|
|
To specify that the configuration server ATM address is computed by the LightStream 1010 ATM switch automatic method, use the lane auto-config-atm-address interface configuration command. To remove the previously assigned ATM address, use the no form of this command.
lane [config] auto-config-atm-address
config | Used to specify the configuration server's ATM address. |
No specific ATM address is set.
Interface configuration
This command only applies to the ASP interface 2/0/0.
When the config keyword is not present, this command causes the LANE server and LANE client on the subinterface to use the automatically assigned ATM address for the configuration server.
When the config keyword is present, this command assigns the automatically generated ATM address to the configuration server (LECS) configured on the interface. Multiple commands that assign ATM addresses to the LANE configuration server can be issued on the same interface to assign different ATM addresses to the configuration server. These commands include lane auto-config-atm-address, lane config-atm-address, and lane fixed-config-atm-address.
The following example associates the LANE configuration server with the database named network1, and specifies that the configuration server's ATM address is assigned by our automatic method.
Switch(config)# interface atm 2/0/0 Switch(config-if)# lane database network1 Switch(config-if)# name eng server-atm-address 39.0000014155551211.0800.AA00.1001.02 Switch(config-if)# name mkt server-atm-address 39.0000014155551211.0800.AA00.4001.01 Switch(config-if)# lane config database network1 Switch(config-if)# lane config auto-config-atm-address
lane auto-config-atm-address
lane database
lane fixed-config-atm-address
To specify an ATM address---and override the automatic ATM address assignment---for the broadcast-and-unknown server on the specified subinterface, use the lane bus-atm-address interface configuration command. To remove the ATM address previously specified for the broadcast-and-unknown server on the specified subinterface and thus revert to the automatic address assignment, use the no form of this command.
lane bus-atm-address atm-address-template
atm-address-template | ATM address or a template in which wildcard characters are replaced by any nibble or group of nibbles of the prefix bytes, the ESI bytes, or the selector byte of the automatically assigned ATM address. |
Automatic ATM address assignment
Interface configuration
This command only applies to the CPU interface.
This command gives the client the ATM address of the broadcast-and-unknown server. The client will use this address rather than sending LE ARP requests for the broadcast address.
When applied to a selected interface but with a different ATM address than was used previously, this command replaces the broadcast-and-unknown server's ATM address.
ATM Addresses. A LANE ATM address has the same syntax as an NSAP (but it is not a network-level address):
Address Templates. LANE ATM address templates can use two types of wildcards: an asterisk (*) to match any single character and an ellipsis (...) to match any number of leading or trailing characters.
The values of the digits that are replaced by wildcards come from the automatic ATM assignment method.
In LANE, a prefix template explicitly matches the prefix but uses wildcards for the ESI and selector fields. An ESI template explicitly matches the ESI field but uses wildcards for the prefix and selector.
In the Cisco implementation of LANE, the prefix corresponds to the switch, the ESI corresponds to the ATM interface, and the Selector field corresponds to the specific subinterface of the interface.
The following example uses an ESI template to specify the part of the ATM address corresponding to the interface; the remaining values in the ATM address come from automatic assignment.
Switch(config-if)# lane bus-atm-address ...0800.200C.1001.**
The following example uses a prefix template to specify the part of the ATM address corresponding to the switch; the remaining values in the ATM address come from automatic assignment.
Switch(config)# interface atm 2/0/0 Switch(config-if)# lane bus-atm-address 45.000014155551212f.00.00...
To activate a LANE client on the specified subinterface, use the lane client interface configuration command. To remove a previously activated LANE client on the subinterface, use the no form of this command.
lane client {ethernet | tokenring} [elan-name]
ethernet | Identifies the type of emulated LAN attached to this subinterface as Ethernet. |
tokenring | Identifies the type of emulated LAN attached to this subinterface as Token Ring. |
elan-name | Name of the emulated LAN. This argument is optional because the client obtains its emulated LAN name from the configuration server. Maximum length is 32 characters. |
No LANE clients are enabled on the interface.
Interface configuration
This command only applies to the CPU interface.
If a lane client command has already been entered on the subinterface for a different emulated LAN, the client initiates termination procedures for that emulated LAN and joins the new emulated LAN.
If you do not provide an elan-name value, the client contacts the server to find which emulated LAN to join. If you do provide an emulated LAN name, the client consults the configuration server to ensure that no conflicting bindings exist.
The following example shows enabling a Token Ring LANE client on a subinterface.
Switch(config)# interface atm 2/0/0.1 Switch(config-subif)# lane client tokenring
To specify an ATM address---and override the automatic ATM address assignment---for the LANE client on the specified subinterface, use the lane client-atm-address interface configuration command. To remove the ATM address previously specified for the LANE client on the specified subinterface and revert to the automatic address assignment, use the no form of this command.
lane client-atm-address atm-address-template
atm-address-template | ATM address or a template in which wildcard characters are replaced by any nibble or group of nibbles of the prefix bytes, the ESI bytes, or the selector byte of the automatically assigned ATM address. |
Automatic ATM address assignment
Interface configuration
This command only applies to the CPU interface.
Use of this command on a selected subinterface but with a different ATM address than was used previously, replaces the LANE client's ATM address.
ATM Addresses. A LANE ATM address has the same syntax as an NSAP (but it is not a network-level address):
Address Templates. LANE ATM address templates can use two types of wildcards: an asterisk (*) to match any single character and an ellipsis (...) to match any number of leading or trailing characters. The wildcard characters come from the automatically assigned ATM address.
In LANE, a prefix template explicitly matches the ATM address prefix but uses wildcards for the ESI and selector fields. An ESI template explicitly matches the ESI field but uses wildcards for the prefix and selector.
In the LightStream 1010 ATM switch implementation of LANE, the prefix corresponds to the switch, the ESI corresponds to the ATM interface, and the Selector field corresponds to the specific subinterface of the interface.
For a discussion of the Cisco method for automatically assigning ATM addresses, refer to the "Configuring LAN Emulation" chapter in the Router Products Configuration Guide.
The following example uses an ESI template to specify the part of the ATM address corresponding to the interface; the remaining parts of the ATM address come from automatic assignment.
Switch(config)# interface atm 2/0/0 Switch(config-if)# lane client-atm-address ...0800.200C.1001.**
The following example uses a prefix template to specify the part of the ATM address corresponding to the switch; the remaining parts of the ATM address come from automatic assignment.
Switch(config)# interface atm 2/0/0 Switch(config-if)# lane client-atm-address 47.000014155551212f.00.00...
To specify a configuration server's ATM address explicitly, use the lane config-atm-address interface configuration command. To remove an assigned ATM address, use the no form of this command.
lane [config] config-atm-address atm-address-template
atm-address-template | ATM address or a template in which wildcard characters are replaced by any nibble or group of nibbles of the prefix bytes, the ESI bytes, or the selector byte of the automatically assigned ATM address. |
config | Used to specify the configuration server ATM address. |
No specific ATM address or method is set.
Interface configuration
This command only applies to the CPU interface.
If the config keyword is not present, this command causes the LANE server and LANE client on the subinterface to use the specified ATM address for the configuration server.
When the config keyword is present, this command adds an ATM address to the configuration server configured on the interface. A LANE configuration server can listen on multiple ATM addresses. Multiple commands that assign ATM addresses to the LANE configuration server can be issued on the same interface to assign different ATM addresses to the LANE configuration server.
ATM Addresses. A LANE ATM address has the same syntax as an NSAP (but it is not a network-level address) and consists of the following:
Address Templates. LANE ATM address templates can use two types of wildcards: an asterisk (*) to match any single character (nibble), and an ellipsis (...) to match any number of leading, middle, or trailing characters. The values of the characters replaced by wildcards come from the automatically assigned ATM address.
In LANE, a prefix template explicitly matches the ATM address prefix but uses wildcards for the ESI and selector fields.
An ESI template explicitly matches the ESI field but uses wildcards for the prefix and selector.
In the Cisco implementation of LANE, the prefix corresponds to the switch prefix, the ESI corresponds to a function of ATM interfaces MAC address, and the Selector field corresponds to the specific subinterface of the interface.
For a discussion of the Cisco method of automatically assigning ATM addresses, refer to the "Configuring LAN Emulation (LANE)" chapter in the Wide-Area Networking Configuration Guide.
lane auto-config-atm-address
lane config database
lane database
lane fixed-config-atm-address
To associate a named configuration table (database) with the configuration server on the selected ATM interface, use the lane config database interface configuration command. To remove the association between a named database and the configuration server on the specified interface, use the no form of this command.
lane config database database-name
database-name | Name of the LANE database. |
No configuration server is defined, and no database name is provided.
Interface configuration
This command only applies to the CPU interface.
This command is not available on a subinterface, because only one LANE configuration server can exist per interface.
The named database must exist before the lane config database command is entered. Refer to the lane database command for more information.
Multiple lane config database commands cannot be entered multiple times on the same interface. You must delete an existing association by using the no form of this command before you create a new association on the specified interface.
To activate a LANE configuration server you need to use the lane config database command and one of the following commands:
lane auto-config-atm-address
lane config-atm-address
lane database
lane fixed-config-atm-address
To create a named configuration database that can be associated with a configuration server, use the lane database global configuration command. To delete the database, use the no form of this command.
lane database database-name
database-name | Database name maximum length is 32 characters. |
This command has no default setting.
Global configuration
Using the lane database command puts you in database configuration mode, where you can use the client-atm-address name, default-name, name restricted, name unrestricted, name new-name, name server-atm-address, and mac-address commands to create entries in the specified database. When you are finished creating entries, enter ^Z or exit to return to global configuration mode.
client-atm-address name
default-name
lane config database
name server-atm-address
To specify that the fixed configuration server ATM address assigned by the ATM Forum is used, use the lane fixed-config-atm-address interface configuration command. To specify that the fixed ATM address is not used, use the no form of this command.
lane [config] fixed-config-atm-address
config | Specifies the configuration server ATM address. |
No specific ATM address or method is set.
Interface configuration
This command only applies to the CPU interface.
When the config keyword is not present, this command causes the LANE server and LANE client on the subinterface to use that ATM address, rather than the ATM address provided by the ILMI, to locate the configuration server.
When you use this command with the config keyword, and the LECS is a master, the master monitors on the fixed address. If you enter this command when a server is not a master, the server monitors on this address when it becomes a master. If you do not enter this command, the LECS does not monitor on the fixed address.
Multiple commands that assign ATM addresses to the LECS can be issued on the same interface in order to assign different ATM addresses to the LECS. Commands that assign ATM addresses to the LECS include lane auto-config-atm-address, lane config-atm-address, and lane fixed-config-atm-address. The lane config database command and at least one command that assigns an ATM address to the LECS are required to activate an LECS.
lane auto-config-atm-address
lane config-atm-address
To add a static entry to the LE ARP table of the LANE client configured on the specified subinterface, use the lane le-arp interface configuration command. To remove a static entry from the LE ARP table of the LANE client on the specified subinterface, use the no form of this command.
lane le-arp {mac-address | route-desc segment seg-num bridge bridge-num} atm-address
mac-address | MAC address to bind to the specified ATM address. |
atm-address | ATM address. |
seg-num | Segment number of the next-hop route descriptor. The segment number ranges from 1 to 4095. |
bridge-num | Bridge number of the next-hop route descriptor. The bridge number ranges from 1 to 15. |
No static address bindings are provided.
Interface configuration
This command only applies to the CPU interface.
This command only adds or removes a static entry binding a MAC address or next-hop route descriptor (for Token Ring) to an ATM address. It does not add or remove dynamic entries. Removing the static entry for a specified ATM address from an LE ARP table does not release the data direct VCC established to that ATM address. However, clearing a static entry clears any fast-cache entries that were created from the MAC address-to-ATM address binding.
Static LE ARP entries are not aged and are not removed automatically.
To remove dynamic entries from the LE ARP table of the LANE client on the specified subinterface, use the clear lane le-arp command.
The following example shows adding a static entry to the LE ARP table on the ASP interface ATM 2/0/0.
Switch(config)#interface atm 2/0/0Switch(config-if)#lane le-arp 0800.aa00.0101 47.000014155551212f.00.00.0800.200C.1001.01
The following example shows adding a static entry to the LE ARP table binding segment number 1, bridge number 1 to the ATM address.
Switch(config)#interface atm 2/0/0Switch(config-if)#lane le-arp route-desc segment 1 bridge 1 39.020304050607080910111213.00000CA05B41.01
To specify an ATM address---and override the automatic ATM address assignment---for the LANE server on the specified subinterface, use the lane server-atm-address interface configuration command. To remove the ATM address previously specified for the LANE server on the specified subinterface and revert to the automatic address assignment, use the no form of this command.
lane server-atm-address atm-address-template
atm-address-template | ATM address or a template in which wildcard characters are replaced by any nibble or group of nibbles of the prefix bytes, the ESI bytes, or the selector byte of the automatically assigned ATM address. |
The LANE client finds the LANE server by consulting the configuration server.
Interface configuration
This command only applies to the CPU interface.
This command also instructs the LANE client configured on this subinterface to reach the LANE server by using the specified ATM address instead of the ATM address provided by the configuration server.
When used on a selected subinterface, but with a different ATM address than was used previously, this command replaces the LANE server's ATM address.
ATM Addresses. A LANE ATM address has the same syntax as an NSAP (but it is not a network-level address):
Address Templates. LANE ATM address templates can use two types of wildcards: an asterisk (*) to match any single character and an ellipsis (...) to match any number of leading or trailing characters. The values of characters replaced by wildcards come from automatic ATM address assignment.
In LANE, a prefix template explicitly matches the prefix but uses wildcards for the ESI and selector fields. An ESI template explicitly matches the ESI field but uses wildcards for the prefix and selector.
In the LightStream 1010 ATM switch implementation of LANE, the prefix corresponds to the switch, the ESI corresponds to the ATM interface, and the Selector field corresponds to the specific subinterface of the interface.
For a discussion of the Cisco method for automatically assigning ATM addresses, refer to the "Configuring LAN Emulation" chapter of the Router Products Configuration Guide.
The following example uses an ESI template to specify the part of the ATM address corresponding to the interface; the remaining parts of the ATM address come from automatic assignment.
Switch(config)# interface atm 2/0/0 Switch(config-if)# lane server-atm-address ...0800.200C.1001.**
The following example uses a prefix template to specify the part of the ATM address corresponding to the switch; the remaining parts of the ATM address come from automatic assignment.
Switch(config)# interface atm 2/0/0 Switch(config-if)# lane server-atm-address 45.000014155551212f.00.00...
To enable a LANE server and a broadcast-and-unknown server on the specified subinterface, use the lane server-bus interface configuration command. To disable a LANE server and broadcast-and-unknown server on the specified subinterface, use the no form of this command.
lane server-bus {ethernet | tokenring} elan-name
ethernet | Identifies the type of emulated LAN attached to this subinterface as Ethernet. |
tokenring | Identifies the type of emulated LAN attached to this subinterface as Token Ring. |
elan-name | Name of the emulated LAN. Maximum length is 32 characters. |
No LAN type and emulated LAN name are provided.
Interface configuration
The LANE server and the broadcast-and-unknown server are located on the same switch.
If a lane server-bus command was entered on the subinterface for a different emulated LAN, the server initiates termination procedures with all clients and comes up as the server for the new emulated LAN.
Use of the no form of this command removes a previously configured LANE server and broadcast-and-unknown server on the subinterface.
The following example enables a LANE server and broadcast-and unknown server for a Token Ring ELAN.
Switch(config)# interface atm 2/0/0.1 Switch(config-subif)# lane server-bus tokenring
To set the line build out to various lengths, use the lbo interface configuration command.
For DS3 the syntax is:
lbo [short | long]For DS1 the syntax is:
lbo [0_110 | 110_220 | 220_330 | 330_440 | 440_550 | 550_660 | 600_gt]
short | Sets the line build out up to 255 feet (for DS3 only). |
long | Sets the line build out over 255 feet (for DS3 only). |
0_110 | Cable length is 0 to 100 feet (for DS1 only). |
110_220 | Cable length is 110 to 220 feet (for DS1 only). |
220_330 | Cable length is 220 to 330 feet (for DS1 only). |
330_440 | Cable length is 330 to 440 feet (for DS1 only). |
440_550 | Cable length is 440 to 550 feet (for DS1 only). |
550_660 | Cable length is 550 to 660 feet (for DS1 only). |
600_gt | Cable length is over 600 feet (for DS1 only). |
short for DS3 interfaces
0_110 for DS1 interfaces
Interface configuration
The lbo command applies on DS1 and DS3 interfaces.
To set the terminal screen length, use the length line configuration command. To restore the default screen length, use the no form of this command.
length screen-length
screen-length | Number of lines on the screen. A value of zero disables pausing between screens of output. |
24 lines
Line configuration
Not all commands recognize the configured screen length. For example, the show terminal command assumes a screen length of 24 lines or more. In this environment, if you specify 0, you receive everything. The switch software uses the value of this command to determine when to pause during multiple-screen output.
The following example illustrates how to disable the screen pause function on the console terminal.
Switch(config)# line console 0
Switch(config-line)# terminal-type VT220
Switch(config-line)# length 0
To configure a console port line, auxiliary port line, or virtual terminal lines, use the line global configuration command.
line [aux | console | vty] line-number [ending-line-number]
aux | Enables the auxiliary EIA/TIA-232 DTE port. Must be addressed as relative line 0. The auxiliary port can be used for modem support and asynchronous connections. |
console | Specifies the console terminal line. The console port is DCE. |
vty | Specifies a virtual terminal for remote console access. |
line-number | Specifies the relative number of the terminal line (or the first line in a contiguous group) you want to configure when the line type is specified. Numbering begins with zero (0). |
ending-line-number | Specifies the relative number of the last line in a contiguous group you want to configure. If you omit the keyword, line-number and ending-line-number are absolute rather than relative line numbers. |
Lines are not configured.
Global configuration
To include one of the optional type keywords (aux, console, or vty), the line number is treated as a relative line number. If you enter the line command without an optional type keyword, the line number is treated as an absolute line number. Absolute line numbers increment consecutively and can be difficult to manage on large systems.
You can set communication parameters, specify autobaud connections, or configure terminal operating parameters, for any of the terminal lines on the switch.
The relative line number of the auxiliary port must be 0. See the modem inout line configuration command to set up modem support on the auxiliary port. The absolute line number of the auxiliary port is 1.
Virtual terminal lines are used to allow remote access to the switch. A virtual terminal line is not associated with either the console or auxiliary port. You can address a single line or a consecutive range of lines with the line command. You receive an error message if you forget to include the necessary line number.
The following example starts configuration for virtual terminal lines 0 to 4.
Switch# line vty 0 4
The following example configures the auxiliary port with a line speed of 2400 baud and enables the EXEC.
Switch# line aux 0 Switch# exec Switch# speed 2400
To select the linecode type for the T1 or E1 line, use the linecode controller configuration command.
linecode {ami | b8zs | hdb3}
ami | Specifies alternate mark inversion (AMI) as the linecode type. Valid for T1 or E1 controllers. |
b8zs | Specifies B8ZS as the linecode type. Valid for T1 controller only. |
hdb3 | Specifies high-density bipolar 3 (HDB3) as the linecode type. Valid for E1 controller only. |
b8zs is the default for T1 lines.
hdb3 is the default for E1 lines.
Interface configuration
Use this command in configurations where the switch or access server must communicate with T1 fractional data lines.
The T1 service provider determines which linecode type, either ami or b8zs, is required for your T1 circuit.
The E1 service provider determines which linecode type, either ami or hdb3, is required for your E1 circuit.
The following example specifies AMI as the linecode type.
Switch(config)# linecode ami
To change the length of time for which data is used to compute load statistics, use the load-interval interface configuration command. To revert to the default setting, use the no form of this command.
load-interval seconds
seconds | Length of time for which data is used to compute load statistics; a value that is a multiple of 30, and between 30 and 600 (30, 60, 90, 120, and so forth). |
300 seconds (or 5 minutes)
Interface configuration
This command only applies to the interfaces on the ASP card: Ethernet 2/0/0 or ATM 2/0/0 (or 13/0/0 in the Catalyst 5500). To load computations to be more reactive to short bursts of traffic rather than to those averaged over 5-minute periods, shorten the length of time over which load averages are computed.
If the load interval is set to 30 seconds, new data is used for load calculations over a 30-second period. This data is used to compute load statistics, including input rate in bits and packets per second, output rate in bits and packets per second, load, and reliability.
Load data is gathered every 5 seconds on the switch. This data is used for a weighted average calculation in which more recent load data has more weight in the computation than older load data. If the load interval is set to 30 seconds, the average is computed for the last 30 seconds of load data.
The load-interval command enables you to change the default interval of 5 minutes to a shorter or longer period of time. If you change it to a shorter period of time, the input and output statistics that are displayed when you use the show interfaces command are more current and are based on instantaneous data, rather than reflecting an average load over a longer period of time.
This command is often used for dial backup purposes to increase or decrease the likelihood of a backup interface being implemented, but it can be used on any interface.
In the following example, the default 5-minute average is set to a 30-second average. A burst in traffic that does not trigger a dial backup for an interface configured with the default 5-minute interval might trigger a dial backup for this interface that is set for a shorter, 30-second interval.
Switch(config)# interface atm 2/0/0 Switch(config-if)# load-interval 30
To record the location of a serial device, use the location line configuration command. To remove the description, use the no form of this command.
location text
text | Location description. |
Locations of serial devices are not recorded.
Line configuration
The location command enters information about the device location and status. Use the show users all EXEC command to display the location information.
The following example identifies the location of the console.
Switch(config)# line console 0
Switch(config-line)# location Building 3, Basement
To prevent access to your session while keeping your connection open, use the lock EXEC command.
lockThis command has no keywords or arguments.
EXEC
The server product honors session timeouts on a locked line. You must clear the line to remove this feature. The system administrator must set the line up to allow use of the temporary locking feature. To regain access to your sessions, re-enter your password.
To log messages to a syslog server host, use the logging global configuration command. To delete the syslog server with the specified address from the list of syslogs, use the no form of this command.
logging host
host | Name or IP address of the host to be used as a syslog server. |
No messages are logged to a syslog server host.
Global configuration
This command identifies a syslog server host to receive logging messages. By issuing this command more than once, you build a list of syslog servers that receive logging messages.
The following example logs messages to a host named mccarty.
Switch# logging mccarty
logging trap
service timestamps
To log messages to an internal buffer, use the logging buffered global configuration command. To cancel use of the buffer and write messages to the console terminal (default), use the no form of this command.
logging buffered [buffer-size] [level]
buffer-size | Specifies the size in bytes to use for the buffer, in the range of 4096 to 2147483647. |
level | Limits the logging of messages to the internal buffer to the named level. See Table 11-1 for a list of the level keywords. |
The switch displays all messages to the console terminal.
Global configuration
This command copies logging messages to an internal buffer instead of writing them to the console terminal. The buffer is circular in nature, so newer messages overwrite older messages.
To display the messages that are logged in the buffer, use the EXEC command show logging. The first message displayed is the oldest message in the buffer.
| Level Name | Level | Description | Syslog Definition |
|---|---|---|---|
emergencies | 0 | System unusable | LOG_EMERG |
alerts | 1 | Immediate action needed | LOG_ALERT |
critical | 2 | Critical conditions | LOG_CRIT |
errors | 3 | Error conditions | LOG_ERR |
warnings | 4 | Warning conditions | LOG_WARNING |
notifications | 5 | Normal but significant condition | LOG_NOTICE |
informational | 6 | Informational messages only | LOG_INFO |
debugging | 7 | Debugging messages | LOG_DEBUG |
The following example illustrates how to enable logging to an internal buffer using the command defaults.
Switch# logging buffered
To limit messages logged to the console based on severity, use the logging console global configuration command. To disable logging to the console terminal, use the no form of this command.
logging console level
level | Limits the logging of messages displayed on the console terminal to the named level. See Table 11-1 for a list of the level keywords. |
debugging
Global configuration
Specifying a level causes messages at that level and numerically lower levels to be displayed at the console terminal.
The show logging EXEC command displays the addresses and levels associated with the current logging setup, as well as any other logging statistics.
The effect of the log keyword with the IP access-list (extended) command depends on the setting of the logging console command. The log keyword takes effect only if the logging console level is set to 6 or 7. If you change the default to a level lower than 6 and specify the log keyword with the IP access list (extended) command, no information is logged or displayed.
The following example changes the level of messages displayed to the console terminal to alerts, which means alerts and emergencies are displayed.
Switch# logging console alerts
access-list (extended)
logging facility
show logging
To configure the syslog facility in which error messages are sent, use the logging facility global configuration command. To revert to the default of local7, use the no form of this command.
logging facility facility-type
facility-type | Syslog facility. See Table 11-2 for the facility-type keywords. |
local0-7
Global configuration
Table 11-2 describes the acceptable options for the facility-type keyword.
| Keyword | Description |
|---|---|
auth | Authorization system |
cron | Cron facility |
daemon | System daemon |
kern | Kernel |
local0-7 | Reserved for locally defined messages |
lpr | Line printer system |
Mail system | |
news | USENET news |
sys9 | System use |
sys10 | System use |
sys11 | System use |
sys12 | System use |
sys13 | System use |
sys14 | System use |
syslog | System log |
user | User process |
uucp | UNIX-to-UNIX copy system |
The following example configures the syslog facility to kernel.
Switch# logging facility kernel
To limit messages logged to the terminal lines (monitors) based on severity, use the logging monitor global configuration command. To disable logging to terminal lines other than the console line, use the no form of this command.
logging monitor level
level | One of the level keywords listed in Table 11-1. |
Debugging
Global configuration
This command limits the logging messages displayed on terminal lines other than the console line to messages with a level at or above level.
The following example specifies that only messages of the levels errors, critical, alerts, and emergencies be displayed on terminals.
Switch# logging monitor errors
terminal monitor
To control logging of error messages, use the logging on global configuration command. This command enables or disables message logging to all destinations except the console terminal. To enable logging to the console terminal only, use the no form of this command.
logging onThis command has no arguments or keywords.
The switch logs messages to the console terminal.
Global configuration
The following example shows how to direct error messages to the console terminal only.
Switch# no logging on
To synchronize unsolicited messages and debug output with solicited switch output and prompts for a specific console port line, auxiliary port line, or virtual terminal line, use the logging synchronous line configuration command. To disable synchronization of unsolicited messages and debug output, use the no form of this command.
logging synchronous [level severity-level] [limit number-of-buffers]
severity-level | Specifies the message severity level. Messages with a severity level equal to or higher than this value are printed asynchronously. When specifying a severity level number, consider that for the logging system, low numbers indicate greater severity and high numbers indicate lesser severity. |
number-of-buffers | Specifies the number of buffers to be queued for the terminal after which new messages are dropped. |
This feature is turned off by default.
If you do not specify a severity level, the default value of 2 is assumed.
If you do not specify the maximum number of buffers to be queued, the default value of 20 is assumed.
Line configuration mode
When synchronous logging of unsolicited messages and debug output is turned on, unsolicited switch output is displayed on the console or printed after solicited switch output is displayed or printed. Unsolicited messages and debug output are displayed on the console after the prompt for user input is returned. This is to keep unsolicited messages and debug output from being interspersed with solicited switch output and prompts. After the unsolicited messages are displayed, the console displays the user prompt again.
When specifying a severity level number, consider that for the logging system, low numbers indicate greater severity, and high numbers indicate lesser severity.
When a terminal line's message-queue limit is reached, new messages are dropped from the line although these messages might be displayed on other lines. If messages are dropped, the message "%SYS-3-MSGLOST number-of-messages due to overflow" follows any messages that are displayed. This notice is displayed only on the terminal that lost the messages. It is not sent to any other lines, logging servers, or the logging buffer.
 | Caution By configuring abnormally large message-queue limits and setting the terminal to "terminal monitor" on a terminal that is accessible to intruders, you expose yourself to "denial of service" attacks. An intruder could carry out the attack by putting the terminal in synchronous output mode, making a Telnet connection to a remote host, and leaving the connection idle. This could cause large numbers of messages to be generated and queued, and these messages would consume all available RAM. Although unlikely to occur, you should guard against this type of attack through proper configuration. |
The following example identifies line 4 and enables synchronous logging for line 4 with a severity level of 6. Then the example identifies another line, line 2, enables synchronous logging for line 2 with a severity level of 7, and specifies a maximum number of buffers as 70000.
Switch(config# line 4
Switch(config-line)# logging synchronous level 6 Switch(config)# line 2 Switch(config-line)# logging synchronous level 7 limit 70000
To limit messages logged to the syslog servers based on severity, use the logging trap global configuration command. The command limits the logging of error messages sent to syslog servers to only those messages at the specified level. To disable logging to syslog servers, use the no form of this command.
logging trap level
level | One of the level keywords listed in Table 11-1. |
Informational
Global configuration
The EXEC command show logging displays the addresses and levels associated with the current logging setup. The command output also includes ancillary statistics.
Table 11-1 lists the syslog definitions that correspond to the debugging message levels. Additionally, there are four categories of messages generated by the software, as follows:
Use the logging and logging trap commands to send messages to a UNIX syslog server.
The following example logs messages to a host named james.
Switch# logging james
Switch# logging trap notifications
To enable password checking at login, use the login line configuration command. To disable password checking and allow connections without a password, use the no form of this command.
login [local | tacacs]
local | Selects local password checking. Authentication is based on the username specified with the username global configuration command. |
tacacs | Selects the TACACS-style user ID and password-checking mechanism. |
By default, virtual terminals require a password. If you do not set a password for a virtual terminal, it responds to attempted connections by displaying an error message and closing the connection.
Line configuration
If you specify login without the local or tacacs option, authentication is based on the password specified with the password line configuration command.
The following example sets the password letmein on virtual terminal line 4.
Switch(config)# line vty 4
Switch(config-line)# password letmein
Switch(config-line)# login
The following example illustrates how to enable the TACACS-style user ID and password-checking mechanism.
Switch# line 0
Switch# password mypassword
Switch# login tacacs
enable password
password
username
To enable AAA/TACACS+ authentication for logins, use the login authentication line configuration command. To return to the default, use the no form of this command.
login authentication {default | list-name}
default | Uses the default list created with the aaa authentication login command. |
list-name | Uses the indicated list created with the aaa authentication login command. |
| Caution If you use a list-name value that has not been configured with the aaa authentication login command, the logins on this line are disabled. |
Login authentication uses the default set with aaa authentication login command. If no default is set, the local user database is checked. No authentication is performed on the console.
Line configuration
This command is a per-line command used with AAA and specifies the name of a list of TACACS+ authentication processes to try at login. If no list is specified, the default list is used (whether or not it is specified in the command line). You create defaults and lists by using the aaa authentication login command. Note that entering the no form of login authentication has the same effect as entering the command with the default argument.
Before issuing this command, create a list of authentication processes by using the global configuration aaa authentication login command.
The following example specifies that the default AAA authentication is to be used on line 4.
Switch(config)# line 4 Switch(config-line)# login authentication default
The following example specifies that the AAA authentication list called MIS-access is to be used on line 7.
Switch(config)# line 7 Switch(config-line)# login authentication MIS-access
To exit from the EXEC mode, use the logout EXEC command.
logoutThis command has no keywords or arguments.
EXEC
To enable a loopback on the physical device associated with a port, use the loopback interface configuration command. To remove the loop, use the no form of this command.
loopback looptype
looptype | Specifies the loopback type as one of the following: · diagnostic---Transmit data is looped to receive data at the PHY layer. · diagnostic-path---Transmit payload is sent to receive path overhead processor. · line---Receive signal is looped to transmit at the PHY device. · cell---Cells received by PHY are sent out through transmit cell in the first-in-first-out order. · payload---Received payload stream is looped through transmit stream. · pif---Transmit is looped to receive before the cells enter the PHY device. |
No loopback
Interface configuration
The cell and payload loopbacks are only available on DS1/E1 and DS3/E3 interfaces. The diagnostic-path loopback is only available for the OC-12 interface to loop the payload.
To show interfaces currently in loopback operation, use the show interface EXEC command. To isolate problems in the field, use the diagnostic or line options.
The following example configures diagnostic loopback on the atm 3/1/0 line.
Switch(config)# interface atm 3/1/0 Switch(config-if)# loopback diagnostic
show controllers
show interface
Posted: Tue Jun 22 13:38:51 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.