshowexistingradiusserver.
Switch#
showradius
Prio|IPAddress|Auth-Port|Retries|
Timeout|Usage-Type|Key
70
MAC ACL
Syntax
macaclNAME
nomacaclNAME
Parameter
NAMESpecifythenameofMACACL
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsethemacaclcommandtocreateaMACaccesslistandtoentermac-aclconfigurationmode.ThenameoftheACLmustbeuniqueandcannothavesamenameasanotherACLorQoSpolicy.OnceanACLiscreated,animplicit“denyany”ACEiscreatedattheendoftheACL.Thatis,iftherearenomatches,thepacketsaredenied.Usethenoformofthiscommandto delete it.
Example
Theexampleshowshowtocreateaipacl.Youcanverifysettingsbythefollowingshowaclcommands:
72
Permit (MAC)
Syntax
[sequence<1-2147483647>]permit(A:B:C:D:E:F/A:B:C:D:E:F|any)(A:B:C:D:E:F/A:B:C:D:E:F|any)[vlan<1-4094>][cos<0-7><0-7>]
[ethtype<1501-65535>]
nosequence<1-2147483647>
Parameter
<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityof an ACE in ACL.
(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythesourceMACaddressandmaskofpacketoranyMACaddress.(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythedestinationMACaddressandmaskofpacketoranyMACaddress[vlan <1-4094>] (Optional)SpecifythevlanIDofpacket.
[cos <0-7> <0-7>] (Optional)SpecifytheClassofServicevalueandmaskofpacket.[ethtype <1501-65535>] (Optional)SpecifyEthernetprotocolnumberofpacket
Default
Nodefaultisdefined.
Mode
MACACLConfiguration
Usage
73
Usage
UsethepermitcommandtoaddpermitconditionsforamacACEthatbypassthosepacketsthathittheACE.The“sequence”alsorepresentsthehitprioritywhenanACLbindstoaninterface.AnACEthatdoesn’tspecifya“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfthepacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifithasthesameconditionsasexistingACE.
Example
TheexampleshowshowtoaddanACEthatpermitpacketswiththesourceMACaddress22:33:44:55:66:77,VLAN3,andtheEthernettype1999.Youcanverifysettingsbythefollowingshowaclcommand.
Switch334455(config)#
mac acl test
Switch334455(mac-al)#
sequence999permit
22:33:44:55:66:77/FF:FF:FF:FF:FF:FFanyvlan3ethtype1999
Switch334455(mac-al)#
show acl
MAC access list test
sequence999permit22:33:44:55:66:77/FF:FF:FF:FF:FF:FFanyvlan3ethtype1999
74
Deny (MAC)
Syntax
[sequence<1-2147483647>]deny(A:B:C:D:E:F/A:B:C:D:E:F|any)(A:B:C:D:E:F/A:B:C:D:E:F|any)[vlan<1-4094>][cos<0-7><0-7>]
[ethtype<1501-65535>][shutdown]
nosequence<1-2147483647>
Parameter
<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityof an ACE in ACL.
(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythesourceMACaddressandmaskofpacketoranyMACaddress.(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythedestinationMACaddressandmaskofpacketoranyMACaddress.[vlan <1-4094>] (Optional) SpecifythevlanIDofpacket.
[cos <0-7> <0-7>] (Optional)SpecifytheClassofServicevalueandmaskofpacket.[ethtype <1501-65535>] (Optional)SpecifyEthernetprotocolnumberofpacket.[shutdown] (Optional)ShutdowninterfacewhileACEhit.
Default
Nodefaultisdefined
Mode
MACACLConfiguration
75
Usage
UsethedenycommandtoadddenyconditionsforamacACEthatdropthosepacketshittheACE.The“sequence”alsorepresentshitprioritywhenACLbindtoaninterface.AnACEthatdoesnotspecifya“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifhasthesameconditionsasanexistingACE.Use“shutdown”toshutdownthe interface while ACE is hit.
Example
TheexampleshowshowtoaddanACEthatdeniespacketswithdestinationMACaddressaa:bb:cc:xx:xx:xxandVLAN9.Youcanverifysettingsbythefollowingshowaclcommand.
Switch334455(config)#
mac acl test
Switch334455(mac-al)#
sequence30permitanyany
Switch334455(mac-al)#denyanyaa:bb:cc:00:0:00/FF:FF:FF:00:00:00vlan9shutdown
Switch334455(mac-al)#
show acl
MAC access list test
sequence30permitanyany
sequence50denyanyAA:BB:CC:00:00:00/FF:FF:FF:00:00:00vlan9shutdown
76
IP ACL
Syntax
IPaclNAME
noIPaclNAME
Parameter
NAMESpecifythenameofIPv4ACL
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheipaclcommandtocreateanIPv4accesslistandtoentertheip-aclconfigurationmode.ThenameoftheACLmustbeuniqueandcannnothavesamenamewithasanotherACLorQoSpolicy.OnceanACLiscreated,animplicit“denyany”ACEcreatedattheendoftheACL.Thatis,iftherearenomatches,thepacketsaredenied.Usethenoformofthiscommand to delete it.
77
Example
TheexampleshowshowtocreateanIPACL.Youcanverifysettingsbythefollowingshowaclcommand.
Switch334455(config)#
ipacliptest
Switch334455(ip-al)#
show acl
IPaccesslistiptest
78
Permit (IP)
Syntax
[sequence<1-2147483647>]permit(<0-255>|ipinip|egp|igp|hmp|rdp|ipv6|ipv6:rout|ipv6:frag|rsvp|ipv6:icmp|ospf|pim|l2tp|ip)(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)[(dscp|precedence)VALUE]]
[sequence<1-2147483647>]permiticmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|echo-reply|destination-unreachable|sourcequench|echo-request|
router-advertisement|router-solicitation|time-exceeded|timestamp|timestampreply|traceroute|any)(<0-255>|any)[(dscp|precedence)VALUE]
[sequence<1-2147483647>]permitigmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|host-query|host-report|dvmrp|pim|cisco-trace|host-report-v2|host-leave-v2|host-report-v3|any)[(dscp|precedence)VALUE]
[sequence<1-2147483647>]permittcp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacsds|domain|www|pop2|pop3|syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any(<0-65535>|echo|discard|daytime|ftpdata|ftp|telnet|smtp|time|hostname|whois|tacacs-
ds|domain|www|pop2pop3|syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)[match-allTCP_FLAG][(dscp|precedence)VALUE]
[sequence<1-2147483647>]permitudp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|talk|rip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|
discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|PORT_RANGE|any)[(dscp|precedence)VALUE]
nosequence<1-2147483647>
79
Parameter
<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityofanACE in ACL.
(A.B.C.D/A.B.C.D|any) SpecifythesourceIPv4addressandmaskofpacketoranyIPv4address.(A.B.C.D/A.B.C.D|any) SpecifythedestinationIPv4addressandmaskofpacketoranyIPv4address.[dscp VALUE] (Optional)SpecifytheDSCPofpacket. [precedence VLAUE] (Optional)SpecifytheIPprecedenceofpacket.
icmp-type SpecifyICMPmessagetypeforfilteringICMPpacket.EnteratypenameoflistoranumberofICMPmessagetype.
icmp-code SpecifyICMPmessagecodeforfilteringICMPpacket.igmp-type SpecifyIGMPtypeforfilteringIGMPpacket.EnteratypenameoflistoranumberofIGMP
type.l4-source-port SpecifyTCP/UDPsourceportofforfilteringTCP/UDPpacket.Enteraportnameoflistora
numberofTCP/UDPport.l4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportnameoflist
oranumberofTCP/UDPport.match-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflagshould
beunsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).
80
Default
Nodefaultisdefined.
Mode
IPACLConfiguration
Usage
UsethepermitcommandtoaddpermitconditionsforanIPACEthatbypassthosepacketshittheACE.The“sequence”alsorepresentshitprioritywhenACLbindtoaninterface.AnACEnotspecifies“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACE is hit. An ACE can not be added if has the same conditions as existed ACE.
Example
Theexample showshow to adda set ofACEs. You canverify settingsby the following showacl command.ThiscommandshowshowtopermitasourceIPaddresssubnet.
ThiscommandshowshowtopermitasourceIPaddresssubnet.
Switch334455(ip-al)#
permitip192.168.1.0/255.255.255.0
ThiscommandshowshowtopermitICMPecho-requestpacketwithanyIPaddress.
Switch334455(ip-al)#
permiticmpanyanyecho-requestany
ThiscommandshowshowtopermitanyIPaddressHTTPpacketswithDSCP5.
81
Switch334455(ip-al)#
permittcpanyanyanywwwdscp5
ThiscommandshowshowtopermitanysourceIPaddressSNMPpacketconnecttodestinationIPaddress192.168.1.1.
Switch334455(ip-al)#
permitudpanyany192.168.1.1/255.255.255.255snmp
Switch334455(ip-al)#
show acl
IPaccesslistiptest
sequence1permitip192.168.1.0/255.255.255.0any
sequence21permiticmpanyanyecho-requestany
sequence41permittcpanyanyanywwwdscp5
sequence61permitudpanyany192.168.1.1/255.255.255.255snmp
82
Deny (IP)
Syntax
[sequence<1-2147483647>]deny(<0-255>|ipinip|egp|igp|hmp|rdp|ipv6ipv6:rout|ipv6:frag|rsvp|ipv6:icmp|ospf|pim|l2tp|ip)(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)[(dscp|precedence)VALUE]][shutdown]
[sequence<1-2147483647>]denyicmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|echo-reply|destination-unreachable|source-quench|echo-request|router-advertisement|router-solicitation|time-exceeded|timestamp|timestampreply|traceroute|any)(<0-255>|any)[(dscp|precedence)VALUE][shutdown]
[sequence<1-2147483647>]denyigmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|host-query|host-report|dvmrp|pim|cisco-trace|host-report-v2|host-leave-v2|host-report-v3|any)[(dscp|precedence)VALUE][shutdown]
[sequence<1-2147483647>]denytcp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3|syslog|talk|klogin|kshellkshell|sunrpc|drip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3|syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)[match-allTCP_FLAG][(dscp|precedence)VALUE][shutdown]
[sequence<1-2147483647>]denyudp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|talk|rip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|PORT_RANGE|any)[(dscp|precedence)VALUE][shutdown]
nosequence<1-2147483647>
83
Parameter
<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityofanACE in ACL.
(A.B.C.D/A.B.C.D|any) SpecifythesourceIPv4addressandmaskofpacketoranyIPv4address.(A.B.C.D/A.B.C.D|any) SpecifythedestinationIPv4addressandmaskofpacketoranyIPv4address.[dscp VALUE] (Optional)SpecifytheDSCPofpacket.[precedence VLAUE] (Optional)SpecifytheIPprecedenceofpacket.
icmp-type SpecifyICMPmessagetypeforfilteringICMPpacket.EnteratypenameoflistoranumberofICMPmessagetype.
icmp-code SpecifyICMPmessagecodeforfilteringICMPpacket.igmp-type SpecifyIGMPtypeforfilteringIGMPpacket.EnteratypenameoflistoranumberofIGMP
type.l4-source-port SpecifyTCP/UDPsourceportofforfilteringTCP/UDPpacket.Enteraportnameoflistora
numberofTCP/UDPport.l4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportnameoflist
oranumberofTCP/UDPportmatch-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflagshouldbe
unsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).
[shutdown] (Optional)ShutdowninterfacewhileACEhit
Default
Nodefaultisdefined.
84
Mode
IPACLConfiguration
Usage
UsethedenycommandtoadddenyconditionsforanIPACEthatdropthosepacketshittheACE.The“sequence”alsorepresentshitprioritywhenACLbindtoaninterface.AnACEnotspecifies“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifhasthesameconditionsasexistedACE.Use“shutdown”toshutdowninterfacewhile ACE hit.
Example
TheexampleshowshowtoaddanACEthatdeniespacketswiththesourceIPaddress192.168.1.80.Youcanverifysettings by the following show acl command.
Switch334455(config)#
ipacliptest
Switch334455(ip-al)#
denyip192.168.1.80/255.255.255.255any
Switch334455(ip-al)#
show acl
IPaccesslistiptest
sequence1denyip192.168.1.80/255.255.255.255any
85
IPv6 ACL
Syntax
ipv6aclNAME
noipv6aclNAME
Parameter
NAMESpecifythenameofIPv6ACL
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
Usetheipv6aclcommandtocreateanIPv6accesslistandtoenteripv6-aclconfigurationmode.ThenameofACLmustbeuniquethatcannothavesamenamewithotherACLorQoSpolicy.OnceanACLiscreated,animplicit“denyany”ACEcreatedattheendoftheACL.Thatis,iftherearenomatches,thepacketsaredenied.Usethenoformofthiscommandto delete.
Example
TheexampleshowshowtocreateanIPv6ACL.Youcanverifysettingsbythefollowingshowaclcommand
87
Permit (IPv6)
Syntax
[sequence<1-2147483647>]permit(<0-255>|ipv6)(X:X::X:X/<0-128>|any)(X:X::X:X/<0-128>|any)[(dscp|precedence)VALUE]
[sequence<1-2147483647>]permiticmp(X:X::X:X/<0-128>|any)(X:X::X:X/<0-128>|any)(<0-255>|destination-unreachable|packet-toobig|
time-exceeded|parameter-problem|echo-request|echo-reply|mldquery|mld-report|mldv2-report|mld-done|router-solicitation|routeradvertisement|nd-ns|nd-na|any)(<0-255>|any)[(dscp|precedence)VALUE]
[sequence<1-2147483647>]permittcp(X:X::X:X/<0-128>|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3|syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)(X:X::X:X/<0-
128>|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3|syslog|talk|klogin|kshell|sunrpc|drip|PORTRANGE|any)[match-allTCP_FLAG][(dscp|precedence)VALUE]
[sequence<1-2147483647>]permitudp(X:X::X:X/<0-128>|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|talk|rip|PORT_RANGE|any)(X:X::X:X/<0-128>|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|PORT_RANGE|any)[(dscp|precedence)VALUE]
nosequence<1-2147483647>
88
Parameter
<1-2147483647>(Optional) SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityofanACEin ACL.
(A.B.C.D/A.B.C.D|any) SpecifythesourceIPv4addressandmaskofpacketoranyIPv4address.(A.B.C.D/A.B.C.D|any) SpecifythedestinationIPv4addressandmaskofpacketoranyIPv4address.[dscpVALUE](Optional) SpecifytheDSCPofpacket.[precedenceVLAUE](Optional)
SpecifytheIPprecedenceofpacket.
icmp-type SpecifyICMPmessagetypeforfilteringICMPpacket.EnteratypenameoflistoranumberofICMPmessagetype.
icmp-code SpecifyICMPmessagecodeforfilteringICMPpacket.igmp-type SpecifyIGMPtypeforfilteringIGMPpacket.Enteratypenameoflistoranumberof
IGMPtype.l4-source-port SpecifyTCP/UDPsourceportofforfilteringTCP/UDPpacket.Enteraportnameof
listoranumberofTCP/UDPportl4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportname
oflistoranumberofTCP/UDPport.match-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflag
shouldbeunsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).
Default
Nodefaultisdefined.
89
Mode
IPACLConfiguration
Usage
UsethepermitcommandtoaddpermitconditionsforanIPACEthatbypassthosepacketsthathittheACE.The“sequence”alsorepresentshitprioritywhenACLsbindtoaninterface.AnACEnotspecifyinga“sequence”indexwouldassignasequenceindexwhichisthelargestexistingindexplus20.IfthepacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcan’tbeaddedifhasthesameconditionsasanexistingACE.
Example
TheexampleshowshowtoaddasetofACEs.Youcanverifysettingsbythefollowingshowaclcommand.
ThiscommandshowshowtopermitasourceIPaddresssubnet.
Switch334455(ipv6-al)#
permitpermitipv6fe80:1122:3344:5566::1/64any
Switch334455(ipv6-al)#
show acl
IPv6accesslistipv6test
sequence1permitipv6fe80:1122:3344:5566::1/64any
90
Deny IP
Syntax
[sequence<1-2147483647>]deny(<0-255>|ipinip|egp|igp|hmp|rdp|ipv6|ipv6:rout|ipv6:frag|rsvp|ipv6:icmp|ospf|pim|l2tp|ip)(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)[(dscp|precedence)VALUE]][shutdown]
[sequence<1-2147483647>]denyicmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|echo-reply|destination-unreachable|source-quench|echo-request|router-advertisement|router-solicitation|time-exceeded|timestamp|timestamp-reply|traceroute|any)(<0-255>|any)[(dscp|precedence)VALUE][shutdown]
[sequence<1-2147483647>]denyigmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|host-query|host-report|dvmrp|pim|cisco-trace|host-report-v2|host-leave-v2|host-report-v3|any)[(dscp|precedence)VALUE][shutdown]
[sequence<1-2147483647>]denytcp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3||syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3|syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)[match-allTCP_FLAG][(dscp|precedence)VALUE][shutdown]
[sequence<1-2147483647>]denyudp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|talk|rip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|PORT_RANGE|any)[(dscp|precedence)VALUE][shutdown]nosequence<1-2147483647>
91
Parameter
<1-2147483647> (Optional)
SpecifysequenceindexofACE,the
sequenceindexrepresentthepriorityofanACE
in ACL.(A.B.C.D/A.B.C.D|any)
SpecifythesourceIPv4addressandmaskof
packetoranyIPv4address.(A.B.C.D/A.B.C.D|any)
SpecifythedestinationIPv4addressandmaskof
packetoranyIPv4address.[dscp VALUE] (Optional)
SpecifytheDSCPofpacket.
[precedence VLAUE] (Optional)
SpecifytheIPprecedenceofpacket.
icmp-type SpecifyICMPmessagetypeforfilteringICMPpacket.EnteratypenameoflistoranumberofICMPmessagetype.
icmp-code SpecifyICMPmessagecodeforfilteringICMPpacket.igmp-type SpecifyIGMPtypeforfilteringIGMPpacket.EnteratypenameoflistoranumberofIGMP
type.l4-source-port SpecifyTCP/UDPsourceportofforfilteringTCP/UDPpacket.Enteraportnameoflistora
numberofTCP/UDPport.l4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportnameoflistor
anumberofTCP/UDPport.match-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflagshouldbe
unsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).
[shutdown] (Optional)
ShutdowninterfacewhileACEhit
92
Default
Nodefaultisdefined.
Mode
IPACLConfiguration
Usage
UsethedenycommandtoadddenyconditionsforanIPv6ACEthatthendropsthosepacketsthathittheACE.The“sequence”alsorepresentshitprioritywhentheACLbindstoaninterface.AnACEthatdoesnnotspecifythe“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifithasthesameconditionsasexistingACEs.Use“shutdown”toshutdowntheinterfacewhileACEhits
Example
TheexampleshowshowtoaddanACEthatdeniespacketswithdestinationIPaddressfe80::abcd.Youcanverifysettingsby the following show acl command
Switch334455(config)#
ipv6aclipv6test
Switch334455(ip-al)#
denyipv6anyfe80::abcd/128
Switch334455(ip-al)#
show acl.
IPv6accesslistipv6test
94
Bind ACL
Syntax
(mac|ip|ipv6)aclNAME
[no](mac|ip|ipv6)aclNAME
Parameter
(mac|ip|ipv6) SpecifyatypeofACLtobindingtointerfaceNAME SpecifythenameoftheACL
Default
Nodefaultisdefined
Mode
InterfaceConfiguration
Usage
Usethe(mac|ip|ipv6)aclNAMEcommandtobindanACLtointerfaces.AninterfacecanbindonlyoneACLorQoSpolicy.UsethenoformofthiscommandtoreturntounbindanACLfrominterface
Example
TheexampleshowshowtobindanexistedACLtointerface.
switch(config)#
interface fa1
95
switch(config-if)#
mac acl test
switch(config-if)#
doshowrunning-configinterfacesfa1
interface fa1
mac acl test
96
Show ACL
Syntax
show acl
show(mac|ip|ipv6)acl
show(mac|ip|ipv6)aclNAME
Parameter
(mac|ip|ipv6) SpecifyatypeofACLtoshowNAME SpecifythenameoftheACL
Default
Nodefaultisdefined
Mode
GlobalConfiguration
ContextConfiguration
Usage
UsetheshowaclcommandtoshowcreatedACLs.Youcanspecifymac、iporipv6toshowspecifictypeACLorspecifyuniquenamestringtoshowACLwiththename.
Example
TheexampleshowshowtoshowallIPACL.
97
Switch334455(config)#
showipacl
IPaccesslistiptest
sequence1denyip192.168.1.80/255.255.255.255any
98
Show ACL Utilization
Syntax
showaclutilization
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowaclutilizationcommandtoshowtheusageofPIEofASIC.WhenaACLbindtointerface,itneedsASICPIEresourcetohelptofilterpacket.AnASIChaslimitedPIEresource.ThiscommandhelpusertoknowthePIEusageofAISC.
Example
TheexampleshowshowtoshowPIEutilization.
Switch334455(config)#
showaclutilization
GroupIndex:1
GroupAssignto:Mac-basedACLandIPv4-basedACL
100
GroupIndex:2
GroupAssignto:None
GroupMaximunACEs:128
GroupRemainACEs:128
GroupUsedACEs:0
ACEsUsedbyACL:0
ACEsUsedbyQoS:0
GroupIndex:3
GroupAssignto:None
GroupMaximunACEs:128
GroupRemainACEs:128
GroupUsedACEs:0
ACEsUsedbyACL:0
ACEsUsedbyQoS:0
GroupIndex:4
GroupAssignto:None
GroupMaximunACEs:128
GroupRemainACEs:128
GroupUsedACEs:0
103
Enable
Syntax
enable[<1-15>]
disable[<1-14>]
Parameter
<1-15> Specifyprivilegedleveltoenable<1-14> Specifyprivilegedleveltodisable
Default
Defaultprivilegelevelis15ifnoprivilegelevelisspecifiedonenablecommand.
Defaultprivilegelevelis1ifnoprivilegelevelisspecifiedondisablecommand.
Mode
User EXEC
Usage
InUserEXECmode,useronlyallowstodoafewactions.MostofcommandsareonlyavailableinprivilegedEXECmode.Use“enable”commandtoentertheprivilegedmodetodomoreactionsonswitch.InprivilegedEXECmode,use“exit”commandisabletogobacktouserEXECmodewithoriginaluserprivilegelevel.IfyouneedtogobacktouserEXECmodewithdifferentprivilegelevel,use“disable”commandtospecifytheprivilegelevelyouneed.InprivilegedEXECmode,thepromptwillshow“Switch#”
104
Example
ThisexampleshowshowtoenterprivilegedEXECmodeandshowcurrentprivilegelevel.
Switch>
enable
Switch#
showprivilege
CurrentCLIUsername:
CurrentCLIPrivilege:15
ThisexampleshowhowtoenteruserEXECmodewithprivilege3.
Switch#
disable 3
Switch>
showprivilege
CurrentCLIUsername:
CurrentCLIPrivilege:3
105
Exit
Syntax
exit
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
GlobalConfiguration
InterfaceConfiguration
LineConfiguration
Usage
InUserEXECmode,“exit”commandwillclosecurrentCLIsession.Inothermodes,“exit”commandwillgototheparentmode. And every mode has the “exit” command.
106
Example
ThisexampleshowshowtoenterprivilegedEXECmodeanduseexitcommandtogobacktouserEXECmode.
Switch>
enable
Switch#
exit
Switch>
107
ConfigureSyntax
configure
Parameter
None
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Use“configure”commandtoenterglobalconfigurationmode. Inglobalconfigurationmode, thepromptwillshowas“Switch(config)#”.
Example
Thisexampleshowshowtoenterglobalconfigurationmode.
Switch#
configure
Switch(config)#
108
Interface
Syntax
interfaceIF_PORTS
interfacerangeIF_PORTS
Parameter
IF_PORTSSpecifytheporttoselect.Thisparameterallowspartialportnameandignorecase.ForExample:
fa1
FastEthernet3
Gigabit4
Ifportrangeisspecified,thelistformatisalsoavailable.ForExample:
fa1,3,5
fa2,gi1-3
Default
Nodefaultvalueforthiscommand
Mode
GlobalConfiguration
109
Usage
Someconfigurationsareportbased.Inordertoconfiguretheseconfigurations,weneedtoenterInterfaceConfigurationmodetoconfigurethem.Use“interface”commandtoentertheInterfaceConfigurationmodeandselecttheporttobeconfigured.InInterfaceConfigurationmode,thepromptwillshowas“Switch(configif)#”
Example
ThisexampleshowshowtoenterInterfaceConfigurationmode.
Switch#
configure
Switch(config)#
interface fa1
Switch(config-if)#
110
Line
Syntax
line ( console | telnet | ssh )
Parameter
console Selectconsolelinetoconfigure.telnet Selecttelnetlinetoconfigure.ssh Selectsshlinetoconfigure.
Default
Nodefaultvalueforthiscommand.
Mode
GlobalConfiguration
Usage
Someconfigurationsarelinebased.Inordertoconfiguretheseconfigurations,weneedtoenterLineConfigurationmodetoconfigurethem.Use“line”commandtoentertheLineConfigurationmodeandselectthelinetobeconfigured.InLineConfigurationmode,thepromptwillshowas“Switch(config-line)#”
111
Example
ThisexampleshowshowtoenterInterfaceConfigurationmode.
Switch#
configure
Switch(config)#
line console
Switch(config-line)#
112
End
Syntax
end
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
GlobalConfiguration
InterfaceConfiguration
LineConfiguration
Usage
Use “end” command to return to privilegedEXECmodedirectly. EverymodeexceptUser EXECmodehas the “end”command.
113
Example
ThisexampleshowshowtoenterInterfaceConfigurationmodeanduseendcommandtogobacktoprivilegedEXECmode
Switch#
configure
Switch(config)#
interface fa1
Switch(config-if)#
end
Switch#
114
Reboot
Syntax
reboot
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Usethe“reboot”commandtomakethesystemdoahotrestart.
Example
Thisexampleshowshowtorestartthesystem
Switch#
reboot
115
System Name
Syntax
systemnameNAME
Parameter
NAMESpecifysystemnamestring.
Default
Defaultnamestringis“Switch”.
Mode
GlobalConfiguration
Usage
Use“systemname”commandtomodifysystemnameinformationoftheswitch.ThesystemnameisalsousedtobeCLIprompt.
Example
Thisexampleshowshowtomodifycontactinformation
Switch(config)#
system name myname
myname(config)#
116
Thisexampleshowshowtoshowsystemnameinformation
Switch#
show info
SystemName:myname
SystemLocation:DefaultLocation
SystemContact:DefaultContact
MACAddress:DE:AD:BE:EF:01:02
IPAddress:192.168.1.1
SubnetMask:255.255.255.0
LoaderVersion:1.3.0.26225
LoaderDate:ThuMay1715:19:42CST2012
FirmwareVersion:2.5.0-beta.32811
FirmwareDate:MonSep2419:33:42CST2012
SystemObjectID:1.3.6.1.4.1.27282.3.2.10
SystemUpTime:0days,0hours,2mins,37secs
117
System Contact
Syntax
systemcontactCONTACT
Parameter
CONTACTSpecifycontactstring.
Default
Defaultcontactstringis“DefaultContact”.
Mode
GlobalConfiguration
Usage
Use “system contact” command to modify contact information of the switch.
Example
Thisexampleshowshowtomodifycontactinformation
Switch(config)#
system contact callme
Thisexampleshowshowtoshowsystemcontactinformation
118
Switch#
show info
SystemName:Switch
SystemLocation:DefaultLocation
SystemContact:callme
MACAddress:DE:AD:BE:EF:01:02
IPAddress:192.168.1.1
SubnetMask:255.255.255.0
LoaderVersion:1.3.0.26225
LoaderDate:ThuMay1715:19:42CST2012
FirmwareVersion:2.5.0-beta.32811
FirmwareDate:MonSep2419:33:42CST2012
SystemObjectID:1.3.6.1.4.1.27282.3.2.10
SystemUpTime:0days,0hours,2mins,37secs
119
System Location
Syntax
CONTACTSpecifylocationstring.
Parameter
None
Default
Defaultlocationstringis“DefaultLocation”.
Mode
GlobalConfiguration
Usage
Use the “system location” command to modify location information of the switch.
Example
Thisexampleshowshowtomodifycontactinformation
Switch(config)#
system location home
Thisexampleshowshowtoshowsystemlocationinformation
120
Switch#
show info
SystemName:
SystemLocation:home
SystemContact:DefaultContact
MACAddress:DE:AD:BE:EF:01:02
IPAddress:192.168.1.1
SubnetMask:255.255.255.0
LoaderVersion:1.3.0.26225
LoaderDate:ThuMay1715:19:42CST2012
FirmwareVersion:2.5.0-beta.32811
FirmwareDate:MonSep2419:33:42CST2012
SystemObjectID:1.3.6.1.4.1.27282.3.2.10
SystemUpTime:0days,0hours,2mins,37secs
121
Username
Syntax
usernameWORD<0-32>[privilege(admin|user|<0-15>)](password|secret)WORD<0-32>
nousernameWORD<0-32>
Parameter
username WORD<0-32> Specifyusernametoadd/delete/edit.privilege admin Specifyprivilegeleveltobeadmin(privilege15)privilege user Specifyprivilegeleveltobeuser(privilege1)
privilege<0-15>SpecifycustomprivilegelevelpasswordWORD<0-32>
Specifypasswordstringandmakeitnotencrypted.secretWORD<0-32>
Default
Defaultusername“”haspassword“”withprivilege1.Defaultusername“admin”haspassword“admin”withprivilege15.
Mode
GlobalConfiguration
Usage
Use“username”commandtoaddanewuseraccountoreditanexistinguseraccount.Anduse“nousername”todeleteanexistinguseraccount.Theuseraccountisalocaldatabaseforloginauthentication.
Example
122
Example
Thisexampleshowshowtoaddanewuseraccount.
Switch(config)#
usernametestsecretpasswd
Thisexampleshowshowtoshowexistinguseraccounts.
Switch#
showusername
Priv|Type|UserName|
Password
01|secret||
dnXencJRwflV6
15|secret|admin|
FzjrGO6vfbERY
15|secret|test|
7p57T9yMkViSUS
123
Enable Password
Syntax
enable[privilege<0-15>](password|secret)WORD<032>
noenable[privilege<0-15>]
Parameter
privilege<0-15> Specifytheprivilegeleveltoconfigure.Ifnoprivilegelevelisspecified,defaultis15.
passwordWORD<0-32> Specifypasswordstringandmakeitnotencrypted.secretWORD<0-32> Specifypasswordstringandmakeitencrypted.
Default
Defaultenablepasswordforallprivilegelevelsare“”.
Mode
GlobalConfiguration
Usage
Usethe“enablepassword”commandtoeditpasswordsforeachprivilegelevelforenablingauthentication.Usethe“noenable”commandtorestorepasswordenablingtoadefaultemptyvalue.Theonlywaytoshowthisconfigurationisusing“showrunning-config”.
Example
Thisexampleshowshowtoeditenablepasswordforprivilegelevel15
124
Example
Thisexampleshowshowtoeditenablepasswordforprivilegelevel15
Switch(config)#
enablesecretenblpasswd
125
IP Address
Syntax
ipaddressA.B.C.D[maskA.B.C.D]
Parameter
address A.B.C.D SpecifyIPv4addressforswitchmask A.B.C.D Specifynetmaskaddressforswitch
Default
DefaultIPaddressis192.168.1.1anddefaultnetmaskis255.255.255.0.
Mode
GlobalConfiguration
Usage
Usethe“ipaddress”commandtomodifyadministrationipv4addresses.Thisaddressisveryimportant.Whenyoutrytousetelnet,ssh,http,https,snmp,etc.toconnecttotheswitch,youneedtousethisipaddresstoaccessit.
Example
Thisexampleshowshowtomodifytheipv4addressoftheswitch.
Switch(config)#ipaddress192.168.1.200mask255.255.255.0
126
Thisexampleshowshowtoshowcurrentipv4addressoftheswitch.
Switch#
showip
IPAddress:192.168.1.200
SubnetNetmask:255.255.255.0
DefaultGateway:192.168.1.254
127
IP Default Gateway
Syntax
ipdefault-gatewayA.B.C.D
noipdefault-gateway
Parameter
A.B.C.DSpecifydefaultgatewayIPv4addressforswitch.
Default
DefaultIPaddressofdefaultgatewayis192.168.1.254.
Mode
GlobalConfiguration
Usage
Use“ipdefault-gateway”commandtomodifydefaultgatewayaddress.Anduse“noipdefault-gateway”torestoredefaultgatewayaddresstofactorydefault.
Example
Thisexampleshowshowtomodifytheipv4addressoftheswitch.
Switch#
showip
IPAddress:192.168.1.1
129
IP DNS
Syntax
ipdnsA.B.C.D[A.B.C.D]
noipdns[A.B.C.D]
Parameter
A.B.C.DSpecifytheDNSserveripaddress.
Default
DefaultIPaddressofDNSserveris168.95.1.1and168.95.192.1
Mode
GlobalConfiguration
Usage
Use“ipdns”commandtomodifyDNSserveraddress.Anduse“noipdns”todeleteexistingDNSserver.
Example
ThisexampleshowshowtomodifytheDNSserveroftheswitch.
Switch(config)#
ipdns111.111.111.111222.222.222.222
ThisexampleshowshowtoshowcurrentDNSserveroftheswitch.
131
IP DHCP
Syntax
ipdhcp
noipdhcp
Parameter
None
Default
.DefaultDHCPclientisdisabled.
Mode
GlobalConfiguration
Usage
Use“ipdhcp”commandtoenableddhcpclienttogetIPaddressfromremoteDHCPserver.Use“noipdhcp”commandtodisableddhcpclientandusestaticipaddress.
Example
Thisexampleshowshowtoenabledhcpclient.
Switch(config)#
ipdhcp
Thisexampleshowshowtoshowcurrentdhcpclientstateoftheswitch.
133
IPv6 Autoconfig
Syntax
ipv6autoconfig
noipv6autoconfig
Parameter
None
Default
DefaultIPv6autoconfigisenabled.
Mode
GlobalConfiguration
Usage
Usethe“ipv6autoconfig”commandtoenabletheIPv6autoconfigurationfeature.Use“noipv6autoconfig”commandtodisabletheIPv6autoconfigurationfeature.
Example
ThisexampleshowshowtodisableIPv6autoconfig.
Switch(config)#noipv6autoconfig
ThisexampleshowshowtoshowcurrentIPv6autoconfigstate.
134
Switch#
showipv6
IPv6DHCPConfiguration:Disabled
IPv6DHCPDUID:
IPv6AutoConfiguration:Disabled
IPv6LinkLocalAddress:
fe80::dcad:beff:feef:102/64
IPv6staticAddress:
fe80::20e:2eff:fef1:4b3c/128
IPv6staticGatewayAddress:::
IPv6inuseAddress:
fe80::dcad:beff:feef:102/64
IPv6inuseGatewayAddress:::
135
IPv6 Address
Syntax
ipv6addressX:X::X:Xprefix<0-128>
Parameter
address X:X::X:X SpecifyIPv6addressforswitchprefix <0-128> SpecifyIPv6prefixlengthforswitch
Default
Nodefaultipv6addressontheswitch.
Mode
GlobalConfiguration
Usage
Use“ipv6address”commandtospecifystaticIPv6address.
Example
Thisexampleshowshowtoaddstaticipv6addressoftheswitch.
Switch(config)#
ipv6address
fe80::20e:2eff:fef1:4b3cprefix128
136
Thisexampleshowshowtoshowcurrentipv6addressoftheswitch.
Switch#
showipv6
IPv6DHCPConfiguration:Disabled
IPv6DHCPDUID:
IPv6AutoConfiguration:Enabled
IPv6LinkLocalAddress:
fe80::dcad:beff:feef:102/64
IPv6staticAddress:
fe80::20e:2eff:fef1:4b3c/128
IPv6staticGatewayAddress:::
IPv6inuseAddress:
fe80::dcad:beff:feef:102/64
IPv6inuseGatewayAddress:::
137
IPv6 Default Gateway
Syntax
ipv6default-gatewayX:X::X:X
Parameter
X:X::X:XSpecifydefaultgatewayIPv6addressforswitch
Default
Nodefaultipv6defaultgatewayaddressontheswitch.
Mode
GlobalConfiguration
Usage
Use“ipv6default-gateway”commandtomodifydefaultgatewayIPv6address.
Example
Thisexampleshowshowtomodifytheipv6defaultgatewayaddressoftheswitch.
Switch(config)#
ipv6default-gatewayfe80::dcad:beff:feef:103
Switch#
showipv6
138
IPv6DHCPConfiguration:Disabled
IPv6DHCPDUID:
IPv6AutoConfiguration:Enabled
IPv6LinkLocalAddress:
fe80::dcad:beff:feef:102/64
IPv6staticAddress:
fe80::20e:2eff:fef1:4b3c/128
IPv6staticGatewayAddress:::
IPv6inuseAddress:
fe80::dcad:beff:feef:102/64
IPv6inuseGatewayAddress:::
139
IPv6 DHCP
Syntax
ipv6dhcp
noipv6dhcp
Parameter
None
Default
DefaultDHCPv6clientisdisabled.
Mode
GlobalConfiguration
Usage
Use“ipv6dhcp”commandtoenableddhcpv6clienttogetIPaddressfromremoteDHCPv6server.Use“noipv6dhcp”commandtodisableddhcpv6clientandusestaticipv6addressoripv6autoconfigaddress.
Example
Thisexampleshowshowtoenabledhcpclient.
Switch(config)#
ipv6dhcp
Thisexampleshowshowtoshowcurrentdhcpv6clientstateoftheswitch.
141
IP Service
Syntax
ip(telnet|ssh|http|https)
noip(telnet|ssh|http|https)
Parameter
telnet Enable/Disable telnet servicessh Enable/Disable ssh servicehttp Enable/Disablehttpservicehttps Enable/Disablehttpsservice
Default
Defaulttelnetserviceisdisabled.
Defaultsshserviceisdisabled.
Defaulthttpserviceisenabled.
Defaulthttpsserviceisdisabled.
Mode
GlobalConfiguration
142
Usage
Use“ipservice”commandtoenableallkindsofipservices.Suchastelnet,ssh,httpandhttps.Usenoformtodisableservice.
Example
Thisexampleshowshowtoenabletelnetserviceandshowcurrenttelnetservicestatus.
Switch(config)#
iptelnet
Telnetd daemon enabled.
Switch(config)#
exit
Switch#
show line telnet
Telnet
TelnetServer:enabled
SessionTimeout:10(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:0(seconds)
Thisexampleshowshowtoenablehttpsserviceandshowcurrenthttps
143
servicestatus.
Switch(config)#
iphttps
Switch(config)#
exit
Switch#showiphttps
HTTPSdaemon:enabled
SessionTimeout:10(minutes)
144
IP Session Timeout
Syntax
ip(http|https)session-timeout<0-86400>
Parameter
http Specifysessiontimeoutforhttpservice.https Specifysessiontimeoutforhttpsservice.<0-86400> Specifysessiontimeoutminutes.0meansnevertimeout.
Default
Defaultsessiontimeoutforhttpandhttpsis10minutes.
Mode
GlobalConfiguration
Usage
Use“ipsession-timeout”commandtospecifythesessiontimeoutvalueforhttporhttpsservice.WhenuserloginintoWEBUIanddonotdoanyactionaftersessiontimeoutwillbeloggedout.
Example
Thisexampleshowshowtochangehttpsessiontimeoutto15minandhttpssessiontimeoutto20min
Switch(config)#
iphttpsession-timeout15
145
Switch(config)#
iphttpssession-timeout20
Thisexampleshowshowtoenablehttpsserviceandshowcurrenthttpsservicestatus.
Switch#
showiphttp
HTTPSdaemon:enabled
SessionTimeout:15(minutes)
Switch#
showiphttps
HTTPSdaemon:disabled
SessionTimeout:20(minutes)
146
Exec-Timeout
Syntax
exec-timeout<0-65535>
Parameter
<0-65535>Specifysessiontimeoutminutes.0meansnevertimeout
Default
Defaultsessiontimeoutforalllinesare10minutes.
Mode
LineConfiguration
Usage
Use“exec-timeout”commandtospecifythesessiontimeoutvalueforCLIrunningonconsole,telnetorsshservice.WhenuserloginintoCLIanddonotdoanyactionaftersessiontimeoutwillbeloggedoutfromtheCLIsession.
Example
Thisexampleshowshowtochangeconsolesessiontimeoutto15min,telnetsessiontimeoutto20minandsshsessiontimeoutto25min.
Switch(config)#
line console
147
Switch(config-line)#
exec-timeout15
Switch(config-line)#
exit
Switch(config)#
line telnet
Switch(config-line)#
exec-timeout20
Switch(config-line)#
exit
Switch(config)#
line ssh
Switch(config-line)#
exec-timeout25
Switch(config-line)#
exit
148
Thisexampleshowshowshowlineinformation.
Switch#
show line
Console
SessionTimeout:15(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:0(seconds)
Telnet
TelnetServer:disabled
SessionTimeout:20(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:0(seconds)
SSH
SSHServer:disabled
SessionTimeout:25(minutes)
HistoryCount:128
PasswordRetry:3
150
Password-Thresh
Syntax
password-thresh<0-120>
Parameter
<0-120>Specifypasswordfailretrynumber.0meansnolimit.
Default
Defaultpasswordfailretrynumberis3.
Mode
LineConfiguration
Usage
Use “password-thresh”commandtospecify thepasswordfail retrynumber forCLI runningonconsole, telnetorsshservice.Whenuserinputpasswordtologinandauthenticatefailed,thefailretrynumberwillincreaseone.Afterfailretrynumberexceedconfiguredone,theCLIwillblockloginfortheperiodofsilenttimewhichconfiguredbythecommand“silent-time”.
Example
Thisexampleshowshowtochangetheconsolefailretrynumberto4,thetelnetfailretrynumberto5andthesshfailretrynumberto6.
151
Switch(config)#
line console
Switch(config-line)#
password-thresh4
Switch(config-line)#
exit
Switch(config)#
line telnet
Switch(config-line)#
password-thresh5
Switch(config-line)#
exit
Switch(config)#
line ssh
Switch(config-line)#
password-thresh6
Switch(config-line)#
exit
152
Thisexampleshowshowshowlineinformation.
Switch#
show line
Console
SessionTimeout:10(minutes)
HistoryCount:128
PasswordRetry:4
SilentTime:0(seconds)
Telnet
TelnetServer:disabled
SessionTimeout:10(minutes)
HistoryCount:128
PasswordRetry:5
SilentTime:0(seconds)
SSH
SSHServer:disabled
SessionTimeout:10(minutes)
HistoryCount:128
PasswordRetry:6
154
Silent-Time
Syntax
silent-time<0-65535>
Parameter
<0-65535>Specifysilenttimewithunitseconds.0meansdonotsilent.
Default
Defaultsilenttimeis0.
Mode
LineConfiguration
Usage
Use“silenttime”commandtospecifythesilenttimeforCLIrunningonconsole,telnetorsshservice.Whenuserinputpasswordtologinandauthenticatefailed,thefailretrynumberwillincreaseone.Afterfailretrynumberexceedconfiguredone,theCLIwillblockloginfortheperiodofsilenttimewhichconfiguredbythecommand“silent-time”.
Example
Thisexampleshowshowtochangetheconsolesilenttimeto10,thetelnetsilenttimeto15,andthesshsilenttimeto20.
Switch(config)#
line console
155
Switch(config-line)#
silent-time10
Switch(config-line)#
exit
Switch(config)#
line telnet
Switch(config-line)#
silent-time15
Switch(config-line)#
exit
Switch(config)#
line ssh
Switch(config-line)#
silent-time20
Switch(config-line)#
exit
Thisexampleshowshowshowlineinformation.
Switch#
show line
156
Console
SessionTimeout:10(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:10(seconds)
Telnet
TelnetServer:disabled
SessionTimeout:10(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:15(seconds)
SSH
SSHServer:disabled
SessionTimeout:10(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:20(seconds)
157
History
Syntax
history<1-256>
no history
Parameter
<1-256>SpecifymaximumCLIhistoryentrynumber.
Default
Defaultmaximumhistoryentrynumberis128.
Mode
LineConfiguration
Usage
Usethe“history”commandtospecifythemaximumcommandsofhistorynumbersfortheCLIrunningontheconsole,telnet,orsshservice.Everycommandinputbytheuserwillrecordinthehistorybuffer.Ifallhistorycommandsexceedtheconfiguredhistorynumber,oldercommandswillbedeletedfromthebuffer.Usethe“nohistory”todisablethehistoryfeature.Usethe“showhistory”toshowallhistorycommands.
Example
Thisexampleshowshowtochangeconsolehistorynumberto100,telnethistorynumberto150andsshhistorynumberto200.
158
Switch(config)#
line console
Switch(config-line)#
history100
Switch(config-line)#
exit
Switch(config)#
line telnet
Switch(config-line)#
history150
Switch(config-line)#
exit
Switch(config)#
line ssh
Switch(config-line)#
history200
Switch(config-line)#
exit
159
Thisexampleshowshowshowlineinformation.
Switch#
show line
Console
SessionTimeout:10(minutes)
HistoryCount:100
PasswordRetry:3
SilentTime:0(seconds)
Telnet
TelnetServer:disabled
SessionTimeout:10(minutes)
HistoryCount:150
PasswordRetry:3
SilentTime:0(seconds)
SSH
SSHServer:disabled
SessionTimeout:10(minutes)
HistoryCount:200
PasswordRetry:3
160
SilentTime:0(seconds)
Switch#
show history
MaximunHistoryCount:100
1. enable
2.configure
3. line console
4.exit
5.showhistory
6.line
7.exit
8. show history
9.configure
10.line
11. line console
12. exit
13. line console
14.history100
15.exit
162
Clear Service
Syntax
clear (telnet | ssh)
Parameter
telnet Clear all telnet sessions.ssh Clear all ssh sessions
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“clearservice”commandtokillallexistingsessionsfortheselectservice.
Example
Thisexampleshowshowtoenablethetelnetserviceandshowthecurrenttelnetservicestatus.
Switch#
clear telnet
163
SSL
Syntax
ssl
Parameter
Default
Nodefaultvalueforthiscommand.
Mode
GlobalConfiguration
Usage
Use“ssl”commandtogeneratesecuritycertificatefilessuchasRSA,DSA.
Example
Thisexampleshowshowtogeneratecertificatefiles.
Switch(config)#
ssl
164
Thisexampleshowshowtoshowthecertificatefilelists.
Switch#
showflash
FileNameFileSizeModified
startup-config11912000-01-0100:00:23
rsa19742000-01-0100:00:18
rsa216752000-01-0100:00:18
dsa26682000-01-0100:00:18
ssl_cert9932000-01-0100:00:18
image0(active)43724012012-09-2401:57:29
image1(backup)0
165
Ping
Syntax
pingHOSTNAME[count<1-999999999>]
Parameter
HOSTNAME SpecifyIPv4/IPv6addressordomainnametoping.count <1- 999999999> Specifyhowmanytimestoping.
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“ping”commandtodonetworkpingdiagnostic.
Example
Thisexampleshowshowtopingremotehost192.168.1.111.
Switch#
ping192.168.1.111
PING192.168.1.111(192.168.1.111):56databytes
64bytesfrom192.168.1.111:icmp_seq=0ttl=128time=10.0mstime=10.0ms
166
64bytesfrom192.168.1.111:icmp_seq=1ttl=128time=0.0ms
64bytesfrom192.168.1.111:icmp_seq=2ttl=128time=0.0ms
64bytesfrom192.168.1.111:icmp_seq=3ttl=128time=0.0ms
192.168.1.111pingstatistics
4packetstransmitted,4packetsreceived,0%packetloss
round-tripmin/avg/max=0.0/2.5/10.0ms
167
Traceroute
Syntax
tracerouteA.B.C.D[max_hop<2-255>]
Parameter
A.B.C.D SpecifyIPv4totrace.max_hop <2-255> Specifymaximumhoptotrace.
Default
.Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
Usage
Use“traceroute”commandtodonetworktraceroutediagnostic.
Example
Thisexampleshowshowtotraceroutehost192.168.1.111.
Switch#
traceroute192.168.1.111
168
tracerouteto192.168.1.111(192.168.1.111),30hops
max,40bytepackets
1192.168.1.111(192.168.1.111)0ms10ms0ms
169
Clear ARP
Syntax
cleararp[A.B.C.D]
showarp
Parameter
A.B.C.DSpecifyspecificarpentrytoclear.
Default
Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
Usage
Usethe“cleararp”commandtoclearallorspecificonearpentry.Usethe“showarp”commandtoshowallarpentries.
Example
Thisexampleshowshowtoshowarpentries.
Switch#
showarp
170
AddressHWtypeHWaddressFlags
MaskIface
192.168.1.111ether00:0E:2E:F1:4B:3CCeth0
Thisexampleshowshowtoclearallarpentries.
Switch(config)#
cleararp
171
Show Version
Syntax
show version
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
Usage
Use“showversion”commandtoshowloaderandfirmwareversionandbuilddate.
Example
Thisexampleshowshowtoshowsystemversion.
Switch#
show version
LoaderVersion:1.3.0.26225
172
LoaderDate:ThuMay1715:19:42CST2012
FirmwareVersion:2.5.0-beta.32811
FirmwareDate:MonSep2419:33:42CST2012
173
Show Info
Syntax
show info
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
Usage
Use“showinfo”commandtoshowsystemsummaryinformation.
Example
Thisexampleshowshowtoshowsystemversion.
Switch#
show info
SystemName:Switch
174
SystemLocation:DefaultLocation
SystemContact:DefaultContact
MACAddress:DE:AD:BE:EF:01:02
IPAddress:192.168.1.1
SubnetMask:255.255.255.0
LoaderVersion:1.3.0.26225
LoaderDate:ThuMay1715:19:42CST2012
FirmwareVersion:2.5.0-beta.32811
FirmwareDate:MonSep2419:33:42CST2012
SystemObjectID:1.3.6.1.4.1.27282.3.2.10
SystemUpTime:0days,1hours,49mins,29secs
175
Show History
Syntax
show history
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
GlobalConfiguration
Usage
Use“showhistory”toshowcommandsweinputbefore.
Example
Thisexampleshowshowshowhistorycommands.
Switch#
show history
176
MaximunHistoryCount:100
1. enable
2.configure
3. line console
4.exit
5.showhistory
6.line
7.exit
8. show history
9.configure
10.line
11. line console
12. exit
13. line console
14.history100
15.exit
16.showhistory
17.exit
18. show history
177
Show Username
Syntax
showusername
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showusername”commandshowalluseraccountsinlocaldatabase.
Example
Thisexampleshowshowtoshowexistinguseraccounts.
Switch#
showusername
Priv|Type|UserName|
Password
179
Show IP
Syntax
showip
Parameter
None
Default
Nodefaultvalueforthiscommand
Mode
User EXEC
Privileged EXEC
Usage
Use“showip”commandtoshowsystemIPv4address,netmaskanddefaultgateway.
Example
Thisexampleshowshowtoshowcurrentipv4addressoftheswitch.
Switch#
showip
IPAddress:192.168.1.200
181
Show IP DHCP
Syntax
showipdhcp
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
Usage
Use“showipdhcp”commandtoshowIPv4dhcpclientenablestate.
Example
Thisexampleshowshowtoshowcurrentdhcpclientstateoftheswitch.
Switch#
showipdhcp
DHCPStatus:enabled
182
Show IPv6
Syntax
showipv6
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
User EXEC
Privileged EXEC
Usage
Usethe“showipv6”commandtoshowthesystemIPv6address,netmask,defaultgatewayandautoconfigstate.
Example
Thisexampleshowshowtoshowcurrentipv6addressoftheswitch.
Switch#
showipv6
IPv6DHCPConfiguration:Disabled
183
IPv6DHCPDUID:
IPv6AutoConfiguration:Enabled
IPv6LinkLocalAddress:
fe80::dcad:beff:feef:102/64
IPv6staticAddress:
fe80::20e:2eff:fef1:4b3c/128
IPv6staticGatewayAddress:::
IPv6inuseAddress:
fe80::dcad:beff:feef:102/64
IPv6inuseGatewayAddress:::
184
Show IPv6 DHCP
Syntax
showipv6dhcp
Parameter
Default
Nodefaultvalueforthiscommand
Mode
User EXEC
Privileged EXEC
Usage
Use“showipv6dhcp”commandtoshowsystemIPv6dhcpclientenablestate.
Example
Thisexampleshowshowtoshowcurrentdhcpv6clientstateoftheswitch.
Switch#
showipv6dhcp
DHCPv6Status:enabled
185
Show Line
Syntax
showline[(console|telnet|ssh)]
Parameter
console Select console line to show.telnet Select telnet line to show.ssh Select ssh line to show.
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Use“showline”commandtoshowalllineconfigurationsincludingsessiontimeout,historycount,passwordretrynumberandsilenttime.Fortelnetandssh,italsoshowstheserviceenable/disablestate.
Example
Thisexampleshowshowshowalllines’information.
Switch#
show line
186
Console
SessionTimeout:15(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:0(seconds)
Telnet
TelnetServer:disabled
SessionTimeout:20(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:0(seconds)
SSH
SSHServer:disabled
SessionTimeout:25(minutes)
HistoryCount:128
PasswordRetry:3
SilentTime:0(seconds)
188
Show Cable-Diag Interfaces
Syntax
logging
no logging
Parameter
N/A
Default
logging
Mode
GlobalConfiguration
Usage
Displaytheestimatedlengthofcoppercableattachedtotheports.
showcable-diaginterfaceall
Displaytheestimatedlengthofcoppercablesattachedtoallports.
showcable-diaginterface
Disabletheestimatedlengthofcoppercableattachedtoportfa1.
191
IP DHCP Snooping
Syntax
ipdhcpsnooping
noipdhcpsnooping
Parameter
None
Default
DHCPsnoopingisdisabled
Mode
GlobalConfiguration
Usage
UsetheipdhcpsnoopingcommandtoenableDHCPSnoopingfunction.Usethenoformofthiscommandtodisable.
Example
TheexampleshowshowtoenableDHCPSnoopingonVLAN1.Youcanverifysettingsbythefollowingshowipdhcpsnoopingcommand.
switch(config)#
ipdhcpsnooping
192
switch(config)#
ipdhcpsnoopingvlan1
switch(config)#
showipdhcpsnooping
DHCPSnooping:enabled
EnableonfollowingVlans:1
circuit-iddefaultformat:vlan-port
remote-id::00:11:22:33:44:55(SwitchMacinByteOrder)
193
IP DHCP Snooping VLAN
Syntax
ipdhcpsnoopingvlanVLAN-LIST
Parameter
VLAN-LISTSpecifyVLANIDorarangeofVLANstoenableordisabledynamicArpinspection
Default
DefaultisdisabledonallVLANs
Mode
GlobalConfiguration
Usage
UsetheiparpinspectionvlancommandtoenableVLANsonDHCPSnoopingfunction.UsethenoformofthiscommandtodisableVLANsonDHCPSnoopingfunction
Example
TheexampleshowshowtoenableVLAN1-100onDHCPSnooping,andthendisableVLAN30-40onDHCPSnooping.Youcanverifysettingsbythefollowingshowipdhcpsnoopingcommand.
switch(config)#
vlan1-100
194
switch(config)#
exit
switch(config)#
ipdhcpsnooping
switch(config)#
ipdhcpsnoopingvlan1-100
switch(config)#
showipdhcpsnooping
DHCPSnooping:enabled
EnableonfollowingVlans:1-100
circuit-iddefaultformat:vlan-port
remote-id::00:11:22:33:44:55(SwitchMacinByteOrder)
switch(config)#
noipdhcpsnoopingvlan30-40
switch(config)#
showipdhcpsnooping
DHCPSnooping:enabled
EnableonfollowingVlans:1-29,41-100
circuit-iddefaultformat:vlan-port
196
IP DHCP Snooping Trust
Syntax
ipdhcpsnoopingtrust
noipdhcpsnoopingtrust
Parameter
None
Default
DHCPsnoopingtrustisdisabled
Mode
InterfaceConfiguration
Usage
Usetheipdhcpsnoopingtrustcommandtosettrustedinterface.TheswitchdoesnotcheckDHCPpacketsthatarereceivedonthetrustedinterface;itsimplyforwardsit.Usethenoformofthiscommandtosetuntrustedinterface.
Example
Theexampleshowshowtosetinterfacegi1totrust.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterface command.
switch(config)#
interface gi1
197
switch(config)#
ipdhcpsnoopingtrust
switch(config)#
doshowipdhcpsnoopinginterfacegi1
Interfaces|TrustState|Rate(pps)|hwaddrCheck|InsertOption82|
gi1|Trusted|None|disabled|disabled|
198
IP DHCP Snooping Verify
Syntax
ipdhcpsnoopingverifymac-address
[no]ipdhcpsnoopingverifymac-address
Parameter
None
Default
DHCPsnoopingverifymac-addressisdisabled.
Mode
InterfaceConfiguration
Usage
UsetheipdhcpsnoopingverifycommandtoverifyMACaddressfunctiononinterface.The“mac-address”dropDHCPpacketsthatchaddrandethernet-source-macisnotmatch.
Example
Theexampleshowshowtosetinterfacegi1tovalidate“mac-address”.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterfacecommand.
switch(config)#
interface gi1
199
switch(config-if)#
ipdhcpsnoopingverifymac-address
switch(config)#
doshowipdhcpsnoopinginterfacegi1
Interfaces|TrustState|Rate(pps)|hwaddrCheck|InsertOption82|
gi1|Untrusted|None|enabled|disabled|
200
IP DHCP Snooping Rate LimitSyntax
ipdhcpsnoopingrate-limit<1-50>
[no]ipdhcpsnoopingrate-limit
Parameter
<1-50>Set1to50PPSofDHCPpacketratelimitation
Default
Defaultisun-limitedofDHCPpacket
Mode
InterfaceConfiguration
Usage
Usetheipdhcpsnoopingrate-limitcommandtosetratelimitationoninterface.TheswitchdropDHCPpacketsafterreceivesmorethanconfiguredrateofpacketspersecond.Usethenoformofthiscommandtoreturntodefaultsettings.
Example
Theexampleshowshowtosetratelimitto30ppsoninterfacegi1.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterfacecommand.
switch(config)#
interface gi1
201
switch(config)#ipdhcpsnoopingrate-limit30
switch(config)#doshowipdhcpsnoopinginterfacegi1
Interfaces|TrustState|Rate(pps)|hwaddrCheck|InsertOption82|
gi1|Untrusted|30|disabled|disabled|
202
Clear IP DHCP Snooping Statistics
Syntax
clearipdhcpsnoopinginterfacesIF_PORTSstatistics
Parameter
IF_PORTSspecifiesportstoclearstatistics
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
Usetheclearipdhcpsnoopinginterfacesstatisticscommandtoclearstatisticsthatarerecordedoninterface.
Example
Theexample showshow to clear statisticson interfacegi1.You canverify settingsby the following show ipdhcpsnoopinginterfacestatisticscommand.
switch#
clearipdhcpsnoopinginterfacesgi1statistics
switch#
showipdhcpsnoopinginterfacesgi1statistics
203
Interfaces|Forwarded|ChaddrCheckDropped|UntrustPortDropped|
UntrustPortWithOption82Dropped|InvalidDrop
gi1|0|0|0|0|0
204
Show IP DHCP Snooping
Syntax
showipdhcpsnooping
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowipdhcpsnoopingcommandtoshowthesettingsoftheDHCPSnoopingfeature.
Example
TheexampleshowshowtoshowsettingsofDHCPSnooping
switch(config)#
showipdhcpsnooping
DHCPSnooping:enabled
EnableonfollowingVlans:1
206
IP Show IP DHCP Snooping Interface
Syntax
showipdhcpsnoopinginterfacesIF_PORTS
showipdhcpsnoopinginterfacesIF_PORTSstatistics
Parameter
IF_PORTSspecifiesportstoshowstatistics
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
Usetheshowipdhcpsnoopinginterfacescommandtoshowsettingsorstatisticsofinterface.
Example
Theexampleshowshowtoshowsettingsofinterfacegi1.
switch#
showipdhcpsnoopinginterfacegi1
207
Interfaces|TrustState|Rate(pps)|hwaddrCheck|InsertOption82|
gi1|Untrusted|None|enabled|disabled|
Theexampleshowshowtoshowstatisticsofinterfacegi1.
switch#
showipdhcpsnoopinginterfacesgi1statistics
Interfaces|Forwarded|ChaddrCheckDropped|UntrustPortDropped|
UntrustPortWithOption82Dropped|InvalidDrop
gi1|0|0|0|0|0
208
Show IP DHCP Snooping Binding
Syntax
showipdhcpsnoopingbinding
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowipdhcpsnoopingbindingcommandtoshowbindingentriesthatarelearnedbyDHCPSnooping.
Example
TheexampleshowshowtoshowbindingentriesthatlearnedbyDHCPSnooping.
switch#
showipdhcpsnoopingbinding
BindTable:MaximunBindingEntryNumber192
Port|VID|MACAddress|IP|Type|LeaseTime
210
IP DHCP Snooping Option
Syntax
ipdhcpsnoopingoption
noipdhcpsnoopingoption
Parameter
None
Default
DHCPsnoopingoption82isdisabled
Mode
InterfaceConfiguration
Usage
Usetheipdhcpsnoopingoptioncommandtoenabletheinsertoption82contentintothepacket.Usethenoformofthiscommand to disable it.
Example
Theexampleshowshowtoenableoption82insertion.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterface command.
switch(config)#
interface gi1
211
switch(config)#
ipdhcpsnoopingoption
switch(config)#
doshowipdhcpsnoopinginterfacegi1
Interfaces|TrustState|Rate(pps)|hwaddrCheck|InsertOption82|
gi1|Untrusted|None|disabled|enabled|
212
IP DHCP Snooping Option Action
Syntax
ipdhcpsnoopingoptionaction(drop|keep|replace)
noipdhcpsnoopingoptionaction
Parameter
Drop Droppacketswithoption82thatarereceivedfromuntrustedport.Keep Keeporiginaloption82contentinpacket.Replace Replaceoption82contentbyswitchsettingopDroppacketswithoption82thatare receivedfromun
trustedport.
Default
DHCPsnoopingoption82isdrop
Mode
InterfaceConfiguration
Usage
Usetheipdhcpsnoopingoptionactioncommandtosettheactionwhenitreceivespacketswiththeoption82content.Usethenoformofthiscommandtorestoretothedefaultsettings.
213
Example
Theexampleshowshowtosetactiontoreplaceoption82content.Youcanverifysettingsbythefollowingshowrunning-configcommand.
switch(config)#
interface gi1
switch(config)#
ipdhcpsnoopingoptionactionreplace
214
IP DHCP Snooping Option Circuit-ID
Syntax
ipdhcpsnooping[vlan<1-4094>]optioncircuit-idSTRING
noipdhcpsnooping[vlan<1-4094>]optioncircuit-id
Parameter
Vlan <1-4094> VLANIDtosetuserdefinedcircuit-idstringSTRING Circuit-idstring,1to63ASCIIcharacters,nospaces.
Default
Defaultcircuit-idisportid+vlanidinbyteformat
Mode
InterfaceConfiguration
Usage
Usetheipdhcpsnoopingoptioncircuit-idcommandtosettheuser-definedcircuit-idstring.TheCircuit-idisperportperVLANsetting.IfaVLANisnotfoundtouseauser-definedcircuit-id,thenitwilluseitperportcircuit-idstring.Usethenoformofthiscommandtodefaultsetting.
Example
Theexampleshowshowtosetauser-definedcircuit-idstringoninterfacegi1andVLAN1.Youcanverifysettingsbythefollowingshowrunning-configcommand.
216
IP DHCP Snooping Option Remote-ID
Syntax
ipdhcpsnoopingoptionremote-idSTRING
noipdhcpsnoopingoptionremote-id
Parameter
STRINGRemote-idstring,1to63ASCIIcharacters,nospaces.
Default
Defaultremote-idistheswitchMACaddressinbyteorder.
Mode
GlobalConfiguration
Usage
Usetheipdhcpsnoopingoptionremote-idcommandtosettheuser-definedremote-idstring.Remote-idisaglobalanduniquestring.Usethenoformofthiscommandtosetthedefaultsettings.
Example
Theexampleshowshowtosetauser-definedremote-idstringonswitch.Youcanverifysettingsbythefollowingshowipdhcpsnoopingoptionremote-id.
switch(config)#
ipdhcpsnoopingoptionremote-idtest_remote
218
Show IP DHCP Snooping Option
Syntax
showipdhcpsnoopingoptionremote-id
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
Usetheshowipdhcpsnoopingoptionremote-idcommandtoshowremote-idstring.
Example
Theexampleshowshowtoshowremote-idstring.
switch(config)#
showipdhcpsnoopingoptionremote-id
RemoteID:test_remote
219
IP DHCP Snooping Database
Syntax
ipdhcpsnoopingdatabaseflash
ipdhcpsnoopingdatabasetftp(A.B.C.D|HOSTNAME)NAME
noipdhcpsnoopingdatabase
Parameter
(A.B.C.D|HOSTNAME) SpecifytheIPaddressorhostnameofremoteTFTPserverNAME Inputnameofbackupfile
Default
DHCPsnoopingdatabaseisdisabled
Mode
GlobalConfiguration
Usage
UsetheipdhcpsnoopingdatabasecommandtoenabletheDHCPSnoopingdatabaseagent.The“flash”meansthatitwillwriteabackupfiletotheswitchlocaldrive.The“tftp”meansthatitwillwriteabackupfiletotheremoteTFTPserver.Use the no form of this command to disable it.
Example
TheexampleshowshowtoenableDHCPSnoopingdatabaseagentandwritebackupfiletoremoteTFTPserverwithfilename“backup_file”.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.
220
switch(config)#
ipdhcpsnoopingdatabasetftp192.168.1.50backup_file
switch(config)#
showipdhcpsnoopingdatabase
Type:tftp:192.168.1.50
FileName:backup_file
WritedelayTimer:300seconds
AbortTimer:300seconds
AgentRunning:Running
DelayTimerExpiry:300seconds
AbortTimerExpiry:299
LastSuccededTime:None
LastFailedTime:None
LastFailedReason:Nofailurerecorded.
TotalAttempts:1
SuccessfulTransfers:0FailedTransfers:0
SuccessfulReads:0FailedReads:0
SuccessfulWrites:0FailedWrites:0
221
IP DHCP Snooping Database Write-Delay
Syntax
ipdhcpsnoopingdatabasewrite-delay<15-86400>
Parameter
<15-86400>specifiesthesecondsofthetimeout.Specifythedurationforwhichthetransfershouldbedelayedafterthe binding database changes.
Default
DHCPsnoopingdatabasewrite-delayis300seconds
Mode
GlobalConfiguration
Usage
Usetheipdhcpsnoopingdatabasewrite-delaycommandtomodifythewrite-delaytimer.Usethenoformofthiscommandtosetthedefaultsettings.
Example
Theexampleshowshowtosetwrite-delaytimerto60seconds.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.
switch(config)#
ipdhcpsnoopingdatabasewrite-delay60
222
switch(config)#
showipdhcpsnoopingdatabase
Type:tftp:192.168.1.50
FileName:backup_file
WritedelayTimer:60seconds
AbortTimer:300seconds
AgentRunning:Running
DelayTimerExpiry:300seconds
AbortTimerExpiry:299
LastSuccededTime:None
LastFailedTime:None
LastFailedReason:Nofailurerecorded.
TotalAttempts:1
SuccessfulTransfers:0FailedTransfers:0
SuccessfulReads:0FailedReads:0
SuccessfulWrites:0FailedWrites:0
223
switch(config)#
showipdhcpsnoopingdatabase
Type:tftp:192.168.1.50
FileName:backup_file
WritedelayTimer:60seconds
AbortTimer:300seconds
AgentRunning:Running
DelayTimerExpiry:300seconds
AbortTimerExpiry:299
LastSuccededTime:None
LastFailedTime:None
LastFailedReason:Nofailurerecorded.
TotalAttempts:1
SuccessfulTransfers:0FailedTransfers:0
SuccessfulReads:0FailedReads:0
SuccessfulWrites:0FailedWrites:0
224
IP DHCP Snooping Database Timeout
Syntax
ipdhcpsnoopingdatabasetimeout<0-86400>
Parameter
<15-86400>specifiesthesecondsoftimeout、Specify(inseconds)howlongtowaitforthedatabasetransferprocesstofinishbeforestoppingtheprocess.Use0todefineaninfiniteduration,whichmeanstocontinuetryingthetransferindefinitely
Default
DHCPsnoopingdatabasetimeoutis300seconds
Mode
GlobalConfiguration
Usage
Usetheipdhcpsnoopingdatabasetimeoutcommandtomodifythetimeouttimer.Usethenoformofthiscommandtosetthedefaultsettings.
Example
Theexampleshowshowtosettimeouttimerto60seconds.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.
switch(config)#
ipdhcpsnoopingdatabasetimeout60
225
switch(config)#
showipdhcpsnoopingdatabase
Type:tftp:192.168.1.50
FileName:backup_file
WritedelayTimer:300seconds
AbortTimer:60seconds
AgentRunning:Running
DelayTimerExpiry:300seconds
AbortTimerExpiry:299
LastSuccededTime:None
LastFailedTime:None
LastFailedReason:Nofailurerecorded.
TotalAttempts:1
SuccessfulTransfers:0FailedTransfers:0
SuccessfulReads:0FailedReads:0
SuccessfulWrites:0FailedWrites:0
226
Clear IP DHCP Snooping Database Statistics
Syntax
clearipdhcpsnoopingdatabasestatistics
Parameter
None
Default
Nodefaultisdefined.
Mode
GlobalConfiguration
Usage
UsetheclearipdhcpsnoopingdatabasestatisticscommandtoclearstatisticsoftheDHCPSnoopingdatabase.
Example
TheexampleshowshowtoclearstatisticsofDHCPSnoopingagent.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.
switch(config)#
clearipdhcpsnoopingdatabasestatistics
switch(config)#
showipdhcpsnoopingdatabase
227
Type:tftp:192.168.1.50
FileName:backup_file
WritedelayTimer:300seconds
AbortTimer:60seconds
AgentRunning:Running
DelayTimerExpiry:300seconds
AbortTimerExpiry:299
LastSuccededTime:None
LastFailedTime:None
LastFailedReason:Nofailurerecorded.
TotalAttempts:0
SuccessfulTransfers:0FailedTransfers:0
SuccessfulReads:0FailedReads:0
SuccessfulWrites:0FailedWrites:0
228
Renew IP DHCP Snooping Database
Syntax
renewipdhcpsnoopingdatabase
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetherenewipdhcpsnoopingdatabasecommandtorenewtheDHCPSnoopingdatabasefromabackupfile.
Example
TheexampleshowshowtorenewtheDHCPSnoopingdatabase.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabaseandshowipdhcpsnoopingbindingcommands.
switch(config)#
showipdhcpsnoopingdatabase
Type:tftp:192.168.1.50
FileName:backup_file
229
WritedelayTimer:300seconds
AbortTimer:60seconds
AgentRunning:Running
DelayTimerExpiry:300seconds
AbortTimerExpiry:299
LastSuccededTime:None
LastFailedTime:None
LastFailedReason:Nofailurerecorded.
TotalAttempts:1
SuccessfulTransfers:1FailedTransfers:0
SuccessfulReads:1FailedReads:0
SuccessfulWrites:0FailedWrites:0
switch#showipdhcpsnoopingbinding
BindTable:MaximunBindingEntryNumber192
Port|VID|MACAddress|IP|Type|LeaseTime
fa1|1|48:5B:39:C7:12:62|192.168.1.100(255.255.255.255)|DHCPSnooping|86400
230
Show IP DHCP Snooping Database
Syntax
showipdhcpsnoopingdatabase
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowipdhcpsnoopingdatabasecommandtoshowsettingsofDHCPSnoopingagent.
Example
TheexampleshowshowtoshowsettingsofDHCPSnoopingagent.
switch(config)#
showipdhcpsnoopingdatabase
Type:tftp:192.168.1.50
FileName:backup_file
231
WritedelayTimer:300seconds
AbortTimer:60seconds
AgentRunning:Running
DelayTimerExpiry:300seconds
AbortTimerExpiry:299
LastSuccededTime:None
LastFailedTime:None
LastFailedReason:Nofailurerecorded.
TotalAttempts:1
SuccessfulTransfers:1FailedTransfers:0
SuccessfulReads:1FailedReads:0
SuccessfulWrites:0FailedWrites:0
233
DoS
Syntax
dos(syn-fin|xma|null-scan|sport-less1024|icmp-frag-pkts|pod|tcpblat|udp-blat|land|da-eq-sa)
nodos(syn-fin|xma|null-scan|sport-less1024|icmp-frag-pkts|pod|tcp-blat|udp-blat|land|da-eq-sa)
dossmurf<0-31>
dostcp-hdr-min<0-255>
dosicmp-ping-max<0-65535>
dosipv6-min-frag<0-65535>
nodossmurf<0-31>
nodostcp-hdr-min<0-255>
nodosicmp-ping-max<0-65535>
nodosipv6-min-frag<0-65535>
234
Parameter
syn-fin Enable/Disablesyn-finprotection.
xma Enable/Disablexmaprotection.null-scan Enable/Disablenull-scanprotection.sport-less1024 Enable/Disablesport-less1024protection.icmp-frag-pkts Enable/Disableicmp-grag-pktsprotection.pod Enable/Disablepodprotection.tcp-blat Enable/Disabletcp-blatprotection.
udp-blat Enable/Disableudp-blatprotection.land Enable/Disablelandprotection.da-eq-sa Enable/Disableda-eq-saprotection.smurf <0-31>Specifysmurflength.tcp-hdr-min
<0-255>
Specifytcp-hdr-minlength.
icmp-ping-max
<0-65535>
Specifyicmp-ping-maxsize.
ipv6-min-frag <0-65535> Specifyipv6-min-fraglength.
Default
DefaultenablestateofallDoStypesaredisabled.
Defaultsmurflengthis24.
Defaulttcp-hdr-minlengthis20.
Defaulticmp-ping-maxsizeis512.
235
Default
DefaultenablestateofallDoStypesaredisabled.
Defaultsmurflengthis24.
Defaulttcp-hdr-minlengthis20.
Defaulticmp-ping-maxsizeis512.
Defaultipv6-min-fraglengthis1280
Mode
GlobalConfiguration
Usage
DoSisusingtoprotectmaliciousattackfromotherdevices.ThiscommandcanconfigureDUTtoenable/disablefollowingtypesofattacks.
syn-fin:ATCPpacketwiththeSYNandFINflagsset.
xma:TCPsequencenumberiszero,andtheFIN/URG/PSHflagsareset.
null-scan:TCPsequencenumberiszero,andallcontrolflagsarezeroes.
sport-less1024:TCPSYNpacketswithsourceportlessthan1024.
icmp-frag-pkts:FragmentedICMPpackets.
Pod:Pingpacketsthatlengtharelargerthan65535bytes.
tcp-blat:BoththesourceandthedestinationTCPportarethesame.
udp-blat:BoththesourceandthedestinationUDPportarethesame.
236
land:BoththesourceandthedestinationIPv4/IPv6addressesarethesame.
da-eq-sa:BoththesourceandthedestinationMACaddressesarethesame.
smurf:ICMPechorequestpacketthatdestinationIPv4addressisbroadcastaddress.
tcp-hdr-min:TCPpacketthatheaderlengthislessthantheconfiguredvalue.
icmp-ping-max:PINGpacketwiththelength.
ipv6-min-frag:IPv6fragmentedpackets(notincludingthelastone)thatpayloadlengthlessthan1240bytes.
Example
Thisexampleshowshowtoenablesyn-finandsmurfwithlength30oninterfacefa1.
Switch(config)#
interface fa1
Switch(config-if)#
dossyn-fin
Switch(config-if)#
dossmurf30
Thisexampleshowshowtoshowcurrentdosstateoninterfacefa1
Switch#
show dos interfaces fa1
Port|Type|State(Length)
fa1 |
237
|syn-fin|enabled
| xma | disabled
|null-scan|disabled
|sport-less1024|disabled
|Icmp-frag-pkts|disabled
|pod|disabled
|tcp-blat|disabled
|udp-blat|disabled
| land | disabled
|da-eq-sa|disabled
|smurf|enabled(30)
|tcp-hdr-min|disabled
|icmp-ping-max|disabled
|ipv6-min-frag|disabled
238
Show DoS
Syntax
showdosinterfacesIF_PORTS
Parameter
IF_PORTSEnable/Disablesyn-finprotection
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showdos”commandtoshowdosconfigurationonselectedports.
Example
Thisexampleshowshowtoshowcurrentdosstateoninterfacefa1.
Thisexampleshowshowtoshowcurrentdosstateoninterfacefa1
Switch#
show dos interfaces fa1
Port|Type|State(Length)
239
fa1 |
|syn-fin|enabled
| xma | disabled
|null-scan|disabled
|sport-less1024|disabled
|Icmp-frag-pkts|disabled
|pod|disabled
|tcp-blat|disabled
|udp-blat|disabled
| land | disabled
|da-eq-sa|disabled
|smurf|enabled(30)
|tcp-hdr-min|disabled
|icmp-ping-max|disabled
|ipv6-min-frag|disabled
241
IP ARP Inspection
Syntax
iparpinspection
noiparpinspection
Parameter
None
Default
DynamicArpinspectionisdisabled
Mode
GlobalConfiguration
Usage
UsetheiparpinspectioncommandtoenableDynamicArpInspectionfunction.Usethenoformofthiscommandtodisable.
Example
TheexampleshowshowtoenableDynamicArpInspectiononVLAN1.Youcanverifysettingsbythefollowingshowiparpinspectioncommand.
switch(config)#
iparpinspection
242
switch(config)#
iparpinspectionvlan1
switch(config)#
showiparpinspection
DynamicARPInspection:enabled
EnableonVlans:1
243
IP ARP Inspection VLAN
Syntax
iparpinspectionvlanVLAN-LIST
noiparpinspectionvlanVLAN-LIST
Parameter
VLAN-LISTSpecifyVLANIDorarangeofVLANstoenableordisabledynamic
Arpinspection
Default
Default is disabled on all VLANs
Mode
GlobalConfiguration
Usage
UsetheiparpinspectionvlancommandtoenableVLANsonDynamicArpInspectionfunction.UsethenoformofthiscommandtodisableVLANsontheDynamicArpInspectionfunction.
Example
TheexampleshowshowtoenableVLAN1-100ontheDynamicArpInspection,andthendisableVLAN30-40ontheDynamicArpInspection.Youcanverifysettingsbythefollowingshowiparpinspectioncommand.
244
switch(config)#
vlan1-100
switch(config)#
exit
switch(config)#
iparpinspection
switch(config)#
iparpinspectionvlan1-100
switch(config)#
showiparpinspection
DynamicARPInspection:enabled
EnableonVlans:1-100
switch(config)#
noiparpinspectionvlan30-40
switch(config)#
showiparpinspection
DynamicARPInspection:enabled
EnableonVlans:1-29,41-100
245
IP ARP Inspection Trust
Syntax
iparpinspectiontrust
noiparpinspectiontrust
Parameter
None
Default
DynamicArpinspectiontrustisdisabled
Mode
InterfaceConfiguration
Usage
Usetheiparpinspectiontrustcommandtosettrustedinterface.TheswitchdoesnotcheckARPpacketsthatarereceivedonthetrustedinterface;itsimplyforwardsit.Usethenoformofthiscommandtosetuntrustedinterface
Example
Theexampleshowshowtosetinterfacegi1totrust.Youcanverifysettingsbythefollowingshowiparpinspectioninterface command.
switch(config)#
interface gi1
246
switch(config)#
iparpinspectiontrust
switch(config)#
doshowiparpinspectioninterfacegi1
Interfaces|TrustState|Rate(pps)|SMACCheck|DMACCheck|IPCheck/AllowZero|gi1|Trusted|None|disabled|disabled|disabled/disabled
247
IP ARP Inspection Validate
Syntax
iparpinspectionvalidatesrc-mac
iparpinspectionvalidatedst-mac
iparpinspectionvalidateip[allow-zeros]
noiparpinspectionvalidatesrc-mac
noiparpinspectionvalidatedst-mac
noiparpinspectionvalidateip[allow-zeros]
Parameter
None
Default
Defaultisdisabledofallvalidation
Mode
InterfaceConfiguration
Usage
Usetheiparpinspectionvalidatecommandtoenablevalidatefunctiononinterface.The“src-mac”dropARPrequestsandreplypacketsthatarp-sender-macandethernetsource-macisnotmatch.The“dst-mac”dropARPreplypacketsthatarp-target-macandethernet-dst-macisnotmatch.The“ip”dropARPrequestandreplypacketsthatsender-ipisinvalid
248
suchasbroadcastmulticastallzeroIPaddressanddropARPreplypacketsthattarget-ipisinvalid.The“allow-zeros”meanswon’tdropallzeroIPaddress.Usethenoformofthiscommandtodisablevalidation.
Example
Theexampleshowshowtosetinterfacegi1tovalidate“src-mac”“dst-mac”and“ipallowzeros”.Youcanverifysettingsbythefollowingshowiparpinspectioninterfacecommand.
switch(config)#
interface gi1
switch(config-if)#
iparpinspectionvalidatesrc-mac
switch(config-if)#
iparpinspectionvalidatedst-ma
switch(config-if)#
iparpinspectionvalidateipallow-zeros
switch(config)#
doshowiparpinspectioninterfacegi1
Interfaces|TrustState|Rate(pps)|SMACCheck|DMACCheck|IPCheck/AllowZero|
gi1|Untrusted|30|disabled|disabled|disabled/disabled
249
IP ARP Inspection Rate Limit
Syntax
iparpinspectionrate-limit<1-50>
[no]iparpinspectionrate-limit
Parameter
<1-50>Set1to50PPSofDHCPpacketratelimitation
Default
Defaultisun-limitedofARPpacket
Mode
InterfaceConfiguration
Usage
Usetheiparpinspectionrate-limitcommandtosetratelimitationoninterface.TheswitchdropARPpacketsafterreceivesmorethanconfiguredrateofpacketspersecond.Usethenoformofthiscommandtoreturntodefaultsettings.
Example
Theexampleshowshowtosetratelimitto30ppsoninterfacegi1.Youcanverifysettingsbythefollowingshowiparpinspectioninterfacecommand.
250
switch(config)#
interface gi1
switch(config)#
iparpinspectionrate-limit30
switch(config)#
doshowiparpinspectioninterfacegi1
Interfaces|TrustState|Rate(pps)|SMACCheck|DMACCheck|IPCheck/AllowZero|
gi1|Untrusted|30|disabled|disabled|disabled/disabled
251
Clear IP ARP Inspection Statistics
Syntax
cleariparpinspectioninterfacesIF_PORTSstatistics
Parameter
IF_PORTSspecifiesportstoclearstatistics
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
Usethecleariparpinspectioninterfacesstatisticscommandtoclearstatisticsthatarerecordedoninterface.
Example
Theexampleshowshowtoclearstatisticsoninterfacegi1.Youcanverifysettingsbythefollowingshowiparpinspectioninterfacestatisticscommand.
switch#
cleariparpinspectioninterfacesgi1statistics
switch#
showiparpinspectioninterfacesgi1statistics
252
Port|Forward|SourceMACFailures|DestMACFailures|
SIPValidationFailures|DIPValidationFailures|IP-MACMismatchFailures
gi1|0|0|0|0|0|0
253
Show IP ARP Inspection
Syntax
showipdhcpsnooping
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowiparpinspectioncommandtoshowsettingsofDynamicArpInspection
Example
TheexampleshowshowtoshowsettingsofDynamicArpInspection
switch(config)#
showiparpinspection
DynamicARPInspection:enabled
EnableonVlans:1
254
Show IP ARP Inspection Interface
Syntax
showiparpinspectioninterfacesIF_PORTS
showiparpinspectioninterfacesIF_PORTSstatistics
Parameter
IF_PORTSspecifiesportstoshowstatistics
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
Usetheshowiparpinspectioninterfacescommandtoshowsettingsorstatisticsofinterface.
Example
Theexampleshowshowtoshowsettingsofinterfacegi1.
switch#
showiparpinspectioninterfacegi1
255
Interfaces|TrustState|Rate(pps)|SMACCheck|DMACCheck|IPCheck/AllowZero|
gi1|Trusted|None|disabled|disabled|disabled/disabled
Theexampleshowshowtoshowstatisticsofinterfacegi1.
switch#
showiparpinspectioninterfacesgi1statistics
Port|Forward|SourceMACFailures|DestMACFailures|
SIPValidationFailures|DIPValidationFailures|IP-MACMismatchFailures
gi1|0|0|0|0|0|0
257
IP IGMP Snooping
Syntax
ipigmpsnooping
noipigmpsnooping
Parameter
None
Default
ipigmpsnooping
Mode
GlobalConfiguration
Usage
“noipigmpsnooping”willclearallipigmpsnoopingdynamicgroupanddynamicrouterport,andmakethestaticipigmpgroupinvalid.Thendonotlearningthedynamicgroupandrouterportbyigmpmessage.Theconfigurecanuse“showipigmpsnooping”.
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingtest.
Switch(config)#
ipigmpsnooping
258
Switch#
showipigmpsnooping
IGMP Snooping Status
Snooping:Enabled
ReportSuppression:Enabled
OperationVersion:v2
ForwardMethod:mac
UnknownMulticastAction:Flood
Switch(config)#
noipigmpsnooping
Switch#
showipigmpsnooping
259
IP IGMP Snooping Report-Suppression
Syntax
[no]ipigmpsnoopingreport-suppression
Parameter
none
Default
ipigmpsnoopingreport-suppression
Mode
GlobalConfiguration
Usage
“no ip igmpsnoopingreport-suppression”willdisablethe igmpv1/v2 igmpreportsuppressionfunction.The receivereportwillfthenorwardtothevlanrouterports.Theconfigurationcanuse“showipigmpsnooping”.
Example
Thefollowingexamplespecifiesthedisableipigmpsnoopingreport-suppressiontest.
Switch(config)#
noipigmpsnoopingreport-suppression
Switch#
showipigmpsnooping
260
IGMP Snooping Status
Snooping:Enabled
ReportSuppression:Disabled
OperationVersion:v2
ForwardMethod:mac
UnknownMulticastAction:Flood
261
IP IGMP Snooping VersionSyntax
ipigmpsnoopingversion(2|3)
Parameter
(2|3)Ipigmpsnoopingrunningversion2or3
Default
ipigmpsnoopingversion2
Mode
GlobalConfiguration
Usage
“ipigmpsnoopingversion3”willremoveallipv4groupentrieswhentheforwardmethodissrc-dst-ip.Whentheforwardmethodismac,itwillremovethedynamicgroupentry.Thesameisfromv3changetov2.Forthis,allquerierversionswillupdatetoversion2.Theconfigurationcanuse“showipigmpsnooping”.
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingversion3test.
Switch(config)#
ipigmpsnoopingversion3
Switch#
showipigmpsnooping
262
IP IGMP Snooping Unknown-Multicast Action
Syntax
ipigmpsnoopingunknown-multicastaction(drop|flood|router-port)
Parameter
(drop|flood|routerport)Unknownmulticastactionfordrop|flood|router-port
Default
ipigmpsnoopingunknown-multicastactionflood
Mode
GlobalConfiguration
Usage
Whenigmpsnoopingandmldsnoopingaredisabled,itcan’tsetanactiontodroporrouter-port.Whendisablingigmpsnooping&mldsnooping,itsetsunknownmulticastactionflood.Whentheactionisrouter-porttofloodordrop,itwilldeletetheunknownmulticastgroupentry.Ifthelookupmodeissrc-dst-ip,whenchanged,theunknownactionwilldeleteallthedynamicgroupd.Theconfigurationcanuse“showipigmpsnooping”.
Example
Thefollowingexamplespecifiesthatsetipigmpunknownmulticastactionrouter-porttest.
Switch(config)#
ipigmpsnooping
263
Switch(config)#
ipigmpsnoopingunknown-multicastactionrouter-port
Switch#
showipigmpsnooping
IGMP Snooping Status
Snooping:Enabled
ReportSuppression:Disabled
OperationVersion:v2
ForwardMethod:mac
UnknownMulticastAction:RouterPort
Switch#
showipigmpsnooping
Switch(config)#
noipigmpsnooping
IGMP Snooping Status
Snooping:Disabled
ReportSuppression:Disabled
OperationVersion:v2
ForwardMethod:mac
265
IP IGMP Snooping Forward-Method
Syntax
ipigmpsnoopingforward-method(mac|src-dst-ip)
Parameter
(mac|src-dst-ip)MulticastlookupmethodisDMACORDIP+SIP
Default
ipigmpsnoopingforward-methodmac
Mode
GlobalConfiguration
Usage
Whenchangingthelookupmethod,itwillremoveallgroups.Theconfigurationcanuse“showipigmpsnooping”.
Example
Thefollowingexamplespecifiesthatsetipigmplookupmethodissrc-dst-iptest.
Switch(config)#
ipigmpforward-methodsrc-dst-ip
Switch#
showipigmpsnooping
266
IGMP Snooping Status
Snooping:Disabled
ReportSuppression:Disabled
OperationVersion:v2
ForwardMethod:src-dst-ip
267
IP IGMP Snooping Querier
Syntax
ipigmpsnoopingvlan<VLAN-LIST>querier
noipigmpsnooping[vlan<VLAN-LIST>]querier
ipigmpsnoopingvlan<VLAN-LIST>querierversion(2|3)
Parameter
VLAN-LIST specifiesVLANIDlisttoset(2|3) Queryversion2or3
Default
noipigmpsnoopingquerier
Mode
GlobalConfiguration
Usage
Whenenablingipigmpvlanquerier,therewillbeaprocessrouterselection.Theselectionwillsendgeneralandspecificqueries.Theconfigurationcanuse“showipigmpsnoopingquerier”.
Example
268
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingqueriertest.testmustbecreatestaticvlanfirstly.
Switch(config)#
vlan 2
Switch(config-vlan)#
exit
Switch(config)#
ipigmpsnoopingvlan2querier
Switch(config)#
exit
Switch#
showipigmpsnoopingquerier
VID|State|Status|Version|QuerierIP
1|Disabled|Non-Querier|No|------
2|Enabled|Querier|v2|192.168.1.254
Switch#
configure
Switch(config)#
ipigmpsnoopingversion3
269
Switch(config)#
ipigmpsnoopingvlan2querierversion3
Switch(config)#
doshowipigmpsnoopingqueier
VID|State|Status|Version|QuerierIP
1|Disabled|Non-Querier|No|------
2|Enabled|Querier|v3|192.168.1.254
Switch(config)#
noipigmpsnoopingqueier
Switch(config)#
doshowipigmpsnoopingqueier
270
IP IGMP Snooping VLANSyntax
ipigmpsnoopingvlanVLAN-LIST
noipigmpsnoopingvlanVLAN-LIST
Parameter
VLAN-LISTspecifiesVLANIDlisttoset
Default
noipigmpsnoopingvlan1-4094
Mode
GlobalConfiguration
Usage
“Noipigmpsnoopingvlan1”willclearvlansforallipigmpsnoopingdynamicgroupsanddynamicrouterports,andmakethestaticipigmpgroupinvaliddependingonwhichvlanIDisvlan1.Thenthereisnolearningofthedynamicgroupandrouterportbyigmpmessagesforvlan1.Theconfigurationcanuseshowipigmpsnoopingvlan1.
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingvlantest.Thetestmustenableipigmpsnoopingfirst.
Switch(config)#
ipigmpsnooping
Switch(config)#
271
IGMPSnoopingqueryinterval:admin125secoper125sec
IGMPSnoopingquerymaxresponse:admin10secoper10sec
IGMPSnoopinglastmemberquerycounter:admin2oper2
IGMPSnoopinglastmemberqueryinterval:admin1secoper1sec
IGMPSnoopinglastimmediateleave:disabled
IGMPSnoopingmrouterportlearnbypim-dvmrp:enabled
Switch(config)#
noipigmpsnoopingvlan1
Switch#
showipigmpsnoopingvlan1
IGMPSnoopingisglobalyenabled
IGMPSnoopingVLAN1admin:disabled
IGMPSnoopingoperationmode:disabled
IGMPSnoopingrobustness:admin2oper2
IGMPSnoopingqueryinterval:admin125secoper125sec
IGMPSnoopingquerymaxresponse:admin10secoper10sec
IGMPSnoopinglastmemberquerycounter:admin2oper2
IGMPSnoopinglastmemberqueryinterval:admin1secoper1sec
IGMPSnoopinglastimmediateleave:disabled
273
IP IGMP Snooping VLAN Parameters
Syntax
ipigmpsnoopingvlan<VLAN-LIST>last-member-query-count<1-7>
noipigmpsnoopingvlan<VLAN-LIST>last-member-query-count
ipigmpsnoopingvlan<VLAN-LIST>last-member-query-interval<1-60>
noipigmpsnoopingvlan<VLAN-LIST>last-member-query-interval
[no]ipigmpsnoopingvlan<VLAN-LIST>mrouterlearnpim-dvmrp
[no]ipigmpsnoopingvlan<VLAN-LIST>fastleave
ipigmpsnoopingvlan<VLAN-LIST>query-interval<30-18000>
noipigmpsnoopingvlan<VLAN-LIST>query-interval
ipigmpsnoopingvlan<VLAN-LIST>response-time<5-20>
noipigmpsnoopingvlan<VLAN-LIST>response-time
ipigmpsnoopingvlan<VLAN-LIST>robustness-variable<1-7>
noipigmpsnoopingvlan<VLAN-LIST>robustness-variable
274
Parameter
VLAN-LIST specifiesVLANIDlisttosetlast-member-query-count <1-7>
specifieslastmemberquerycounttoset.Defaultis2
last-member-queryinterval <1-60>
specifieslastmemberqueryintervaltoset.Defaultis1
query-interval <30-
18000>
specifiesqueryintervaltoset.Defaultis125
response-time <5- 20> specifiesaresponsetimetoset.defaultis10robustness-variable<1-7>
specifiesarobustnessvaluetoset,defaultis2
Default
noipigmpsnoopingvlan1-4094last-member-query-count
noipigmpsnoopingvlan1-4094last-member-query-interval
ipigmpsnoopingvlan1-4094mrouterlearnpim-dvmrp
noipigmpsnoopingvlan1-4094fastleave
noipigmpsnoopingvlan1-4094query-interval
noipigmpsnoopingvlan1-4094response-time
noipigmpsnoopingvlan1-4094robustness-variable
Mode
GlobalConfiguration
275
Usage
“no ip igmpsnoopingvlan1 (last-member-query-count | last-member-queryinterval | query-interval | response-time |robustness-variable)”willsetthevlanparameterstodefault.Theclisettingswillchangetheipigmpvlanparameterstotheadminsettings.Theconfigurationcanuseshowipigmpsnoopingvlan1.
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingvlanparameterstest.
Switch(config)#
ipigmpsnoopingvlan1fastleave
Switch(config)#
ipigmpsnoopingvlan1last-member-query-count5
Switch(config)#
ipigmpsnoopingvlan1last-member-query-interval3
Switch(config)#
ipigmpsnoopingvlan1query-interval100
Switch(config)#
ipigmpsnoopingvlan1response-time12
Switch(config)#
ipigmpsnoopingvlan1robustness-variable4
276
Switch#
showipigmpsnoopingvlan1
IGMPSnoopingisglobalyenabled
IGMPSnoopingVLAN1admin:enabled
IGMPSnoopingoperationmode:enabled
IGMPSnoopingrobustness:admin4oper2
IGMPSnoopingqueryinterval:admin100secoper125sec
IGMPSnoopingquerymaxresponse:admin12secoper10sec
IGMPSnoopinglastmemberquerycounter:admin5oper2
IGMPSnoopinglastmemberqueryinterval:admin3secoper1sec
IGMPSnoopinglastimmediateleave:enabled
IGMPSnoopingmrouterportlearnbypim-dvmrp:enabled
277
IP IGMP Snooping Static Port
Syntax
[no]ipigmpsnoopingvlan<VLAN-LIST>static-portIF_PORTS
[no]ipigmpsnoopingvlan<VLAN-LIST>forbidden-portIF_PORTS
Parameter
VLAN-LIST specifiesVLANIDlisttosetIF_PORTS specifiesaportlisttosetorremove
Default
Nonestatic/forbiddenports
Mode
GlobalConfiguration
Usage
‘ipigmpsnoopingvlan1static-portfa1-2’willaddstaticportfa1-2forvlan1.Theallknownvlan1ipv4groupwilladdthestaticports.“ipigmpsnoopingvlan1forbidden-portfa3-4”willaddforbiddenportfa3-4.forvlan1.Theallknownvlan1ipv4groupwillremovetheforbiddenports.
Theconfigurationcanuse“showipigmpsnoopingforward-all”.
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingstatic/forbiddenporttest.
278
Switch(config)#
ipigmpsnoopingvlan1static-portfa1-2
Switch(config)#
ipigmpsnoopingvlan1forbidden-portfa3-4
Switch#
showipigmpsnoopingforward-allvlan1
IGMPSnoopingVLAN:1
IGMPSnoopingstaticport:fa1-2
IGMPSnoopingforbiddenport:fa3-4
279
IP IGMP Snooping Static Router Port
Syntax
[no]ipigmpsnoopingvlan<VLAN-LIST>static-router-portIF_PORTS
[no]ipigmpsnoopingvlan<VLAN-LIST>forbidden-router-portIF_PORTS
Parameter
VLAN-LIST specifiesVLANIDlisttosetIF_PORTS specifiesaportlisttosetorremove
Default
Nonestatic/forbiddenrouterports
Mode
GlobalConfiguration
Usage
“ipigmpsnoopingvlan1static-router-portfa1-2”willaddstatictherouterportfa1-2forvlan1.“ipigmpsnoopingvlan1forbidden-router-portfa2”willaddtheforbiddenrouterportfa2forvlan1.Thiswillalsoremovefa2fromstatictherouterport.Theforbiddenrouterportreceivequerywillnotforward.Theconfigurationcanuse‘showipigmpsnoopingrouter’.
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingstatic/forbiddentest.
280
Switch(config)#
ipigmpsnoopingvlan1static-router-portfa1-2
Switch(config)#
ipigmpsnoopingvlan1forbidden-router-portfa2
Switch#
showipigmpsnoopingrouter
Dynamic Router Table
VID|Port|ExpiryTime(Sec)
TotalEntry0
Static Router Table
StaticRouterTable
VID|PortMask
1 | fa1
Total Entry 1
Forbidden Router TableVID|PortMask1 | fa2Total Entry 1
281
IP IGMP Snooping Static Group
Syntax
[no]ipigmpsnoopingvlan<VLAN-LIST>static-group<ip-addr>interfaceIF_PORT
[no]ipigmpsnoopingvlan<VLAN-LIST>group<ip-addr>
showipigmpsnoopinggroups[(dynamic|static)]
clearipigmpsnoopinggroups[(dynamic|static)]
Parameter
VLAN-LIST specifiesVLANIDlisttosetip-addr specifiesmulticastgroupipv4address
IF_PORT specifiesportidtosetorremove
Default
None
Mode
GlobalConfiguration
Usage
‘ipigmpsnoopingvlan1static-group224.1.1.1interfacefa1’willaddstaticgroup.Thestaticgroupwillnotlearnfromotherdynamicports.Ifthedynamicgroupexists,thenthestaticgroupwilloverlapwiththedynamicgroup.Ifyouremovethelastmemberofstaticgroup,thestaticgroupwillbedeleted.Ifthestaticgroupwantstovalidateitself,youmustenableigmpsnoopingvlanandipigmpsnooping.Theconfigurationcanuse“showipigmpsnoopinggroup[(dynamic|
282
static)]”todisplay.Youcanalsouse“noipigmpsnoopingvlan1group224.1.1.1”todeletethestaticgroup.Inaddition,youcanuseclearipigmpsnoopinggroupstodeletethestaticgroup.
Example
Thefollowingexamplespecifiesthatsetipigmpsnoopingstaticgrouptest.
Switch(config)#
ipigmpsnoopingvlan1static-group224.1.1.1interface
fa1
Switch(config)#
ipigmpsnoopingvlan1static-group224.1.1.1interface
fa2
Switch#
showipigmpsnoopinggroups
VLAN|GourpIPAddress|Type|Life(Sec)|Port
1|224.1.1.1|Static|--|fa1-2
TotalNumberofEntry=1
Switch#
clearipigmpsnoopinggroupsstatic
Switch# s
howipigmpsnoopinggroups
284
IP IGMP Profile
Syntax
ipigmpprofile<1-128>
profilerangeip<ip-addr>[ip-addr]action(permit|deny)
showipigmpprofile[<1-128>]
Parameter
<1-128> specifiesprofileID
<ip-addr> Startipv4multicastaddress[ip-addr] Endipv4multicastaddress(permit | deny) Permit:AllowMulticastaddressrangeipaddresslearning
Deny:DonotallowMulticastaddressrangeipaddresslearning
Default
None
Mode
ipigmpprofile<1-128>:GlobalConfiguration
profilerangeip<ip-addr>[ip-addr]action(permit|deny):
igmpprofileconfigmode
285
Usage
Usethe‘ipigmpprofile1’entryfortheigmpprofileconfigmode.Use‘profilerangeip224.1.1.1224.1.1.8actionpermit’toconfiguretheprofileentry.Theprofileentryisusedbytheportfilter.Theconfigurationcanuse‘showipigmpprofile[<1-128>]’todisplay.
Example
Thefollowingexamplespecifiesthatsetipigmpprofiletest:
Switch(config)#
ipigmpprofile1
Switch(config-igmp-profile)#
profilerangeip224.1.1.1224.1.1.8actionpermit
Switch(config-igmp-profile)#
showipigmpprofile
IPigmpprofileindex:1
IPigmpprofileaction:permit
Rangelowip:224.1.1.1
Rangehighip:224.1.1.8
Switch(config-igmp-profile)#
exit
286
Switch(config)#
ipigmpprofile10
Switch(config-igmp-profile)#
profilerangeip224.1.1.5224.1.1.10action
deny
Switch(config-igmp-profile)#
showipigmpprofile
IPigmpprofileindex:
10
IPigmpprofileaction:
deny
Rangelowip:
224.1.1.5
Rangehighip:
224.1.1.10
Switch(config-igmp-profile)#
exit
Switch(config)#
exit
287
Switch#
showipigmpprofile
IPigmpprofileindex:
1
IPigmpprofileaction:
permit
Rangelowip:
224.1.1.1
Rangehighip:
224.1.1.8
IPigmpprofileindex:
10
IPigmpprofileaction:
deny
Rangelowip:
224.1.1.5
Rangehighip:
224.1.1.10
288
IP IGMP FilterSyntax
ipigmpfilter<1-128>
[no]ipigmpfilter
Showipigmpfilter[interfacesIF_PORTS]
Parameter
<1-128> SpecifiesprofileID
[interfaces IF_PORTS] SpecifiesinterfacestodisplayDefault
None
Mode
Interface mode
Usage
Aftercreatingtheipigmpprofileentry,youcanuse‘ipigmpfilter1’tobindaprofileforaport.Whentheportbindsaprofile,thentheportlearninggroupwillupdate.Ifthegroupisnotmatchedtotheprofileruleitwillremovetheportfromthegroup.Staticgroupsareexcluded.Theconfigurationcanuse‘showipigmpfilter’todisplay.
Example
Thefollowingexamplespecifiesthatsetipigmpfiltertest.
Theconfiguremustcreateipigmpprofilefirstly.
289
Switch(config)#
ipigmpprofile1
Switch(config-igmp-profile)#
profilerangeip224.1.1.1224.1.1.8actionpermit
Switch(config-igmp-profile)#
exit
Switch(config)#
interface fa1
Switch(config-if)#
ipigmpfilter1
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipigmpfilter
PortID|ProfileID
fa1:1
fa2:None
291
IP IGMP Max-Groups
Syntax
ipigmpmax-groups<0-512>
noipigmpmax-groups
ipigmpmax-groupsaction(deny|replace)
Showipigmpmax-group[interfacesIF_PORTS]
Showipigmpmax-groupaction[interfacesIF_PORTS]
Parameter
<1-128> SpecifiesprofileID
(deny | replace) Deny:Currentportigmpgrouparrivedmax-groups,don’taddgroup.
Replace:Currentportigmpgrouparrivedmax-groups,removeportformrandgroup,andaddporttogroup.
Default
noipigmpmax-groups
ipigmpmax-groupsactiondeny
Mode
Interface mode
292
Usage
Use‘ipigmpmax-groups10’tolimitportlearning.Themaxgroupnumberis10.Whentheporthaslearnedmorethan10groups,thentherestofthegroupswillberemovesfromtheportformthegroup.Staticgroupsareexcluded.Theconfigurationcanuse‘showipigmpmax-group&showipigmpmax-groupaction’todisplay.
Example
Thefollowingexamplespecifiesthatsetipigmpmax-groupsandactionisreplacetest.
Switch(config)#
interface fa1
Switch(config-if)#
ipigmpmax-groups10
Switch(config-if)#
ipigmpmax-groupsactionreplace
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipigmpmax-group
PortID|MaxGroup
293
fa1:10
fa2:1024
fa3:1024
--More--
Switch#
showipigmpmax-groupaction
PortID|Max-groupsAction
fa1:replace
fa2:deny
fa3:deny
fa4:deny
fa5:deny
fa6:deny
--More--
294
Clear IP IGMP Snooping Groups
Syntax
clearipigmpsnoopinggroups[(dynamic|static)]
Parameter
none Clearipigmpgroupsincludedynamicandstatic
(dynamic | static) Ipigmpgrouptypeisdynamicorstatic
Default
Clearallipigmpgroups
Mode
privilegedmode
Usage
Thiscommandwillcleartheipigmpgroupsfordynamicorstaticoralloftype.Theconfigurationcanuse‘showipigmpsnoopinggroups’tocheck.
Example
Switch#
clearipigmpsnoopinggroupsstatic
Switch#
showipigmpsnoopinggroups
296
Clear IP IGMP Snooping Statistics
Syntax
clearipigmpsnoopingstatistics
Parameter
none
Default
none
Mode
privilegedmode
Usage
Thiscommandwillcleartheigmpstatistics.Theconfigurationcanuseshowipigmpsnooping.
Example
Thefollowingexamplespecifiesthatclearipigmpsnoopingstatisticstest.
Switch#
clearipigmpsnoopingstatistics
Switch#
showipigmpsnooping
297
Show IP IGMP Snooping Counters
Syntax
showipigmpsnoopinggroupscounters
Parameter
none
Default
none
Mode
privilegedmode
Usage
Thiscommandwilldisplaytheipigmpgroupcounterincludestaticgroup.
Example
Thefollowingexamplespecifiesthatdisplayipigmpsnoopinggroupcountertest.
Switch#
showipigmpsnoopingcounters
Totalipigmpsnoopinggroupnumber:0
298
Show IP IGMP Snooping Groups
Syntax
showipigmpsnoopinggroups[(dynamic|static)]
Parameter
none Showipigmpgroupsincludedynamicandstatic](dynamic | static) DisplayIpigmpgrouptypeisdynamicorstatic
Default
displayallipigmpgroups
Mode
privilegedmode
Usage
Thiscommandwilldisplaytheipigmpgroupsfordynamicorstaticoralloftype.
Example
Thefollowingexamplespecifiesthatshowipigmpsnoopinggroupstest.
Switch#
showipigmpsnoopinggroups
300
Show IP IGMP Snooping Router
Syntax
showipigmpsnoopingrouter[(dynamic|forbidden|static)]
Parameter
none Showipigmprouterincludedynamicandstaticandforbidden(dynamic | forbidden | static) DisplayIpigmprouterinfofordifferenttype
Default
displayallrouterinfo
Mode
privilegedmode
Usage
Thiscommandwilldisplaytheipigmprouterinfo.
Example
Thefollowingexamplespecifiesthatshowipigmpsnoopingroutertest.
Switch#
showipigmpsnoopingrouter
301
Switch#
showipigmpsnoopingrouterdynamic
Switch#
showipigmpsnoopingrotuerstatic
Switch#
showipigmpsnoopingrotuerforbidden
302
Show IP IGMP Snooping Querier
Syntax
showipigmpsnoopingquerier
Parameter
noneShowallvlanipigmpquerierinfo.
Default
none
Mode
privilegedmode
Usage
Thiscommandwilldisplayallofthestaticvlanipigmpquerierinfo.
Example
Thefollowingexamplespecifiesthatshowipigmpsnoopingqueriertest.
Switch#
showipigmpsnoopingquerier
VID|State|Status|Version|QuerierIP
1|Disabled|Non-Querier|No|------Total Entry 1
303
Show IP IGMP Snooping
Syntax
showipigmpsnooping
Parameter
noneShowipigmpsnoopingglobalinfo.
Default
none
Mode
privilegedmode
Usage
Thiscommandwilldisplayipigmpsnoopingglobalinfo.
Example
Thefollowingexamplespecifiesthatshowipigmpsnoopingtest.
Switch#
showipigmpsnooping
IGMP Snooping Status
Snooping:Enabled
304
GeneralQueryRx:0
GeneralQueryTx:0
GSQueryRx:0
GSQueryTx:0
ReportRx:0
ReportTx:0
Packet Statistics
TotalRx:0
ValidRx:0
InvalidRx:0
OtherRx:0
GeneralQueryRx:0
GeneralQueryTx:0
GSQueryRx:0
GSQueryTx:0
ReportRx:0
ReportTx:0
LeaveRx:0
LeaveTx:0
305
Show IP IGMP Snooping VLAN
Syntax
showipigmpsnoopingvlan[VLAN-LIST]
Parameter
none Showallipigmpsnoopingvlaninfo
[VLAN-LIST] Showspecifiesvlanipigmpsnoopinginfo
Default
Showallipigmpsnoopingvlaninfo
Mode
privilegedmode
Usage
Thiscommandwilldisplayipigmpsnoopingvlaninfo.
Example
Thefollowingexamplespecifiesthatshowipigmpsnoopingvlantest.
Switch# showipigmpsnoopingvlanIGMPSnoopingisglobalyenabled
306
IGMPSnoopingVLAN1admin:disabled
IGMPSnoopingoperationmode:disabled
IGMPSnoopingrobustness:admin2oper2
IGMPSnoopingqueryinterval:admin125secoper125sec
IGMPSnoopingquerymaxresponse:admin10secoper10sec
IGMPSnoopinglastmemberquerycounter:admin2oper2
IGMPSnoopinglastmemberqueryinterval:admin1secoper1sec
IGMPSnoopinglastimmediateleave:disabled
IGMPSnoopingmrouterportlearnbypim-dvmrp:enabled
307
Show IP IGMP Snooping Forward-All
Syntax
showipigmpsnoopingforward-all[vlanVLAN-LIST]
Parameter
noneShowallipigmpsnoopingvlanforward-allinfo
[vlanVLAN-LIST]Showspecifiesvlanofipigmpforwardinfo.
Default
Showallvlanipigmpforwardallinfo
Mode
privilegedmode
Usage
Thiscommandwilldisplayipigmpsnoopingforwardallinfo.
Example
Thefollowingexamplespecifiesthatshowipigmpsnoopingforward-alltest.
Switch#
showipigmpsnoopingforward-all
IGMPSnoopingVLAN:1
309
Show IP IGMP Snooping Profile
Syntax
showipigmpprofile[<1-128>]
Parameter
noneShowallipigmpsnoopingprofileinfo
[<1-128>]Showspecifiesindexprofileinfo
Default
Showallipigmpprofileinfo
Mode
privilegedmode
Usage
Thiscommandwilldisplayipigmpprofileinfo.
Example
Thefollowingexamplespecifiesthatshowipigmpprofiletest.
Switch#
showipigmpprofile
IPigmpprofileindex:1
310
IPigmpprofileaction:permit
Rangelowip:224.1.1.1
Rangehighip:224.1.1.8
IPigmpprofileindex:2
IPigmpprofileaction:deny
Rangelowip:225.1.1.0
Rangehighip:225.1.2.1
311
Show IP IGMP Snooping Port Filter
Syntax
showipigmpfilter[interfacesIF_PORTS]
Parameter
none Showallportfilter[interfaces IF_PORTS] Showspecifiesportsfilter
Default
Showallportsipigmpfilter
Mode
privilegedmode
Usage
Thiscommandwilldisplayipigmpportfilterinfo.
Example
Thefollowingexamplespecifiesthatshowipigmpfiltertest.
Switch#
showipigmpfilter
PortID|ProfileID
313
Show IP IGMP Snooping Port Max-Group
Syntax
showipigmpmax-group[interfacesIF_PORTS]
Parameter
none Showallportmax-group[interfaces IF_PORTS] Showspecifiesportsmax-group
Default
Showallportsipigmpmax-group
Mode
privilegedmode
Usage
Thiscommandwilldisplayipigmpportmax-group.
Example
Thefollowingexamplespecifiesthatshowipigmpmax-grouptest.
Switch(config)#
interface fa1
Switch(config-if)#ipigmpmax-groups50
314
Switch(config-if)#
ipigmpmax-groups50
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipigmpmax-group
PortID|MaxGroup
fa1:50
fa2:1024
fa3:1024
fa4:1024
fa5:1024
315
Show IP IGMP Snooping Port Max-Group ActionSyntax
showipigmpmax-groupaction[interfacesIF_PORTS]
Parameter
none Showallportmax-groupaction[interfaces IF_PORTS] Showspecifiesportsmax-groupaction
Default
Showallportsipigmpmax-groupaction
Mode
privilegedmode
Usage
Thiscommandwilldisplayipigmpportmax-groupaction.
Example
Thefollowingexamplespecifiesthatshowipigmpmax-groupactiontest.
Switch(config)#
interface fa1
Switch(config-if)#
ipigmpmax-groupsactionreplace
316
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipigmpmax-groupaction
PortID|Max-groupsAction
fa1:replace
fa2:deny
fa3:deny
fa4:deny
fa5:deny
318
IP Source Verify
Syntax
ipsourceverify
ipsourceverifymac-and-ip
noipsourceverify
Parameter
None
Default
IPSourceGuardisdisabled
Mode
InterfaceConfiguration
Usage
UsetheipsourceverifycommandtoenableIPSourceGuardfunction.DefaultIPSourceGuardfiltersourceIPaddress.The“mac-and-ip”filtersnotonlysourceIPaddressbutalsosourceIPaddress.Usethenoformofthiscommandtodisable.
319
Example
TheexampleshowshowtoenableIPSourceGuardwithsourceIPaddressfilteringoninterfacegi1.
Switch(config)#interfacegi1
switch(config-if)#
ipsourceverify
TheexampleshowshowtoenableIPSourceGuardwithsourceIPandMACaddressfilteringoninterfacegi2.Youcanverifysettingsbythefollowingshowipsourceinterfacescommand.
Switch(config)#
interface gi2
switch(config-if)#
ipsourceverifymac-and-ip
switch(config-if)#
doshowipsourceinterfacesgi1-2
Port|Status|MaxEntry|CurrentEntry
gi1|VerifyMAC+IP|NoLimit|0
gi2|disabled|NoLimit|0
320
IP Source Binding
Syntax
ipsourcebindingA:B:C:D:E:Fvlan<1-4094>A.B.C.DinterfaceIF_PORT
noipsourcebindingA:B:C:D:E:Fvlan<1-4094>A.B.C.DinterfaceIF_PORT
Parameter
A:B:C:D:E:F SpecifyaMACaddressofabindingentry
VLAN <1-4094> SpecifyaVLANIDofabindingentryA.B.C.D SpecifyIPaddressandMASKofabindingentry.
IF_PORT Specifyinterfaceofabindingentry.
Default
Defaultisnobindingentry.
Mode
GlobalConfiguration
Usage
UsetheipsourcebindingcommandtocreateastaticIPsourcebindingentryhasanIPaddress,itsassociatedMACaddressAVLANIDAinterface.Usethenoformofthiscommandtodeletestaticentry.
321
Example
TheexampleshowshowtoaddastaticIPsourcebindingentry.Youcanverifysettingsbythefollowingshowipsourcebinding command.
Switch(config)#
ipsourcebinding00:11:22:33:44:55vlan1192.168.1.55interfacefa1
switch(config)#
doshowipsourcebinding
BindTable:MaximunBindingEntryNumber192
Port|VID|MACAddress|IP|Type|LeaseTime
fa1|1|00:11:22:33:44:55|192.168.1.55(255.255.255.255)|Static|NA
322
Show IP Source Interface
Syntax
showipsourceinterfacesIF_PORTS
Parameter
IF_PORTSspecifiesportstoshow
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowipsourceinterfacecommandtoshowsettingsofIPSourceGuardofinterface
Example
TheexampleshowshowtoshowsettingsofIPSourceGuardofinterfacegi1
switch#
showipsourceinterfacesgi1
Port|Status|MaxEntry|CurrentEntry
gi1|VerifyMAC+IP|NoLimit|0
323
Show IP Source Binding
Syntax
showipsourcebinding[(dynamic|static)]
Parameter
dynamic ShowentriesthataddedbyDHCPsnoopinglearnstatic Showentriesthataddedbyuser
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowipsourcebindingcommandtoshowbindingentriesofIPSourceGuard.
Example
TheexampleshowshowtoshowstaticbindingentriesofIPSourceGuard.
switch#
showipsourcebinding
BindTable:MaximunBindingEntryNumber192
324
Port|VID|MACAddress|IP|Type|LeaseTime
fa1|1|00:11:22:33:44:55|192.168.1.55(255.255.255.255)|Static|NA
326
Lag Load-balance
Syntax
lagload-balance(src-dst-mac|src-dst-mac-ip)
Parameter
src-dst-mac
SpecifyalgorithmtobalancetrafficbyusingsourceanddestinationMACaddressforallpackets.
src-dst-mac-ip
SpecifyalgorithmtobalancetrafficbyusingsourceanddestinationIPaddressforIPpacketsandusingsourceanddestinationMACaddressfornon-IPpackets.
Default
Defaultloadbalancealgorithmissrc-dst-mac
Mode
GlobalConfiguration
Usage
Linkaggregationgroupportshouldtransmitpacketsspreadtoallportstobalancetrafficloading.Therearetwoalgorithmsupportedandthiscommandallowyoutoselectthealgorithm.
327
Example
Thisexampleshowshowtochangeloadbalancealgorithmtosrc-dst-mac-ip.Switch(config)# lagload-balancesrc-dst-mac-ip
Thisexampleshowshowtoshowcurrentloadbalancealgorithm.Switch# show lagLoadBalancing:src-dst-mac-ip.
GroupID|Type|Ports
1|---------|2|---------|3|---------|4|---------|5|---------|6|---------|7|---------|8|---------|
328
LACP System-Priority
Syntax
lacpsystem-priority<1-65535>
nolacpsystem-priority
Parameter
<1-65535>Specifysystempriorityvalue
Default
Defaultsystempriorityis1.
Mode
GlobalConfiguration
Usage
LACPsystempriorityisusedfortwoconnectedDUTtoselectthemasterswitch.Alowersystempriorityvaluehasahigherpriority.AndtheDUTwithahigherprioritycandecidewhichportsareabletojointheLAG.Use“nolacpsystem-priority”torestoretothedefaultpriorityvalue.Theonlywaytoshowthisconfigurationisusingthe“showrunning-config”command.
Example
Thisexampleshowshowtoconfigurelacpsystempriorityto1000.
Switch(config)#
329
LACP Port-Priority
Syntax
lacpport-priority<1-65535>
Parameter
<1-65535>Specifyportpriorityvalue
Default
Defaultportpriorityis1.
Mode
InterfaceConfiguration
Usage
LACPportpriorityisusedfortwoconnectedDUTtoselectaggregationports.Alowerportpriorityvaluehasahigherpriority.AndtheportwiththehigherprioritywillbeselectedintoLAGfirst.Theonlywaytoshowthisconfigurationisusingthe“showrunning-config”command.
Example
Thisexampleshowshowtoconfigureinterfacefa1lacpportpriorityto100.
Switch(config)#
interface fa1
331
LACP Timeout
Syntax
lacptimeout(long|short)
Parameter
longSendLACPpacketevery30seconds.
shortSendLACPpacketevery1second.
Default
DefaultLACPtimeoutislong.
Mode
InterfaceConfiguration
Usage
LACPneedtosendLACPpackettopartnerswitchtocheckthe linkstatus.Thiscommandconfiguresthe intervalofsendingLACPpackets.Theonlywaytoshowthisconfigurationisusingthe“showrunning-config”command.
Example
Thisexampleshowshowtoconfigureinterfacefa1lacptimeouttoshort.
Switch(config)#interfacefa1
333
LAG
Syntax
lag<1-8>mode(static|active|passive)
no lag
Parameter
<1-8> SpecifytheLAGidfortheinterfacestatic SpecifytheLAGtobestaticmodeandjointheinterfaceintothisLAG.active SpecifytheLAGtobedynamicmodeandjointheinterfaceintothisLAGwithLACPactiveport.passive SpecifytheLAGtobedynamicmodeandjointheinterfaceintothisLAGwithLACPpassiveport.
Default
ThereisnoLAGindefault
Mode
InterfaceConfiguration
Usage
Linkaggregationgroupfunctionallowsyoutoaggregatemultiplephysicalportsintoonelogicporttoincreasebandwidth.ThiscommandmakesnormalportjoinintothespecificLAGlogicportwithstaticordynamicmode.Anduse“nolag”toleavetheLAGlogicport.
334
Example
ThisexampleshowshowtocreateadynamicLAGandjoinfa1-fa3tothisLAG.
Switch(config)#
interfacerangefa1-3
Switch(config-if)#
lag 1 mode active
ThisexampleshowshowtoshowcurrentLAGstatus.
Switch#
show lag
LoadBalancing:src-dst-mac-ip.
GroupID|Type|Ports
1|LACP|Inactive:fa1-32|------|3|------|4|------|5|------|6|------|7|------|8|------|
335
Show Lag
Syntax
show lag
Parameter
None
Default
Nodefaultvaluesforthiscommand.
Mode
Privileged EXEC
Usage
Use“showlag”commandtoshowcurrentLAGloadbalancealgorithmandmembersactive/inactivestatus.
Example
ThisexampleshowshowtoshowcurrentLAGstatus.
Switch#
show lag
LoadBalancing:src-dst-mac-ip.
336
GroupID|Type|Ports
1|LACP|Inactive:fa1-32|------|3|------|4|------|5|------|6|------|7|------|8|------|
338
LLDP
Syntax
lldp
nolldp
Default
lldp
Mode
GlobalConfiguration
Usage
The“lldp”commandgloballyenablestheLLDPRX/TXability.The“nolldprun”commanddisablestheLLDPRX/TXabilityandthebehaviorwhenreceivingaLLDPPDUwouldthenbedecidedbythe“lldplldpdu”command.TheLLDPenablingstatusisdisplayedbythe“showlldp”command.
Example
ThefollowingexamplesetsLLDPenable/disable.
Switch121212(config)#
showlldp
339
Switch121212(config)#
lldp
State:Enabled
Timer:30Seconds
Holdmultiplier:4
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
Switch121212(config)#
nolldpSwitch121212(config)# showlldp
State:Disabled
Timer:30Seconds
Holdmultiplier:4
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
340
LLDP Tx-Interval
Syntax
lldptx-interval<5-32768>
Parameter
<5-32768>SpecifytheLLDPPDUTXintervalinunitofsecond.
Default
lldptx-interval30
Mode
GlobalConfiguration
Usage
ThiscommandgloballyconfigurestheLLDPTXinterval.Itshouldbenoticedthatboth“lldptx-interval”and“lldptx-delay”affectstheLLDPPDUTXtime.ThelargervalueofthetwoconfigurationsdecidestheTXinterval.Theconfigurationcouldbeshownbythe“showlldp”command.
Example
ThisexamplesetsLLDPTXintervalto10seconds.
Switch121212(config)#
lldptx-interval10
341
Switch121212(config)#
showlldp
State:Disabled
Timer:10Seconds
Holdmultiplier:4
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
342
LLDP Reinit-Delay
Syntax
lldpreinit-delay<1-10>
Parameter
<1-10>SpecifytheLLDPre-initialdelaytimeinunitofsecond.
Default
lldp reinit-delay 2
Mode
GlobalConfiguration
Usage
ThiscommandgloballyconfigurestheLLDPre-initialdelay.ThisdelayavoidstheLLDPfromgeneratingtoomanyPDUsiftheportisupanddownfrequently.Thedelaystartstocountdownwhentheportlinksdown.TheportwouldnotgenerateaLLDPPDUuntilthedelaycountstozero.Theconfigurationcouldbeshownbythe“showlldp”command.
Example
ThisexamplesetsLLDPre-initialdelayto5seconds.
Switch121212(config)#
lldpreinit-delay5
343
Switch121212(config)#
showlldp
State:Disabled
Timer:10Seconds
Holdmultiplier:4
Reinitdelay:5Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
344
LLDP Holdtime-Multiplier
Syntax
lldpholdtime-multiplier<2-10>
Parameter
<2-10>SpecifytheLLDPholdtimemultiplier.
Default
lldpholdtime-multiplier4
Mode
GlobalConfiguration
Usage
ThiscommandgloballyconfigurestheLLDPPDUholdmultiplierthatdecidesthetime-to-live(TTL)valuesentinLLDPadvertisements:TTL=(txinterval*holdtime-multiplier).Theconfigurationcouldbeshownbythe“showlldp”command.
Example
ThisexamplesetsLLDPholdtimemultiplierto3.
Switch121212(config)#
lldpholdtime-multiplier3
345
Switch121212(config)#
showlldp
State:Disabled
Timer:10Seconds
Holdmultiplier:3
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
346
LLDP Tx-Delay
Syntax
lldptx-delay<1-8192>
Parameter
<1-8192>SpecifytheLLDPtxdelayinunitofseconds.
Default
lldp tx-delay 2
Mode
GlobalConfiguration
Usage
ThiscommandgloballyconfiguresthedelayinsecondsbetweensuccessiveLLDPframetransmissions.ThedelaystartstocountinanycasethataLLDPPDUissentby,suchasaLLDPPDUadvertiseroutine,LLDPPDUcontentchange,portlinkup,etc.Theconfigurationcouldbeshownbythe“showlldp”command.
Example
ThisexamplesetsLLDPPDUTXdelayto10.
Switch121212(config)#
lldptx-delay10
347
Switch121212(config)#
showlldp
State:Disabled
Timer:10Seconds
Holdmultiplier:4
Reinitdelay:2Seconds
Txdelay:10Seconds
LLDPpackethandling:Flooding
348
LLDP TLV-Select
Syntax
lldptlv-selectTLV[TLV][TLV][TLV][TLV][TLV][TLV][TLV]
nolldptlv-select
Parameter
TLVSpecifytheselectedoptionalTLV.AvailableoptionalTLVsare:sys-name(systemname),sys-desc(systemdescription),sys-cap(systemcapability),mac-phy(802.3MAC-PHY),lag(802.3linkaggregation),maxframe-size(802.3maxframesize),andmanagementaddr(managementaddress).
Default
nolldptlv-select
Mode
PortConfiguration
Usage
ThiscommandperportconfigurestheselectedTLVattachinginPDU.The“nolldptlv-select”commandwouldremoveallselectedTLVs.Theconfigurationcouldbeshownbythe“showlldp”command.
Example
Thisexampleselectsthesystemname,systemdescription,systemcapability,802.3MAC-PHY,802.3linkaggregation,802.3maxframesize,andmanagementaddressTLVsforinterfacesfa1andfa3.
349
Switch121212(config)#
interfacerangefa1,3
Switch121212(config-if-range)#
lldptlv-selectport-descsys-namesys-descsys-capmac-phylagmax-frame-sizemanagement-addr
Switch121212(config-if-range)#
exit
Switch121212(config)#
showlldpinterfacesfa1,3
State:Disabled
Timer:10Seconds
Holdmultiplier:3
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
Port|State|OptionalTLVs|Address
fa1|RX,TX|PD,SN,SD,SC|192.168.1.254
fa3|RX,TX|PD,SN,SD,SC|192.168.1.254
PortID:fa1
350
802.3optionalTLVs:802.3-mac-phy,802.3-lag,802.3-max-frame-size,
management-addr
802.1optionalTLVs
PVID:Enabled
PortID:fa3
802.3optionalTLVs:802.3-mac-phy,802.3-lag,802.3-max-frame-size,
management-addr
802.1optionalTLVs
PVID:Enabled
351
LLDP TLV-Select PVIDSyntax
lldptlv-selectpvid(disable|enable)
Parameter
(disable|enable)SpecifiestheLLDP802.1PVIDTLVattachenablestatus.
Default
lldptlv-selectpvidenable
Mode
PortConfiguration
Usage
Thiscommandperportconfiguresthe802.1PVIDTLVattachenablestatus.Theconfigurationcouldbeshownbythe“showlldp”command.
Example
Thisexamplesetstheportgi1PVIDTLVattachstatustodisabledandtheportgi2toenabled.
Switch121212(config)#
interface gi1
Switch121212(config-if-range)#
lldptlv-selectpviddisable
352
Switch121212(config-if-range)#
exit
Switch121212(config)#
interface gi2
Switch121212(config-if-range)#
lldptlv-selectpvidenable
Switch121212(config-if-range)#
exit
Switch121212(config)#
showlldpinterfacesgi1,gi2
State:Disabled
Timer:10Seconds
Holdmultiplier:3
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
353
Port|State|OptionalTLVs|Address
gi1|RX,TX||192.168.1.254
gi2|RX,TX||192.168.1.254
PortID:gi1
802.3optionalTLVs:
802.1optionalTLVs
PVID:Disabled
PortID:gi2
802.3optionalTLVs:
802.1optionalTLVs
PVID:Enabled
354
LLDP TLV-Select VLAN-Name
Syntax
lldptlv-selectvlan-name(add|remove)VLAN-LIST
Parameter
(add|remove) SpecifiestoaddorremoveVLANlistforLLDP802.1VLAN-NAMETLV.VLAN-LIST SpecifyVLANlist.TheconfiguredportsshouldbememberofallthespecifiedVLANsortheVLAN-
LIST is not valid.
Default
IndefaultnoVLANisadded
Mode
PortConfiguration
Usage
ThecommandsperportconfigurationtoaddorremovetheVLANlistfor802.1VLAN-NAMETLV.Theconfigurationcouldbeshownbythe“showlldp”command
Example
ThisexampleaddsVLAN1,100,4000toVLAN-NAMETLVforportfa10.
355
Switch121212(config)#
vlan100
Switch121212(config-vlan)#
exit
Switch121212(config)#
vlan4000
Switch121212(config-vlan)#
exit
Switch121212(config)#
interfacefa10
Switch121212(config-if-range)#
switchporttrunkallowedvlanaddall
Switch121212(config-if-range)#
lldptlv-selectpvidenable
Switch121212(config-if-range)#
exit
Switch121212(config)#
showlldpinterfacesgi1,gi2
State:Disabled
356
Timer:10Seconds
Holdmultiplier:3
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
Port|State|OptionalTLVs|Address
gi1|RX,TX||192.168.1.254
gi2|RX,TX||192.168.1.254
PortID:gi1
802.3optionalTLVs:
802.1optionalTLVs
PVID:Disabled
PortID:gi2
802.3optionalTLVs:
802.1optionalTLVs
PVID:Enabled
357
LLDP LLDPDU
Syntax
lldplldpdu(filtering|flooding|bridging)
Parameter
(filtering|flooding|bridging)SpecifiesthatwhenLLDPisgloballydisabled,receivedLLDPpacketsarefiltered(dropped),flooded(forwardedtoallinterfaces)orbridged(floodedtoVLANmemberports).
Default
lldplldpduflooding
Mode
GlobalConfiguration
Usage
ThiscommandgloballyconfigurestheLLDPPDUhandlingbehaviorwhenLLDPisgloballydisabled.ItshouldbenotedthatifLLDPisgloballyenabledandtheperportLLDPRXstatusisconfiguredtodisabled,thereceivedLLDPPDUwouldbedroppedinsteadoftakingthegloballydisabledbehavior.Theconfigurationcouldbeshownbythe“showlldp”command.
358
Example
ThisexamplesetsLLDPdisableactiontobridging.
Switch121212(config)#
lldplldpdubridging
Switch121212(config)#
showlldp
State:Enabled
Timer:30Seconds
Holdmultiplier:4
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Bridging
359
LLDP Rx LLDP Tx
Syntax
lldprx
nolldprx
lldptx
nolldptx
Default
lldprx
lldptx
Mode
PortConfiguration
Usage
ThecommandsperportconfigurestheLLDPPDURXandTXability.Theconfigurationcouldbeshownbythe“showlldp”command.
Example
Thisexamplesetsportfa1toenableLLDPRXandTX,portfa2todisableRXbutenableTX,portfa3toenableRXbutdisableTX,portfa4todisableRXandTX.
360
Switch121212(config)#
interface fa1
Switch121212(config-if)#
lldprx
Switch121212(config-if)#
lldptx
Switch121212(config-if)#
exit
Switch121212(config)#
interface fa2
Switch121212(config-if)#
nolldprx
Switch121212(config-if)#
lldptx
Switch121212(config-if)#
exit
Switch121212(config)#
interface fa3
361
Switch121212(config-if)#
lldprx
Switch121212(config-if)#
nolldptx
Switch121212(config-if)#
exit
Switch121212(config)#
interfacefa4
Switch121212(config-if)#
nolldprx
Switch121212(config-if)#
nolldptx
Switch121212(config-if)#
exit
Switch121212(config)#
showlldpinterfacesfa1-4
State:Enabled
Timer:30Seconds
362
Holdmultiplier:4
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Bridging
Port|State|OptionalTLVs|Address
fa1|RX,TX||192.168.1.254
fa2|TX||192.168.1.254
fa3|RX||192.168.1.254
fa4|Disable||192.168.1.254
363
LLDP Med
Syntax
lldpmed
nolldpmed
Default
lldpmed
Mode
PortConfiguration
Usage
ThecommandsperportconfigurestheLLDPMEDenablestatus.IfLLDPMEDisenabled,theLLDPMEDcapabilityTLVandotherselectedMEDTLVwouldbeattached.Theconfigurationcouldbeshownbythe“showlldpmed”command.
Example
Thisexamplesetsportsfa1-4toenableLLDPMEDandportsfa5-8todisableLLDPMED.
Switch121212(config)#
interfacerangefa1-4
Switch121212(config-if)#
lldpmed
364
Switch121212(config-if)#
exit
Switch121212(config)#
interfacerangefa5-8
Switch121212(config-if)#
nolldpmed
Switch121212(config-if)#
exit
Switch121212(config)#
showlldpinterfacesfa1-8med
Port|Capabilities|NetworkPolicy|Location|Inventory|POE
fa1|Yes|Yes|No|No|No
fa2|Yes|Yes|No|No|No
fa3|Yes|Yes|No|No|No
fa4|Yes|Yes|No|No|No
fa5|No|Yes|No|No|No
fa6|No|Yes|No|No|No
fa7|No|Yes|No|No|No
366
LLDP Med TLV-Select
Syntax
lldpmedtlv-selectMEDTLV[MEDTLV][MEDTLV][MEDTLV]
nolldpmedtlv-select
Parameter
MEDTLVMEDoptionalTLV.AvailableoptionalTLVsare:network-policy,location,poe-pse,inventory.
Default
lldpmedtlv-selectnetwork-policy
Mode
PortConfiguration
Usage
ThecommandsperportconfigurestheLLDPMEDTLVselection.The“nolldpmedtlv-select”commandwouldremoveallselectedMEDTLVsoverthededicatedports.ItshouldbenotedthatevenifnoMEDTLVisselected,theMEDcapabilityTLVwouldbeattachedifaLLDPMEDisenable.Theconfigurationcouldbeshownbythe“showlldpmed”command.
Example
Thisexamplesetsportsfa1-2toselecttheLLDPMEDnetworkpolicy,location,POE-PSE,inventoryTLVs,andsetsportsfa3-4todeselectallLLDPMEDTLVs.
367
Switch121212(config)#
interfacerangefa1-2
Switch121212(config-if)#
lldpmedtlv-selectnetwork-policylocationpoe-pseinventory
Switch121212(config-if)#
exit
Switch121212(config)#
interfacerangefa3-4
Switch121212(config-if-range)#
nolldpmedtlv-select
Switch121212(config-if-range)#
exit
Switch121212(config)#
showlldpinterfacesfa1-4med
Port|Capabilities|NetworkPolicy|Location|Inventory|POE
fa1|Yes|Yes|Yes|Yes|Yes
fa2|Yes|Yes|Yes|Yes|Yes
fa3|Yes|No|No|No|No
369
LLDP Med Fast-Start-Repeat-Count
Syntax
lldpmedfast-start-repeat-count<1-10>
Parameter
<1-10>LLDPPDUfaststartTXrepeatcounts.
Default
lldpmedfast-start-repeat-count3
Mode
GlobalConfiguration
Usage
ThecommandsgloballyconfigurestheLLDPPDUfaststartTXrepeatcount.Whentheportlinksareup,itwillsendaLLDPPDUimmediatelytonotifythelinkpartner.ThenumberofLLDPPDUssentwhenitlinksupdependsonthefast-start-repeat-countconfiguration.TheLLDPPDUfast-starttransmitsinintervalsofonesecond.ThefaststartbehaviorworksnomatterwhethertheLLDPMEDisenabledornot.Theconfigurationcouldbeshownbythe“showlldpmed”command.
Example
Thisexamplesetsfaststartrepeatcountto10.
Switch121212(config)#
lldpmedfast-start-repeat-count10
371
LLDP Med Network-Policy
Syntax
lldpmednetwork-policy<1-32>app(voice|voice-signaling|guestvoice|guest-voice-signaling|softphone-voice|
video-conferencing|streaming-video|video-signaling)vlan<1-4094>vlantype
(tag|untag)priority<0-7>dscp<0-63>
nolldpmednetwork-policy<1-32>
Parameter
<1-32> Specifythenetworkpolicyindex(voice|voicesignaling| guest-voice| guest-voicesignaling| softphonevoice| videoconferencing| streamingvideo| video-signaling)
Specifythenetworkpolicyapplicationtype.
<1-4094> SpecifytheVLANID
(tag|untag) SpecifytheVLANtagstatus<0-7> SpecifytheL2priority
<0-63> SpecifytheDHCPvalue
Default
Indefaultallnetworkpolicyarecleared.
Mode
GlobalConfiguration
372
Usage
ThecommandgloballyconfigurestheLLDPMEDnetworkpolicytable.The“lldpmednetwork-policy”commandcreatesanetworkpolicyentrythatcanbeboundtoports.IftheLLDPMEDnetworkpolicyvoiceautomodeisenabled,the“voice”typenetworkpolicycannotbecreatedsinceitisinautomode.The“nolldpmednetwork-policy”commandclearsthenetworkpolicyentryofthespecifiedindex.Anetworkpolicycanbeclearedonlywhenitisnotboundtoanyport.Thenetworkpolicytableconfigurationcouldbeshownbythe“showlldpmed”command.
Example
Thisexamplecreates2networkpolicies.
Switch121212(config)#
lldpmednetwork-policy1appvoice-signalingvlan2
vlan-typetagpriority3dscp4
Switch121212(config)#
lldpmednetwork-policy32appvideo-conferencing
vlan5vlan-typetagpriority1dscp63
Switch121212(config)#
showlldpmed
FastStartRepeatCount:10
lldpmednetwork-policyvoice:auto
373
Network policy 1
Applicationtype:VoiceSignaling
VLANID:2tagged
Layer2priority:3
DSCP:4
Network policy 32
Applicationtype:Conferencing
VLANID:5tagged
Layer2priority:1
DSCP:63
374
LLDP Med Network-Policy Add|Remove
Syntax
lldpmednetwork-policy(add|remove)<1-32>
Parameter
(add | remove) Addorremovenetworkpolicybindingforports.<1-32> Specifythenetworkpolicyindex
Default
lldpmedfast-start-repeat-count3
Mode
PortConfiguration
Usage
Thecommandperportconfiguresthenetworkpolicybindingforportinterface.Theboundnetworkpolicyofoneportshouldbeconfiguredwithdifferenttypes.IfanetworkpolicyTLVisselectedoveraport,theboundnetworkpolicieswouldbeattachedinLLDPMEDPDU.Theconfigurationofnetworkpolicybindingcouldbeshownbythe“showlldpmed”command.
375
Example
Thisexamplebindsnetworkpolicyforinterfacefa1andfa2.
Switch121212(config)#
showlldpmed
FastStartRepeatCount:10
lldpmednetwork-policyvoice:auto
Network policy 1
Applicationtype:VoiceSignaling
VLANID:2tagged
Layer2priority:3
DSCP:4
Network policy 32
Applicationtype:Conferencing
VLANID:5tagged
Layer2priority:1
DSCP:63
Switch121212(config)#
interfacerangefa1,2
376
Switch121212(config-if-range)#
lldpmednetwork-policyadd1,32
Switch121212(config)#
showlldpinterfacesfa1,2med
Port|Capabilities|NetworkPolicy|Location|Inventory|POE
fa1|Yes|Yes|Yes|Yes|Yes
fa2|Yes|Yes|Yes|Yes|Yes
PortID:fa1
Networkpolicies:1,32
PortID:fa2
Networkpolicies:1,32
377
LLDP Med Network-Policy Auto
Syntax
lldpmednetwork-policyauto
nolldpmednetwork-policyauto
Default
lldpmednetwork-policyauto
Mode
GlobalConfiguration
Usage
Thecommandgloballyconfiguresthenetworkpolicyvoiceautomodeenablingstatus.Invoiceautomode,ifanetwork-policyTLVisselected,avoicetypenetworkpolicywouldbeattachedtoaPDUforwhichthecontentscomefromvoiceVLANconfiguration.ThisworksforavoiceVLANmoduletoexchangevoiceVLANinformationwithalinkpartner.Ifthevoiceautomodeisenabled,ausercannotmanuallycreateavoicetypenetworkpolicy;ifavoicetypenetworkpolicyiscreated,thevoiceautomodecannotbeenabled.Theconfigurationofnetworkpolicyautomodecouldbeshownbythe“showlldp med” command.
378
Example
Thisexamplesetsthenetworkpolicyautomodetoenabledandthentodisabled.
Switch121212(config)#
lldpmednetwork-policyauto
Switch121212(config)#
showlldpmed
FastStartRepeatCount:10
lldpmednetwork-policyvoice:auto
Switch121212(config)#
nolldpmednetwork-policyauto
Switch121212(config)#
showlldpmed
FastStartRepeatCount:10
lldpmednetwork-policyvoice:manual
379
LLDP Med Location
Syntax
lldpmedlocation(coordination|civic-address|ecs-elin)ADDR
nolldpmedlocation(coordination|civic-address|ecs-elin)
Parameter
(coordination | civic-address | ecselin) Locationtypetobeconfigured.“ecs-elin”isabbreviationofemergencycallservice–emergencylocationidentifiernumber
ADDR Specifythelocationdata.Inputformatishexadecimalvalueswithoutcolon(forexample:1234AB).Forcoordinationlocationtype,thelengthofADDRis16bytes.Forcivic-address,thelengthis6to160bytes.Forecs-elin,thelengthis10to25bytes.
Default
Indefaultalllocationsarecleared
Mode
PortConfiguration
Usage
ThecommandperportconfigurestheLLDPMEDlocationdata.The“nolldpmedlocation”commandclearsthelocationdata.The“coordinate”,“civicaddress”,“ecs-elin”locationsareindependent,soatmostthreelocationTLVscouldbesentiftheirdataarenotempty.Theconfigurationofthelocationcouldbeshownbythe“showlldpinterfacePORTmed”command.
380
Example
Thisexamplesetsthelocationdataforinterfacefa1.
Switch121212(config)#
interface fa1
Switch121212(config-if)#
lldpmedlocationcoordinate112233445566778899AABBCCDDEEFF00
Switch121212(config-if)#
lldpmedlocationcivic-address112233445566
Switch121212(config-if)#
lldpmedlocationecs-elin112233445566778899AA
Switch121212(config)#
showlldpinterfacesfa1med
Port|Capabilities|NetworkPolicy|Location|Inventory|POE
fa1|Yes|Yes|Yes|Yes|Yes
PortID:fa1
Networkpolicies:1,32
Location:
Coordinates:112233445566778899AABBCCDDEEFF00
382
Show LLDP
Syntax
showlldp
showlldpinterfaceIF_NMLPORTS
Parameter
IF_NMLPORTSSpecifytheportstodisplayinformation
Default
Thiscommandhasnodefaultvalue.
Mode
Privileged,GlobalConfiguration
Usage
The“showlldp”and“showlldpinterface”commanddisplaysLLDPglobalinformationincludingtheLLDPenablingstatus,LLDPPDUTXinterval,holdtimemultiplier,re-initialdelay,TXdelay,andLLDPpackethandlingwhenaLLDPisdisabled.Theperport informationdisplayedincludestheportLLDPRX/TXenablingstatusandtheselectedTLVtoTXandIPaddress.TheabbreviationsintheoptionalTLVsare:portdescription(PD),systemname(SN),systemdescription(SD),andsystemcapability(SC).
383
Example
Thisexampledisplayslldpinformationofportfa1andgi1
Switch121212#
showlldpinterfacesfa1,gi1
State:Disabled
Timer:30Seconds
Holdmultiplier:4
Reinitdelay:2Seconds
Txdelay:2Seconds
LLDPpackethandling:Flooding
Port|State|OptionalTLVs|Address
fa1|RX,TX|PD,SN,SD,SC|192.168.1.254
gi1|RX,TX||192.168.1.254
PortID:fa1
802.3optionalTLVs:802.3-mac-phy,802.3-lag,802.3-max-frame-size,
management-addr
802.1optionalTLVs
PVID:Enabled
385
Show LLDP Local-Device
Syntax
showlldplocal-device
showlldpinterfacesIF_NMLPORTSlocal-device
Parameter
IF_NMLPORTSSpecifytheportstodisplayinformation
Default
Thereisnodefaultconfigurationforthiscommand.
Mode
Privileged,GlobalConfiguration
Usage
ThecommandsshowthelocalconfigurationofLLDPPDU.Bythecommands,ausercanviewthecontentsofLLDP/LLDP-MEDTLVsthatwouldbeattachedinLLDPPDU.
386
Example
Thisexampledisplaythelocaldeviceinformation.
Switch121212(config)#
showlldplocal-device
LLDPLocalDeviceInformation:
ChassisType:MacAddress
ChassisID:00:12:12:12:12:12
SystemName:Switch121212
SystemDescription:
SystemCapabilitiesSupport:Bridge
SystemCapabilitiesEnable:Bridge
ManagementAddress:192.168.1.254(IPv4)
Switch121212(config)#
showlldpinterfacesfa1local-device
DeviceID:00:12:12:12:12:12
PortID:fa1
SystemName:Switch121212
Capabilities:Bridge
387
Systemdescription:
Portdescription:
Managementaddress:192.168.1.254
TimeToLive:120
802.3MAC/PHYConfigur/Status
Auto-negotiationsupport:Supported
Auto-negotiationstatus:Enabled
Auto-negotiationAdvertisedCapabilities:10BASE-Thalfduplex,10BASET
fullduplex,100BASE-TXhalfduplex,100BASE-TXfullduplex
OperationalMAUtype:Otherorunknown
802.3LinkAggregation
Aggregationcapability:Capableofbeingaggregated
Aggregationstatus:Notcurrentlyinaggregation
AggregationportID:0
802.3MaximumFrameSize:1522
802.1PVID:1
LLDP-MEDcapabilities:Capabilities,NetworkPolicy,Location,Extended
PSE,Inventory
388
LLDP-MEDDevicetype:NetworkConnectivity
LLDP-MEDNetworkpolicy
Applicationtype:VoiceSignaling
Flags:UnknownPolicy
VLANID:2
Layer2priority:3
DSCP:4
LLDP-MEDNetworkpolicy
Applicationtype:Conferencing
Flags:UnknownPolicy
VLANID:5
Layer2priority:1
DSCP:63
Hardwarerevision:1123
Firmwarerevision:2.5.0-beta.32801
Softwarerevision:2.5.0-beta.32801
Serialnumber:abc
ManufacturerName:
389
Modelname:
AssetID:
LLDP-MEDLocation
Coordinates:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00
Civic-address:11:22:33:44:55:66
Ecs-elin:11:22:33:44:55:66:77:88:99:AA
390
Show LLDP Neighbor
Syntax
showlldpneighbor
showlldpinterfacesIF_NMLPORTSneighbor
Parameter
IF_NMLPORTSSpecifytheportstodisplayinformation
Default
Thereisnodefaultconfigurationforthiscommand
Mode
Privileged,GlobalConfiguration
Usage
WhenaLLDPPDUisreceivedonLLDPRXenabledports,thesystemwouldstorethePDUinformationinadatabaseuntilthetimetoliveofthePDUcountsdowntozero.ThecommanddisplaysthereceivedneighborLLDPPDUinformation.
Example
Thisexampledisplaytheneighborinformation.
Switch121212(config)#
showlldpneighbor
391
Port|DeviceID|PortID|SysName|Capabilities|TTL
fa3|00:12:12:12:12:12|fa1|Switch121212|Bridge|111
fa11|TREEBASE|00:1A:4D:26:EB:E8|TREEBASE|Station
Only | 33
Switch121212(config)#
showlldpinterfacesfa3neighbor
DeviceID:00:12:12:12:12:12
PortID:fa1
SystemName:Switch121212
Capabilities:Bridge
Systemdescription:
Portdescription:
Managementaddress:192.168.1.254
TimeToLive:98
802.3MAC/PHYConfigur/Status
Auto-negotiationsupport:Supported
Auto-negotiationstatus:Enabled
Auto-negotiationAdvertisedCapabilities:10BASE-Thalfduplex,10BASET
392
fullduplex,100BASE-TXhalfduplex,100BASE-TXfullduplex
OperationalMAUtype:100BASE-TXfullduplexmode
802.3LinkAggregation
Aggregationcapability:Capableofbeingaggregated
Aggregationstatus:Notcurrentlyinaggregation
AggregationportID:0
802.3MaximumFrameSize:1522
802.1PVID:1
LLDP-MEDcapabilities:Capabilities,NetworkPolicy,Location,Extended
PSE,Inventory
LLDP-MEDDevicetype:NetworkConnectivity
LLDP-MEDNetworkpolicy
Applicationtype:VoiceSignaling
Flags:UnknownPolicy
VLANID:2
Layer2priority:3
DSCP:4
LLDP-MEDNetworkpolicy
393
]Applicationtype:Conferencing
Flags:UnknownPolicy
VLANID:5
Layer2priority:1
DSCP:63
LLDP-MEDPoweroverEthernet
DeviceType:PowerSourcingEntity
PowerSource:PrimaryPowerSource
Powerpriority:Low
Powervalue:13.0Watts
Hardwarerevision:1123
Firmwarerevision:2.5.0-beta.32801
Softwarerevision:2.5.0-beta.32801
Serialnumber:abc
ManufacturerName:
Modelname:
AssetID:
LLDP-MEDLocation
394
Coordinates:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00
Civic-address:11:22:33:44:55:66
Ecs-elin:11:22:33:44:55:66:77:88:99:AA
395
Show LLDP Med
Syntax
showlldpmed
showlldpinterfacesIF_NMLPORTSmed
Parameter
IF_NMLPORTSSpecifytheportstodisplayinformation
Default
Thereisnodefaultconfigurationforthiscommand
Mode
Privileged,GlobalConfiguration
Usage
ThecommandsdisplaystheLLDPMEDconfigurationinformation
Example
ThisexampledisplaytheLLDPMEDinformation.
Switch121212(config)#
showlldpmed
396
FastStartRepeatCount:10
lldpmednetwork-policyvoice:manual
Network policy 1
Applicationtype:VoiceSignaling
VLANID:2tagged
Layer2priority:3
DSCP:4
Network policy 32
Applicationtype:Conferencing
VLANID:5tagged
Layer2priority:1
DSCP:63
Port|Capabilities|NetworkPolicy|Location|Inventory|POE
fa1|Yes|Yes|Yes|Yes|Yes
fa2|Yes|Yes|Yes|Yes|Yes
fa3|Yes|No|No|No|No
fa4|Yes|No|No|No|No
fa5|No|Yes|No|No|No
397
fa6|No|Yes|No|No|No
fa7|No|Yes|No|No|No
fa8|No|Yes|No|No|No
fa9|Yes|Yes|No|No|No
fa10|Yes|Yes|No|No|No
fa11|Yes|Yes|No|No|No
fa12|Yes|Yes|No|No|No
fa13|Yes|Yes|No|No|No
fa14|Yes|Yes|No|No|No
fa15|Yes|Yes|No|No|No
fa16|Yes|Yes|No|No|No
fa17|Yes|Yes|No|No|No
fa18|Yes|Yes|No|No|No
fa19|Yes|Yes|No|No|No
fa20|Yes|Yes|No|No|No
fa21|Yes|Yes|No|No|No
fa22|Yes|Yes|No|No|No
fa23|Yes|Yes|No|No|No
fa24|Yes|Yes|No|No|No
398
gi1|Yes|Yes|No|No|No
gi2|Yes|Yes|No|No|No
gi3|Yes|Yes|No|No|No
gi4|Yes|Yes|No|No|No
Switch121212(config)#
showlldpinterfacesfa1med
Port|Capabilities|NetworkPolicy|Location|Inventory|POE
fa1|Yes|Yes|Yes|Yes|Yes
PortID:fa1
Networkpolicies:1,32
Location:
Coordinates:112233445566778899AABBCCDDEEFF00
Civic-address:112233445566
Ecs-elin:112233445566778899AA
Switch121212(config)#
399
Show LLDP Statistics
Syntax
showlldpstatistics
showlldpinterfacesIF_NMLPORTSstatistics
Parameter
IF_NMLPORTSSpecifytheportstodisplayinformation
Default
Thereisnodefaultconfigurationforthiscommand
Mode
Privileged,GlobalConfiguration
Usage
ThecommanddisplaystheLLDPRX/TXstatistics.
Example
ThisexampledisplaytheLLDPstatistics.
witch121212(config)#
showlldpstatistics
400
LLDPGlobalStatistics:
Insertions:3
Deletions:0
Drops:0
AgeOuts:1
|TXFrames|RXFrames|RXTLVs|RXAgeouts
Port | Total | Total | Discarded | Errors | Discarded | Unrecognized |
Total
fa1|50|0|0|0|0|0|0
fa2|0|0|0|0|0|0|0
fa3|0|50|0|0|0|0|1
fa4|0|0|0|0|0|0|0
fa5|0|0|0|0|0|0|0
fa6|0|0|0|0|0|0|0
fa7|0|0|0|0|0|0|0
fa8|0|0|0|0|0|0|0
fa9|0|0|0|0|0|0|0
fa10|0|0|0|0|0|0|0
401
fa11|3377|10129|0|0|0|0|0
fa12|0|0|0|0|0|0|0
fa13|0|0|0|0|0|0|0
fa14|0|0|0|0|0|0|0
fa15|0|0|0|0|0|0|0
fa16|0|0|0|0|0|0|0
fa17|0|0|0|0|0|0|0
fa18|0|0|0|0|0|0|0
fa19|0|0|0|0|0|0|0
fa20|0|0|0|0|0|0|0
fa21|0|0|0|0|0|0|0
fa22|0|0|0|0|0|0|0
fa23|0|0|0|0|0|0|0
fa24|0|0|0|0|0|0|0
gi1|3377|0|0|0|0|0|0
gi2|3377|0|0|0|0|0|0
gi3|0|0|0|0|0|0|0
gi4|0|0|0|0|0|0|0
402
Switch121212(config)#
showlldpinterfacesfa1statistics
LLDPPortStatistics:
|TXFrames|RXFrames|RXTLVs|RXAgeouts
Port | Total | Total | Discarded | Errors | Discarded | Unrecognized |
Total
fa1|51|0|0|0|0|0|0
403
Show LLDP TLV-Overloading
Syntax
showlldpinterfacesIF_NMLPORTStlvs-overloading
Parameter
IF_NMLPORTSSpecifytheportstodisplayinformation
Default
Thereisnodefaultconfigurationforthiscommand.
Mode
Privileged,GlobalConfiguration
Usage
TheLLDPPDUiscomposedbyTLVsandaselectednumberTLVsmaycomposealargePDUthatthesystemcannothandle.ThemaximumPDUlengthistotakethesmallerjumboframesizeminus30bytes(30byteskeptforaheader)or1488bytes.ThecommanddisplaysthelengthofLLDPTLVsandifaTLVoverloadsthePDUlengththentheTLVswithastatusmarked“overload”wouldnotbetransmitted.
Example
ThisexampledisplaytheLLDPTLVsoverloadingstatusofportfa1.
Switch121212(config)#
showlldpinterfacesfa1tlvs-overloading
404
fa1:
TLVsGroup|Bytes|Status
Mandatory | 21 | Transmitted
LLDP-MEDCapabilities|9|Transmitted
LLDP-MEDLocation|53|Transmitted
LLDP-MEDNetworkPolicies|20|Transmitted
LLDP-MEDPOE|9|Transmitted
802.3|30|Transmitted
Optional|38|Transmitted
LLDP-MEDInventory|97|Transmitted
802.1|8|Transmitted
Total:285bytes
Left:1203bytes
406
Logging
Syntax
logging
no logging
Parameter
None
Default
logging
Mode
GlobalConfiguration
Usage
Enable/Disable the logging service.
Logging
Enabletheloggingservice.Itistheglobaloptionfortheloggingservice.Thestatusoftheloggingserviceisavailablefrom the command “show logging”.
No logging
Disabletheloggingservice.Whentheloggingserviceisdisabled,allmessageswillstoploggingtothesystem.
407
Show logging
Displaythegloballoggingstatus.Itwillshowtheloggingconfigurationofthe
system,includingthegloballoggingstatus,andthelistsofloggingservices.
Example
Switch(config)#
show logging
Switch(config)#
no logging
Switch(config)#
show logging
Logging service is disabled
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
buffered|enabled|||emerg,alert,crit,error,warning,notice,info
Switch(config)#
logging
Switch(config)#
show logging
Logging service is enabled
408
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
buffered|enabled|||emerg,alert,crit,error,warning,notice,info
409
Logging Flash|Buffered
Syntax
logging(flash|buffered)[severity<0-7>]
nologging(flash|buffered)
Parameter
flash Specifyloggingtoflash.buffer SpecifyloggingtoRAM.
severity Specifytheminimumseveritymaskofloggingmessage.
Default
loggingbuffered
nologgingflash
Parameter:
severity6:(emerg,alert,crit,error,warning,notice,info)
Mode
GlobalConfiguration
410
Usage
Enable/DisablethelocalcapabilitytologmessagestoRAM/flashwiththeminimumseverity.Theminimumseverityvalueis“6”,includingmessagesofseverityemergency,alert,critical,error,warning,notice,andinfo.
Logging flash
Enablesthecapabilitytologmessagetoflash.Thedefaultminimumseverityis6.Whentheserviceisenabled,messageswillstarttobeloggedtotheflash.Allloggingmessageswillbesavedwhenthesystemshutsdown.Onlywhenthelocalloggingcapabilityofflashisenabledwillthestatusofloggingtheflashservicewillbeshownbythecommand“showlogging”.
Logging buffered
Enablesthecapabilityto logmessagestoRAM.Thedefaultminimumseverity is6.Whentheservice isenabled,themessageswillstarttobeloggedtoRAM.Allloggingmessagewillbelostwhenthesystemshutsdown.
No logging flash
Disablesthecapabilitytologmessagestoflash.Oncetheloggingcapabilityofflashisdisabled,thestatusofloggingtheflashservicewillberemovedfromtheservicelistshownbythecommand“showlogging”.
No logging buffered
DisablesthecapabilitytologmessagestoRAM.
Show logging
Displaystheloggingstatus.Itwillshowtheloggingconfigurationofthesystem,includingthegloballoggingstatusandthelistsofloggingservices.Whenthelocalloggingcapabilityisenabled,thestatusofthelocallogging(flashorbuffered)willbeshownbythecommand“showlogging”;Otherwise,theloggingentrywillberemovedfromtheservicelist.
411
Example
Switch(config)#
show logging
Logging service is enabled
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
buffered|enabled|||emerg,alert,crit,error,warning,notice,info
Switch(config)#
nologgingbuffer
Switch(config)#
show logging
Logging service is enabled
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
Switch(config)#
loggingbuffered
Switch(config)#
loggingflashseverity5
Switc(config)h#
show logging
412
Logging service is enabled
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
buffered|enabled|||emerg,alert,crit,error,warning,notice,info
flash|enabled|||emerg,alert,crit,error,warning,notice
413
Logging Host
Syntax
logginghost<ip-addr>[port<0-65535>][severity<0-7>][facility(local0|local1|local2|local3|local4|local5|local6|local7)]
nologging<ip-addr>
Parameter
ip-addr SpecifytheIPaddressofremoteloggingserver.port Specifytheportnumberofremoteloggingserver.
severity Specifytheminimumseveritymaskofloggingmessage.facility Specifythefacilityofloggingmessages.
Default
N/A
Parameter:
port514:
severity6:(emerg,alert,crit,error,warning,notice,info)
facility:Local7
Mode
GlobalConfiguration
414
Usage
Enable/Disablethecapabilitytologmessagetotheremotesyslogserver.
Logging host 192.168.1.100
Enablesthecapabilityto logmessagestotheremoteserver.Thedefaultvaluesoftheparameterport is“514”.Theseverityis“6”(emerg,alert,crit,error,warning,notice,info),andthefacilityis“local7”.Allloggingmessageswillbesenttotheremoteserver.Onlywhentheremoteloggingcapabilityisenabledwillthestatusofremoteloggingservicewillbeshownbythecommand“showlogging”.Whenanexistingentryissettwice,theoldsettingwillbereplacedandmodifiedwith the new one.
No logging host 192.168.1.100
Disablesthecapabilitytologmessagestotheremoteserver.Whentheremoteloggingserviceisdisabled,thelogwillnotbesenttotheremotesyslogserver,andthestatusofremoteloggingentrywillberemovedfromservicelistshownby the command “show command”.
Show logging
Displaystheloggingstatus.Itwillshowtheloggingconfigurationofthesystem,includingthegloballoggingstatusandthelistsofloggingservices.Whentheremoteloggingcapabilityisenabled,thestatusofremoteloggingwillbeshownbythecommand“showlogging”.Otherwise,theremoteloggingentrywillberemovedfromtheservicelist.
Example
Switch(config)#
logginghost192.168.1.100
Switch(config)#
logginghost192.168.1.100port2048severity
415
3 facility local1
Switch(config)#s
how logging
Logging service is enabled
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
buffered|enabled|||emerg,alert,crit,error,warning,notice,info
flash|enabled|||emerg,alert,crit,error,warning,notice
host|enabled|192.168.1.100(2048)|local1|emerg,alert,crit,error
Switch(config)#
nologginghost192.168.1.100
Switch(config)#
show logging
Logging service is enabled
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
buffered|enabled|||emerg,alert,crit,error,warning,notice,info
flash|enabled|||emerg,alert,crit,error,warning,notice
416
Show Logging
Syntax
show logging
Parameter
None
Default
None
Mode
Privileged,GlobalConfiguration
Usage
show logging
Shows the logging configuration.The information includes theglobal logging service status, and the list of loggingservice.Statusofthegloballoggingservicecanbedeterminedbythecommand“logging/nologging”.Thelistofloggingservices shows all the active logging services.
Example
Switch(config)#
show logging
Logging service is enabled
417
TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL
buffered|enabled|||emerg,alert,crit,error,warning,notice,info
418
Show Logging Flash|BufferedSyntax
showlogging(flash|buffered)
Parameter
FlashSpecifyshowingthemessagesloggedtoflash.
BufferedSpecifyshowingthemessagesloggedtoRAM.
Default
None
Mode
Privileged,GlobalConfiguration
Usage
Showsthemessagesloggedtoflash/RAM.
Show logging flash
Showsthemessagesloggedtotheflash.Whenthecapabilityoftheserviceisenabled,itwillshowallmessagesloggedtoflash.Allmessageswillbeloggedinaninversechronologicalorder.
Show logging buffered
ShowsthemessagesloggedtoRAM.Whenthecapabilityoftheserviceisenabled,itwillshowallmessagesloggedtoRAM.Logswillbelostafterasystemshutdown.Allmessageswillbeloggedinaninversechronologicalorder.
419
Example
Switch(config)#
showloggingbuffered
Logmessagesinbuffered
NO.|Timestamp|Category|Severity|Message
1|Jan0108:00:57|STP|info|Port1STPportstateissettoForwarding
2|Jan0108:00:42|STP|info|Port1STPportstateissettoLearning
3|Jan0108:00:30|AAA|info|User‘’enterprivilegedmodefromconsolewithlevel‘15’success
4|Jan0108:00:28|AAA|info|User‘’isauthorizedwithprivilegelevel1
5|Jan0108:00:28|AAA|info|User‘’loginfromconsolesuccess
6|Jan0108:00:24|System|info|Sysinfovariable‘resetdefault’issettovalue‘0’
7|Jan0108:00:23|System|notice|SystemStartup!
420
Clear Logging Flash|BufferedSyntax
clearlogging(flash|buffered)
Parameter
flash Specifyclearingthemessagesloggedtoflash.Buffered SpecifyclearingthemessagesloggedtoRAM.
Default
None
Mode
Privileged,GlobalConfiguration
Usage
Clearthemessageloggedtoflash/RAM.
Clear logging flash
Clearthemessagesloggedtoflash.
Clear logging buffered
Clear the messages logged to RAM.
421
Example
Switch#
showloggingbuffered
Logmessagesinbuffered
NO.|Timestamp|Category|Severity|Message
1|Jan0108:00:57|STP|info|Port1STPportstateissettoForwarding
2|Jan0108:00:42|STP|info|Port1STPportstateissettoLearning
3|Jan0108:00:30|AAA|info|User‘’enterprivilegedmodefromconsolewithlevel‘15’success
4|Jan0108:00:28|AAA|info|User‘’isauthorizedwithprivilegelevel1
5|Jan0108:00:28|AAA|info|User‘’loginfromconsolesuccess
6|Jan0108:00:24|System|info|Sysinfovariable‘resetdefault’issettovalue‘0’
7|Jan0108:00:23|System|notice|SystemStartup!
Switch#
clearloggingbuffered
Switch#
showloggingbuffered
Logmessagesinbuffered
NO.|Timestamp|Category|Severity|Message
423
Clear MAC Address-Table
Syntax
clearmacaddress-tabledynamic[interfacesIF_PORTS][vlan<1-4094>]
Parameter
IF_PORTSDeletealldynamicaddressesonthespecifiedinterface.
<1-4094>DeletealldynamicaddressesonthespecifiedVLAN
Default
None
Mode
Privileged EXEC
Usage
Usetheclearmacaddress-tablePrivilegedEXECcommandtodeleteadynamicmacentryonaspecifiedinterfaceorVLAN,oralldynamicmacentriesinamacaddresstable.Youcanverifyyoursettingsbyenteringtheshowmacaddress-table dynamic Privileged EXEC command.
424
Example
ThisexampleshowshowtodeletedynamicMACaddressentriesongi1
switch#
showmacaddress-tabledynamic
VID|MACAddress|Type|Ports
1|00:00:E3:00:00:12|Dynamic|fa11
1|00:14:78:3B:1E:E6|Dynamic|gi1
Totalnumberofentries:2
Switch(config)#clearmacaddress-tabledynamicinterfacesgi1
switch#
showmacaddress-tabledynamic
VID|MACAddress|Type|Ports
1|00:00:E3:00:00:12|Dynamic|fa11
Totalnumberofentries:1
425
MAC Address-Table Aging-Time
Syntax
macaddress-tableaging-time<10-630>
Parameter
<10-630>Specifyagingtimevalueofsecond.
Default
Defaultagingouttimeis300s.
Mode
GlobalConfiguration
Usage
UsetheMACaddress-tableaging-timeGlobalconfigurationcommandtosettheagingtimeoftheaddresstable.YoucanverifyyoursettingsbyenteringtheshowMACaddress-tableagingtimePrivilegedEXECcommand.
Example
Thefollowingexampleshowshowtoconfigurethedynamicmacentryagingouttime.
Switch(config)#
macaddress-tableaging-time100
427
MAC Address-Table Static
Syntax
macaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>interfacesIF_PORTS
nomacaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>
Parameter
A:B:C:D:E:F Destination MAC address (unicast or multicast) to add to the address table. Packets with thisdestinationaddressreceivedinthespecifiedVLANareforwardedtothespecifiedinterface.
<1-4094> SpecifytheVLANforwhichthepacketwiththespecifiedMACaddressisreceived. IF_PORTS Interfacetowhichthereceivedpacket isforwarded.Valid interfaces includephysicalportsand
portchannels.
Default
Nostaticaddressesareconfigured.
Mode
GlobalConfiguration
Usage
Usethemacaddress-tablestaticglobalconfigurationcommandtoaddstaticaddressestotheMACaddresstable.Usethenoformofthiscommandtoremovestaticentriesfromthetable.Youcanverifyyoursettingsbyenteringtheshowmacaddress-tablestaticPrivilegedEXECcommand.
428
Example
ThefollowingexampleshowshowtoaddstaticaddressestotheMACaddresstable.
Switch(config)#
macaddress-tablestatic0:1:2:3:4:5vlan1interfacesfa5
Switch(config)#
macaddress-tablestatic1:6:7:9:a:bvlan100interfacesfa1,fa5,gi1
Switch#
showmacaddress-tablestatic
VID|MACAddress|Type|Ports
1|00:01:02:03:04:05|Static|fa5
100|01:06:07:09:0A:0B|Static|fa1,fa5,gi1
Totalnumberofentries:2
429
MAC Address-Table Drop
Syntax
macaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>drop
nomacaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>
Parameter
A:B:C:D:E:F UnicastsourceordestinationMACaddress.PacketswiththisMACaddressaredropped.<1-4094> SpecifytheVLANforwhichthepacketwiththespecifiedMACaddressisreceived.
Default
UnicastMACaddressfilteringisdisabled.TheswitchdoesnotdroptrafficforspecificsourceordestinationMACaddresses.
Mode
GlobalConfiguration
Usage
Usethemacaddress-tablestaticdropglobal configurationcommandtoenableunicastMACaddressfilteringand toconfiguretheswitchtodroptrafficwithaspecificsourceordestinationMACaddress.Usethenoformofthiscommandtoreturntothedefaultsettings.Youcanverifyyoursettingsbyenteringtheshowmacaddress-tablestaticPrivilegedEXEC command.
430
Example
ThefollowingexampleshowshowtoaddfiltermacaddressestotheMACaddresstable.
Switch(config)#
macaddress-tablestatica:b:c:d:e:fvlan20drop
Switch#
showmacaddress-tablestatic
VID|MACAddress|Type|Ports
1|00:01:02:03:04:05|Static|fa5
100|01:06:07:09:0A:0B|Static|fa1,fa5,gi1
20|0A:0B:0C:0D:0E:0F|Filtering|All
Totalnumberofentries:3
431
Show MAC Address-Table
Syntax
showmacaddress-table[(static|dynamic)][interfacesIF_PORTS][vlan<1-4094>]
showmacaddress-tableA:B:C:D:E:F[vlan<1-4094>]
Parameter
static DisplaysonlydynamicMACaddresstableentries.dynamic DisplaysonlystaticMACaddresstableentries.
IF_PORTS Displaysentries fora specific interface ID.The interface ID canbeoneof the following types:Ethernetportorportchannel.
<1-4094> DisplaysentriesforaspecificVLAN. A:B:C:D:E:F DisplaysentriesforaspecificMACaddress.
Default
None
Mode
Privileged EXEC
Usage
Usetheshowmacaddress-tablecommandinEXECmodetoviewentriesintheMACaddresstable.
432
Example
ThefollowingexampledisplayallMACaddressentriesinmacaddresstable
Switch#
showmacaddress-table
VID|MACAddress|Type|Ports
1|DE:AD:BE:EF:01:02|Management|CPU
1|00:00:E3:00:00:12|Dynamic|fa11
1|00:01:02:03:04:05|Static|fa5
1|00:14:78:3B:1E:E6|Dynamic|gi1
100|01:06:07:09:0A:0B|Static|fa1,fa5,gi1
20|0A:0B:0C:0D:0E:0F|Static|All
Totalnumberofentries:6
ThefollowingexampledisplaysaddresstableentriescontainingthespecifiedMACaddress.
switch#
showmacaddress-table0:1:2:3:4:5
1|00:01:02:03:04:05|Static|fa5
Totalnumberofentries:1
433
Show MAC Address-Table Counters
Syntax
showmacaddress-tablecounters
Parameter
None
Default
None
Mode
Privileged EXEC
Usage
Usetheshowmacaddress-tablecounterscommandinEXECmodetodisplaythenumberofaddressespresentinaMACaddress-table.
Example
Thefollowingexampleshowshowtodisplaytotalthemacentrycounters.
switch#
showmacaddress-tablecounters
Totalnumberofentries:5
434
Show MAC Address-Table Aging-Time
Syntax
showmacaddress-tableaging-time
Parameter
None
Default
None
Mode
Privileged EXEC
Usage
Usetheshowmacaddress-tableaging-timecommandinEXECmodetodisplaytheagingtimefordynamicmacentries.
Example
ThefollowingexampleshowshowtodisplaytheagingtimeofdynamicMACaddressentries.
Switch#
showmacaddress-tableaging-time
MacAddressTableagingtime:300sec
436
Mirror Session
Syntax
mirrorsession<1-4>sourceinterfacesIF_PORTS(both|rx|tx)
nomirrorsession<1-4>sourceinterfacesIF_PORTS(both|rx|tx)
mirrorsession<1-4>sourcevlan<1-4094>
nomirrorsession<1-4>sourcevlan
mirrorsession<1-4>destinationinterfaceIF_NMLPORT[allow-ingress]
nomirrorsession<1-4>destinationinterfaceIF_NMLPORT
nomirrorsession(<1-4>|all)
Parameter
<1-4> Specifythemirrorsessiontoconfigure
IF_PORTS Specifythesourceinterface,Validinterfacesincludephysicalportsandportchannels.both,rx,tx Specifythetrafficdirectiontomirror.<1-4094> SpecifythemirroredVLANIDIF_NMLPORT SpecifytheSPANdestination.Adestinationmustbeaphysicalportallow-ingress Enableingresstrafficforwarding.
Default
Nomonitorsessionsareconfigured.
437
Mode
GlobalConfiguration
Usage
UsethemonitorsessionglobalconfigurationcommandtostartanewSwitchedPortAnalyzer(SPAN)sourceordestinationsession.UsethenoformofthiscommandtoremovetheSPANsessionortoremovesourceordestinationinterfacesorfiltersfromtheSPANsessionYoucanverifyyoursettingsbyenteringtheshowmirrorPrivilegedEXECcommand.
Example
ThefollowingexampleshowshowtocreatealocalSPANsession1tomonitorbothsentandreceivedtrafficonthesourceportfa1.
Switch(config)#
mirrorsession1sourceinterfacefa2-5both
Switch(config)#
mirror session 1 destination interface fa1
Switch(config)#
show mirror session 1
Session1Configuration
SourceRXPort:fa2-5
SourceTXPort:fa2-5
Destinationport:fa1
438
IngressState:disabled
Switch(config)#
mirrorsession2sourcevlan100
Switch(config)#
mirrorsession2destinationinterfacegi1allow-ingress
Switch(config)#
show mirror session 2
Session2Configuration
MirroredVLAN:100
Destinationport:gi1
IngressState:enable
439
Show Mirror
Syntax
showmirror[session<1-4>]
Parameter
<1-4>Specifythemirrorsessiontodisplay
Default
None
Mode
Privileged EXEC
Usage
UsetheshowmirrorcommandinEXECmodetodisplaymirrorsessionconfiguration.
Example
Thisfollowingexampleshowshowtodisplaymirrorsessionconfigurations.
Switch(config)#
show mirror
440
Session 1 Configuration
SourceRXPort:fa2-5
SourceTXPort:fa2-5
Destinationport:fa1
IngressState:disabled
Session 2 Configuration
Mirroredsource:NotConfig
Destinationport:NotConfig
Session 3 Configuration
Mirroredsource:NotConfig
Destinationport:NotConfig
Session 4 Configuration
Mirroredsource:NotConfig
Destinationport:NotConfig
442
IPV6 MLD Snooping
Syntax
ipv6mldsnooping
noipv6mldsnooping
showipv6mldsnooping
Parameter
None
Default
noipv6mldsnooping
Mode
GlobalConfiguration
Usage
‘noipv6mldsnooping’willclearallipv6mldsnoopingdynamicgroupsanddynamicrouterports,whichmakesthestaticipv6mldgroupinvalid.Theythenwillnotlearnthedynamicgroupandrouterportbyamldmessage.Theconfigurationcanusethe‘showipv6mldsnooping’command.
443
Example
Thefollowingexamplespecifiesthesetipv6mldsnoopingtest.
Switch(config)#
ipv6mldsnooping
Switch#
showipv6mldsnooping
MLD Snooping Status
Snooping:Enabled
ReportSuppression:Enabled
OperationVersion:v1
ForwardMethod:mac
UnknownMulticastAction:Flood
Switch(config)#
noipv6mldsnooping
Switch#
showipv6mldsnooping
444
MLD Snooping Status
Snooping:Disabled
ReportSuppression:Enabled
OperationVersion:v1
ForwardMethod:mac
UnknownMulticastAction:Flood
445
IPv6 MLD Snooping Report-Suppression
Syntax
ipv6mldsnoopingreport-suppression
noipv6mldsnoopingreport-suppression
Parameter
none
Default
ipv6mldsnoopingreport-suppression
Mode
GlobalConfiguration
Usage
‘noipv6mldsnoopingreport-suppression’willdisablethemldv1igmpreportsuppressionfunction.Sowhenyoureceiveareport,itwillforwardtothevlanrouterports.Theconfigurationcanuse‘showipv6mldsnooping’.
446
Example
Thefollowingexamplespecifiesthedisableipv6mldsnoopingreportsuppressiontest.
Switch(config)#
noipv6mldsnoopingreport-suppression
Switch#
showipv6mldsnooping
MLD Snooping Status
Snooping:Enabled
ReportSuppression:Disabled
OperationVersion:v1
ForwardMethod:mac
UnknownMulticastAction:Flood
447
IPv6 MLD Snooping Version
Syntax
ipv6mldsnoopingversion(1|2)
Parameter
(1|2)Ipv6mldsnoopingrunningversion1or2
Default
Ipv6mldsnoopingversion2
Mode
GlobalConfiguration
Usage
Whentheipv6mldsnoopingversionis1,theversion2packetisnotprocessed.Theconfigurationcanuse‘showipv6mldsnooping’.
Example
Thefollowingexamplespecifiesthesetipv6mldsnoopingversion2test.
Switch(config)#
ipv6mldsnoopingversion2
448
Switch#
showipv6mldsnooping
MLD Snooping Status
Snooping:Enabled
ReportSuppression:Disabled
OperationVersion:v2
ForwardMethod:mac
UnknownMulticastAction:Flood
449
IPv6 MLD Snooping VLAN
Syntax
ipv6mldsnoopingvlanVLAN-LIST
noipv6mldsnoopingvlanVLAN-LIST
showipv6mldsnoopingvlan[VLAN-LIST]
Parameter
VLAN-LISTspecifiesVLANIDlisttoset
Default
noipv6mldsnoopingvlan1-4094
Mode
GlobalConfiguration
Usage
‘noipv6mldsnoopingvlan1’willclearthevlanforallipv6mldsnoopingdynamicgroupsanddynamicrouterportswhichmakesthestaticipv6mldgroupinvalid.TheswitchvlanIDisvlan1.Theythendonotlearnthedynamicgroupandrouterportbyamldmessageforvlan1.Theconfigurationcanuse‘showipv6mldsnoopingvlan1’.
450
Example
Thefollowingexamplespecifiesthatsetipv6mldsnoopingvlantest.
testmustbeenableipv6mldsnoopingfirstly.
Switch(config)#
ipv6mldsnooping
Switch(config)#
ipv6mldsnoopingvlan1
Switch#
showipv6mldsnoopingvlan1
MLDSnoopingisglobalyenabled
MLDSnoopingVLAN1admin:enabled
MLDSnoopingopermode:enabled
MLDSnoopingrobustness:admin2oper2
MLDSnoopingqueryinterval:admin125secoper125sec
MLDSnoopingquerymaxresponse:admin10secoper10sec
MLDSnoopinglastmemberquerycounter:admin2oper2
MLDSnoopinglastmemberqueryinterval:admin1secoper1sec
MLDSnoopinglastimmediateleave:disabled
451
MLDSnoopingmrouterportlearnbypim-dvmrp:enabled
Switch(config)#
noipv6mldsnoopingvlan1
Switch#
showipv6mldsnoopingvlan1
MLDSnoopingisglobalyenabled
MLDSnoopingVLAN1admin:disabled
MLDSnoopingopermode:disabled
MLDSnoopingrobustness:admin2oper2
MLDSnoopingqueryinterval:admin125secoper125sec
MLDSnoopingquerymaxresponse:admin10secoper10sec
MLDSnoopinglastmemberquerycounter:admin2oper2
MLDSnoopinglastmemberqueryinterval:admin1secoper1sec
MLDSnoopinglastimmediateleave:disabled
MLDSnoopingmrouterportlearnbypim-dvmrp:enabled
452
IPv6 MLD Snooping VLAN Parameters
Syntax
ipv6mldsnoopingvlan<VLAN-LIST>last-member-query-count<1-7>
noipv6mldsnoopingvlan<VLAN-LIST>last-member-query-count
ipv6mldsnoopingvlan<VLAN-LIST>last-member-query-interval<1-60>
noipv6mldsnoopingvlan<VLAN-LIST>last-member-query-interval
[no]ipv6mldsnoopingvlan<VLAN-LIST>mrouterlearnpim-dvmrp
[no]ipv6mldsnoopingvlan<VLAN-LIST>fastleave
ipv6mldsnoopingvlan<VLAN-LIST>query-interval<30-18000>
noipv6mldsnoopingvlan<VLAN-LIST>query-interval
ipv6mldsnoopingvlan<VLAN-LIST>response-time<5-20>
noipv6mldsnoopingvlan<VLAN-LIST>response-time
ipv6mldsnoopingvlan<VLAN-LIST>robustness-variable<1-7>
noipv6mldsnoopingvlan<VLAN-LIST>robustness-variable
453
Parameter
VLAN-LIST SpecifiesVLANIDlisttosetlast-member-query count <1-7> specifieslastmemberquerycounttoset.Defaultis2last-member-query interval <1-60> pecifieslastmemberqueryintervaltoset.Defaultis1
query-interval <30-18000> specifiesqueryintervaltoset.Defaultis125response-time <5-20> specifiesaresponsetimetoset.defaultis10robustness-variable <1-7> specifiesarobustnessvaluetoset,defaultis2
Default
noipv6mldsnoopingvlan1-4094last-member-query-count
noipv6mldsnoopingvlan1-4094last-member-query-interval
ipv6mldsnoopingvlan1-4094mrouterlearnpim-dvmrp
noipv6mldsnoopingvlan1-4094fastleave
noipv6mldsnoopingvlan1-4094query-interval
noipv6mldsnoopingvlan1-4094response-time
noipv6mldsnoopingvlan1-4094robustness-variable
Mode
GlobalConfiguration
454
Usage
‘no ipv6mldsnoopingvlan1(last-member-query-count | last-member-queryinterval |query-interval | response-time|robustness-variable)’willsetthevlanparameterstodefault.Theclisettingwillchangetheipv6mldvlanparametersadminsettings.Theconfigurecanuse‘showipv6mldsnoopingvlan1’.
Example
Thefollowingexamplespecifiesthatsetipv6mldsnoopingvlanparameterstest.
Switch(config)#
ipv6mldsnoopingvlan1fastleave
Switch(config)#
ipv6mldsnoopingvlan1last-member-query-count5
Switch(config)#
ipv6mldsnoopingvlan1last-member-query-interval3
Switch(config)#
ipv6mldsnoopingvlan1query-interval100
Switch(config)#
ipv6mldsnoopingvlan1response-time12
Switch(config)#
ipv6mldsnoopingvlan1robustness-variable4
455
Switch#
showipv6mldsnoopingvlan1
MLDSnoopingisglobalyenabled
MLDSnoopingVLAN1admin:disabled
MLDSnoopingopermode:disabled
MLDSnoopingrobustness:admin4oper2
MLDSnoopingqueryinterval:admin100secoper125sec
MLDSnoopingquerymaxresponse:admin12secoper10sec
MLDSnoopinglastmemberquerycounter:admin5oper2
MLDSnoopinglastmemberqueryinterval:admin3secoper1sec
MLDSnoopinglastimmediateleave:enabled
MLDSnoopingmrouterportlearnbypim-dvmrp:enabled
456
IPv6 MLD Snooping Static Port
Syntax
[no]ipv6mldsnoopingvlan<VLAN-LIST>static-portIF_PORTS
[no]ipv6mldsnoopingvlan<VLAN-LIST>forbidden-portIF_PORTS
Parameter
VLAN-LIST specifiesVLANIDlisttosetIF_PORTS specifiesaportlisttosetorremove
Default
Nonestatic/forbiddenports
Mode
GlobalConfiguration
Usage
‘ipv6mldsnoopingvlan1static-portfa1-2’willaddthestaticportfa1-2forvlan1.Theallknownvlan1ipv6groupwilladdthestaticports.‘ipv6mldsnoopingvlan1forbidden-portfa3-4’willaddtheforbiddenportsfa3-4forvlan1.Theallknownvlan1ipv6groupwillremovetheforbiddenports.Theconfigurationcanuse‘showipv6mldsnoopingforward-all’.
457
Example
Thefollowingexamplespecifiesthesetipv6mldsnoopingstatic/forbiddenporttest.
Switch(config)#
ipv6mldsnoopingvlan1static-portfa1-2
Switch(config)#
ipv6mldsnoopingvlan1forbidden-portfa3-4
Switch#
showipv6mldsnoopingforward-allvlan1
MLDSnoopingVLAN:1
MLDSnoopingstaticport:fa1-2
MLDSnoopingforbiddenport:fa3-4
458
IPv6 MLD Snooping VLAN Static Router Port
Syntax
[no]ipv6mldsnoopingvlan<VLAN-LIST>static-router-portIF_PORTS
[no]ipv6mldsnoopingvlan<VLAN-LIST>forbidden-router-portIF_PORTS
Parameter
VLAN-LIST specifiesVLANIDlisttosetIF_PORTS specifiesaportlisttosetorremove
Default
Nonestatic/forbiddenrouterports
Mode
GlobalConfiguration
Usage
‘ipv6mldsnoopingvlan1static-router-portfa1-2’willaddthestaticrouterportsfa1-2forvlan1.‘ipv6mldsnoopingvlan1forbidden-router-portfa2’willaddtheforbiddenroutertoportfa2forvlan1.Thiswillalsoremovefa2fromthestaticrouterport.therefor,theforbiddenrouterportreceivequerywillnotforward.Theconfigurationcanuseshowipv6mldsnoopingrouter.
459
Example
Thefollowingexamplespecifiesthatsetipv6mldsnoopingstatic/forbiddentest.
Switch(config)#
ipv6mldsnoopingvlan1static-router-portfa1-2
Switch(config)#
ipv6mldsnoopingvlan1forbidden-router-portfa2
Switch#
showipv6mldsnoopingrouter
Dynamic Router Table
VID|Port|ExpiryTime(Sec)
TotalEntry0
Static Router Table
VID|PortMask
1 | fa1
Total Entry 1
Forbidden Router Table
VID|PortMask
1 | fa2
Total Entry 1
460
IPv6 MLD Snooping Static Group
Syntax
[no]ipv6mldsnoopingvlan<VLAN-LIST>static-group<ip-addr>interfaceIF_PORT
[no]ipv6mldsnoopingvlan<VLAN-LIST>group<ip-addr>
showipv6mldsnoopinggroups[(dynamic|static)]
clearipv6mldsnoopinggroups[(dynamic|static)]
Parameter
VLAN-LIST specifiesVLANIDlisttosetip-addr specifiesmulticastgroupipv4addressIF_PORTS specifiesaportlisttosetorremove
Default
None
Mode
GlobalConfiguration
461
Usage
‘ipv6mldsnoopingvlan1static-groupff12::1interfacefa1’willbeaddedtothestaticgroup.Thestaticgroupwillnotlearnfromotherdynamicports.Ifthedynamicgroupexists,thenthestaticgroupwilloverlapwiththedynamicgroup.Ifyouremovethelastmemberofstaticgroup,thestaticgroupwillbedeleted.Inorderforthestaticgrouptobevalid,itmustletthemldsnoopingvlanbeenabledandtheipv6mldsnoopingbeenabled.Theconfigurationcanuse‘showipv6mldsnoopinggroup[(dynamic|static)]’todisplayit.Itcanuse‘noipv6mldsnoopingvlan1groupff12::1’todeletethestaticgroup.Itcanalsoclearipv6mldsnoopinggroupstodeletethestaticgroup.
Example
Thefollowingexamplespecifiesthatsetipv6mldsnoopingstaticgrouptest.
Switch(config)#
ipv6mldsnoopingvlan1static-groupff12::1interfacefa1
Switch(config)#
ipv6mldsnoopingvlan1static-groupff12::1interfacefa2
Switch#
showipv6mldsnoopinggroups
VLAN|GourpIPAddress|Type|Life(Sec)|Port
1|ff12::1|Static|--|fa1-2
TotalNumberofEntry=1
Switch#
showipv6mldsnoopinggroups
463
IPv6 MLD ProfileSyntax
ipv6mldprofile<1-128>
profilerangeipv6<ipv6-addr>[ipv6-addr]action(permit|deny)
showipv6mldprofile[<1-128>]
Parameter
<1-128> specifiesprofileID <ipv6-addr> Startipv6multicastaddress[ipv6-addr] Endipv6multicastaddress
(permit | deny) Permit:allowMulticastaddressrangeipv6addresslearning
deny:donotallowMulticastaddressrangeipv6addresslearning
Default
None
Mode
ipv6mldprofile<1-128>
GlobalConfiguration
profilerangeipv6<ipv6-addr>[ipv6-addr]action(permit|deny)
mldprofileconfigmode
464
Usage
Use ‘ipv6mldprofile1’entrytothemldprofileconfigmode.Use ‘profilerange ipv6ff12::1ff12::8actionpermit’ toconfiguretheprofileentry.Theprofileentryisusedbytheportfilter.Theconfigurationcanuse‘showipv6mldprofile[<1-128>]’todisplay
Example
Thefollowingexamplespecifiesthatsetipv6mldprofiletest.
Switch(config)#
ipv6mldprofile1
Switch(config-mld-profile)#
profilerangeipv6ff13::1ff13::10action
permit
Switch(config-mld-profile)#
showipv6mldprofile
IPv6mldprofileindex:1
IPv6mldprofileaction:permit
Rangelowip:ff13::1
Rangehighip:ff13::10
Switch(config-mld-profile)#
exit
465
Switch(config)#
ipv6mldprofile5
Switch(config-mld-profile)#
profilerangeipv6ff12::1ff12::12actiondeny
Switch(config-mld-profile)#
showipv6mldprofile
IPv6mldprofileindex:5
IPv6mldprofileaction:deny
Rangelowip:ff12::1
Rangehighip:ff12::12
Switch(config-mld-profile)#
exit
Switch(config)#
exit
Switch#
showipv6mldprofile
IPv6mldprofileindex:1
IPv6mldprofileaction:permit
466
Rangelowip:ff13::1
Rangehighip:ff13::10
IPv6mldprofileindex:5
IPv6mldprofileaction:deny
Rangelowip:ff12::1
Rangehighip:ff12::12
467
IPv6 MLD Filter
Syntax
ipv6mldfilter<1-128>
[no]ipv6mldfilter
Showipv6mldfilter[interfacesIF_PORTS]
Parameter
<1-128> specifiesprofileID[interfaces
IF_PORTS]
Specifiesinterfacestodisplay
Default
None
Mode
Interface mode
Usage
Thefollowingexamplespecifiesthatsetipv6mldfiltertest.Theconfiguremustcreateipv6mldprofilefirstly.
Switch(config)#
ipv6mldprofile1
468
Switch(config-igmp-profile)#
profilerangeipv6ff13::1ff13::10action
permit
Switch(config-igmp-profile)#
exit
Switch(config)#
interface fa1
Switch(config-if)#
ipv6mldfilter1
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipv6mldfilter
PortID|ProfileID
fa1:1
fa2:None
470
IPv6 MLD Max-Groups
Syntax
ipv6mldmax-groups<0-512>
noipv6mldmax-groups
ipv6mldmax-groupsaction(deny|replace)
Showipv6mldmax-group[interfacesIF_PORTS]
Showipv6mldmax-groupaction[interfacesIF_PORTS]
Parameter
<1-128> specifiesprofileID(deny | replace) Deny:currentportipv4grouparrivedmax-groups,don’taddgroup.
Replace:currentportipv6grouparrivedmax-groups,removeportformrandgroup,andaddporttogroup.
Default
noipv6mldmax-groups
ipv6mldmax-groupsactiondeny
Mode
Interface mode
471
Usage
use‘ipv6mldmax-groups10’tolimitportlearning.Themaxgroupnumberis10.Whentheporthaslearnedmorethan10groups,thentheextragroupswillberemovedfromtheportformgroup.staticgroupsareexcluded.Theconfigurationcanuse‘showipv6mldmax-group&showipv6mldmaxgroupaction’todisplay.
Example
Thefollowingexamplespecifiesthatsetipv6mldmax-groupsandactionis
replacetest.
Switch(config)#
interface fa1
Switch(config-if)#
ipv6mldmax-groups10
Switch(config-if)#
ipv6mldmax-groupsactionreplace
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipv6mldmax-group
472
PortID|MaxGroup
fa1:10
fa2:1024
fa3:1024
fa4:1024
fa5:1024
Switch#
showipv6mldmax-groupaction
PortID|Max-groupsAction
fa1:replace
fa2:deny
fa3:deny
fa4:deny
fa5:deny
473
Clear IPv6 MLD Snooping Groups
Syntax
clearipv6mldsnoopinggroups[(dynamic|static)]
Parameter
none Clearipv6mldgroupsincludedynamicandstatic(dynamic | static) ipv6mldgrouptypeisdynamicorstatic
Default
Clearallipv6mldgroups
Mode
privilegedmode
Usage
Thiscommandwillcleartheipv6mldgroupsfordynamicorstaticorofalltypes.Theconfigurationcanuse‘showipv6mldsnoopinggroups’tocheck.
Example
Thefollowingexamplespecifiesthatclearipv6mldsnoopinggroupstest.
Switch#
clearipv6mldsnoopinggroupsstatic
474
Switch#
showipv6mldsnoopinggroups
Switch#
clearipv6mldsnoopinggroups
Switch#
showipv6mldsnoopinggroups
475
Clear IPv6 MLD Snooping Statistics
Syntax
clearipv6mldsnoopingstatistics
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwillclearthemldstatistics.Theconfigurationcanuseshowipv6mldsnooping.
Example
Thefollowingexamplespecifiestheclearipv6mldsnoopingstatisticstest.
Switch#
learipv6mldsnoopingstatistics
Switch#
showipv6mldsnooping
476
Show IPv6 MLD Snooping Counters
Syntax
showipv6mldsnoopinggroupscounters
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaytheipv6mldgroupcounter,whichincludesthestaticgroup.
Example
Thefollowingexamplespecifiesthedisplayipv6mldsnoopinggroupcountertest.
Switch#
showipv6mldsnoopingcounters
477
Show IPv6 MLD Snooping Groups
Syntax
showipv6mldsnoopinggroups[(dynamic|static)]
Parameter
none Showipv6mldgroupsincludedynamicandstatic(dynamic | static) Displayipv6mldgrouptypeisdynamicorstatic
Default
displayallipv6mldgroups
Mode
privilegedmode
Usage
Thiscommandwilldisplaytheipv6mldgroupsfordynamicorstaticoralloftype.
Example
Thefollowingexamplespecifiesthatshowipv6mldsnoopinggroupstest.
Switch#
showipv6mldsnoopinggroups
479
Show IPv6 MLD Snooping Router
Syntax
show ipv6 mld snooping router [(dynamic | forbidden |static )]
Parameter
none Showipv6mldrouterincludedynamicandstaticandforbidden(dynamic | static) Displayipv6mldrouterinfofordifferenttype
Default
displayallrouterinfo
Mode
privilegedmode
Usage
Thiscommandwilldisplaytheipv6mldrouterinfo.
Example
Thefollowingexamplespecifiesthatshowipv6mldsnoopingroutertest.
Switch#
showipv6mldsnoopingrouter
481
Show IPv6 MLD Snooping
Syntax
showipv6mldsnooping
Parameter
noneShowipv6mldsnoopingglobalinfo.
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaytheipv6mldsnoopingglobalinfo.
Example
Thefollowingexamplespecifiesthatshowipv6mldsnoopingtest.
Switch#
showipv6mldsnooping
482
MLD Snooping Status
Snooping:Disabled
ReportSuppression:Enabled
OperationVersion:v1
ForwardMethod:mac
UnknownMulticastAction:Flood
Packet Statistics
TotalRx:0
ValidRx:0
InvalidRx:0
OtherRx:0
GeneralQueryRx:0
GeneralQueryTx:0
GSQueryRx:0
GSQueryTx:0
GSSQueryRx:0
GSSQueryTx:0
ReportRx:0
483
Show IPv6 MLD Snooping VLAN
Syntax
showipv6mldsnoopingvlan[VLAN-LIST]
Parameter
none Showallipv6mldsnoopingvlaninfo[VLAN-LIST] Showspecifiesvlanipv6mldsnoopinginfo
Default
Showallipv6mldsnoopingvlaninfo.
Mode
Privileged mode
Usage
Thiscommandwilldisplaytheipv6mldsnoopingvlaninfo.
Example
Thefollowingexamplespecifiestheshowipv6mldsnoopingvlantest.
Switch#
showipv6mldsnoopingvlan
484
MLDSnoopingisglobalydisabled
MLDSnoopingVLAN1admin:disabled
MLDSnoopingopermode:disabled
MLDSnoopingrobustness:admin2oper2
MLDSnoopingqueryinterval:admin125secoper125sec
MLDSnoopingquerymaxresponse:admin10secoper10sec
MLDSnoopinglastmemberquerycounter:admin2oper2
MLDSnoopinglastmemberqueryinterval:admin1secoper1sec
MLDSnoopinglastimmediateleave:disabled
MLDSnoopingmrouterportlearnbypim-dvmrp:enabled
485
Show IPv6 MLD Snooping Forward-All
Syntax
showipv6mldsnoopingforward-all[vlanVLAN-LIST]
Parameter
none Showallipv6mldsnoopingvlanforward-allinfo[vlan VLAN-LIST] Showspecifiesvlanofipv6mldforwardinfo.
Default
Showallvlanipv6mldforwardallinfo.
Mode
Privileged mode
Usage
Thiscommandwilldisplayipv6mldsnoopingforwardallinfo.
Example
Thefollowingexamplespecifiesthatshowipv6mldsnoopingforward-alltest.
486
Switch#
showipv6mldsnoopingforward-all
MLDSnoopingVLAN:1
MLDSnoopingstaticport:None
MLDSnoopingforbiddenport:None
487
Show IPv6 MLD Profile
Syntax
showipv6mldprofile[<1-128>]
Parameter
none Showallipv6mldsnoopingprofileinfo.[<1-128>] Showspecifiesindexprofileinfo.
Default
Showallipv6mldprofileinfo.
Mode
Privileged mode
Usage
Thiscommandwilldisplaytheipv6mldprofileinfo.
Example
Thefollowingexamplespecifiestheshowipv6mldprofiletest.
Switch#
showipv6mldprofile
IPv6mldprofileindex:1
489
Show IPv6 MLD Port Filter
Syntax
showipv6mldfilter[interfacesIF_PORTS]
Parameter
none Showallportfilter[interfaces IF_PORTS] Showspecifiesportsfilter
Default
Showallportsipv6mldfilter.
Mode
Privileged mode
Usage
Thiscommandwilldisplayipv6mldportfilterinfo.
Example
Thefollowingexamplespecifiestheshowipv6mldfiltertest.
Switch#
showipv6mldfilter
491
Show IPv6 MLD Max-Group
Syntax
showipv6mldmax-group[interfacesIF_PORTS]
Parameter
none Showallportmax-group[interfaces IF_PORTS] Showspecifiesportsmax-group
Default
Showallportsipv6mldmax-group.
Mode
Privileged mode
Usage
Thiscommandwilldisplaytheipv6mldportmax-group.
Example
Thefollowingexamplespecifiestheshowipv6mldmax-grouptest.
Switch(config)#
interface fa1
492
Switch(config-if)#
ipv6mldmax-groups50
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipv6mldmax-group
PortID|MaxGroup
fa1:50
fa2:1024
fa3:1024
fa4:1024
fa5:1024
493
Show IPv6 MLD Port Max-Group Action
Syntax
showipv6mldmax-groupaction[interfacesIF_PORTS]
Parameter
none Showallportmax-groupaction[interfaces IF_PORTS] Showspecifiesportsmax-groupaction
Default
Showallportsipv6mldmax-groupaction.
Mode
Privileged mode
Usage
Thiscommandwilldisplaytheipv6mldportmax-groupaction.
Example
Thefollowingexamplespecifiesthatshowipv6mldmax-groupactiontest.
Switch(config)#
interface fa1
494
Switch(config-if)#
ipv6mldmax-groupsactionreplace
Switch(config-if)#
exit
Switch(config)#
exit
Switch#
showipv6mldmax-groupaction
PortID|Max-groupsAction
fa1:replace
fa2:deny
fa3:deny
fa4:deny
fa5:deny
496
Port Security
Syntax
port-security
noport-security
Parameter
None
Default
Defaultisdisabled.
Mode
GlobalConfiguration
Usage
The“port-security”commandenablestheportsecurityfunctionalityontheport.Usethenoformofthiscommandtodisable it.
Example
Thefollowingexampleshowshowtoenableportsecurityonport1andsetthelearninglimitnumberto10.
switch(config)#
interface fa1
497
switch(config-if)#
port-securityaddress-limit10actiondiscard
switch(config-if)#
port-security
switch(config)#
showport-securityinterfacesfa1
Port|Mode|Security|CurrentAddr|Action
fa1|Dynamic|Enabled(10)|0|Discard
498
Port-Security Address-Limit
Syntax
port-securityaddress-limit<1-256>action(forward|discard|shutdown)
nodot1xport-controladdress-limit.
Parameter
<1-256> Thelearning-limitnumber.ItspecifieshowmanyMACaddressesthisportcanlearn.forward ForwardthispacketwhoseSMACisnewtosystemandexceedthelearning-limitnumber.
discard DiscardthispacketwhoseSMACisnewtosystemandexceedthelearning-limitnumber.shutdown ShutdownthisportwhenreceivesapacketwhoseSMACisnewtosystemandexceedthelearning
limitnumber.
Default
Theaddress-limitdefaultis10andtheactionis“discard”.
Mode
InterfaceConfiguration
Usage
Usethe“port-securityaddress-limit”commandtosetthelearning-limitnumberandtheviolationaction.Usethenoformofthiscommandtorestorethedefaultsettings.
499
Example
Thefollowingexampleshowshowtoenableportsecurityonport1andsetthelearninglimitnumberto10.
switch(config)#
interface fa1
switch(config-if)#
port-securityaddress-limit10actiondiscard
switch(config-if)#
port-security
switch(config)#
showport-securityinterfacesfa1
Port|Mode|Security|CurrentAddr|Action
fa1|Dynamic|Enabled(10)|0|Discard
500
Show Port-Security Interface
Syntax
showport-securityinterfaceIF_PORTS
Parameter
IF_PORTSSelectporttoshowport-securityconfigurations.
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showport-securityinterfaces”commandtoshowport-securityinformationofthespecifiedport.
Example
Thisexampleshowshowtoshowport-securityconfigurationsoninterfacefa1.
Switch#
showport-securityinterfacesfa1
Port|Mode|Security|CurrentAddr|Action
fa1|Dynamic|Enabled(10)|0|Discard
502
Errdisable Recovery Cause
Syntax
errdisablerecoverycause(all|acl|broadcast-flood|bpduguard|psecure-violation|unicast-flood|unknown-multicast-flood|selfloop)
noerrdisablerecoverycause(all|acl|broadcast-flood|bpduguard|psecure-violation|unicast-flood|unknown-multicast-flood|selfloop)
Parameter
all Enable/Disabletoautorecoveryforporterrordisabledbyallreasons.acl Enable/DisabletoautorecoveryforporterrordisabledbyACLshutdownportreason.broadcast-flood Enable/Disable to auto recovery for port error disabled by storm control broadcast flood
reason.bpduguard Enable/DisabletoautorecoveryforporterrordisabledbySTPBPDUGuardreason.psecure-violation Enable/Disabletoautorecoveryforporterrordisabledbyviolateportsecurityrulereason.unicast-flood Enable/Disabletoautorecoveryforporterrordisabledbystormcontrolunicastfloodreason.unknown-multicast- flood
Enable/Disabletoautorecoveryforporterrordisabledbystormcontrolunknownmulticastfloodreason.
selfloop Enable/Disabletoautorecoveryforporterrordisabledbyselfloopdetectreason.
Default
Defaultautorecoverstateforallreasonsaredisabled.
503
Mode
GlobalConfiguration
Usage
Theportwill bedisabledby invalidactionsdetectedbyvariousprotocols.Theadministrator canenable theseerrordisabledportsmanuallybythe“noshutdown”commandinInterfaceMode,orjustturnontheautorecoverymechanismbythiscommandtoautoenabletheerrordisabledportafteranautorecoveryinterval.
Example
Thisexampleshowshowtoenableautorecoverywithreasonbpduguardandbroadcast-flood.
Switch(config)#
errdisablerecoverycausebpduguard
Switch(config)#
errdisablerecoverycausebroadcastflood
Thisexampleshowshowtoshowcurrentautorecoverystateofeachreasonandporterrordisabledstatus.
Switch#
show errdisable recovery
ErrDisableReason|TimerStatus
bpduguard|enabled
selfloop|disabled
broadcast-flood|enabled
504
unknown-multicast-flood|disabled
unicast-flood|disabled
acl | disabled
psecure-violation|disabled
TimerInterval:300seconds
Interfacesthatwillbeenabledatthenexttimeout:
Port | Error Disable Reason | Time Left
505
Errdisable Recovery Interval
Syntax
errdisablerecoveryinterval<0-86400>
Parameter
<0-86400>Specifytheautorecoveryintervalwithunitsecond.
Default
Defaultautorecoveryintervalis300second.
Mode
GlobalConfiguration
Usage
Theportwillbedisabledbyinvalidactionsdetectedbyvariousprotocols.Theautorecoverymechanismwillenabletheseerrordisabledportsafterawhile.Thiscommandconfigureshowlongtheportwillbeenabledafteranerrordisablesit.
Example
Thisexampleshowshowtoconfiguretheautorecoveryintervalto600seconds.
Switch(config)#
errdisablerecoveryinterval600
506
Thisexampleshowshowtoshowcurrentautorecoveryinterval
Switch#
show errdisable recovery
ErrDisableReason|TimerStatus
bpduguard|enabled
selfloop|disabled
broadcast-flood|enabled
unknown-multicast-flood|disabled
unicast-flood|disabled
acl | disabled
psecure-violation|disabled
TimerInterval:600seconds
Interfacesthatwillbeenabledatthenexttimeout:
Port | Error Disable Reason | Time Left
507
Show Errdisable Recovery
Syntax
show errdisable recovery
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Usethe“showerrdisablerecovery”commandtoshoweacherrordisablestate,errordisablerecoveryinterval,andcurrenterrordisabledportstatus.
Example
Thisexampleshowshowtoshowcurrentautorecoveryinterval
Switch#
show errdisable recovery
508
ErrDisableReason|TimerStatus
bpduguard|enabled
selfloop|disabled
broadcast-flood|enabled
unknown-multicast-flood|disabled
unicast-flood|disabled
acl | disabled
psecure-violation|disabled
TimerInterval:600seconds
Interfacesthatwillbeenabledatthenexttimeout:
Port | Error Disable Reason | Time Left
510
Description
Syntax
descriptionWORD<1-32>
nodescription
Parameter
WORD<1-32>Specifiyportdescriptionstring.
Default
Defaultportdescriptionisempty.
Mode
InterfaceConfiguration
Usage
Usethe“description”commandtogivetheportanametoidentifyiteasily.Ifthedescriptionincludesaspacecharacter,pleaseusedoublequotes.Usethenoformtorestoredescriptionstotheemptystring.
Example
Thisexampleshowshowtomodifyportdescriptions.
Switch(config)#
interface fa1
511
Switch(config-if)#
descriptionuserport
Switch(config-if)#
exit
Switch(config)#
interface fa2
Switch(config-if)#
description“uplinkport”
Thisexampleshowshowtoshowcurrentportdescriptiononinterfacefa1andfa2
Switch#
showinterfacesfa1-2status
PortNameStatusVlanDuplex
SpeedType
fa1userportnotconnect1auto
autoCopper
fa2uplinkportnotconnect1auto
autoCopper
512
Speed
Syntax
speed(10|100|1000)
speedauto[(10|100|1000|10/100)]
Parameter
10 Specifyportspeedtoforce10Mbits/sorautowith10Mbits/sability.100 Specifyportspeedtoforce100Mbits/sorautowith100Mbits/sability.1000 Specifyportspeedtoforce1000Mbits/sorautowith1000Mbits/sability.
10/100 Specifyportspeedtoautowith10Mbits/sand100Mbits/s
Default
Defaultportspeedisautowithallavailableabilities.
Mode
InterfaceConfiguration
Usage
Usethe“speed”commandtochangeportspeedconfiguration.Thespeedisonlyabletoconfiguretothephysicalmaximumspeed.Forexample,infastEthernetport,speed1000isnotavailable.
513
Example
Thisexampleshowshowtomodifyportspeedconfiguration.
Switch(config)#
interface fa1
Switch(config-if)#
speed100
Switch(config-if)#
exit
Switch(config)#
interface fa2
Switch(config-if)#
speedauto10/100
Thisexampleshowshowtoshowcurrentspeedconfiguration
Switch#
showrunning-configinterfacesfa1-2
interface fa1
speed100
interface fa2
514
speedauto10/100
Thisexampleshowshowtoshowcurrentinterfacelinkspeed
Switch#
showinterfacesfa1-2status
PortNameStatusVlanDuplex
SpeedType
fa1connected1a-full
a-100MCopper
fa2connected1a-full
a-100MCopper
515
Duplex
Syntax
duplex(auto|full|half)
Parameter
autoSpecifyportduplextoautonegotiation.
fullSpecifyportduplextoforcefullduplex.
halfSpecifyportduplextoforcehalfduplex.
Default
Defaultportduplexisauto.
Mode
InterfaceConfiguration
Usage
Use“duplex”commandtochangeportduplexconfiguration.
516
Example
Thisexampleshowshowtomodifyportduplexconfiguration.
Switch(config)#
interface fa1
Switch(config-if)#
duplexfull
Switch(config-if)#
exit
Switch(config)#
interface fa2
Switch(config-if)#
duplexhalf
Thisexampleshowshowtoshowcurrentspeedconfiguration
Switch#
showrunning-configinterfacesfa1-2
interface fa1
duplexfull
interface fa2
517
duplexhalf
Thisexampleshowshowtoshowcurrentinterfacelinkspeed
Switch#
showinterfacesfa1-2status
PortNameStatusVlanDuplex
SpeedType
fa1connected1full
a-100MCopper
fa2 connected 1 half
a-100MCopper
518
Flow-Control
Syntax
flow-control(off|on)
noflow-control
Parameter
Off Disableportflowcontrol.On Enableportflowcontrol.
Default
Defaultportflowcontrolisoff.
Mode
InterfaceConfiguration
Usage
Usethe“flow-control”commandtochangeportflowcontrolconfigurations.Usenoformtorestoreflowcontroltodefault(off)configurations.
Example
Thisexampleshowshowtomodifytheportduplexconfiguration.
Switch(config)#
interface fa1
519
Switch(config-if)#
flow-controlon
Thisexampleshowshowtoshowcurrentflowcontrolconfiguration
Switch#
show interfaces fa1
HardwareisFastEthernet
Full-duplex,Auto-speed,mediatypeisCopper
flow-controlison
0packetsinput,0bytes,0throttles
Received0broadcasts(0multicasts)
0runts,0giants,0throttles
0inputerrors,0CRC,0frame,0overrun,0ignored
0multicast,0pauseinput
0inputpacketswithdribbleconditiondetected
379packetsoutput,31981bytes,0underrun
0outputerrors,0collisions,0interfaceresets
0babbles,0latecollision,0deferred
0PAUSEoutput
520
Shutdown
Syntax
shutdown
noshutdown
Parameter
None
Default
Defaultportadminstateisnoshutdown.
Mode
InterfaceConfiguration
Usage
Usethe“shutdown”commandtodisabletheportanduse“noshutdown”toenabletheport.Ifportisdisabledforsomereason,usethe“noshutdown”commandtorecovertheportmanually.
Example
Thisexampleshowshowtomodifyportduplexconfiguration.
Switch(config)#
interface fa1
521
Switch(config-if)#
shutdown
Thisexampleshowshowtoshowcurrentadminstateconfiguration
Switch#
showrunning-configinterfacesfa1
interface fa1
shutdown
Thisexampleshowshowtoshowcurrentlinkstatus
PortNameStatusVlanDuplex
SpeedType
fa1disable1full
autoCopper
522
Jumbo-Frame
Syntax
jumbo-frame<64-9216>
Parameter
<64-9216>Specifythemaximumframesize.
Default
Defaultmaximumframesizeis1522.
Mode
InterfaceConfiguration
Usage
Usethe“jumbo-frame”commandtomodifythemaximumframesize.Theonlywaytoshowthisconfigurationisbyusingthe“showrunning-config”command.
Example
Thisexampleshowshowtomodifymaximumtheframesizeonfa1to9216bytes.
Switch(config)#
interface fa1
523
Switch(config-if)#
jumbo-frame9216
Thisexampleshowshowtoshowcurrentjumbo-frmaesize
Switch#
showrunning-configinterfacefa1
interface fa1
jumbo-frame9216
524
Protected
Syntax
protected
noprotected
Parameter
<64-9216>Specifythemaximumframesize.
Default
Defaultprotectedstateisnoprotected.
Mode
InterfaceConfiguration
Usage
Usethe“protected”commandtomaketheportprotected.Aprotectedport isonlyallowedtocommunicatewithanunprotectedport.Inotherwords,aprotectedportisnotallowedtocommunicatewithanotherprotectedport.Usethenoformtomakeaportunprotected.
525
Example
Thisexampleshowshowtoconfigureportfa1andfa2tobeprotectedport.
Switch(config)#
interfacerangefa1-2
Switch(config-if-range)#
protected
Thisexampleshowshowtoshowcurrentprotectedportstate.
Switch#
showinterfacesfa1-2protected
Port | Protected State
fa1 |enabled
fa2 |enabled
526
EEE
Syntax
eee
no eee
Parameter
None
Default
Defaulteeestateisdisabled.
Mode
InterfaceConfiguration
Usage
Usethe“eee”commandtomakeaportenabledfortheenergyefficientEthernetfeatureanduse“noeee”commandtodisableit.Theonlywaytoshowthisconfigurationisusing“showrunning-config”command.
Example
Thisexampleshowshowtoconfigureportfa1andfa2tobeprotectedport.
Switch(config)#
interface fa1
527
Switch(config-if)#
eee
Thisexampleshowshowtoshowcurrentjumbo-frmaesize
Switch#
showrunning-configinterfacefa1
interface fa1
eee
528
Clear Interface
Syntax
clearinterfacesIF_PORTScounters
Parameter
IF_PORTSSpecifiyporttoclearcounters.
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Usethe“clearinterface”commandtoclearcountersonspecificports.
Example
Thisexampleshowshowtoclearcountersonportfa1.
Switch(config)#
clearinterfacesfa1counters
529
Thisexampleshowshowtoshowcurrentcounters
Switch#
show interfaces fa1
HardwareisFastEthernet
Auto-duplex,Auto-speed,mediatypeisCopper
flow-controlisoff
0packetsinput,0bytes,0throttles
Received0broadcasts(0multicasts)
0runts,0giants,0throttles
0inputerrors,0CRC,0frame,0overrun,0ignored
0multicast,0pauseinput
0inputpacketswithdribbleconditiondetected
0packetsoutput,0bytes,0underrun
0outputerrors,0collisions,0interfaceresets
0babbles,0latecollision,0deferred
0PAUSEoutput
530
Show Interface
Syntax
showinterfacesIF_PORTS
showinterfacesIF_PORTSstatus
showinterfacesIF_PORTSpotected
Parameter
IF_PORTSSpecifiyporttoshow.
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showinterface”commandtoshowportcounters,parametersandstatus.
Example
Thisexampleshowshowtoshowcurrentcounters
Switch#
show interfaces fa1
531
HardwareisFastEthernet
Auto-duplex,Auto-speed,mediatypeisCopper
flow-controlisoff
0packetsinput,0bytes,0throttles
Received0broadcasts(0multicasts)
0runts,0giants,0throttles
0inputerrors,0CRC,0frame,0overrun,0ignored
0multicast,0pauseinput
0inputpacketswithdribbleconditiondetected
0packetsoutput,0bytes,0underrun
0outputerrors,0collisions,0interfaceresets
0babbles,0latecollision,0deferred
0PAUSEoutput
Thisexampleshowshowtoshowcurrentprotectedportstate.
Switch#
showinterfacesfa1-2protected
532
Port | Protected State
fa1 |enabled
fa2 |enabled
Thisexampleshowshowtoshowcurrentportstatus
Switch#
showinterfacesfa1-2status
PortNameStatusVlanDuplex
SpeedType
fa1connected1full
a-100MCopper
534
QoS
Syntax
qos[(advanced|basic)]
noqos
Parameter
Advanced SpecifythedevicetoqosadvancedmodeBasic Specifythedevicetoqosbasicmode
Default
Defaultqosmodeisdisabled.
Mode
GlobalConfiguration
Usage
QoShavsthefollowing3modes;usethiscommandtoswitchbetweenthem.
Disable:QoSfunctionisdisabledandallpacketswillgothroughlowestpriority
queue.Itmeansfirstinwillbefirstout,noQoSisguarantee.
Basic:Accordingtobasictrusttypetoassignqueueforpackets,andpacketswithhigherpriorityareabletosendfirst.
535
Advanced: UseACLtoclassifypacketstoachieveflow-basedQoSanddodifferentkindofactionsfordifferenttypeofpackets.
Example
Thisexampleshowshowtochangeqostobasicmode.
Switch(config)#
qosbasic
Switch(config)#
qos
Thisexampleshowshowtochangeqostoadvancedmode.
Switch(config)#
qosadvanced
Thisexampleshowshowtochangeqostodisabledmode.
Switch(config)#
noqos
Thisexampleshowshowtocheckcurrentqosmode.
Switch#
showqos
QoSMode:basic
Basictrust:cos
536
QoS Trust (1)
Syntax
qostrust(cos|cos-dscp|dscp|precedence)
Parameter
cos SpecifythedevicetotrustCoScos-dscp SpecifythedevicetotrustDSCPforIPpackets,andtrustCoSfornon-IPpackets.
dscp SpecifythedevicetotrustDSCPprecedence SpecifythedevicetotrustIPPrecedence
Default
Defaultqosbasicmodetrusttypeiscos
Mode
GlobalConfiguration
Usage
InQoSbasicmode,thereare4trusttypesfordevicetojudgetheappropriatequeueofthepackets.Thiscommandisabletoswitchbetweenthesetrusttypes.
CoS:IEEE802.1pdefined3bitspriorityvalueinvlantag.Trustthisvalueinpacketsandassignqueueaccordingtocos-queuemap.
537
DSCP: IETFRFC2474defined6bitspriorityvalueinIPpacket(highest6bitsinToSfield).Trustthisvalueinpacketsandassignqueueaccordingtodscp-queuemap.
IP Precedence:Thehighest3bitspriorityvalue in IPpacketToSfield.Trustthisvalue inpacketsandassignqueueaccordingtoprecedence-queuemap.
CoS-DSCP: TrustDSCPforIPpacketsandassignqueueaccordingtodscp-queuemap.TrustCoSfornon-IPpacketsandassignqueueaccordingtocos-queuemap.
Example
Thisexampleshowshowtochangeqosbasicmodetrusttypes.
Switch(config)#
qostrustcos
Switch(config)#
qostrustcos-dscp
Switch(config)#
qostrustdscp
Switch(config)#
qostrustprecedence
Thisexampleshowshowtocheckcurrentqostrusttype.
Switch#
showqos
539
QoS Map
Syntax
qosmap(cos-queue|dscp-queue|precedence-queue)SEQUENCEto<1-8>
qosmap(queue-cos|queue-precedence)SEQUENCEto<0-7>
qosmapqueue-dscpSEQUENCEto<0-63>
Parameter
cos-queue ConfigureorshowCoStoqueuemapdscp-queue ConfigureorshowDSCPtoqueuemapprecedence-queue ConfigureorshowIPPrecedencetoqueuemap.
queue-cos ConfigureorshowqueuetoCoSmapqueue-dscp ConfigureorshowqueuetoDSCPmapqueue-precedence ConfigureorshowqueuetoIPPrecedencemapSEQUENCE Specifythecos,dscp,precedenceorqueuewithoneormultiplevalues.<1-8> Specifythqueueid
<0-7> Specifythecosorprecedencevalues
<0-63> Specifythedscpvalues
540
Default
Thedefaultvaluesofcos-queueareshowinginthefollowingtable.
CoS Queue ID0 21 12 33 44 55 66 77 8
Thedefaultvaluesofdscp-queueareshowinginthefollowingtable.
DSCP Queue ID0~7 28~15 116~23 324~31 432~39 540~47 648~55 756~63 8
541
Thedefaultvaluesofipprecedenceareshowinginthefollowingtable.
IP Precedence Queue ID0 11 22 33 44 55 66 77 8
Thedefaultvaluesofqueue-cosareshowinginthefollowingtable.
Queue ID CoS1 13 24 35 46 57 68 7
542
Thedefaultvaluesofqueue-dscpareshowinginthefollowingtable.
Queue ID DSCP1 02 83 164 245 326 407 488 56
Thedefaultvaluesofqueue-precedenceareshowinginthefollowingtable.
Queue ID DSCP1 02 13 24 35 46 57 68 7
Mode
GlobalConfiguration
543
Usage
Accordingtodifferenttrusttypes,packetswillbeassignedtodifferentqueuesbasedonthespecificqosmap.Forexample,ifthetrusttypeistrustcos,thedevicewillgetthecosvalueinapacketandreferencethecos-queuemappingtoassignthecorrectqueue.Thequeuetocos,dscporprecedencemapsareusedbyaremarkingfeature.Iftheportremarkingfeatureisenabled,theremarkingfunctionwillreferencethese3tablestoremarkpackets.
Example
Thisexampleshowshowtomapcos6and7toqueue1.
Switch(config)#qosmapcos-queue67to1
Switch(config)#showqosmapcos-queue
CoStoQueuemappings
COS01234567
Queue21345611
Thisexampleshowshowtomapqueue4and5tocos7.
Switch(config)#
qosmapqueue-cos45to7
Switch(config)#
showqosmapqueue-cos
QueuetoCoSmappings
Queue12345678
545
QoS Queue
Syntax
qosqueuestrict-priority-num<0-8>
qosqueueweightSEQUENCE
showqosqueueing
Parameter
strict-prioritynum <0-8> SpecifythestrictpriorityqueuenumberweightSEQUENCE Specifythenon-strictpriorityqueueweightvalue.Thevalidqueueweightvalueisfrom
1to127.
Default
Defaultstrictpriorityqueuenumberis8,itmeansallqueuesarestrictpriorityqueue.
Thedefaultqueueweightforeachqueueisshowninfollowingtable.
546
Queue ID Queue Weight1 12 23 34 45 56 97 138 15
Mode
GlobalConfiguration
Usage
Thedevicesupporttotal8queuesforQoSqueueing.Itisabletosetthequeuetobestrictpriorityqueueorweightedqueuetopreventstarvation.Thequeuewithhigheridvaluehashigherpriority.First,youneedtodecidehowmanystrictpriorityqueueyouneed.Thestrictpriorityqueuewillalwaysoccupythehigherpriorityqueue.Forexample,ifyouspecifythestrictprioritynumbertobe2,thenthequeue7and8willbethestrictpriorityqueuesandtheothersareweightedqueues.Afteryousetupthenumberofstrictpriorityqueue,youneedtosetuptheweightfortheweightedqueuesbyusing“qosqueueweight”command.Andthebandwidthwillsharedbytheweightyouconfiguredbetweentheseweightedqueues.
Example
Thisexampleshowshowtosetupdevicewith3strictpriorityqueuesandgiveotherweightedqueueswithweight5,10,15,20,or25.
547
Switch(config)#
qosqueuestrict-priority-num3
Switch(config)#
qosqueueweight510152025
Switch#
showqosqueueing
qid-weightsEf-Priority
1-5dis-N/A
2-10dis-N/A
3-15dis-N/A
4-20dis-N/A
5-25dis-N/A
6-N/Aena-6
7-N/Aena-7
8-N/Aena-8
548
QoS CoS
Syntax
qoscos<0-7>
Parameter
cos<0-7>SpecifytheCoSvaluefortheinterface.
Default
DefaultCoSvalueforinterfaceis0.
Mode
InterfaceConfiguration
Usage
Sometimes,thereisnoqosinformationinthepackets,suchasCoS,DSCP,IPPrecedence.Butyoucangivethepriorityforpacketsbyconfiguringtheinterfacedefaultcosvalue.Ifthereisnoqosinformationinthepackets,thedevicewillusethisdefaultcosvalueandfindthecos-queuemaptogetthefinaldestinationqueue.Usethe“qoscos”commandtoassignaportdefaultcosvalue.
Example
Thisexampleshowshowtoconfiguredefaultcosvalue7oninterfacefa1.
Switch(config)#
interface fa1
549
Switch(config-if)#
qoscos7
Switch(config-if)#
end
Switch#
showqosinterfacesfa1
Port|CoS|TrustState|RemarkCos|RemarkDSCP|RemarkIPPrec
fa1|7|enabled|disabled|disabled|
550
QoS Trust (2)
Syntax
qostrust
noqostrust
Parameter
None
Default
Defaultinterfaceqostruststateisenabled.
Mode
InterfaceConfiguration
Usage
AftertheQoSfunctionisenabledinbasicmode,thedevicealsosupportsaperinterfaceenable/disableqosfunction.Ifthetruststateontheinterfaceisenabled,allingresspacketsofthisinterfacewillremapaccordingtothetrusttypeandtheqosmaps.Otherwise,allingresspacketswillbeassignedtoqueue1.Use“qostrust”toenablethetruststateontheinterfaceanduse“noqostrust”todisablethetruststateontheinterface.
551
Example
Thisexampleshowshowtodisableqostruststateoninterfacefa1.
Switch(config)#
interface fa1
Switch(config-if)#
noqostrust
Switch(config-if)#
end
Switch#
showqosinterfacesfa1
Port|CoS|TrustState|RemarkCos|RemarkDSCP|RemarkIPPrec
fa1|0|disabled|disabled|disabled|
552
QoS Remark
Syntax
qosremark(cos|dscp|precedence)
noqosremark(cos|dscp|precedence)
Parameter
cos Enable/Disablecosremarking.dscp Enable/Disabledscpremarking.precedence Enable/Disableprecedenceremarking.
Default
DefaultCoSremarkingisdisabled.
DefaultDSCPremarkingisdisabled.
DefaultIPPrecedenceremarkingisdisabled.
Mode
InterfaceConfiguration
Usage
theQoSremarkingfeatureallowsyoutochangepriorityinformationinpacketsbasedonanegressqueue.Forexample,ifyouwantallpacketsegressfrominterfacefa1queue1toremarkthecosvaluetobe5fornexttierofdevice,youcanenablethecosremarkingfeatureonfa1andconfigurethequeue-cosmapforqueue1maptocos5.Usethe“qosremark”commandtoenableremarkingfeatureonspecifictype.Anduse“noqowremark”commandtodisableit.
553
Example
Thisexampleshowshowtoenableremarkingfeaturesoninterfacefa1.
Switch(config)#
interface fa1
Switch(config-if)#
qosremarkcos
Switch(config-if)#
qosremarkdscp
Switch(config-if)#
qosremarkprecedence
Switch(config-if)#
end
Switch#
showqosinterfacesfa1
Port|CoS|TrustState|RemarkCos|RemarkDSCP|RemarkIPPrec
fa1|0|enabled|enabled|enabled|enabled
554
Show QoS
Syntax
showqos
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showqos”commandtoshowqoemodeandtrusttype.
Example
Thisexampleshowshowtocheckcurrentqosmode.
Switch#
showqos
QoSMode:basic
Basictrust:cos
555
Show QoS Map
Syntax
showqosmap[(cos-queue|dscp-queue|precedence-queue|queue-cos|
queue-dscp|queue-precedence)]
Parameter
cos-queue ShowCoStoqueuemap.dscp-queue ShowDSCPtoqueuemap.
precedence-queue ShowIPPrecedencetoqueuemap.queue-cos ShowqueuetoCoSmap.queue-dscp ShowqueuetoDSCPmap.queue-precedence ShowqueuetoIPPrecedencemap.
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showqosmap”commandtoshowallkindsofmappingforqosremappingandremarkingfeatures.
Example
556
Example
Thisexampleshowshowtoshowallqosmaps.
Switch(config)#
showqosmap
CoStoQueuemappings
COS01234567
Queue21345678
DSCPtoQueuemappings
d1:d20123456789
0:1111111122
1:2222223333
2:3333444444
3:4455555555
4:6666666677
5:7777778888
6:8888
IPPrecedencetoQueuemappings
IPPrecedence01234567
557
Queue12345678
QueuetoCoSmappings
Queue12345678
CoS10234567
QueuetoDSCPmappings
Queue12345678
DSCP08162432404856
558
Show QoS Interface
Syntax
showqosinterfaceIF_PORTS
Parameter
IF_PORTSSelectporttoshowqosconfigurations.
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Usethe“showqosinterfaces”commandtoshowportdefaultcos,remarkingstate,andremarkingtypestateinformations.
Example
Thisexampleshowshowtoshowqosconfigurationsoninterfacefa1.
Switch#
showqosinterfacesfa1
Port|CoS|TrustState|RemarkCos|RemarkDSCP|RemarkIPPrec
fa1|7|enabled|disabled|disabled|disabled|
560
Rate Limit
Syntax
rate-limitingress<0-1000000>
norate-limitingress
rate-limitegress<0-1000000>[<128-56319>]
rate-limitegressqueue<1-8><0-1000000>[<1024-56319>]
norate-limitegress[<1-8>]
Parameter
Cir Specifythemaximumnumberofkilobitspersecondofingresstrafficonaport.Therangeis100–maxportspeed.
Cbs Specifythemaximumpermittedexcessburstsize(CBS)inbytes
<1-8> Specifytheegressshaperqueuenumber
Default
Rate limiting is disabled.
Mode
Interfaceconfiguration
561
Usage
Usetherate-limitingressInterfaceConfigurationmodecommandtolimittheincomingtrafficrateonaport.UsethenoformofthiscommandtodisabletheratelimitUsetherate-limitegressInterfaceConfigurationmodecommandtoconfiguretheegressportorqueueshaper.Usethenoformofthiscommandtodisabletheshaper.Youcanverifyyoursettingsbyenteringtheshowrunning-configinterfacesPrivilegedEXECcommand.
Example
Thefollowingexampleshowshowtoconfigureingressportratelimitandegressport&queueshaper.
Switch(config)#
interfacesfa7
Switch(config-if)#
rate-limitingress128
Switch(config-if)#
rate-limitegress2048
Switch(config-if)#
rate-limitegressqueue15121024
Switch#
showrunning-configinterfacesfa7interfacefa7
rate-limitingress128
rate-limitegress2048165
563
VLAN Rate Limit
Syntax
rate-limitingress<0-1000000><9216-1000000>vlan<1-4094>
norate-limitvlan<1-4094>
Parameter
<0-1000000> Specifytheaveragetrafficrate(CIR)in16Kbps<9216-1000000> Specifythemaximumburstsize(CBS)in128bytes<1-4094>
Default
Novlanratelimitareconfigured
Mode
GlobalConfigurationorInterfaceConfiguration
Usage
Usetherate-limitingressvlanglobalconfigurationcommandorInterfaceConfigurationtoaddPerVLANRateLimitorPerVLANPerPortRateLimitSettings.Usethenoformofthiscommandtodeletethevlanratelimitsetting.Youcanverifyyoursettingsbyenteringtheshowrate-limitvlanPrivilegedEXECcommand.
564
Example
Switch(config)#
rate-limitinput2569216vlan2
Switch(config)#
interface fa1
Switch(config-if)#
rate-limitinput10249216vlan4
Switch(config)#
showrate-limitvlan
VLAN|Port|rate-limit[Kbps]|Burst[Bytes]
2|ALL|256|9216
4|fa1|1024|9216
565
Show Rate Limit VLAN
Syntax
showrate-limitvlan[<1-4094>]
Parameter
<1-4094>Specifytherate-limitVLANtodisplay
Default
None
Mode
Privileged EXEC
Usage
Usetheshowrate-limitvlancommandinEXECmodetodisplayVLANRateLimitsettings.
Example
ThisexampleshowshowtodisplayVLANRateLimitsetting
Switch(config)#
showrate-limitvlan
VLAN|Port|rate-limit[Kbps]|Burst[Bytes]
2|ALL|256|9216
568
RMON Event
Syntax
rmonevent<1-65535>[log][trapCOMMUNITY][description
DESCRIPTION][ownerNAME]
normonevent<1-65535>
Parameter
<1-65535> Specifyeventindextocreateormodify.[log] (Optional)Specifytoshowsyslog.
[trap COMMUNITY] (Optional)SpecifySNMPcommunitytoshowSNMP
trap.[description
DESCRIPTION]
(Optional)Specifydescriptionofevent
[owner NAME] (Optional)Specifyownerofevent.
Default
Nodefaultisdefined.
Mode
GlobalConfiguration
569
Usage
UsethermonalarmcommandtoaddormodifyaRMONalarmentry.Usethenoformofthiscommandtodeleteit.
Example
TheexampleshowshowtoaddaRMONevententrywithlogandtrapactionandthenmodifyitactiontologonly.Youcan verify settings by the following show rmon event command.
switch(config)#
rmonevent1logtrappublicdescriptiontestowneradmin
switch(config)#
show rmon event 1
RmonEventIndex:1
RmonEventType:LogandTrap
RmonEventCommunity:public
RmonEventDescription:test
RmonEventLastSent:
RmonEventOwner:admin
switch(config)#
rmonevent1logdescriptiontestowneradmin
switch(config)#
show rmon event 1
570
RmonEventIndex:1
RmonEventType:Log
RmonEventCommunity:public
RmonEventDescription:test
RmonEventLastSent:
RmonEventOwner:admin
571
RMON Alarm
Syntax
rmonalarm<1-65535>interfaceIF_PORT(drop-events|octets|pkts|broadcast-pkts|multicastpkts|crc-align-errors|undersize-pkts|oversize-pkts|fragments|jabbers|collisions|pkts64octets|pkts65to127octets|pkts128to255octets|pkts256to511octets|pkts512to1023octets|pkts1024to1518octets)<1-2147483647>(absolute|delta)rising<0-2147483647><0-65535>falling<0-2147483647><0-65535>startup(rising|rising-falling|falling)[ownerNAME]normonalarm<1-65535>
Parameter
<1-65535> Specifyalarmindextocreateormodify IF_PORT Specifytheinterfacetosample(variable) Specifyamibobjecttosample
<1-2147483647> SpecifythetimeinsecondsthatthealarmmonitorstheMIBvariable.(absolute|delta) Specifyabsolutetocomparesamplecounterabsolutely.Specifydeltatocomparedeltacounter
betweensamples<0-2147483647> Specifyanumberwhichthealarmtriggerrisingevent<0-65535> Specifyeventindexwhentherisingthresholdexceeds.<0-2147483647> Specifyanumberwhichthealarmtriggerfallingevent
<0-65535> Specifyeventindexwhenthefallingthresholdexceeds.
(rising|risingfalling|
falling)
Specifyonlytohowrisingorfallingstartupevent.Orshoweitherrisingorfallingstartupevent.
[owner NAME] (Optional)Specifyownerofalarm.
572
Default
Nodefaultisdefined.
Mode
GlobalConfiguration
Usage
UsethermoneventcommandtoaddormodifyaRMONevententry.Beforeyouaddanalarmentry,atleastoneevententrymustbeadded.Usethenoformofthiscommandtodeleteit.
Example
TheexampleshowshowtoaddaRMONalarmentrythatsampleinterfacefa1packetsdeltacountevery300seconds.ATriggereventofindex1occursifitisoverrisingathresholdof10000,oratriggereventindexof2iflitisowerthanthefallingthreshold.Youcanverifysettingsbythefollowingshowrmonalarmcommand.
switch(config)#
rmon event 1 log
switch(config)#
rmon event 2 log
switch(config)#
show rmon event all
RmonEventIndex:1
RmonEventType:Log
573
RmonEventCommunity:
RmonEventDescription:
RmonEventLastSent:
RmonEventOwner:
RmonEventIndex:2
RmonEventType:Log
RmonEventCommunity:
RmonEventDescription:
RmonEventLastSent:
RmonEventOwner:
Switch(config)#
rmonalarm1interfacefa1pkts300deltarising100001falling1001startuprising-fallingowneradmin
RmonAlarmIndex:1
RmonAlarmSampleInterval:300
RmonAlarmSampleInterface:fa1
RmonAlarmSampleVariable:Pkts
RmonAlarmSampleType:delta
RmonAlarmType:RisingorFalling
574
RmonAlarmRisingThreshold:10000
RmonAlarmRisingEvent:1
RmonAlarmFallingThreshold:100
RmonAlarmFallingEvent:1
RmonAlarmOwner:admin
575
RMON History
Syntax
rmonhistory<1-65535>interfaceIF_PORT[buckets<1-65535>]
[interval<1-3600>][ownerNAME]
normonhistory<1-65535>
Parameter
<1-65535> Specifyhistoryindextocreateormodify. IF_PORT Specifytheinterfacetosample[bucket <1-65535>] (Optional)Specifythemaximumnumberofbuckets.
[interval <>1-3600] (Optional)Specifytimeintervalforeachsample[owner NAME] (Optional)Specifyownerofhistory
Default
Nodefaultisdefined.
Mode
GlobalConfiguration
Usage
UsethermonhistorycommandtoaddormodifyaRMONhistoryentry.Usethenoformofthiscommandtodeleteit.
576
Example
TheexampleshowshowtoaddaRMONhistoryentrythatmonitorsinterfacefa1every60secondsandthenmodifyittomonitorevery30seconds.Youcanverifysettingsbythefollowingshowrmonhistorycommand.
switch(config)#
rmonhistory1interfacefa1interval60owneradmin
switch(config)#
show rmon history 1
RmonHistoryIndex:1
RmonCollectionInterface:fa1
RmonHistoryBucket:50
RmonhistoryInterval:60
RmonHistoryOwner:admin
switch(config)#
rmonhistory1interfacefa1interval30owneradmin
switch(config)#
show rmon history 1
RmonHistoryIndex:1
RmonCollectionInterface:fa1
RmonHistoryBucket:50
578
Clear RMON Interfaces Statistics
Syntax
clearrmoninterfacesIF_PORTSstatistics
Parameter
IF_PORTSspecifiesportstoclear
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheclearrmoninterfacesstatisticscommandtoclearRMONetherStatstatisticsthosearerecordedoninterface.
Example
TheexampleshowshowtoclearRMONetherStatstatisticsoninterfacegi1.Youcanverifysettingsbythefollowingshow rmon interface statistics command.
switch#
clear rmon interfaces gi1 statistics
579
switch#
show rmon interfaces gi1 statistics
Port gi1
etherStatsDropEvents:0
etherStatsOctets:0
etherStatsPkts:0
etherStatsBroadcastPkts:0
etherStatsMulticastPkts:0
etherStatsCRCAlignErrors:0
etherStatsUnderSizePkts:0
etherStatsOverSizePkts:0
etherStatsFragments:0
etherStatsJabbers:0
etherStatsCollisions:0
etherStatsPkts64Octets:0
etherStatsPkts65to127Octets:0
etherStatsPkts128to255Octets:0
etherStatsPkts256to511Octets:0
581
Show RMON Interfaces Statistics
Syntax
showrmoninterfacesIF_PORTSstatistics
Parameter
IF_PORTSspecifiesportstoshow
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowrmoninterfacesstatisticscommandtoshowRMONetherStatstatisticsoftheinterface.
Example
TheexampleshowshowtoshowRMONetherStatstatisticsofinterfacegi1.
switch(config)#
show rmon interfaces gi1 statistics
Port gi1
etherStatsDropEvents:0
582
etherStatsOctets:81882
etherStatsPkts:578
etherStatsBroadcastPkts:10
etherStatsMulticastPkts:0
etherStatsCRCAlignErrors:0
etherStatsUnderSizePkts:0
etherStatsOverSizePkts:0
etherStatsFragments:0
etherStatsJabbers:0
etherStatsCollisions:0
etherStatsPkts64Octets:355
etherStatsPkts65to127Octets:126
etherStatsPkts128to255Octets:0
etherStatsPkts256to511Octets:42
etherStatsPkts512to1023Octets:55
etherStatsPkts1024to1518Octets:0
583
Show RMON Event
Syntax
showrmonevent(<1-65535>|all)
Parameter
<1-65535>specifieseventindextoshow
all Show all existed event
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowrmoneventcommandtoshowanexistingRMONevententry.
Example
Theexampleshowshowtoshowarmonevententry.
switch(config)#
rmonevent1logtrappublicdescriptiontestowneradmin
584
switch(config)#
show rmon event 1
RmonEventIndex:1
RmonEventType:LogandTrap
RmonEventCommunity:public
RmonEventDescription:test
RmonEventLastSent:
RmonEventOwner:admin
585
Show RMON Event Log
Syntax
showrmonevent<1-65535>log
Parameter
<1-65535>specifieseventindextoshoweventlog
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowrmoneventlogcommandtoshowalogtriggeredbyaRMONalarm.
Example
Theexampleshowshowtoshowarmoneventlog.
switch(config)#
show rmon event 1 log
Index:1
AlarmIndex:1
587
Show RMON Alarm
Syntax
showrmonalarm(<1-65535>|all)
Parameter
<1-65535> specifiesalarmindextoshow
all Show all existed alarm
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowrmonalarmcommandtoshowexistingRMONalarmentries.
Example
Theexampleshowshowtoshowanrmonalarmentry.
Switch(config)#
rmonalarm1interfacefa1pkts300deltarising100001
falling1001startuprising-fallingowneradmin
588
RmonAlarmIndex:1
RmonAlarmSampleInterval:300
RmonAlarmSampleInterface:fa1
RmonAlarmSampleVariable:Pkts
RmonAlarmSampleType:delta
RmonAlarmType:RisingorFalling
RmonAlarmRisingThreshold:10000
RmonAlarmRisingEvent:1
RmonAlarmFallingThreshold:100
RmonAlarmFallingEvent:1
RmonAlarmOwner:admin
589
Show RMON History
Syntax
showrmonhistory(<1-65535>|all)
Parameter
<1-65535> specifieshistoryindextoshow
All Show all existed history
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowrmonhistorycommandtoshowexistingRMONhistoryentries.
Example
TheexampleshowshowtoshowanRMONhistoryentry.
switch(config)#
rmonhistory1interfacefa1interval30owneradmin
590
switch(config)#
show rmon history 1
RmonHistoryIndex:1
RmonCollectionInterface:fa1
RmonHistoryBucket:50
RmonhistoryInterval:30
RmonHistoryOwner:admin
591
Show RMON History Statistics
Syntax
showrmonhistory<1-65535>statistic
Parameter
<1-65535>specifieshistoryindextoshowhistorystatistic
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowrmonhistorystatisticcommandtoshowstatisticsthatarerecordedbyRMONhistory.
Example
TheexampleshowshowtoshowRMONhistorystatistics.
switch(config)#
show rmon history 1 statistics
592
SampleIndex:2
IntervalStart:(32940466)3days,19:30:04.66
DropEvents:0
Octets:117226
Pkts:763
BroadcastPkts:9
MulticastPkts:0
CRCAlignErrors:0
UnderSizePkts:0
OverSizePkts:0
Fragments:0
Jabbers:0
Collisions:0
Utilization:1
SampleIndex:1
IntervalStart:(32939462)3days,19:29:54.62
DropEvents:0
Octets:220
Pkts:3
593
BroadcastPkts:1
MulticastPkts:0
CRCAlignErrors:0
UnderSizePkts:0
OverSizePkts:0
Fragments:0
Jabbers:0
Collisions:0
Utilization:0
595
SNMP
Syntax
snmp
nosnmp
Parameter
None
Default
nosnmp
Mode
GlobalConfiguration
Usage
‘nosnmp’willdisablesnmp.‘snmp’willenablesnmp.Theconfigurationcanuseshowsnmp.
Example
Thefollowingexamplespecifiesthesetglobalsnmptest.
Switch(config)#
snmp
597
SNMP Trap
Syntax
[no]snmptrap(auth|linkUpDown|warm-start|cold-start|port-security)
Parameter
None
Default
snmptrapauth
snmptraplinkUpDown
snmptrapwarm-start
snmptrapcold-start
snmptrapport-security
Mode
GlobalConfiguration
Usage
‘nosnmptrapauth’snmpwillnotsendauthfailuretrap.‘nosnmptraplinkUpDown’snmpwillnotsendlinkupandlinkdowntrap.‘nosnmptrapwarm-startsnmpwillnotsendwarmstarttrap.‘nosnmptrapcold-start’snmpwillnotsendcoldstarttrap.‘nosnmptrapport-security’snmpwillnotsendport-securitytrap.Theconfigurationcanuseshowsnmptrap.
598
Example
Thefollowingexamplespecifiesthesettrapauthdisabletest.
Switch(config)#
nosnmpauth
Switch#
showsnmptrap
SNMPauthfailedtrap:Disable
SNMPlinkUpDowntrap:Enable
SNMPwarm-starttrap:Enable
SNMPcold-starttrap:Enable
SNMPportsecuritytrap:Enable
599
SNMP View
Syntax
snmpviewNAMEsubtreeOIDoid-mask(all|MASK)viewtype
(included|excluded)
nosnmpviewNAMEsubtree(all|OID)
Parameter
Name ViewNameOID ViewsubtreeOID
(all | MASK) ViewsubtreeOIDmask.All:allmaskbitis‘1’(include | exclude) Viewsubtreeisaccessedornotallowedaccess.(all | OID) DeletetheViewnameallsubtreeOIDorspecifiesOID
Default
DefaultViewis“all”andthesubtreeis1.Thetypeisincluded.
Mode
GlobalConfiguration
Usage
Thedefaultviewcan’tdeleteandbecreatedbytheuser.TheminviewissysUpTime.Theconfigurationcanuse‘showsnmpview’tocheckit.
600
Example
ThefollowingexamplespecifiesthesetviewsystemViewtest.
Switch(config)#
snmpviewsystemViewsubtree1.3.6.1.2.1.1oid-maskallviewtypeincluded
Switch#
showsnmpview
ViewNameSubtreeOIDOIDMaskViewType
all.1allincluded
systemView.1.3.6.1.2.1.1allincluded
601
SNMP Access Group
Syntax
snmpgroupNAMEversion(1|2c|3)(noauth|auth|priv)read-view
NAMEwrite-viewNAME[notify-viewNAME]
nosnmpgroupNAMEsecurity-modeversion(1|2c|3)
Parameter
Group Name Accessgroupname1 | 2c | 3 Accessmodelforsnmpv1/v2/v3
noauth | auth | priv Noauthforsnmpv1/v2
Authandprivgroupforsnmpv3Read-view NameAccessgroupspecifiesreadviewWrite-view NameAccessgroupspecifieswriteviewNotify-view NameAccessgroupspecifiesnotifyview
Default
None
Mode
GlobalConfiguration
602
Usage
Thegroupversion1and2careonlyforsnmpcommunityuse.Version3isonlyforsnmpuseruse.Whenthegroupversionis1or2c,Youcanonlyusenoauth.Theread/write/notifyviewmustexisttoproceed.Theconfigurationcanuse‘showsnmpgroup’tocheck.
Example
Thefollowingexamplespecifiesthatsetsnmpgrouptest.
Switch(config)#
snmpgroupgroup11noauthread-viewallwrite-viw“”
Switch(config)#
snmpgroupgroup22cnoauthread-viewallwrite-viewall
Switch(config)#
snmpgroupgroup33authread-viewallwrite-viewall
Switch#
showsnmpgroup
GroupNameModelLevelReadViewWriteViewNotifyView
group1v1noauthall------
group2v2cnoauthallall---
group3v3authallall---
603
SNMP Community
Syntax
snmpcommunityNAME[groupNAME][viewNAME](ro|rw)
nosnmpcommunityNAME
Parameter
Community Name Snmpv1/v2communityname[group Name] Snmpcommunityspecifiesaccessgroupname[view Name] Snmpcommunityspecifiesview
(ro | rw) Snmpcommunityreadorreadwriteattribute
Default
None
Mode
GlobalConfiguration
Usage
Thecommunitycan’tspecifygroupandviewatthesametime.Thecommunityspecifiesthegroupwhichmustexistandmustmatchthesecuritymodel.Thecommunityspecifiestheviewwhichmustexistaswell.Itwillgeneratethenoexistv1orv2accessgroupforthecommunity.Theconfigurationcanuse‘showsnmpcommunity’tocheck.
604
Example
Thefollowingexamplespecifiesthatconfiguredcommunitytest.
Switch(config)#
snmpcommunitpublicro
Switch(config)#
snmpcommunitprivaterw
Switch(config)#
snmpcommunittest1viewall
Switch#
showsnmpcomunity
CommnunityNameGroupNameViewAccess
publicpublic_groupallro
privateprivate_groupallrw
test1test1_groupallrw
605
SNMP User
Syntax
snmpuserUSERNAMEGROUPNAME[auth(md5|sha)
AUTHPASSWD]
snmpuserUSERNAMEGROUPNAMEauth(md5|sha)
AUTHPASSWDprivPRIVPASSWD
nosnmpuserNAME
Parameter
USERNAME SnmpusernameGROUPNAME Snmpuserspecifiesgroup.
[auth (md5 | sha)] SnmpuserauthprotocolAUTHPASSWD SnmpuserauthpasswordPRIVPASSWD Snmpuserprivpassword
Default
None
Mode
GlobalConfiguration
606
Usage
Thegroupversionmustbev3andthesecuritylevelmustmatchthesnmpuserconfiguration.TheAUTHPASSWDandPRIVPASSWDminlengthis8.Theconfigurationcanuse‘showsnmpuser’tocheck.
Example
Thefollowingexamplespecifiesthesetauthsnmpusertest.
Switch(config)#
snmpgroupgroup33authread-viewallwrite-viewall
Switch(config)#
snmpuseruser1group3authmd512345678
Switch#showsnmpuser
Username:user1
Password:********
PrivilegeMode:rw
AccessGroupName:group3
AuthenticationProtocol:md5
EncryptionProtocol:none
AccessSecLevel:auth
607
SNMP EngineID
Syntax
snmpengineid(default|ENGINEID)
snmpengineidremote(A.B.C.D|X:X::X:X)ENGINEID
nosnmpengineidremote(A.B.C.D|X:X::X:X)
Parameter
(default |ENGINEID) DefaultisMACaddress.ENGINEIDis10~64hexcharacters(A.B.C.D|X:X::X:X) Hostipv4/ipv6address
Default
Snmpengineiddefault
Mode
GlobalConfiguration
Usage
ThedefaultengineidisDUTMACaddress.Theconfigurationcanuse‘showsnmpengineid’.
608
Example
Thefollowingexamplespecifiesthatsetremoteengineidtest.
Switch(config)#
snmpengineidremote192.168.1.100112233445566
Switch#
showsnmpengineid
LocalSNMPV3Engineid:DEADBEEF0114
IPaddressRemoteSNMPengineID
192.168.1.100112233445566
609
SNMP Host
Syntax
snmphost (A.B.C.D|X:X::X:X|HOSTNAME) [(traps | informs)] [version (1|2c)]NAME[udp-port<1-65535>] [timeout<1-300>][retries<1-255>]snmphost(A.B.C.D|X:X::X:X|HOSTNAME)[(traps|informs)]version3[(auth|noauth|priv)]NAME[udp-port<1-65535>][timeout<1-300>][retries<1-255>]
nosnmphost(A.B.C.D|X:X::X:X|HOSTNAME)[(traps|informs)][version(1|2c|3)]
Parameter
(A.B.C.D|X:X::X:X|HOST NAME) Snmptraphostipv4/ipv6addressorhostname[(traps | informs)] Snmpnotificationtypeistrapsorinforms[version (1|2c|3)] V1/v2c/v3traps
[(auth | noauth | priv)] V3trapforauth/noauth/privNAME Snmpcommunitynameorusername[udp-port <1-65535>] Themanagereceivetrapudpportnum[timeout <1-300>] Thenotifytypeisinformtimeoutvalue[retries <1-255>] Thenotifytypeisinformretries
Default
None
Mode
GlobalConfiguration
610
Usage
Thiscommandcan’tconfigureversion1inform.Whenusingtraps,thiscommandcan’tconfiguretheudp-portandretries.ThehostuseerNAMEwhichisasnmpcommunityoruserNAMEmustexist.ThehostuserhostsecuritylevelmustmatchthesnmpusersecuritylevelTheconfigurationcanuse‘showsnmphost’tocheck
Example
Thefollowingexamplespecifiesthedisplaygvrperrorstatisticsandstatisticstest.
Switch(config)#
snmpcommunitypublicro
Switch(config)#
snmpcommunityprivaterw
Switch(config)#
snmpgroupgroup33authread-viewallwrite-viewall
Switch(config)#
snmpuseruser1group3authmd512345678
Switch(config)#
snmphost192.168.1.100version2cpublic
Switch(config)#
snmphost192.168.1.100informsversion2cprivate
611
Switch(config)#
snmphost192.168.1.100version3authuser1
Switch#
showsnmphost
ServerCommunityNameNotificationVersionNotification
TypeUDPPortRetriesTimeout
192.168.1.100publicv2ctrap
192.168.1.100privatev2cinform200310
192.168.1.100user1v3trap
612
Show SNMP
Syntax
showsnmp
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwillshowthesnmpstatus.
Example
Thefollowingexamplespecifiesthatshowsnmptest.
Switch#
showsnmp
613
Show SNMP Trap
Syntax
showsnmptrap
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaythesnmptrapclassauth/linkupdown/cold-start/warmstart/port-security/status.
Example
Thefollowingexamplespecifiesthedisplaysnmptraptest.
Switch#
showsnmptrap
614
Show SNMP View
Syntax
showsnmpview
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaythesnmpviewentry.
Example
Thefollowingexamplespecifiesthedisplaysnmpviewtest.
Switch#
showsnmpview
615
Show SNMP Group
Syntax
showsnmpgroup
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaythesnmpgroup.
Example
Thefollowingexamplespecifiesthedisplaysnmpgrouptest.
Switch#
showsnmpgroup
616
Show SNMP Community
Syntax
showsnmpcommunity
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaythesnmpcommunityentry.
Example
Thefollowingexamplespecifiesthedisplaysnmpcommunitytest.
Switch#
showsnmpcommunity
617
Show SNMP Host
Syntax
showsnmphost
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaythesnmphostentry.
Example
Thefollowingexamplespecifiesthatdisplaysnmphosttest.
Switch#
showsnmphost
618
Show SNMP User
Syntax
showsnmpuser
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaythesnmpuserentry.
Example
Thefollowingexamplespecifiesthatdisplaysnmpusertest.
Switch#
showsnmpuser
619
Show SNMP EngineIDSyntax
show snmp engineid
Parameter
None
Default
None
Mode
Privileged mode
Usage
Thiscommandwilldisplaythesnmplocal/remoteengineid.
Example
Thefollowingexamplespecifiesthedisplaysnmplocal/remoteengineidtest.
Switch#
showsnmpengineid
621
Storm-Control Unit
Syntax
storm-controlunit(bps|pps)
Parameter
bps Stormcontrolratecalculatesbyoctet-basedpps Stormcontrolratecalculatesbypacket-based
Default
Defaultstormcontrolunitisbps.
Mode
GlobalConfiguration
Usage
TheStormControlmechanismwilltrytocalculateifingresspacketsexceedtheconfiguredrateornotandenactthecorrespondingaction.Thiscommandallowsyoutochangetheunitofthecalculatingmethod.
Example
ThisexampleshowshowtoconfiguretheStormControlrateunitaspps.
Switch(config)#
storm-controlunitpps
622
Thisexampleshowshowtoshowthestormcontrolglobalconfiguration.
Switch#
showstorm-control
StormcontrolpreambleandIFG:Excluded
Stormcontrolunit:pps
623
Storm-Control IFG
Syntax
storm-controlifg(include|exclude)
Parameter
include Includepreamble&IFG(20bytes)whencountingressstormcontrolrate.exclude Excludepreamble&IFG(20bytes)whencountingressstormcontrolrate
Default
Defaultstormcontrolinterframegapisexcluded.
Mode
GlobalConfiguration
Usage
TheStormControlmechanismwill try to calculate if ingress packets exceed the configured rate or not and do thecorrespondingaction.Thiscommandallowsyoutodecidetoinclude/excludethepreambleandinterframegapintothecalculation.
Example
ThisexampleshowshowtoconfiguretheStormControlrateunitaspps.
Switch(config)#
storm-controlifginclude
624
ThisexampleshowshowtoshowStormControlglobalconfiguration.
Switch#
showstorm-control
StormcontrolpreambleandIFG:Included
Stormcontrolunit:pps
625
Storm-Control
Syntax
storm-control
nostorm-control
storm-control (broadcast | unknown-unicast | unknown-multicast) no storm-control (broadcast | unknown-unicast |unknown-multicast)
storm-control(broadcast|unknown-unicast|unknown-multicast)level<0-1000000>
nostorm-control(broadcast|unknown-unicast|unknown-multicast)level
Parameter
broadcast Selectbroadcaststormcontroltypeunknown-unicast Selectunknownunicaststormcontroltype
unknownmulticast Selectunknownmulticaststormcontroltype
level <0-1000000> Specifythestormcontrolrateforselectedtype
Default
Defaultbroadcaststormcontrolisdisabled.
Defaultunknownmulticaststormcontrolisdisabled
Defaultunknownunicaststormcontrolisdisabled
Defaultbroadcaststormcontrolrateis10000.
626
Defaultunknownmulticaststormcontrolrateis10000.
Defaultunknownunicaststormcontrolrateis10000.
Mode
InterfaceConfiguration
Usage
TheStormControlfunctionisabletoenable/disableoneachsingleport.Usethe“stormcontrol”commandtoenablethestormcontrolfeatureontheselectedports.Usethe“nostormcontrol”commandtodisabletheStormControlfeature.Noteveryportisabletoenable/disableoneachport.EachStormControltypeisalsoabletoenable/disableoneachsingleport.Usethe“storm-control(broadcast|unknown-unicast|unknown-multicast)”commandtoenablethestormcontroltypeyouneedandusenoformtodisableit.Eachcontroltypeisallowedtohaveadifferentstormcontrolrate.Usethe“stormcontrol (broadcast |unknown-unicast |unknown-multicast) level”commandtoconfigure itandusenoformtorestoretoitsdefaultvalue.
Example
ThisexampleshowshowtoenableStormControloninterfacefa1.
Switch(config)#
interface fa1
Switch(config-if)#
storm-control
ThisexampleshowshowtoenablebroadcastStormControlandconfigurethebroadcaststormcontrolrateto200.
627
Switch(config)#
interface fa1
Switch(config-if)#
storm-controlbroadcast
Switch(config-if)#
storm-controlbroadcastlevel200
Thisexampleshowshowtoshowthecurrentstormcontrolconfigurationoninterfacefa1.
Switch#
showstorm-controlinterfacesfa1
Port|State|Broadcast|Unkown-Multicast|Unknown-Unicast|Action|
|pps|pps|pps
fa1enable200Off(10000)Off(10000)
Shutdown
628
Storm-Control Action
Syntax
storm-controlaction(drop|shutdown)
nostorm-controlaction
Parameter
drop Stormcontrolratecalculatesbyoctet-based
shutdown
Default
Defaultstormcontrolactionisdrop.
Mode
InterfaceConfiguration
Usage
ThestormcontrolmechanismallowsyoutodroppacketswhichexceedtheStormControlrateorjustshutdowntheport.Usenoformtorestoretodefaultactions.
629
Example
ThisexampleshowshowtoconfigureStormControlactiontoshutdowntheportoninterfacefa1.
Switch(config)#
interface fa1
Switch(config-if)#
storm-controlactionshutdown
ThisexampleshowshowtoshowtheStormControlactiononinterfacefa1.
Switch#
showstorm-controlinterfacesfa1
Port|State|Broadcast|Unkown-Multicast|Unknown-Unicast|Action|
|pps|pps|pps
fa1disableOff(10000)Off(10000)Off(10000)
Shutdown
630
Show Storm-Control
Syntax
showstorm-control
showstorm-controlinterfaceIF_PORTS
Parameter
IF_PORTSSpecifyporttoshow.
Default
Nodefaultvalueforthiscommand
Mode
Privileged EXEC
Usage
Usethe“showstorm-control”commandtoshowallStormControlrelatedconfigurationsincludingglobalconfigurationand per port configurations. Use the “show storm-control interface” command to show selected port Storm Controlconfigurations.
Example
Thisexampleshowshowtoshowstormcontrolglobalconfiguration.
Switch#
showstorm-control
631
StormcontrolpreambleandIFG:Excluded
Stormcontrolunit:pps
Thisexampleshowshowtoshowcurrentstormcontrolconfigurationoninterfacefa1.
Switch#
showstorm-controlinterfacesfa1
Port|State|Broadcast|Unkown-Multicast|Unknown-Unicast|Action
||pps|pps|pps
fa1enable200Off(10000)Off(10000)
Shutdown
633
Spanning-Tree
Syntax
spanning-tree
nospanning-tree
Default
spanning-tree
Mode
GlobalConfiguration
Usage
EnablesorDisablestheSpanning-TreeProtocol.Usethe`spanning-tree`commandtoenableSTPor`nospanning-tree`command to disable STP.
Example
ThefollowingexamplesetstheSTPstatustoenabled/disabled.
Switch285500#
configure
Switch285500(config)#
spanning-tree
634
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeSTP
Defaultportcostmethod:long
RootIDPriority32768
Address00:05:83:28:55:00
This switch is the root
HelloTime2secMaxAge20secForwardDelay15sec
Numberoftopologychanges1lastchangeoccurred01:49:43ago
Times:hold0,topologychange0,notification0
hello2,maxage20,forwarddelay15
Interfaces
NameStatePrio.NbrCostStsRolePortFast
Type
fa1enabled128.1200000FrwDesgNoP2P
(STP)
635
Spanning-Tree BPDU
Syntax
spanning-treebpdu(filtering|flooding)
Parameter
(filtering|flooding)SpecifytheforwardingactionofBPDUtofilteringorflooding.
Default
spanning-treebpduflooding
Mode
GlobalConfiguration
Usage
ConfiguretheBPDUforwardingactionwhenSTPisdisabled.
Example
ThisexamplesetstheBPDUforwardingactiontofiltering.
Switch285500#
configure
Switch285500(config)#
nospanning-tree
636
Switch285500(config)#
spanning-treebpdufiltering
Switch285500(config)#
exit
Switch285500#
showspanning-tree
Spanningtreedisabled(BPDUfiltering)modeSTP
Defaultportcostmethod:long
Switch285500#
637
Spanning-Tree Mode
Syntax
spanning-treemode(stp|rstp|mstp)
Parameter
stp SpecifythemodetoSpanningTreeProtocol.rstp SpecifythemodetoRapidSpanningTreeProtocol.mstp SpecifythemodetoMultipleSpanningTreeProtocol
Default
spanning-treemodestp
Mode
GlobalConfiguration
Usage
Configuretheforce-versionoftheSpanning-TreeProtocol.Theconfigurationcouldbeshownbythe“showspanning-tree” command.
Example
ThisexamplesetsSTPmodetoRSTP(RapidSpanningTreeProtocol).
Switch285500#
configure
638
Switch285500(config)#
spanning-treemoderstp
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeRSTP
Defaultportcostmethod:long
RootIDPriority32768
Address00:05:83:28:55:00
This switch is the root
HelloTime2secMaxAge20secForwardDelay15sec
Numberoftopologychanges1lastchangeoccurred00:05:13ago
Times:hold0,topologychange0,notification0
hello2,maxage20,forwarddelay15
Interfaces
NameStatePrio.NbrCostStsRolePortFast
Type
640
Spanning-Tree Priority
Syntax
spanning-treepriority<0-61440>
Parameter
<0-61440>Specifythebridgepriority,itmustmultiplesof4096.
Default
spanning-treepriority32768
Mode
GlobalConfiguration
Usage
Thiscommandconfiguresthebridgepriority.Theconfigurationcouldbeshownbythe“showspanning-tree”command.
Example
Thisexamplesetsthebridgepriorityto16384.
Switch285500#
configure
Switch285500(config)#
spanning-treepriority16384
641
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeRSTP
Defaultportcostmethod:long
RootIDPriority16384
Address00:05:83:28:55:00
This switch is the root
HelloTime2secMaxAge20secForwardDelay15sec
Numberoftopologychanges2lastchangeoccurred00:03:37ago
Times:hold0,topologychange0,notification0
hello2,maxage20,forwarddelay15
Interfaces
NameStatePrio.NbrCostStsRolePortFastType
fa1enabled128.1200000FrwDesgNoP2P
(RSTP)
Switch285500#
642
Spanning-Tree Hello-Time
Syntax
spanning-treehello-time<1-10>
Parameter
<1-10>Specifythehello-timeinterval(second).
Default
spanning-treehello-time2
Mode
GlobalConfiguration
Usage
This commandconfigures theBPDUhello-time interval (in second).Theconfiguration couldbeshownby the “showspanning-tree”command.
Example
ThisexamplesetstheBPDUhello-timeto5sec.
Switch285500#
configure
643
Switch285500(config)#
spanning-treehello-time5
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeRSTP
Defaultportcostmethod:long
RootIDPriority16384
Address00:05:83:28:55:00
This switch is the root
HelloTime5secMaxAge20secForwardDelay15sec
Numberoftopologychanges2lastchangeoccurred00:00:01ago
Times:hold0,topologychange0,notification0
hello5,maxage20,forwarddelay15
Interfaces
NameStatePrio.NbrCostStsRolePortFast
Type
645
Spanning-Tree Max-Hops
Syntax
spanning-treemax-hops<1-40>
Parameter
<1-40>Specifythemax-hopsvalue.
Default
spanning-treemax-hops20
Mode
GlobalConfiguration
Usage
ThiscommandconfiguresthemaximumhopsvalueforMSTP.Theconfigurationcouldbeshownby“showspanning-tree”command.
Example
Thisexamplesetsthemax-hopsto15.
Switch285500#
configure
646
Switch285500(config)#
spanning-treemax-hops15
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeMSTP
Defaultportcostmethod:long
Gathering information
######MST0VlansMapped:1-4094
CSTRootIDPriority16384
Address00:05:83:28:55:00
This switch is root for CST and IST master
HelloTime2secMaxAge20secForwardDelay15sec
Maxhops15
NameStatePrio.NbrCostStsRolePortFastType
fa1enabled128.1200000FrwDesgNoP2PIntr
Switch285500#
647
Spanning-Tree Forward-Delay
Syntax
spanning-treeforward-delay<4-30>
Parameter
<4-30>Specifytheforward-delayinterval(second).
Default
spanning-treeforward-delay15
Mode
GlobalConfiguration
Usage
ThiscommandconfigurestheBPDUforward-delayinterval(inseconds).Theconfigurationcouldbeshownbythe“showspanning-tree”command.
Example
ThisexamplesetstheBPDUforward-delayto30sec.
Switch285500#
configure
648
Switch285500(config)#
spanning-treeforward-delay30
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeSTP
Defaultportcostmethod:long
RootIDPriority16384
Address00:05:83:28:55:00
This switch is the root
HelloTime2secMaxAge20secForwardDelay30sec
Numberoftopologychanges6lastchangeoccurred00:00:30ago
Times:hold0,topologychange0,notification0
hello2,maxage20,forwarddelay30
Interfaces
NameStatePrio.NbrCostStsRolePortFastType
fa1enabled128.1200000FrwDesgNoP2P
650
Spanning-Tree Maximum-Age
Syntax
spanning-treemaximum-age<6-40>
Parameter
<6-40>Specifythemaximum-agetime(second).
Default
spanning-treemaximum-age20
Mode
GlobalConfiguration
Usage
ThiscommandconfigurestheBPDUmaximum-ageinterval(inseconds).Theconfigurationcouldbeshownbythe“showspanning-tree”command.
Example
ThisexamplesetstheBPDUmaximum-ageto10sec.
Switch285500#
configure
651
Switch285500(config)#
spanning-treemaximum-age10
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeSTP
Defaultportcostmethod:long
RootIDPriority16384
Address00:05:83:28:55:00
This switch is the root
HelloTime2secMaxAge10secForwardDelay15sec
Numberoftopologychanges7lastchangeoccurred00:00:02ago
Times:hold0,topologychange0,notification0
hello2,maxage10,forwarddelay15
Interfaces
NameStatePrio.NbrCostStsRolePortFastType
fa1enabled128.1200000FrwDesgNoP2P
653
Spanning-Tree TX-Hold-Count
Syntax
spanning-treetx-hold-count<1-10>
Parameter
<1-10>Specifythetx-hold-countvalue.
Default
spanning-treetx-hold-count6
Mode
GlobalConfiguration
Usage
ThiscommandconfigurestheBPDUtx-hold-count.
Example
ThisexamplesetstheBPDUhello-timeto5sec.
Switch285500#
configure
Switch285500(config)#
spanning-treetx-hold-count10
655
Spanning-Tree Pathcost Method
Syntax
spanning-treepathcostmethod(long|short)
Parameter
longSpecifythetypeofpathcostvalueto32bits(long).
shortSpecifythetypeofpathcostvalueto16bits(short).
Default
spanning-treepathcostmethodlong
Mode
GlobalConfiguration
Usage
ThiscommandconfigurestheBPDUpathcostvaluetypeto16bits(short)or32bits(long).Theconfigurationcouldbeshownbythe“showspanning-tree”command.
Example
Thisexamplesetsthetypeofpathcostvaluetoshort.
Switch285500#
configure
656
Switch285500(config)#
spanning-treepathcostmethodshort
Switch285500(config)#
exit
Switch285500#
showspanning-tree
SpanningtreeenabledmodeSTP
Defaultportcostmethod:short
RootIDPriority32768
Address00:05:83:28:55:00
This switch is the root
HelloTime2secMaxAge20secForwardDelay15sec
Numberoftopologychanges11lastchangeoccurred00:00:17ago
Times:hold0,topologychange0,notification0
hello2,maxage20,forwarddelay15
Interfaces
NameStatePrio.NbrCostStsRolePortFastType
fa1enabled128.119FrwDesgNoP2P
658
Spanning-Tree Port-Priority
Syntax
spanning-treeport-priority<0-240>
Parameter
<0-240>SpecifytheSTPportpriority.Itmustmultiplesof16.
Default
spanning-treeport-priority128
Mode
PortConfiguration
Usage
ThiscommandperportconfigurestheSTPportpriority.Theconfigurationcouldbeshownbythe“showspanning-treeinterface” command.
Example
Thisexamplesetsportfa1STPportpriorityto64.
Switch285500#
configure
659
Switch285500(config)#
interface fa1
Switch285500(config-if)#
spanning-treeport-priority64
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treeinterfacesfa1
Port fa1 enabled
State:forwardingRole:designated
Portid:64.1Portcost:200000
Type:P2P(STP)PortFast:No
DesignatedbridgePriority:32768Address:00:05:83:28:55:00
Designatedportid:64.1Designatedpathcost:0
BPDUFilter:DisabledBPDUguard:Disabled
BPDU:sent1794,received0
661
Spanning-Tree Cost
Syntax
spanning-treecost<0-200000000>
Parameter
<0-200000000>SpecifytheSTPportcost.Inshortpathcostmethod,therangeisfrom0to65535.(0=Auto)
Default
spanning-treecost0
Mode
PortConfiguration
Usage
ThiscommandperportconfigurestheSTPportcost.Theconfigurationcouldbeshownbythe“showspanning-treeinterface” command.
Example
Thisexamplesetsportfa1STPportcostto100.
Switch285500#
configure
662
Switch285500(config)#
interface fa1
Switch285500(config-if)#
spanning-treecost100
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treeinterfacesfa1
Port fa1 enabled
State:forwardingRole:
designated
Portid:128.1Portcost:100
Type:P2P(STP)PortFast:No
DesignatedbridgePriority:32768Address:
00:05:83:28:55:00
Designatedportid:128.1Designatedpath
664
Spanning-Tree Edge
Syntax
spanning-treeedge
nospanning-treeedge
Default
nospanning-treeedge
Mode
PortConfiguration
Usage
ThiscommandperportconfigurestheSTPedgeportfunction.Theconfigurationcouldbeshownbythe“showspanning-tree interface” command.
Example
Thisexamplesetsportfa1STPedgeporttoenable.
Switch285500#
configure
Switch285500(config)#
interface fa1
665
Switch285500(config-if)#
spanning-treeedge
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treeinterfacesfa1
Port fa1 enabled
State:forwardingRole:
designated
Portid:128.1Portcost:
200000
Type:P2P(STP)PortFast:Yes
DesignatedbridgePriority:32768Address:
00:05:83:28:55:00
Designatedportid:128.1Designatedpath
cost:0
667
Spanning-Tree BPDU-Filter
Syntax
spanning-treebpdu-filter
nospanning-treebpdu-filter
Default
nospanning-treebpdu-filter
Mode
PortConfiguration
Usage
ThiscommandperportconfigurestheSTPBPDUFilterstatus.Theconfigurationcouldbeshownbythe“showspanning-tree interface” command.
Example
Thisexamplesetsportfa1STPBPDUFilterstatustobeenabled.
Switch285500#
configure
Switch285500(config)#
interface fa1
668
Switch285500(config-if)#
spanning-treebpdu-filter
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treeinterfacesfa1
Port fa1 enabled
State:forwardingRole:
designated
Portid:128.1Portcost:200000
Type:P2P(STP)PortFast:No
DesignatedbridgePriority:32768Address:00:05:83:28:55:00
Designatedportid:128.1Designatedpath
cost:0
BPDUFilter:EnabledBPDUguard:
Disabled
670
Spanning-Tree BPDU-Guard
Syntax
spanning-treebpdu-guard
nospanning-treebpdu-guard
Default
nospanning-treebpdu-guard
Mode
PortConfiguration
Usage
ThiscommandperportconfigurestheSTPBPDUGuardstatus.Theconfigurationcouldbeshownbythe“showspanning-tree interface” command.
Example
Thisexamplesetsportfa1STPBPDUGuardstatustoenabled.
Switch285500#
configure
Switch285500(config)#
interface fa1
671
Switch285500(config-if)#
spanning-treebpdu-guard
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treeinterfacesfa1
Port fa1 enabled
State:forwardingRole:
designated
Portid:128.1Portcost:200000
Type:P2P(STP)PortFast:No
DesignatedbridgePriority:32768Address:
00:05:83:28:55:00
Designatedportid:128.1Designatedpath
cost:0
BPDUFilter:DisabledBPDUguard:
673
Spanning-Tree Link-Type
Syntax
(point-to-point|shared)SpecifytheSTPportlink-typetoPoint-to-PointorSharedmedium.
Default
no spanning-tree link-type
Mode
PortConfiguration
Usage
ThiscommandperportconfigurestheSTPport link-type.Theconfigurationcouldbeshownby“showspanning-treeinterface” command.
Example
Thisexamplesetsportfa1STPportlink-typetobeShared.
Switch285500#
configure
Switch285500(config)#
interface fa1
674
Switch285500(config-if)#
spanning-treelink-typeshared
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treeinterfacesfa1
Port fa1 enabled
State:forwardingRole:
designated
Portid:128.1Portcost:200000
Type:Shared(STP)PortFast:No
DesignatedbridgePriority:32768Address:
00:05:83:28:55:00
Designatedportid:128.1Designatedpath
cost:0
BPDUFilter:DisabledBPDUguard:
676
Spanning-Tree MST Configuration
Syntax
spanning-treemstconfiguration
nameNAME
revision<0-65535>
instance<0-15>vlan[VLAN-LIST]
Parameter
NAME SpecifytheMSTPbridgenameofMSTConfigurationID.(Max.32chars)<0-65535> SpecifytheMSTPrevisionnumberofMSTConfigurationID.<0-15> SpecifytheMSTinstanceID.VLAN-LIST SpecifytheVLANlisttobemappedtothisspecifiedinstance.
Default
name(Switch’sMACaddress)
revision0
instance0vlanall
Mode
GlobalConfiguration
677
Usage
ThiscommandconfigurestheMSTPConfigurationID.Theconfigurationcouldbeshownbythe“showspanning-treemstconfiguration”command.
Example
ThisexamplesetsMSTPConfigurationID,nameto`Region1`,revisionto
`123`andVLAN100mappedtoinstance1.
Switch285500#
configure
Switch285500(config)#
spanning-treemstconfiguration
Switch285500(config-mst)#
name Region1
Switch285500(config-mst)#
revision 123
Switch285500(config-mst)#
instance1vlan100
Switch285500(config-mst)#
exit
678
Switch285500(config)#
exit
Switch285500#
showspanning-treemstconfiguration
Name[Region1]
Revision123Instancesconfigured2
InstanceVlansmapped
01-99,101-4094
1100
Switch285500#
679
Spanning-Tree MST Priority
Syntax
spanning-treemst<0-15>priority<0-61440>
Parameter
<0-15>SpecifytheMSTinstanceIDtoconfigure.
<0-61440>Specifythebridgepriority,itmustmultiplesof4096.
Default
spanning-treemst0priority32768
Mode
GlobalConfiguration
Usage
ThiscommandconfigurestheMSTinstancepriority.Theconfigurationcouldbeshownbythe“showspanning-treemst”command.
Example
ThisexamplesetsthepriorityofMSTinstance1to4096.
Switch285500#
configure
680
Switch285500(config)#
spanning-treemodemstp
Switch285500(config)#
spanning-treemst1priority4096
Switch285500(config)#
exit
Switch285500#
showspanning-treemst1
MST Instance Information
InstanceType:MSTI(1)
BridgeIdentifier:4096/1/00:05:83:28:55:00
RegionalRootBridge:4096/1/00:05:83:28:55:00
InternalRootPathCost:0
RemainingHops:20
Topologychanges:2
LastTopologyChange:100
VLANsmapped:100
InterfaceRoleStsCostPrio.NbrType
682
Spanning-Tree MST Cost
Syntax
spanning-treemst<0-15>cost<0-200000000>
Parameter
<0-15> SpecifytheMSTinstanceIDtoconfigure.
<0-200000000> SpecifytheSTPportcost.Inshortpathcostmethod,therangeisfrom0to65535.(0=Auto)
Default
spanning-treemst0cost0
Mode
PortConfiguration
Usage
ThiscommandconfigurestheMSTPportcostforthisMSTinstance.Theconfigurationcouldbeshownbythe“showspanning-treemstinterface”command.
Example
Thisexamplesetstheportfa1STPpathcostoftheMSTinstance1to100.
Switch285500#
configure
683
Switch285500(config)#
interface fa1
Switch285500(config-if)#
spanning-treemst1cost100
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treemst1interfacesfa1
MST Port Information
InstanceType:MSTI(1)
PortIdentifier:128/1
InternalPath-Cost:100/100
RegionalRootBridge:4097/00:05:83:28:55:00
InternalRootCost:0
DesignatedBridge:4097/00:05:83:28:55:00
InternalPortPathCost:100
685
Spanning-Tree MST Port-Priority
Syntax
spanning-treemst<0-15>priority<0-240>
Parameter
<0-15> SpecifytheMSTinstanceIDtoconfigure.<0-240> SpecifytheSTPportpriority.Itmustmultiplesof16.
Default
spanning-treemst0port-priority128
Mode
PortConfiguration
Usage
This command configures theMSTport priority. The configuration couldbe shownby the “showspanning-treemstinterface” command.
Example
Thisexamplesetsportfa1MSTportpriorityofMSTinstance1to32.
Switch285500#
configure
686
Switch285500(config)#
interface fa1
Switch285500(config-if)#
spanning-treemst1cost0
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
Switch285500#
Switch285500#
Switch285500#
configure
Switch285500(config)#
interface fa1
Switch285500(config-if)#
spanning-treemst1port-priority32
687
Switch285500(config-if)#
exit
Switch285500(config)#
exit
Switch285500#
showspanning-treemst1interfacesfa1
MST Port Information
InstanceType:MSTI(1)
PortIdentifier:32/1
InternalPath-Cost:0/200000
RegionalRootBridge:32769/00:05:83:28:55:00
InternalRootCost:0
DesignatedBridge:32769/00:05:83:28:55:00
InternalPortPathCost:200000
PortRole:Designated
PortState:Forwarding
Switch285500#
689
Boot System
Syntax
bootsystem(image0|image1)
Parameter
image0 Bootfromflashimagepartition0
image1 Bootfromflashimagepartition1
Default
Defaultbootimageisimage0.
Mode
GlobalConfiguration
Usage
Dualimageallowsausertohaveabackupimageintheflashpartition.Usethe“bootsystem”commandtoselecttheactivefirmwareimageandanotherfirmwareimagewillbecomeanewbackup.
Example
Thisexampleshowshowtoselectimage1astheactiveimage.
Switch(config)#
boot system image1
690
Select“image1”Success
Thisexampleshowshowtoshowactiveimagepartition.
Switch#
showflash
FileNameFileSizeModified
startup-config11912000-01-0100:00:23
rsa19742000-01-0100:00:18
rsa216752000-01-0100:00:18
dsa26682000-01-0100:00:18
ssl_cert9932000-01-0100:00:18
image0(backup)43724012012-09-2401:57:29
image1(active)55559702012-06-1212:17:46
691
Save
Syntax
Save
Parameter
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Usethe“save”commandtosavetherunningconfigurationtothestartupconfigurationfile.Thiscommandisequalto“copyrunning-configstartup-config”.
Example
Thisexampleshowshowtosaverunningconfigurationtothestartupconfiguration.
Switch#
save
Success
692
Thisexampleshowshowtoshowstartupconfiguration
Switch#
showstartup-config
!SystemDescription:
!SystemVersion:v2.5.0-beta.32811
!SystemName:
!SystemUpTime:0days,4hours,31mins,43secs
!
!
!
!
username“”privilegeusersecret“dnXencJRwflV6”
username“admin”secret“FzjrGO6vfbERY”
voice-vlanvpt0
voice-vlandscp0
693
Copy
Syntax
copy(flash://|tftp://)(flash://|tftp://)
copytftp://(backup-config|running-config|startup-config)
copy(backup-config|running-config|startup-config)tftp://
copy(backup-config|startup-config)running-config
copy(backup-config|running-config)startup-config
copy(running-config|startup-config)backup-config
694
Parameter
flash:// Specifythefilestoredinflashtooperation.Availablefilesare:
flash://startup-config
flash://backup-config
flash://rsa1
flash://rsa2
flash://dsa2
flash://image0
flash://image1
flash://ram.log
flash://flash.log
tftp:// Specifyremotetftpserverandremotefilename.The
formatis“tftp://192.168.1.111/remote_file_name”running-config Runningconfigurationfile
startup-config Startupconfigurationfilebackup-config Backupconfigurationfile
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
695
Usage
Therearemanytypesoffilesinsystem.Thesefilesareveryimportantfortheadministratortomanagetheswitch.Themostcommonfileoperationiscopy.Byusingthesecopycommands,youcanupgradeorbackupthefollowingtypeoffiles.
Firmware Image
Configuration Files
Syslog Files
Language Files
Security Certificate
Example
Thisexampleshowshowtocopyrunningconfigurationtostartupconfiguration.
Switch#
copyrunning-configstartupst-config
Thisexampleshowshowtobackuprunningconfigurationtoremotetftp
server192.168.111withfilenametest1.cfg.
Switch#
copyrunning-config
tftp://192.168.1.111/test1.cfg
Uploadingfile...PleaseWait...
696
UploadingDone
Thisexampleshowshowtoupgradestartupconfigurationfromremotetftp
server192.168.1.111withfilenametest2.cfg.
Switch#
copytftp://192.168.1.111/test2.cfgstartupconfig
Downloadingfile...PleaseWait...
Downloading Done
Upgradeconfigsuccess.Doyouwanttorebootnow?
(y/n)n
Thisexampleshowshowtobackupsecurityfiledsa2toremotetftpserver
192.168.1.111withfilenamedsa2.
Switch#
copyflash://dsa2tftp://192.168.1.111/dsa2
Uploadingfile...PleaseWait...
UploadingDone
697
Delete
Syntax
delete(startrup-config|backup-config|flash://)
deletesystem(image0|image1)
Parameter
flash:// Specifytheconfigurationfilestoredinflashtodelete.Availablefilesare:
flash://startup-config
flash://backup-config
startup-config Deletestartupconfigurationfilebackup-config Deletebackupconfigurationfile
image0 Deleteflashimage0.image1 Deleteflashimage1
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
698
Usage
Usethe“delete”commandtodeleteconfigurationfilesorusethe“deletesystem”commandtodeleteafirmwareimagestoredinflash.The“deletestartup-config”commandisusedtorestoretothefactorydefaultsettingsandisequaltothecommand“restore-defaults”.
Example
Thisexampleshowshowtodeletebackupconfigurationfile.
Switch#
deletebackup-config
Thisexampleshowshowtodeletebackupfirmwareimagefromflash.
Switch#
delete system image1
Thisexampleshowshowtoshowfilestatusinflash.
Switch#
showflash
FileNameFileSizeModified
startup-config11912000-01-0100:00:23
rsa19742000-01-0100:00:18
rsa216752000-01-0100:00:18
dsa26682000-01-0100:00:18
700
Restore-Defaults
Syntax
restore-defaults
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Usethe“restore-defaults”commandtorestorefactorydefaultsettingsofthesystem.Thecommandisequalto“deletestartup-config”,
Example
Thisexampleshowshowtorestorefactorydefaults.
Switch#
restore-defaults
RestoreDefaultSuccess.Doyouwanttorebootnow?(y/n)n
701
Show Config
Syntax
show(running-config|startrup-config|backup-config)
Parameter
running-configShowrunningconfigurationonterminal
startup-configShowstartupconfigurationonterminal
backup-configShowbackupconfigurationonterminal
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Theconfigurationfileistextbased.Therefore,theconfigurationontheterminalcanbeshownandreadbythiscommand.
Example
Thisexampleshowshowtoshowthestartupconfiguration.
Switch#
showstartup-config
702
!SystemDescription:
!SystemVersion:v2.5.0-beta.32811
!SystemName:switch
!SystemUpTime:0days,4hours,31mins,43secs
!
!
!
!
username“”privilegeusersecret“dnXencJRwflV6”
username“admin”secret“FzjrGO6vfbERY”
voice-vlanvpt0
voice-vlandscp0
Thisexampleshowshowtoshowrunningconfiguration
Switch#
showrunning-config
!SystemDescription:
!SystemVersion:v2.5.0-beta.32811
!SystemName:
703
!SystemUpTime:0days,5hours,23mins,42secs
!
!
!
!
username“”privilegeusersecret“dnXencJRwflV6”
username“admin”secret“FzjrGO6vfbERY”
voice-vlanvpt0
voice-vlandscp0
704
Show Flash
Syntax
showflash
Parameter
None
Default
Nodefaultvalueforthiscommand.
Mode
Privileged EXEC
Usage
Use“showflash”commandtoshowallfiles’statuswhichstoredinflash.
Example
Thisexampleshowshowtoshowallfilesstatusstoredinflash.
Switch#
showflash
FileNameFileSizeModified
startup-config11912000-01-0100:00:23
705
rsa19742000-01-0100:00:18
rsa216752000-01-0100:00:18
dsa26682000-01-0100:00:18
ssl_cert9932000-01-0100:00:18
image0(active)43724012012-09-2401:57:29
image1(backup)0
707
Clock Set
Syntax
clocksetHH:MM:SS(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)<1-31><2000-2037>
Parameter
HH:MM:SSSpecifystatictimeofyear、month、day、hour、minute、second
(jan|feb|mar|apr
|may|jun|jul|aug|
sep|oct|nov|dec)<1-31>
<2000-2037>
Default
Nodefaultisdefined.
Mode
GlobalConfiguration
Usage
Usetheclocksetcommandtosetthestatictime.Thestatictimewon’tsavetoconfigurationfile.
708
Example
Theexampleshowshowtosetstatictimeofswitch.Youcanverifysettingsbythefollowingshowshowclockcommand.
switch#
clockset11:03:00sep212012
11:03:00DFL(UTC+8)Sep212012
switch#
showclock
11:03:21DFL(UTC+8)Sep212012
Notimesource
709
Clock Timezone
Syntax
clocktimezoneACRONYMHOUR-OFFSET[minutes<0-59>]
noclocktimezone
Parameter
ACRONYM SpecifyacronymnameoftimezoneHOUR-OFFSET SpecifyhouroffsetoftimezoneMinutes <1-59> Specifyminuteoffsetoftimezone
Default
DefaulttimezoneisUTC+8.
Mode
GlobalConfiguration
Usage
Usetheclocktimezonecommandtosetthetimezonesettings.Usethenoformofthiscommandtoapplythedefaultsettings.
710
Example
Theexampleshowshowtosettimezoneofswitchandthenrestoretodefaulttimezone.Youcanverifysettingsbythefollowingshowshowclockcommand.
switch(config)#
clocktimezonetest+5
switch(config)#
showclockdetail
10:13:27test(UTC+5)Sep212012
Notimesource
Timezone:
Acronym is test
OffsetisUTC+5
switch(config)#
noclocktimezone
switch(config)#
showclockdetail
13:14:50DFL(UTC+8)Sep212012
Notimesource
Timezone:
712
Clock Source
Syntax
clocksource(local|sntp)
Parameter
local SpecifytousestatictimeSntp Specifytousesntptime
Default
Defaultisusinglocaltime.
Mode
GlobalConfiguration
Usage
Usetheclocksourcecommandtosetthesourceoftime.“local”meansthatyouusethestaticsettingbytheusermanualset.The“sntp”meansthatyouusetheremoteSNTPserver.Usethenoformofthiscommandtoresettodefaultsettings.
Example
Theexampleshowshowtosetclocksourceofswitch.Youcanverifysettingsbythefollowingshowshowclockcommand.
switch(config)#
clocksourcesntp
714
Clock Summer-Time
Syntax
clocksummer-timeACRONYMdate(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)<1-31>
<2000-2037>HH:MM(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)<1-31><2000-2037>HH:MM[<1-1440>]
clocksummer-timeACRONYMrecurring(usa|eu)[<1-1440>]
clocksummer-timeACRONYMrecurring(<1-5>|first|last)(sun|mon|tue|wed|thu|fri|sat)
(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)HH:MM(<1-5>|first|last)
(sun|mon|tue|wed|thu|fri|sat)(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)HH:MM[<1-1440>]
noclocksummer-time
715
Parameter
ACRONYM Specifyacronymnameoftimezone(jan|feb|mar|apr|may|jun |jul|aug|sep|oct|nov|dec) <1-31> <2000-2037> HH:MM (jan|feb|mar|apr| may|jun|jul|aug|sep|oct|nov|dec) <1-31> <2000- 2037> HH:MM
Specifynon-recurringdaylightsavingtimeduration.
<1-1440> Specifyadjustoffsetofdaylightsavingtime
usa Using daylight saving time in the United States that starts on the second SundayofMarchandendsonthefirstSundayofNovember.
eu UsingdaylightsavingtimeintheEuropethatstartsonthelastSundayinMarchandendingonthelastSundayinOctober.
(<1-5>|first|last) (sun|mon| tue|wed|thu|fri|sat) (jan |feb|mar|apr|may|jun| jul|aug|sep|oct|nov|dec) HH:MM (<1-5>|first|last) (sun|mon|tue|wed|thu|fri|sat) (jan|feb|mar|apr|may| jun|jul|aug|sep|oct|nov|dec) HH:MM
Specifyecurringdaylightsavingtimeduration
Default
Nodefaultdaylightsavingtimeisdefined.
716
Mode
GlobalConfiguration
Usage
Usetheclocksummer-timecommandtosetdaylightsavingtimeforthesystemtime.The“usa”or“eu”settingsmeansthattheglobaldaylightsavingpolicywhich isdefinedby internationalorganizations is inuse. Inboththe“date”and“recurring”settings,thefirstpartofthecommandspecifieswhensummertimebeginsandthesecondpartspecifieswhenitends.Alltimesarerelativetothelocaltimezone.The“recurring”settingmeansthattimeisadjustedeveryyearwithinthemonth.Usethenoformofthiscommandtoapplythedefaultsettings.
Example
Theexampleshowshowtosetclocksourcefortheswitch.Youcanverifysettingsbythefollowingshowclockcommand.
switch(config)#
clocksourcesntp
switch(config)#
showclockdetail
08:32:12test(UTC+5)Sep212012
Notimesource
717
Show Clock
Syntax
showclock[detail]
Parameter
detailShowmoredetailinformationofclock
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
Usetheshowclockcommandtoshowtheclockontheswitch.The“detail”meansthatshowmoreinformationofclocksuchastimezoneanddaylightsavingtime.
Example
Theexampleshowshowtoshowclockofswitchanddetailinformation.
Switch334455(config)#
clocksourcesntp
718
Switch334455(config)#
clocksummer-timeDLSrecurringusa
Switch334455(config)#
sntphost192.168.1.100
Switch334455(config)#
showclock
14:34:43DLS(UTC+9)Sep252012
Timesourceissntp
Switch334455(config)#
showclockdetail
14:35:39DLS(UTC+9)Sep252012
Timesourceissntp
Timezone:
AcronymisDFL
OffsetisUTC+8
Summertime:
Acronym is DLS
Recurringeveryyear.
720
SNTP
Syntax
sntphostHOSTNAME[port<1-65535>]
nosntp
Parameter
HOSTNAME SpecifyipaddressorhostnameofsntpserverSntp Specifyserverportofsntpserver
Default
NodefaultSNTPserverdefined.
Mode
GlobalConfiguration
Usage
UsethesntpcommandtosetaremoteSNTPserver.Thedefaultserverportis123.Usethenoformofthiscommandtosetthedefaultsettings.
721
Example
TheexampleshowshowtosettheremoteSNTPserverofswitch.Youcanverifysettingsbythefollowingshowsntpcommand.
switch(config)#
clocksourcesntp
switch(config)#
sntphost192.168.1.100
switch(config)#
showsntp
SNTPisEnabled
SNTPServeraddress:192.168.1.100
SNTPServerport:123
722
Show SNTP
Syntax
showsntp
Parameter
None
Default
Nodefaultisdefined
Mode
GlobalConfiguration
Usage
UsetheshowsntpcommandtoremoteSNTPserverinformation.
Example
TheexampleshowshowtoshowtheremoteSNTPserver.
Switch334455(config)#
showsntp
SNTPisEnabled
SNTPServeraddress:192.168.1.100
725
VLAN
Syntax
vlan
no vlan
Default
vlan 1
Mode
GlobalConfiguration
Usage
CreateorremoveaVLANentry.Usingthe`vlan`commandtoentertheVLANconfigurationmode.
Example
ThefollowingexamplecreatesandremovesaVLANentry(100).
SwitchEF0101#
configure
SwitchEF0101(config)#
vlan100
726
SwitchEF0101(config-vlan)#
exit
SwitchEF0101(config)#
novlan100
SwitchEF0101(config)#
exit
SwitchEF0101#
727
VLAN Name
Syntax
vlannameNAME
Parameter
NAMESpecifythenameoftheVLAN(Max.32chars).
Default
vlannameVLANxxxx
Mode
VLANConfiguration
Usage
ConfigurethenameofaVLANentry.
Example
ThisexamplesetstheVLANnameofVLAN100tobe`VLAN-onehundred`.
SwitchEF0101#
configure
SwitchEF0101(config)#
vlan100
728
SwitchEF0101(config-vlan)#
nameVLAN-one-hundred
SwitchEF0101(config-vlan)#
exit
SwitchEF0101(config)#
729
Switchport Mode
Syntax
switchportmode(access|hybrid|trunk[uplink]|tunnel)
Parameter
access SpecifytheVLANmodetoAccessport.
hybrid SpecifytheVLANmodetoHybridport.trunk SpecifytheVLANmodetoTrunkport.uplink SpecifytheUplinkpropertyonthisTrunkport.tunnel SpecifytheVLANmodetoDot1QTunnelport.
Default
Switchportmodetrunk
Mode
PortConfiguration
Usage
TheVLANmodeisusedtoconfiguretheportfordifferentportroles.
Access port
AcceptsonlyuntaggedframesandjoinanuntaggedVLAN.
730
Hybrid port
SupportsallfunctionsasdefinedinIEEE802.1Qspecifications.
Trunk port
AnuntaggedmemberofoneVLANatmost,itisataggedmemberofzeroormoreVLANs.Ifitisanuplinkport,itcanrecognizedoubletaggingonthisport.
Tunnel port
Port-basedQ-in-Qmode.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetsVLANmodetoAccessport.
SwitchEF0101(config)#
interface fa12
SwitchEF0101(config-if)#
switchportmodeaccess
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
731
SwitchEF0101#
showinterfacesswitchportfa12
Port:fa12
PortMode:Access
IngressFiltering:enabled
AcceptableFrameType:untagged-only
IngressUnTaggedVLAN(NATIVE):1
TrunkingVLANsEnabled:
Portismemberin:
VlanNameEgressrule
1defaultUntagged
ForbiddenVLANs:
VlanName
SwitchEF0101#
732
Switchport Hybrid PVID
Syntax
switchporthybridpvid<1-4094>
Parameter
<1-4094>Specifytheport-basedVLANIDontheHybridport.
Default
switchporthybridpvid1
Mode
PortConfiguration
Usage
Thiscommandconfiguresthehybridport’sPVID.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetsPVIDto100.
SwitchEF0101#
configure
733
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#
switchportmodehybrid
SwitchEF0101(config-if)#
switchporthybridpvid100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:General
IngressFiltering:enabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
735
Switchport Hybrid Ingress-Filtering Disable
Syntax
switchportbybridingress-filteringdisable
noswitchporthybridingress-filteringdisable
Default
noswitchporthybridingress-filteringdisable
Mode
PortConfiguration
Usage
Thiscommandperportconfigurestheingress-filteringstatus.Thisfilteringisusedtofiltertheframescomingfromthenon-memberingressport.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
Thisexamplesetsingress-filteringtodisable.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
736
SwitchEF0101(config-if)#
switchportmodehybrid
SwitchEF0101(config-if)#
switchporthybridingress-filteringdisable
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:General
IngressFiltering:disabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
Portismemberin:
VlanNameEgressrule
738
Switchport Hybrid Acceptable-Frame-Type
Syntax
switchporthybridacceptable-frame-type(all|tagged-only|untaggedonly)
Parameter
all Specifytoacceptallframes.tagged-only Specifytoonlyaccepttaggedframes.untagged-only Specifytoonlyacceptuntaggedframes.
Default
switchporthybridacceptable-frame-typeall
Mode
PortConfiguration
Usage
Thiscommandperportconfigurestheacceptable-frame-type.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
Thisexamplesetsacceptable-frame-typetotagged-only.
SwitchEF0101#
configure
739
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#
switchportmodehybrid
SwitchEF0101(config-if)#
switchporthybridacceptable-frame-typetaggedonly
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#showinterfacesswitchportfa10
Port:fa10
PortMode:General
IngressFiltering:disabled
AcceptableFrameType:tagged-only
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
Portismemberin:
741
Switchport Hybrid Allowed VLAN Add
Syntax
switchporthybridallowedvlanaddVLAN-LIST[(tagged|untagged)]
Parameter
VLAN-LIST SpecifiestheVLANlisttobeadded.( tagged | untagged ) Specifiesthemembertypetotaggedoruntagged.
Mode
PortConfiguration
Usage
ThiscommandperhybridportconfigurestheallowedVLANlist.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
Thisexamplesetsportfa10VLANtojointheVLAN100asataggedmember.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#switchporthybridallowedvlanadd100
742
SwitchEF0101(config-if)#
switchporthybridallowedvlanadd100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:General
IngressFiltering:disabled
AcceptableFrameType:tagged-only
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
Portismemberin:
VlanNameEgressrule
1defaultUntagged
100VLAN-one-hundredTagged
744
Switchport Hybrid Allowed VLAN Remove
Syntax
switchporthybridallowedvlanremoveVLAN-LIST
Parameter
VLAN-LISTSpecifiestheVLANlisttoberemoved.
Mode
PortConfiguration
Usage
ThiscommandperhybridportconfigurestoremovetheallowedVLANlist.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
Thisexamplesetsportfa10VLANtoleavetheVLAN100.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#switchporthybridallowedvlanremove100
745
SwitchEF0101(config-if)#
switchporthybridallowedvlanremove100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:General
IngressFiltering:disabled
AcceptableFrameType:tagged-only
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
Portismemberin:
VlanNameEgressrule
1defaultUntagged
ForbiddenVLANs:
747
Switchport Access VLAN
Syntax
switchportaccessvlan<1-4094>
Parameter
<1-4094>SpecifiestheaccessVLANID.
Mode
PortConfiguration
Usage
ThiscommandperAccessportconfiguresthenativeVLANID.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetstheAccessportfa10nativeVLANIDto100.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
748
SwitchEF0101(config-if)#
switchportmodeaccess
SwitchEF0101(config-if)#
switchportaccessvlan100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:Access
IngressFiltering:enabled
AcceptableFrameType:untagged-only
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
Portismemberin:
VlanNameEgressrule
750
Switchport Tunnel VLAN
Syntax
switchporttunnelvlan<1-4094>
Mode
PortConfiguration
Usage
ThecommandperTunnelportconfiguresthenativeVLAN.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetsTunnelportfa10nativeVLANto100.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#
switchportmodetunnel
751
SwitchEF0101(config-if)#
switchporttunnelvlan100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:Dot1qtunnel
IngressFiltering:enabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
Portismemberin:
VlanNameEgressrule
100VLAN-one-hundredUntagged
ForbiddenVLANs:
753
Switchport Trunk Native VLAN
Syntax
switchporttrunknativevlan<1-4094>
Mode
PortConfiguration
Usage
ThecommandperTrunkportconfiguresthenativeVLAN.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetsTrunkportfa10nativeVLANto100.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#
switchportmodetrunk
754
SwitchEF0101(config-if)#
switchporttrunknativevlan100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:Trunk
IngressFiltering:enabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):100
TrunkingVLANsEnabled:
Portismemberin:
VlanNameEgressrule
100VLAN-one-hundredUntagged
ForbiddenVLANs:
756
Switchport Trunk Allowed VLAN
Syntax
switchporttrunkallowedvlan(add|remove)(VLAN-LIST|all)
Parameter
( add | remove ) SpecifytheactiontoaddorremovetheallowedVLANlist.( VLAN-LIST | all ) SpecifytheVLANlistorallVLANstobeaddedorremoved.
Mode
PortConfiguration
Usage
ThecommandperTrunkportconfigurestheallowedVLANlist.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetsTrunkportfa10toaddtheallowedVLAN100.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
757
SwitchEF0101(config-if)#
switchporttrunkallowedvlanadd100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:Trunk
IngressFiltering:enabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):1
TrunkingVLANsEnabled:100
Portismemberin:
VlanNameEgressrule
1defaultUntagged
100VLAN-one-hundredTagged
759
Switchport Default-VLAN Tagged
Syntax
switchportdefault-vlantagged
noswitchportdefault-vlantagged
Mode
PortConfiguration
Usage
ThecommandperportconfiguresthemembershipofthedefaultVLANtobetagged.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetstheTrunkportfa10membershipwiththedefaultVLANtotagged.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#
witchportdefault-vlantagged
760
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:Trunk
IngressFiltering:enabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):4095
TrunkingVLANsEnabled:100
Portismemberin:
VlanNameEgressrule
1defaultTagged
100VLAN-one-hundredTagged
ForbiddenVLANs:
VlanName
762
Switchport Forbidden Default-VLAN
Syntax
switchportforbiddendefault-vlan
noswitchportforbiddendefault-vlan
Mode
PortConfiguration
Usage
ThecommandperportconfiguresthemembershipofthedefaultVLANtoforbidden.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetsthemembershipofthedefaultVLANwithportfa10toforbidden.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
SwitchEF0101(config-if)#
switchportforbiddendefault-vlan
763
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:Trunk
IngressFiltering:enabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):4095
TrunkingVLANsEnabled:100
Portismemberin:
VlanNameEgressrule
100VLAN-one-hundredTagged
ForbiddenVLANs:
VlanName
1default
765
Switchport Forbidden VLAN
Syntax
switchportforbiddenvlan(add|remove)VLAN-LIST
Parameter
(add | remove) Addorremoveforbiddenmembership.VLAN-LIST SpecifytheVLANlist.
Mode
PortConfiguration
Usage
ThecommandperportconfiguresthemembershipofthespecfiedVLANstotheforbiddensetting.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.
Example
ThisexamplesetsthemembershipoftheVLAN100withportfa10to
forbidden.
SwitchEF0101#
configure
SwitchEF0101(config)#
interfacefa10
766
SwitchEF0101(config-if)#
switchportforbiddenvlanadd100
SwitchEF0101(config-if)#
exit
SwitchEF0101(config)#
exit
SwitchEF0101#
showinterfacesswitchportfa10
Port:fa10
PortMode:Trunk
IngressFiltering:enabled
AcceptableFrameType:all
IngressUnTaggedVLAN(NATIVE):1
TrunkingVLANsEnabled:100
Portismemberin:
VlanNameEgressrule
1defaultUntagged
ForbiddenVLANs:
768
Management-VLAN
Syntax
management-vlanvlan<1-4094>
nomanagement-vlan
Parameter
<1-4094>SpecifytheVLANIDofmanagement-vlan.
Default
Indefault,managementVLAN1iscreated
Mode
GlobalConfiguration
Usage
(1) Set<1-4094>asmanagementVLANid;suggesttocreatetheVLANandmaketheporttobememberofitfirstly.
(2)Whenusenocommand,restoremanagementvlantobedefaultVLAN.
(3)Ifwanttoseemanagementvlancreated,use“showmanagement-vlan”
769
Example
(1)Thefollowingexamplespecifiesthatmanagementvlan2iscreated
Switch(config)#
management-vlanvlan2
(2) Thefollowingexamplespecifiesthatmanagement-vlanisrestoredtobethedefaultVLAN.
Switch(config)#
nomanagement-vlan
770
Show Management-VLAN
Syntax
show management-vlan
Parameter
None
Default
None
Mode
Global/EnableConfiguration
Usage
Displayinformationaboutthemanagementvlan.
Example
Thefollowingexamplespecifiestheshowmanagementvlan.
Switch(config)#
showmanagement-vlan
771
MAC VLAN MAC
Syntax
vlanmac-vlanmacA:B:C:D:E:Fvlan<1-4094>
novlanmac-vlanmacA:B:C:D:E:F
Parameter
A:B:C:D:E:Fspecifiesmacaddresstoconfigure
<1-4094>SpecifiestheMACVLANIDtoconfigure.
Default
nomacvlanentriesareconfigured
Mode
GlobalConfiguration
Usage
Usethevlanmac-vlanmacGlobalConfigurationmodecommandtoaddamacvlanentrywithaspefiedmacaddress.Usethenoformofthiscommandtoremovethemacvlanentries.Youcanverifyyoursettingsbyenteringtheshowvlanmacvlan Privileged EXEC command.
772
Example
Thefollowingexampleshowshowtoaddamacvlanentry
Switch(config)#
vlanmac-vlanmac0:0:0:0:0:1vlan100
Switch(config)#
showvlanmac-vlan
MACAddress|VID
00:00:00:00:00:01|100
MACVLANTotalEntry:1
MACVLANMaximumEntry:128
773
MAC VLAN Enable
Syntax
vlanmac-vlan
novlanmac-vlan
Parameter
None
Default
MACVLANdisabledonallinterfaces
Mode
Interfaceconfiguration
Usage
Usethevlanmac-vlanInterfaceConfigurationmodecommandtoenabletheMACVLANfunctiononspecifiedinterfaces.UsethenoformofthiscommandtodisabletheMACVLANfunction.Youcanverifyyoursettingsbyenteringtheshowvlanmac-vlaninterfacesIF_PORTSPrivilegedEXECcommand.
774
Example
ThefollowingexampleshowshowtotheenabletheMACVLANfunctiononspecifiedinterfaces.
Switch(config)#
interfacerangefa1,fa5
Switch(config-if-range)#
vlanmac-vlan
Switch#
showvlanmac-vlaninterfacesfa1-6
Port|status
fa1 | Enabled
fa2 | Disabled
fa3 | Disabled
fa4|Disabled
fa5|Enabled
fa6|Disabled
775
Show VLAN MAC-VLAN
Syntax
showvlanmac-vlan
Parameter
None
Default
None
Mode
Privileged EXEC
Usage
Usetheshowvlanmac-vlancommandinEXECmodetodisplayaspecificMACVLANentryorAllMACVLANentries.
Example
ThefollowingexampleshowshowtodisplayMACVLANentryconfigurations.
Switch(config)#
showvlanmac-vlan
MACAddress|VID
00:00:00:00:00:01|100
777
Show MAC-VLAN Interfaces
Syntax
showvlanmac-vlaninterfacesIF_PORTS
Parameter
IF_PORTSSpecifyinterfacemacvlanstatustodisplay
Default
None
Mode
Privileged EXEC
Usage
Usetheshowvlanmac-vlaninterfacecommandinEXECmodetodisplayaspecificedinteraceortheallinterfacesMACVLANstatus.
Example
ThefollowingexampleshowshowtodisplaytheMACVLANinterfacessettings.
Switch#
showvlanmac-vlaninterfacesfa1-6
Port|status
779
Protocol-VLAN Group
Syntax
vlanprotocol-vlangroup<1-8>frame-type
(ethernet_ii|llc_other|snap_1042)protocol-valueVALUE
novlanprotocol-vlangroup<1-8>
Parameter
<1-8> Specifyprotocolvlangrouptoconfigure(ethernet_ii|llc_other|snap_1042) SpecifyprotocolbasedframetypeVALUE Specifyprotocolvaluetoconfigure
Default
noprotocolvlangroupareconfigured.
Mode
GlobalConfiguration
Usage
Usethevlanprotocol-vlangroupGlobalConfigurationmodecommandtoaddaprotocolvlangroupwithspecifiedprototypeandvalue.Usethenoformofthiscommandtoremovetheprotocolvlangroupsettings.Youcanverifyyoursettingsbyenteringtheshowvlanproto-vlanPrivilegedEXECcommand.
780
Example
Thefollowingexampleshowhowtoconfigureprotocolvlangroup:
Switch(config)#
vlanprotocol-vlangroup1frame-typeethernet_ii
protocol-value0x806
Switch(config)#
vlanprotocol-vlangroup2frame-typellc_otherprotocolvalue0x800
Switch#
showvlanprotocol-vlan
GroupID|Status|Type|value
1|Enabled|Ethernet|0x0806
2|Enabled|LLCother|0x0800
3|Disabled|--|--
4|Disabled|--|--
5|Disabled|--|--
6|Disabled|--|--
7|Disabled|--|--
8|Disabled|--|--
781
Protocol VLAN Binding
Syntax
vlanprotocol-vlangroup<1-8>vlan<1-4094>
novlanprotocol-vlangroup<1-8>
Parameter
<1-8>Specifyprotocolvlangrouptobinding
<1-4094>SpecifiestheProtoVLANIDtoconfigure.
Default
Indefaultallgrouparenotbindingtoanyinterface.
Mode
Interfaceconfiguration
Usage
Usethevlanprotocol-vlanbindingInterfaceConfigurationmodecommandtobindaprotocolVLANGrouponspecifiedinterfaces.UsethenoformofthiscommandtocancelprotocolVLANGroupBinding.Youcanverifyyoursettingsbyenteringtheshowvlanprotocol-vlaninterfacesIF_PORTSPrivilegedEXECcommand.
782
Example
ThefollowingexampleshowshowtoconfigureProtocolVLANfunctiononspecifiedinterfaces..
Switch(config)#
interface fa1
Switch(config-if)#
vlanprotocol-vlangroup1vlan2
Switch(config-if)#
vlanprotocol-vlangroup2vlan3
Switch#
showvlanprotocol-vlaninterfacesfa1
Portfa1:
Group1
Status:Enabled
VLANID:2
Group2
Status:Enabled
VLANID:3
Group3
783
Group3
Status:Disabled
Group4
Status:Disabled
Group5
Status:Disabled
Group6
Status:Disabled
Group7
Status:Disabled
Group8
Status:Disabled
784
Show Protocol VLAN Group
Syntax
showvlanprotocol-vlan[group<1-8>]
Parameter
<1-8>Specifyprotocolvlangrouptodisplay
Default
None
Mode
Privileged EXEC
Usage
Usetheshowvlanproto-vlancommandinEXECmodetodisplaytheProtoVLANgroupconfiguration.
Example
ThefollowingexampleshowshowtodisplayaProtoVLANgroupconfiguration.
Switch#
showvlanprotocol-vlan
GroupID|Status|Type|value
1|Enabled|Ethernet|0x0806
785
2|Enabled|LLCother|0x0800
3|Disabled|--|--
4|Disabled|--|--
5|Disabled|--|--
6|Disabled|--|--
7|Disabled|--|--
8|Disabled|--|--
786
Show Protocol VLAN Interfaces
Syntax
showvlanprotocol-vlaninterfacesIF_PORTS
Parameter
IF_PORTSSpecifyinterfacesprotocolvlantodisplay
Default
None
Mode
Privileged EXEC
Usage
Usetheshowvlanmac-vlaninterfacecommandinEXECmodetodisplaytheProtocolVLANinterfacessettings.
Example
ThefollowingexampleshowshowtodisplaytheProtocolVLANinterfacessetting.
Switch#
showvlanprotocol-vlaninterfacesfa1
Portfa1:
Group1
787
Group1
Status:Enabled
VLANID:2
Group2
Status:Enabled
VLANID:3
Group3
Status:Disabled
Group4
Status:Disabled
Group5
Status:Disabled
Group6
Status:Disabled
Group7
Status:Disabled
Group8
Status:Disabled
789
Voice VLAN State
Syntax
voice-vlanmode(auto|oui)
novoice-vlan
Parameter
auto SpecifyAutovoicevlanisenabledOui Specifyvoicevlanenabledinouimode
Default
Autovoicevlanisenabled
Mode
GlobalConfiguration
Usage
UsethevoicevlanstateglobalconfigurationcommandtosetthetypeofvoiceVLANthatisfunctionalonthedeviceordisablevoiceVLANentirely.Usethenoformofthiscommandtodisablethevoicevlanfunction.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.Tochangevoicevlanmodefromautotoouiorouitoauto,youmustfirstdisablethevoicevlanfunction.
790
Example
Thefollowingexampleshowshowtochangethevoicevlanstatefromautotoouimodeandviceversa.
Switch(config)#
novoice-vlan
Switch(config)#
voice-vlanmodeoui
Switch#showvoice-vlan
AdministrateVoiceVLANstate:oui-enabled
VoiceVLANID:100
VoiceVLANVPT:5
VoiceVLANDSCP:46
VoiceVLANAging:1440minutes
VoiceVLANCoS:6
VoiceVLAN1pRemark:disabled
791
Voice VLAN ID
Syntax
voice-vlanvlan<1-4094>
Parameter
<1-4094>SpecifythevoiceVLANID
Default
ThedefaultVoiceVLANIDisDFLTVLANID.
Mode
GlobalConfiguration
Usage
UsethevoicevlanidglobalconfigurationcommandtoconfiguretheVLANidentifierofthevoiceVLAN.Statically,youcanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.
Example
ThefollowingexampleshowshowtosettheVoiceVLANID.Beforeproceeding,pleasemakesurethatVLANEXISTisenabled.
Switch(config)#
voice-vlanvlan128
792
Switch#
showvoice-vlan
AdministrateVoiceVLANstate:oui-enabled
VoiceVLANID:128
VoiceVLANVPT:5
VoiceVLANDSCP:46
VoiceVLANAging:1440minutes
VoiceVLANCoS:6
VoiceVLAN1pRemark:disabled
793
Voice VLAN VPT
Syntax
voice-vlan vpt <0-7>
Parameter
<0-7>SpecifythevptvaluetobeadvertisedbyLLDP
Default
Thedefaultvptvalueis5.
Mode
GlobalConfiguration
Usage
UsethevoicevlanvptglobalconfigurationcommandtoconfigurethevoiceVLANvptvalueYoucanverifyyoursettingsby entering the show voice vlan Privileged EXEC command.
Example
Thefollowingexampleshowhowtosetthevptvalue.
Switch(config)#
voice-vlanvpt3
794
Switch#
showvoice-vlan
AdministrateVoiceVLANstate:oui-enabled
VoiceVLANID:128
VoiceVLANVPT:3
VoiceVLANDSCP:46
VoiceVLANAging:1440minutes
VoiceVLANCoS:6
VoiceVLAN1pRemark:disabled
795
Voice VLAN DSCP
Syntax
voice-vlandscp<0-63>
Parameter
<0-63>specifyavalueofDSCPthatwillbeadvertisedbyLLDP
Default
Thedefaultdscpvalueis46.
Mode
GlobalConfiguration
Usage
Usethevoicevlandscpglobalconfigurationcommandtoconfigure thevoiceVLANdscpvalue.Youcanverifyyoursettings by entering the show voice vlan Privileged EXEC command.
Example
Thefollowingexampleshowhowtosetdscpvalue.
Switch(config)#
voice-vlandscp55
796
Switch#
showvoice-vlan
AdministrateVoiceVLANstate:oui-enabled
VoiceVLANID:128
VoiceVLANVPT:3
VoiceVLANDSCP:55
VoiceVLANAging:1440minutes
VoiceVLANCoS:6
VoiceVLAN1pRemark:disabled
797
Voice VLAN OUI Table
Syntax
voice-vlanoui-tableA:B:CDESCRIPTION
novoice-vlanoui-table[A:B:C]
Parameter
A:B:C SpecifyOUIMacaddresstoaddorremoveDESCRIPTION SpecifydescriptionofthespecifiedMACaddresstothevoiceVLANOUItable.
Default
Thedefaultsystemhas8ouiaddresses.
Mode
GlobalConfiguration
Usage
Usethevoicevlanoui-tableglobalconfigurationcommandtoaddanouimacaddresstotheOUITable.Usethenoformofthiscommandtoremoveallorcertainspecifiedouimacaddresses.YoucanverifyyoursettingsbyenteringtheshowvoicevlanmodeouiPrivilegedEXECcommand.
798
Example
ThisfollowingexampleshowshowtoaddOUIMac.
Switch(config)#
voice-vlanoui-tableadd00:01:02“Test”
Switch#
showvoice-vlanmodeoui
VoiceVLANAging:1440minutes
VoiceVLANCoS:7
VoiceVLAN1pRemark:enabled
OUI table
OUIMAC|Description
00:E0:BB|3COM
00:03:6B|Cisco
00:E0:75|Veritel
00:D0:1E|Pingtel
00:01:E3|Siemens
00:60:B9|NEC/Philips
00:0F:E2|H3C
799
Port | State | Cos Mode
fa1 | Disabled | Src
fa2 | Disabled | Src
fa3 | Disabled | Src
lag6|Disabled|Src
lag7|Disabled|Src
lag8 | Disabled | Src
800
Voice VLAN CoSSyntax
voice-vlancos<0-7>[remark]
novoice-vlan
Parameter
<0-7> SpecifythevoiceVLANClassofServicevalueintelephoneouimode.
remark SpecifythattheL2userpriorityisremarkedwiththe
CoSvalue.
Default
Thedefaultcosvalueis6,remarkisdisabled.
Mode
GlobalConfiguration
Usage
UsethevoicevlancosglobalconfigurationcommandtoconfigurethevoiceVLANcosvalueand1premarkfunction.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.
Example
Thefollowingexampleshowshowtosetcosvalueandenablethe1premarkfunction.
Switch(config)#
voice-vlancos7remark
801
Switch#
showvoice-vlan
AdministrateVoiceVLANstate:oui-enabled
VoiceVLANID:128
VoiceVLANVPT:3
VoiceVLANDSCP:55
VoiceVLANAging:1440minutes
VoiceVLANCoS:7
VoiceVLAN1pRemark:enable
802
Voice VLAN Aging-Time
Syntax
voice-vlanaing-time<30-1440>
Parameter
<30-1440>SpecifythevoiceVLANagingtimeoutintervalinminutes
Default
Thedefaultaging-timeoutvalueis1440minutes.
Mode
GlobalConfiguration
Usage
Usethevoicevlanaging-timeglobalconfigurationcommandtoconfigurethevoiceVLANagingtimeout.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.
Example
Thefollowingexampleshowshowtosettheagingtime.
Switch(config)#
voice-vlanaging-time720
803
Switch#
showvoice-vlan
AdministrateVoiceVLANstate:oui-enabled
VoiceVLANID:128
VoiceVLANVPT:3
VoiceVLANDSCP:55
VoiceVLANAging:720minutes
VoiceVLANCoS:7
VoiceVLAN1pRemark:enable
804
Voice VLAN CoS Mode
Syntax
voice-vlancos(src|all)
novoice-vlan
Parameter
src SpecifyQoSattributesareappliedtopacketswithOUIsinthesourceMACaddress.All SpecifyQoSattributesareappliedtopacketsthatareclassifiedtotheVoiceVLAN.
Default
ThedefaultallportinSrcmode.
Mode
Interfaceconfiguration
Usage
UsethevoicevlancosmodeInterfaceconfigurationcommandtoconfiguretheOUIvoiceVLANcosmode.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.
805
Example
ThefollowingexampleshowshowtoconfigurevoicepacketQoSattributesonaninterface.
Switch(config)#
interfacerangefa1-3
Switch(config-if)#
voice-vlancosall
Switch#
showvoice-vlanmodeouiinterfacesfa1-8
VoiceVLANAging:1440minutes
VoiceVLANCoS:7
VoiceVLAN1pRemark:enabled
OUI table
OUIMAC|Description
00:E0:BB|3COM
00:03:6B|Cisco
00:E0:75|Veritel
00:D0:1E|Pingtel
806
00:01:E3|Siemens
00:60:B9|NEC/Philips
00:0F:E2|H3C
00:09:6E|Avaya
Port | State | Cos Mode
fa1 | Disabled | All
fa2 | Disabled | All
fa3 | Disabled | All
fa4|Disabled|Src
fa5|Disabled|Src
fa6|Disabled|Src
fa7|Disabled|Src
fa8 | Disabled | Src
807
Voice VLAN Enable
Syntax
voice-vlanmode
novoice-vlan
Parameter
None
Default
Thedefaultallportadmin-stausisdisabled.
Mode
InterfaceConfiguration
Usage
UsethevoicevlanenableInterfaceconfigurationcommandtoenabletheOUIvoiceVLANsettingsonaninterface.Usethenoformofthiscommandtodisablevoicevlanonaninterface.YoucanverifyyoursettingsbyenteringtheshowvoicevlanmodeouiPrivilegedEXECcommand.
Example
ThefollowingexampleshowshowtoenablethevoiceVLANfunctioninouimodeonaninterface.
Switch(config)#
interfacerangefa1-3
808
Switch(config-if)#
voice-vlan
Switch#
showvoice-vlanmodeouiinterfacesfa1-8
VoiceVLANAging:1440minutes
VoiceVLANCoS:7
VoiceVLAN1pRemark:enabled
OUI table
OUIMAC|Description
00:E0:BB|3COM
00:03:6B|Cisco
00:E0:75|Veritel
00:D0:1E|Pingtel
00:01:E3|Siemens
00:60:B9|NEC/Philips
00:0F:E2|H3C
00:09:6E|Avaya
809
Port | State | Cos Mode
fa1 | Enabled | All
fa2 | Enabled | All
fa3 | Enabled | All
fa4|Disabled|Src
fa5|Disabled|Src
fa6|Disabled|Src
fa7|Disabled|Src
fa8 | Disabled | Src
810
Show Voice VLAN
Syntax
showvoice-vlan
showvoice-vlanmodeauto
showvoice-vlanmodeoui[interfacesIF_PORTS]
Parameter
IF_PORTSSpecifiesintefacestodisplayvoiceVLANsettingsinouimode
Default
None
Mode
Privileged EXEC
Usage
UsetheshowvoicevlancommandinEXECmodetodisplaythevoiceVLANstatusforall interfacesorforaspecificinterfaceifthevoiceVLANtypeisanOUI.
811
Example
Thefollowingexampleshowshowtodisplaythevoicevlanautomodeandouimodesettings.
Switch#
showvoice-vlanmodeauto
VoiceVLANID:128
VoiceVLANVPT:3
VoiceVLANDSCP:55
switch#
showvoice-vlanmodeouiinterfacefa1-5
VoiceVLANAging:1440minutes
VoiceVLANCoS:7
VoiceVLAN1pRemark:enabled
OUI table
OUIMAC|Description
00:E0:BB|3COM
00:03:6B|Cisco
00:E0:75 | Veritel