|
|
This chapter is a command-by-command description of the firmware version 9.00 CLI commands for the Catalyst 1900 series and Catalyst 2820 series switches.
Use the address-violation global configuration command to specify the action for a port address violation. Use the no address-violation command to set the switch to its default value (suspend).
address-violation {suspend | disable | ignore}
no address-violation
suspend | Suspend port on address violation. A suspended port is temporarily disabled until a certain number of frames with the proper address is received. |
disable | Disable port on address violation. |
ignore | Ignore address violation. |
The port is suspended on address violation.
Global configuration
An address violation occurs when a secured port receives a source address that has been assigned to another secured port or when a port tries to learn an address that exceeds the address-table size limit.
This command causes the switch to disable the port on address violation.
hostname(config)# address-violation disable
Use the autobaud line-configuration command to enable remote baud-rate matching. Use the no autobaud command to disable remote baud-rate matching.
autobaud
no autobaud
This command has no arguments or keywords.
Remote baud-rate matching is enabled.
Line configuration
This example shows how to enable remote baud-rate matching.
hostname(config-line)# autobaud
databits
line console
modem (dialin)
parity
show (line)
show (terminal)
speed
stopbits
terminal
Use the back-pressure global configuration command to enable back pressure. Use the no back-pressure command to disable back pressure.
back-pressure
no back-pressure
This command has no arguments or keywords.
Back pressure is disabled.
Global configuration
When the back-pressure command is enabled, the switch forces a collision when there is no buffer to receive frames. This collision causes the transmitter to retransmit dropped frames immediately, increasing performance. The command is valid only for a 10BaseT port operating in half-duplex mode.
This example shows how to enable back pressure.
hostname(config)# back-pressure
configure
duplex
show (interfaces)
show (port system)
Use the banner motd global configuration command to set the message-of-the-day (MOTD) banner. Use the no banner motd command to remove the banner.
banner [motd] d message d
no banner [motd]
motd | Optional command acronym for "message of the day." |
d | Delimiting character---a pound sign (#), for example. Do not use the delimiting character in the banner message. |
message | Message text up to 400 characters or 20 lines. |
No MOTD is set.
Global configuration
When configuring a multiline banner, the multiline help prompt displays after you enter the first line of the banner:
Enter TEXT message. End with the character c
where c is the delimiting character you choose.
When a MOTD banner is set, it displays at the login screen to the serial port console and all telnet connections (except the rcommand connections from a command switch). The maximum size of the banner is 400 characters or 20 lines, whichever is reached first.
This example sets the MOTD banner to Empowering the Internet Generation.
hostname(config)# banner motd # Empowering the Internet Generation #
This example shows how to set the MOTD banner message with line feeds.
hostname(config)# banner # Enter TEXT message. End with the character #. Line 1 is now up. Line 2 is still down. #
This example shows how to remove the MOTD banner.
hostname(config)# no banner motd
None
Use the bridge forwarding-time global configuration command to set the Spanning-Tree Protocol (STP) forward-delay time for a particular bridge group. Use the no bridge forwarding-time command to reset the forward-delay time to its default value.
bridge bridge-group forwarding-time time
no bridge bridge-group forwarding-time
bridge-group | Number from 1 to 4. |
time | Number from 4 to 30 seconds. |
The default is 15 seconds.
Global configuration
This command is available only when bridge groups are enabled.
The following example shows how to set the forward-delay time to 10 seconds for bridge-group 1.
hostname(config)# bridge 1 forwarding-time 10
bridge (hello-time)
bridge (max-age)
bridge (priority)
bridge-group (allow-overlap)
bridge-group (enable)
show (bridge-group)
show (spantree)
spantree
Use the bridge-group interface configuration command to modify the assignments of ports to bridge groups. Use the no bridge-group command to remove ports from a bridge group.
bridge-group bridge-group
no bridge-group bridge-group
bridge-group | Number from 1 to 4. |
All ports are assigned to bridge group 1.
Interface configuration
This command is available only when bridge groups are enabled.
If bridge groups can overlap, the bridge-group command adds a port to the bridge group specified by the bridge-group argument. If bridge groups cannot overlap, the port is moved from its current bridge group to the specified bridge group.
The following example shows how to assign the Ethernet port 0/1 to bridge group 2:
hostname(config)# interface eth 0/1 hostname(config-if)# bridge-group 2
bridge (forwarding-time)
bridge (hello-time)
bridge (max-age)
bridge (priority)
bridge-group (allow-overlap)
bridge-group (enable)
show (bridge-group)
show (spantree)
spantree
Use the bridge-group allow-overlap global configuration command to allow ports to belong to multiple bridge groups. Use the no bridge-group allow-overlap command to prevent ports from belonging to multiple bridge groups.
bridge-group allow-overlap
no bridge-group allow-overlap
This command has no additional arguments or keywords.
Ports are prevented from belonging to multiple bridge groups.
Global configuration
This command is available only when bridge groups are enabled.
You cannot disable overlapping bridge groups when ports belong to multiple bridge groups.
The following example shows how to permit ports to become members of multiple bridge groups.
hostname(config)# bridge-group allow-overlap
bridge (forwarding-time)
bridge (hello-time)
bridge (max-age)
bridge (priority)
bridge-group
bridge-group (enable)
show (bridge-group)
show (spantree)
spantree
Use the bridge-group enable global configuration command to enable port grouping using bridge groups. Use the no bridge-group enable command to use virtual LANs (VLANs) as the port grouping method.
bridge-group enable
no bridge-group enable
This command has no additional arguments or keywords.
Bridge groups are disabled.
Global configuration
When you use the bridge-group enable command or the no bridge-group enable command, the switch resets.
When bridge groups are disabled, the command bridge-group enable is the only available bridge-group command. The following switch-feature commands are not available when bridge groups are enabled:
|
The following example shows how to enable bridge groups:
hostname(config)# bridge-group enable
bridge (forwarding-time)
bridge (hello-time)
bridge (max-age)
bridge (priority)
bridge-group
bridge-group (allow-overlap)
show (bridge-group)
show (spantree)
spantree
Use the bridge hello-time global configuration command to configure the Spanning-Tree Protocol (STP) hello time for a bridge group. Use the no bridge hello-time command to use the default value.
bridge bridge-group hello-time time
no bridge bridge-group hello-time
bridge-group | Number from 1 to 4. |
time | Number from 1 to 10 seconds. |
The time argument default is 2 seconds.
Global configuration
This command is available only when bridge groups are enabled.
The following example shows how to configure a 3-second STP hello time for bridge group 2.
hostname(config)# bridge 2 hello-time 3
bridge (forwarding-time)
bridge (max-age)
bridge (priority)
bridge-group
bridge-group (allow-overlap)
bridge-group (enable)
show (bridge-group)
show (spantree)
spantree
Use the bridge max-age global configuration command to configure the maximum age time in Spanning-Tree Protocol (STP) for a bridge group. Use the no bridge max-age command to set the argument to its default value.
bridge bridge-group max-age time
no bridge bridge-group max-age
bridge-group | Number from 1 to 4. |
time | Number from 6 to 40 seconds. |
The time argument default is 20 seconds.
Global configuration
This command is available only when bridge groups are enabled.
The following example shows how to set the maximum age time for STP to 22 seconds for bridge group 1.
hostname(config)# bridge 1 max-age 22
bridge (forwarding-time)
bridge (hello-time)
bridge (priority)
bridge-group
bridge-group (allow-overlap)
bridge-group (enable)
show (bridge-group)
show (spantree)
spantree
Use the bridge priority global configuration command to configure the Spanning-Tree Protocol (STP) bridge priority for a bridge group. Use the no bridge priority command to reset the bridge priority to its default value.
bridge bridge-group priority priority
no bridge bridge-group priority priority
bridge-group | Number from 1 to 4. |
priority | Number from 1 to 65535. |
The priority default is 32768.
Global configuration
This command is available only when bridge groups are enabled.
The following example shows how to configure STP bridge priority to 33000 for bridge group 1.
hostname(config)# bridge 1 priority 33000
bridge (forwarding-time)
bridge (hello-time)
bridge (max-age)
bridge-group
bridge-group (allow-overlap)
bridge-group (enable)
show (spantree)
spantree
Use the cdp advertise-v2 global configuration command to enable Cisco Discovery Protocol version 2 (CDPv2) on all switch interfaces. Use the no cdp advertise-v2 command to disable CDPv2 on the switch.
cdp advertise-v2
no cdp advertise-v2
This command has no additional arguments or keywords.
CDPv2 is enabled.
Global configuration
The following example shows how to enable CDPv2 on all switch interfaces.
hostname(config)# cdp advertise-v2
cdp (enable)
cdp (holdtime)
cdp (timer)
show cdp (interface)
show cdp (neighbors)
Use the cdp enable interface configuration command to enable Cisco Discovery Protocol (CDP) on a port interface. Use the no cdp enable command to disable CDP on an interface.
cdp enable
no cdp enable
This command has no additional arguments or keywords.
CDP is enabled on all interfaces.
Interface configuration
The cdp enable command is not available on repeater ports.
The following example shows how to disable CDP on Fast Ethernet port interface 0/27.
hostname(config)# interface fastethernet 0/27
hostname(config-if)# no cdp enable
cdp (advertise-v2)
cdp (holdtime)
cdp (timer)
show cdp (interface)
show cdp (neighbors)
Use the cdp holdtime global configuration command to set the Cisco Discovery Protocol (CDP) hold time. Use the no cdp holdtime command to use the default value.
cdp holdtime holdtime
no cdp holdtime
holdtime | Number of seconds receiver keeps packet (5 to 255). |
180 seconds
Global configuration
This example shows how to set the CDP holdtime to 15 seconds.
hostname(config)# cdp holdtime 15
cdp (advertise-v2)
cdp (enable)
cdp (timer)
show cdp (interface)
show cdp (neighbors)
Use the cdp timer global configuration command to specify the rate at which Cisco Discovery Protocol (CDP) packets are sent. Use the no cdp timer command to reset the CDP rate to the default value.
cdp timer timer
no cdp timer
timer | Number between 5 and 900 seconds. |
60 seconds
Global configuration
This example shows how to set the CDP packet rate to once in 5 seconds.
hostname(config)# cdp timer 5
cdp (advertise-v2)
cdp (enable)
cdp (holdtime)
show cdp (interface)
show cdp (neighbors)
Use the cgmp global configuration command to enable Cisco Group Management Protocol (CGMP) functionality on a switch. Use the no cgmp command to disable CGMP.
cgmp
no cgmp
This command has no arguments or keywords.
CGMP is enabled.
Global configuration
This example shows how to enable CGMP on a switch.
hostname(config)# cgmp
cgmp (hold-time)
cgmp (leave-processing)
cgmp (remove)
clear (cgmp)
show (cgmp)
Use the cgmp hold-time global configuration command to set the Cisco Group Management Protocol (CGMP) hold time. Use the no cgmp hold-time command to reset the default hold time.
cgmp hold-time hold_time
no cgmp hold-time
holdtime | Number between 5 and 900 seconds. |
Default hold time is 600 seconds.
Global configuration
This example shows how to set the CGMP hold time to 40 seconds.
hostname(config)# cgmp hold-time 40
This example shows how to reset the CGMP hold time to its default value.
hostname(config)# no cgmp hold-time
cgmp
cgmp (leave-processing)
cgmp (remove)
clear (cgmp)
show (cgmp)
Use the cgmp (leave-processing) global configuration command to enable Cisco Group Management Protocol (CGMP) Fast Leave processing. The no form of the command disables CGMP Fast Leave processing.
cgmp leave-processing
no cgmp leave-processing
This command has no arguments or keywords.
The default configuration is disabled.
Global configuration
Fast Leave processing optimizes the use of network bandwidth by reducing the delay between members of a multicast group leaving the group and the actual pruning of multicast traffic to that segment.
This command is available only if CGMP is enabled. Otherwise, the command is not recognized.
This command enables CGMP Fast Leave processing.
hostname(config)# cgmp leave-processing
cgmp
cgmp (hold-time)
cgmp (remove)
clear (cgmp)
show (cgmp)
Use the cgmp remove global configuration command to remove an address that has been added to the system by Cisco Group Management Protocol (CGMP) activity.
cgmp remove mac-address
mac-address | MAC address. |
None
Global configuration
This example shows how to remove the address 0100.5e00.0203 from the system.
hostname(config)# cgmp remove 0100.5e00.0203
cgmp
cgmp (hold-time)
cgmp (leave-processing)
clear (cgmp)
show (cgmp)
Use the cgmp reserved global configuration command to permit Cisco Group Management Protocol (CGMP) reserved addresses (from 0100.5E00.0000 to 0100.5E00.00FF) to join as Group Destination Addresses. The no form of the command excludes these reserved addresses.
cgmp reserved
no cgmp reserved
This command has no arguments or keywords.
Permitted
Global configuration
This command shows how to exclude reserved addresses from the Group Destination Address for compatibility with Catalyst 5000 series switches.
hostname# no cgmp reserved
cgmp
cgmp (hold-time)
cgmp (remove)
cgmp (leave-processing)
clear (cgmp)
show (cgmp)
Use the clear cgmp privileged Exec command to remove the specified multicast group or router.
clear cgmp [vlan vlan-id] [group [address] | router [address]]
vlan vlan-id | A VLAN ID number from 1 to 1005. |
group | One or more multicast groups. |
router | One or more routers. |
address | MAC address of specific multicast group or router. |
None
Privileged Exec
If the vlan option is specified with the group or router option, only multicast groups or routers in the specified VLAN are removed. If the vlan option is specified without group or router option, all multicast groups and routers are removed from the specified VLAN.
This command removes all multicast groups and routers from VLAN 1.
hostname# clear cgmp vlan 1
This command removes all multicast groups.
hostname# clear cgmp group
This command removes all multicast routers.
hostname# clear cgmp router
This command removes the multicast group with the MAC address 0100.5e00.0128.
hostname# clear cgmp group 0100.5e00.0128
This command removes the multicast router with the MAC address 00e0.1e68.7751.
hostname# clear cgmp router 00e0.1e68.7751
cgmp
cgmp (hold-time)
cgmp (leave-processing)
cgmp (remove)
show (cgmp)
Use the clear dns-cache privileged Exec command to remove all cached Domain Name System (DNS) entries from the switch.
clear dns-cache
This command has no arguments or keywords.
Privileged Exec
This example shows how to clear all DNS entries for the switch.
hostname# clear dns-cache
ip (domain-name)
ip (name-server)
Use the clear counters privileged Exec command to reset the interface counters for a switched port interface to zero.
clear counters [type module/port]
type | Interface type: ethernet, fastethernet, fddi, atm, or port-channel. |
module | Module interface number: 0 for fixed |
port | Port identification number or name: 1 to 25 Ethernet (fixed) |
Privileged Exec
If you do not specify type module/port, the switch clears the counters for all interfaces.
This example shows how to clear counters for the Ethernet port 1.
hostname# clear counters ethernet 0/1
Use the clear mac-address-table privileged Exec command to remove a specified address (or set of addresses) from the MAC address table.
clear mac-address-table [dynamic | restricted static | permanent] [address mac-address]
[interface type module/port]
dynamic | Clears only dynamic addresses. |
restricted static | Clears only restricted static addresses. |
permanent | Clears only permanent addresses. |
address | Clears only a specified address. |
mac-address | Target MAC address. |
interface | Clears all addresses for an interface. |
type | Interface type: ethernet, fastethernet, fddi, atm, or port channel. |
module | The module interface number. 0 for fixed |
port | Port interface number ranging from 1 to 28: 1 to 25 Ethernet (fixed) |
The dynamic addresses are cleared.
Privileged Exec
If clear mac-address-table is invoked with no options, all dynamic addresses are removed. If you specify an address but do not specify an interface, the address is deleted from all interfaces. If you specify an interface but do not specify an address, all addresses on the specified interface are removed.
If a targeted address is not present in the MAC forwarding table, the following error message appears:
MAC address not found
This example shows how to clear all dynamic addresses in the MAC forwarding table.
hostname# clear mac-address-table
This command clears the permanent address 0040.C80A.2F07 on Ethernet port 1.
hostname# clear mac-address-table permanent address 0040.C80A.2F07 interface ether 0/1
mac-address-table (aging-time)
mac-address-table (permanent)
mac-address-table (restricted static)
show (mac-address-table)
show (mac-address-table security)
Use the clear uplink-fast statistics privileged Exec command to reset all Uplink Fast counter statistics to zero.
clear uplink-fast statistics
This command has no additional arguments or keywords.
Privileged Exec
This command is not functional when bridge groups are enabled.
This example shows how to reset all Uplink Fast counters to zero:
hostname# clear uplink-fast statistics
uplink-fast
show (uplink-fast)
show (uplink-fast statistics)
Use the clear vtp statistics privileged Exec command to reset all VLAN Trunk Protocol (VTP) statistics counters to zero.
clear vtp statistics
This command has no additional arguments or keywords.
Privileged Exec
This command is not functional when bridge groups are enabled.
This example shows how to reset all VTP statistics counters to zero.
hostname# clear vtp statistics
delete (vtp)
show (vtp)
show (vtp statistics)
vtp
vtp trunk pruning-disable
The cluster global configuration command is used under certain conditions to add the switch back into a cluster. The no cluster command removes the switch from its cluster.
cluster commander-address <commander_address>
no cluster commander-address
commander_address | MAC address of commander switch. |
Global configuration
 | Caution
We strongly recommend that you use a command switch management interface to add or remove Catalyst 1900 series or Catalyst 2820 series switches from a cluster. The cluster commander-address command is primarily for debugging and recovery purposes. If you use the no cluster command to remove a Catalyst 1900 series or Catalyst 2820 series switch, you cannot add the switch back into the cluster until you use one of the command switch management interfaces to remove, and then add the switch. |
To learn more about member switches in a cluster, refer to the Catalyst 1900 Series Installation and Configuration Guide or the Catalyst 2820 Series Installation and Configuration Guide.
This example shows how to remove the switch from a cluster.
hostname(config)# no cluster commander-address
This example shows how to add the switch back into the cluster managed by command switch 00D0.5868.F580 after it has been removed and added again using one of the command switch management interfaces.
hostname(config)# cluster 00D0.5868.F580
Use the configure privileged Exec command to enter the global configuration mode. Use the optional terminal keyword to specify a specific terminal.
config [terminal]
terminal | Name of target terminal. |
Privileged Exec
This example shows how to enter global configuration mode.
hostname# configure
hostname(config)#
This example shows how to enter global configuration mode from terminal t.
hostname# configure t
disable
enable
end
exit
interface
line console
Use the copy (nvram tftp) privileged Exec command to upload the running nondefault configuration to a Trivial File Transfer Protocol (TFTP) server host and the destination file dst_file.
copy nvram tftp://host/dst_file
//host/dst_file | Target host and destination file where host is an IP address or a hostname. |
Privileged Exec
Error messages appear in the following situations:
If other download or upload operations (firmware, configuration, web pages) are in progress, the following error message appears:
Other downloads or uploads in progress. Please wait until existing download or upload is completed.
This example shows how to use TFTP to upload the switch NVRAM configuration to the host spaniel using destination file matilda.cfg.
hostname# copy nvram tftp://spaniel/matilda.cfg Configuration upload is successfully completed
If the upload fails, the following message displays:
Error: Configuration upload operation failed
copy (tftp)
service (config)
show (running-config)
show (version)
tftp (accept)
tftp (server)
Use the copy tftp privileged Exec command to download a configuration or operation code file from the Trivial File Transfer Protocol (TFTP) server.
copy tftp://host/src_file {opcode [type module] | nvram}
//host/src_file | Host and source file where host is an IP address or hostname. Source filename can be up to 80 characters. |
opcode | Download new operation code. |
type | Interface type. The valid values are fddi and atm. |
module | Interface number: 1 or A for module A, and 2 or B for module B. |
nvram | Download a configuration file into NVRAM. |
Privileged Exec
You must specify type and module if the download is for a module.
Downloaded configuration files are executed immediately. If the switch is connected to a console, any errors during execution will generate an error message. The switch attempts to execute all commands, irrespective of failures.
When downloading an operation code file, the entire system (including other CLI sessions) is inactive for about 30 seconds after the file is retrieved.
Error messages appear in the following situations:
If other download or upload operations (firmware, configuration, web pages) are in progress, the following message appears:
Other downloads or uploads in progress. Please wait until existing download or upload is completed.
This example shows how to download new system operational code op.bin from host spaniel.
hostname# copy tftp://spaniel/op.bin opcode
This example shows how to download new FDDI operational code fddi.bin from host spaniel to the FDDI module in slot A.
hostname# copy tftp://spaniel/fddi.bin opcode fddi A TFTP successfully downloaded operational code
This example shows how to download configuration file matilda.cfg to NVRAM from host spaniel.
hostname# copy tftp://spaniel/matilda.cfg nvram TFTP successfully downloaded configuration file
If the download fails, the following message displays:
Error: TFTP failed to download the configuration file
copy (nvram tftp)
service (config)
show (running-config)
show (version)
tftp (accept)
tftp (server)
Use the copy xmodem privileged Exec command to download an operation code or firmware file by using the XMODEM protocol.
copy xmodem: src_file opcode [type module]
src_file | Firmware filename. |
opcode | Download new operation code. |
type | Interface type. Valid values are fddi and atm. |
module | Interface number: 1 or A for module 1, 2 or B for module 2. |
If you specify type and module, the file copies the code or file to the specified module. When type and module are not specified, the file copies them to the switch firmware.
Privileged Exec
You cannot enter any new information or commands until the download is completed. After downloading operation code file, the entire system (including other CLI sessions) is inactive for about 30 seconds.
This example shows how to download the operational code file.
hostname# copy xmodem:op_code.bin opcode
This shows how to download new FDDI operational code fddi.bin to module slot A.
hostname# copy xmodem:fddi.bin opcode fddi A
copy (tftp)
copy (xmodem)
show (running-config)
show (version)
Use the databits line-configuration command to set the data bits per character for a port.
databits [7 | 8]
7 or 8 | Number of data bits per character. |
8 data bits per character.
Line configuration
This example shows how to set the number of data bits per character to 7.
hostname(config-line)# databits 7
autobaud
line console
modem (dialin)
parity
show (line)
show (terminal)
speed
stopbits
terminal
Use the delete nvram privileged Exec command to reset the system or module configuration to factory defaults.
delete nvram [type module]
type | Interface type. Valid values are fddi and atm. |
module | Module interface number: 1 or A for module A, and 2 or B for module B. |
The system or module is reset to factory defaults.
Privileged Exec
This example shows how to reset system configuration to factory defaults.
hostname(config)# delete nvram This command resets the switch with factory defaults. All parameters will revert to their default factory settings. All static system and dynamic addresses will be removed. Reset system with factory defaults, [y]es or [n]o?
Press Y or N to proceed.
This example shows how to reset the ATM module in slot A to factory defaults.
hostname(config)# delete nvram atm 1 This command resets the module and restores all settings to factory defaults.
The module is deinstalled until it successfully completes its self tests.
Reset module with factory defaults, [Y]es or [N]o?
Press Y or N to proceed.
Use the delete vtp privileged Exec command to set the system VLAN Trunk Protocol (VTP) configuration back to factory defaults.
delete vtp
This command has no additional arguments or keywords.
Privileged Exec
Resetting the system VTP configuration also resets the system. This command first prompts the user to confirm:
This command resets the switch VTP arguments to factory defaults. All other arguments will be unchanged. Reset system VTP arguments to factory defaults, [y]es or [n]o?
Press Y or N to proceed.
This example shows how to reset system VTP configuration to factory defaults.
hostname# delete vtp
clear (vtp statistics)
show (vtp)
show (vtp statistics)
vtp
vtp trunk pruning-disable
Use the description interface configuration command to describe or name an interface. Use the no description command to remove a description from an interface.
description name-string
no description
name-string | A text description between 1 and 80 alphanumeric characters. |
This command has no default value.
Interface configuration
To use the description command, you must first identify the interface you want while working in global configuration mode. Enter the interface command with an interface identifier to enter interface configuration mode, where you can then enter a description.
If you want to enter a description with spaces between characters, you must enclose the string in quotation marks (see "Paul's machine" example, below)
This example shows how to give the name Hal to Ethernet port 1.
hostname(config)# interface ether 0/1
hostname(config-if)# description Hal
This example shows how to give the name Paul's machine to ATM module 1.
hostname(config)# interface atm A
hostname(config-if)# description "Paul's machine"
This example shows how to give the description server1 to port 1 on ATM module 1.
hostname(config)# interface atm A
hostname(config-if)# description server1
interface
show cdp (interface)
show (interfaces)
Use the disable privileged Exec command to exit the privileged access level and enter user levels.
disable
This command has no arguments or keywords.
Privileged Exec
This example shows how to exit privileged Exec mode and change to user Exec mode.
hostname# disable
configure
enable
end
exit
interface
line console
Use the duplex interface configuration command to enable duplex mode for an interface.
duplex {auto | full | full-flow-control | half}
auto | Auto-negotiation of duplex mode. |
full | Full-duplex mode. |
full-flow-control | Force full-duplex mode with flow control. |
half | Half-duplex mode. |
For 100-Mbps TX ports: duplex auto.
For all other ports that support half- and full-duplex: duplex half.
Interface configuration
Use the auto argument only for fixed Fast Ethernet TX ports. In auto-negotiation mode, the switch attempts to negotiate full-duplex connectivity with the connecting device. If negotiation is successful, the port operates in full-duplex mode. If the connecting device is unable to operate in full-duplex, the port operates in half-duplex. This process is repeated whenever there is a change in link status.
This example shows how to set the port to full-duplex mode.
hostname(config-if)# duplex full
interface
show (interfaces)
back-pressure
Use the ecc global configuration command to enable Enhanced Congestion Control (ECC). This command allows frames to be discarded early when a port becomes congested, which limits the number of frames queued on a port. Use the no ecc command to disable congestion control.
ecc {10M | A | B} {adaptive | moderate-aggressive | aggressive}
no ecc [10M | A | B]
10M | Congestion control for 10-Mbps ports. |
A | Congestion control for port A. For single Fast Ethernet fixed and modular ports only. |
B | Congestion control for port B. For single Fast Ethernet fixed and modular ports only. |
adaptive | Adaptive congestion control. |
moderate-aggressive | Moderately aggressive congestion control. |
aggressive | Aggressive congestion control. |
Enhanced congestion control is disabled.
Global configuration
This example shows how to set enhanced congestion control for the 10-Mbps Ethernet ports to adaptive.
hostname(config)# ecc 10m adaptive
This example shows how to set enhanced congestion control for Fast Ethernet port A to aggressive.
hostname(config)# ecc A aggressive
Use the enable Exec command to enter privileged Exec mode.
enable [access-level]
access-level | 1 through 14 (user Exec level) or 15 (privileged Exec level). |
The access-level default for initial login is 1. The default access level after login is 15.
User and privileged Exec
If a password is configured, you are prompted for the password:
Password:
You are allowed three attempts to provide the correct password. The same prompt is repeated until you enter the correct password or you exceed the maximum number of attempts. If the password fails after the maximum attempts, the following error message appears:
Bad password.
This example shows you how to move from user Exec mode access to privileged Exec mode access.
hostname> enable
hostname#
configure
disable
end
exit
interface
line console
Use the enable password global configuration command to set unencrypted user Exec or privileged Exec passwords. Use the no enable password command to clear the password.
enable password level <1-15> <password>
no enable password level level
level <1-15> | Level for which the password applies: 1-14 user Exec privileges. |
password | A noncase-sensitive string of between 4 and 8 characters, spaces, and punctuation (except double quotes). Password strings with blank spaces must be enclosed in double quotes. |
No default password.
Global configuration
The level argument must be specified.
For more information about assigning passwords of various levels and encryption modes, see "Understanding Command Modes" in "Overview."
This example shows how to set an unencrypted privileged Exec password to WILLOW 6.
hostname(config)# enable password level 15 "WiLLoW 6"
Both of these examples show how to set an unencrypted user Exec password to MAY DAY.
hostname(config)# enable password level 1 "May Day" hostname(config)# enable password level 8 "may day"
enable (secret)
enable (use-tacacs)
Use the enable secret global configuration command to set encrypted user Exec or privileged Exec passwords. Use the no enable secret command to clear the password.
enable secret [level <1-15>] [0 | 5 ] <password>
no enable secret [level <1-15>]
level <1-15> | Level for which the password applies: 1-14 user Exec privileges. |
0 | Specifies an unencrypted password follows. |
5 | Specifies an encrypted password follows. |
password | A case-sensitive string of between 1 and 25 characters, spaces, and punctuation. |
Privilege level 15, unencrypted.
No default password.
Global configuration
The level argument must be used to specify any level 1 through 14 encrypted password. The level argument is optional when specifying a default level 15 encrypted password.
Although levels 2 to 14 are accepted, levels 1 to 14 map to user-level password (level 1). For more information about assigning passwords of various levels and encryption modes, see "Understanding Command Modes" in the "Overview" chapter.
If you enter a password that begins with a number followed by a space, an error message appears:
hostname(config)# enable secret level 1 9 lives Invalid encryption type: 9
The following examples show different ways to set an unencrypted privileged Exec password to Pass&WoRd-87.
hostname(config)# enable secret Pass&WoRd-87 hostname(config)# enable secret 0 Pass&WoRd-87 hostname(config)# enable secret level 15 Pass&WoRd-87 hostname(config)# enable secret level 15 0 Pass&WoRd-87
The following examples show two ways to set an encrypted privileged Exec password to grandkey.
hostname(config)# enable secret 5 $1$8KiD$mmxIOicclo6PgXTq97Rfb/ hostname(config)# enable secret level 15 5 $1$8KiD$mmxIOicclo6PgXTq97Rfb/
The following examples show two ways to set an unencrypted user Exec password to Forescore & 7 years ago.
hostname(config)# enable secret level 1 Forescore & 7 years ago hostname(config)# enable secret level 12 0 Forescore & 7 years ago
The following example shows how to set an encrypted user Exec password to grandkey.
hostname(config)# enable secret level 14 5 $1$8KiD$mmxIOicclo6PgXTq97Rfb/
enable (password)
enable (use-tacacs)
Use the enable use-tacacs global configuration command to use the Cisco Terminal Access Controller Access Control System Plus (TACACS+) for authentication of all switch passwords from a central authentication server. Use the no enable use-tacacs command to disable central authentication of switch passwords.
enable use-tacacs
no enable use-tacacs
This command has no additional arguments or keywords.
Disabled.
Global configuration
If you do not use TACACS+ to authenticate passwords, local authentication is enabled.
This example shows how to use TACACS+ for central authentication of switch passwords.
hostname(config)# enable use-tacacs
enable (password)
enable (secret)
login (tacacs)
show (tacacs)
tacacs-server (last-resort)
Use the end command from global configuration mode (config), interface configuration mode (config-if), and line configuration mode (config-line) to exit the current mode and enter privileged Exec mode.
end
This command has no arguments or keywords.
None
All configuration modes.
To exit the system and terminate the console or telnet session, use the exit command.
This example shows how to exit the global configuration mode and enter privileged Exec mode.
hostname(config)# end hostname#
configure
disable
enable
exit
interface
line console
Use the exit configuration command to exit the system or current configuration mode.
exit
This command has no arguments or keywords.
All configuration and Exec modes.
If the current mode is privileged or user Exec, this command exits the system and terminates the console or Telnet session. If the current mode is global configuration, this commands sets the mode to privileged Exec. If the current mode is other than global configuration, this command sets the mode to global configuration.
This example shows how to exit from global configuration mode and enter privileged Exec mode:
hostname(config)# exit hostname#
This example shows how to exit from interface configuration mode and enter global configuration mode:
hostname(config-if)# exit hostname(config)#
configure
disable
enable
end
interface
line console
Use the fddi authorization interface configuration command to enable authorization checking for the station management (SMT) entity. Use the no fddi authorization command to disable authorization checking.
fddi authorization
no fddi authorization
This command has no additional arguments or keywords.
FDDI authorization is disabled.
Interface configuration
When authorization string checking is enabled, the FDDI module uses the current authorization string to verify SMT requests from remote stations. This command is only valid within FDDI module interface-configuration mode.
This example shows how to enable authorization string checking.
hostname(config-if)# fddi authorization
This example shows how to disable authorization string checking.
hostname(config-if)# no fddi authorization
fddi (auth-string)
fddi (notify-timer)
fddi (novell-snap-translation)
fddi (unmatched-snap-translation)
interface
Use the fddi auth-string interface configuration command to assign a new authorization string value used in the verification of station management (SMT) requests. Use the no fddi auth-string command to clear the existing authorization string.
fddi auth-string string
no fddi auth-string
string | A string of 4 to 80 alphanumeric characters entered in multiples of 4 characters. |
No FDDI authorization string is set.
Interface configuration
This command is only valid within FDDI module interface-configuration mode.
This example shows how to assign the authorization string value check_it (8 characters).
hostname(config-if)# fddi auth-string check_it
fddi (authorization)
fddi (notify-timer)
fddi (novell-snap-translation)
fddi (unmatched-snap-translation)
interface
Use the fddi notify-timer interface configuration command to assign a new timer value for the Neighbor Notification Protocol. Use the no fddi notify-timer command to set the timer value to module defaults.
fddi notify-timer seconds
no fddi notify-timer
seconds | A number between 2 and 30 seconds. |
30 seconds.
Interface configuration.
This command is only valid within FDDI module interface-configuration mode.
This example shows how to set the notify timer to 15 seconds.
hostname(config-if)# fddi notify-timer 15
fddi (authorization)
fddi (auth-string)
fddi (novell-snap-translation)
fddi (unmatched-snap-translation)
interface
Use the fddi novell-snap-translation interface configuration command to define how to translate Novell Subnetwork Access Protocol (SNAP) FDDI frames from FDDI ring to Ethernet. Use the no no fddi novell-snap-translation command to set the translate value to module defaults.
fddi novell-snap-translation {automatic | ethernet-8023 | ethernet-snap | ethernet-II | drop}
no fddi novell-snap-translation
automatic | Automatic packet recognition and translation for IPX networks of FDDI modules. |
drop | Translate frames using Drop protocol. |
ethernet-8023 | Translate frames using Ethernet 802.3 protocol. |
ethernet-II | Translate frames using Ethernet II protocol. |
ethernet-snap | Translate frames using Ethernet SNAP. |
Automatic packet recognition is enabled.
Interface configuration
This command is only valid within FDDI module interface-configuration mode.
This example shows how to enable automatic packet recognition and translation for IPX networks of FDDI modules.
hostname(config-if)# fddi novell-snap-translation automatic
fddi (authorization)
fddi (auth-string)
fddi (notify-timer)
fddi (unmatched-snap-translation)
interface
Use the fddi unmatched-snap-translation interface configuration command to select which FDDI-to-Ethernet translation protocol to use for packets whose destinations cannot be determined from the Novell Subnetwork Access Protocol (SNAP) translation table.
fddi unmatched-snap-translation {all | ethernet-8023 | ethernet-snap | ethernet-II | drop}
no fddi unmatched-snap-translation
all | Ethernet 802.3, Ethernet SNAP, and Ethernet II are all used. |
drop | Translate frames using Drop protocol. |
ethernet-8023 | Translate frames using Ethernet 802.3 protocol. |
ethernet-II | Translate frames using Ethernet SNAP. |
ethernet-snap | Translate frames using Ethernet II protocol. |
All translation protocols are enabled.
Interface configuration
This command is valid only when you select automatic as the SNAP translation format and you enter the command within FDDI module interface-configuration mode.
This example shows how to select FDDI-to-Ethernet 802.3 translation for FDDI packets with unmatched destination addresses.
hostname(config-if)# fddi unmatched-snap-translation ether802.3
fddi (authorization)
fddi (auth-string)
fddi (notify-timer)
fddi (novell-snap-translation)
interface
Use the hostname global configuration command to set the system name. Use the no hostname command to clear the name.
hostname name
no hostname
name | System name between 1 and 255 alphanumeric characters. |
There is no default for this command.
Global configuration
This example shows how to set the system name to the string Zorro.
2820(config)# hostname Zorro
Zorro(config)#
Use the interface global configuration command to choose an interface type and to enter interface configuration mode.
interface type module/port
type | Interface type: ethernet, fastethernet, fddi, atm, and port-channel. |
module | Module interface number: 0 for fixed |
port | Port interface number ranging from 1 to 27: 1 to 25 Ethernet (fixed) |
No default interface.
Global configuration
This example shows how to enable configuration on Ethernet port 1.
hostname(config)# interface ethernet 0/1
This example shows how to enable configuration on ATM module 1.
hostname(config)# interface atm 1
configure
disable
enable
end
exit
line console
Use the ip address global configuration command to configure the IP address and subnet mask. Use the no ip address command to set the IP address and subnet mask to default values.
ip address ipaddress mask
no ip address
ipaddress | IP address. |
mask | Subnet mask. |
IP address and subnet mask both have the value 0.0.0.0.
Global configuration
This example shows how to set the device IP address to 172.20.128.126 and the subnet mask to 255.255.255.0 on the specified interface.
hostname(config)# ip address 172.20.128.126 255.255.255.0
ip (default-gateway)
ip (domain-name)
ip (http port)
ip (http server)
ip (mgmt-vlan)
ip (name-server)
show (ip)
Use the ip default-gateway global configuration command to configure the default gateway. Use the no ip default-gateway command to delete a configured default gateway and to set the gateway address to the default value.
ip default-gateway ip-address
no ip default-gateway
ip-address | Gateway IP address. |
Gateway address has the value 0.0.0.0.
Global configuration
This example shows how to set the default gateway address to 172.20.128.126.
hostname(config)# ip default-gateway 172.20.128.126
ip (address)
ip (domain-name)
ip (http port)
ip (http server)
ip (mgmt-vlan)
ip (name-server)
show (ip)
Use the ip domain-name global configuration command to configure a domain name. Use the no ip domain-name command to clear any configured domain name.
ip domain-name domain-name
no ip domain-name
domain-name | A string between 1 and 62 characters that specifies the domain name. |
No domain name is configured.
Global configuration
This example shows how to configure the domain name of the switch to your_company.com.
hostname(config)# ip domain-name your_company.com
ip (address)
ip (default-gateway)
ip (http port)
ip (http server)
ip (mgmt-vlan)
ip (name-server)
show (ip)
Use the ip http port global configuration command to select a Transmmission Control Protocol (TCP) port on which the Hypertext Transfer Protocol (HTTP) server accepts connections. Use the no ip http port command to select the default TCP port.
ip http port port-number
no ip http port
port-number | TCP port number between 0 and 65535. |
TCP port 80.
Global configuration
This example shows how to set the server to listen on TCP port 8080 for HTTP connections. With this (nondefault) setting, you must instruct your browser to connect to port 8080 rather than 80.
hostname(config)# ip http port 8080
ip (address)
ip (default-gateway)
ip (domain-name)
ip (http server)
ip (mgmt-vlan)
ip (name-server)
show (ip)
Use the ip http server global configuration command to enable Hypertext Transfer Protocol (HTTP) server functions. Use the no ip http server command to disable HTTP server functions.
ip http server
no ip http server
This command has no additional arguments or keywords.
HTTP server functions are enabled.
Global configuration
This example shows how to disable HTTP server functions.
hostname(config)# no ip http server
ip (address)
ip (default-gateway)
ip (http port)
ip (mgmt-vlan)
ip (name-server)
show (ip)
Use the ip mgmt-vlan global configuration command to configure a particular VLAN as the management VLAN (the VLAN from which IP packets are accepted and processed). Use the no ip mgmt-vlan command to set the default value as the management VLAN.
ip mgmt-vlan vlan-number
no ip mgmt-vlan
vlan-number | VLAN number between 1 and 1005. |
VLAN 1 is the management VLAN.
Global configuration
This command is only available when VLANs are enabled. IP traffic is received and processed only from the management VLAN.
This example shows how to set VLAN 2 as the management VLAN.
hostname(config)# ip mgmt-vlan 2
ip (address)
ip (default-gateway)
ip (domain-name)
ip (http port)
ip (http server)
ip (name-server)
show (ip)
Use the ip name-server global configuration command to configure a domain name system (DNS) server. Use the no ip name-server command to delete any configured DNS server.
ip name-server name-server
no ip name-server name-server
name-server | The IP address of the DNS server. |
No name server address is configured.
Global configuration
No more than two name-server addresses at a time can be specified for the switch. If two name servers are already specified and the user tries to specify a third, an error message appears. To add a new name server when two are already specified, delete one by using the no form of the command before adding the new server information.
This example shows how to configure a server at IP address 172.20.128.126 as a name server for the switch.
hostname(config)# ip name-server 172.20.128.126
ip (address)
ip (default-gateway)
ip (domain-name)
ip (http port)
ip (http server)
ip (mgmt-vlan)
show (ip)
Use the line console global configuration command to change to line-configuration mode.
line console
This command has no additional arguments or keywords.
Global configuration
This example shows how to change the command mode from global configuration to line configuration.
hostname(config)# line console
hostname(config-line)#
configure
disable
enable
end
exit
interface
Use the login tacacs global configuration command to enable the Cisco Terminal Access Controller Access Control System Plus (TACACS+) for authenticating user logins. If login TACACS+ is enabled, the switch uses TACACS+ to authenticate all user logins through a console or Telnet interface. Use the no login tacacs command to disable TACACS+ authentication.
login tacacs
no login tacacs
This command has no additional arguments or keywords.
Disabled
Global configuration
Access to the web interface cannot be authenticated through TACACS+. When using the web interface, the authentication process defaults to the local switch password.
This command shows how to enable TACACS+ for login authentication.
hostname(config)# login tacacs
enable (use-tacacs)
show (tacacs)
tacacs-server (attempts)
tacacs-server (directed-request)
tacacs-server (host)
tacacs-server (key)
tacacs-server (last-resort)
tacacs-server (timeout)
Use the mac-address-table aging-time global configuration command to configure the length of time the switch keeps dynamic MAC addresses in memory before discarding. Use the no mac-address-table aging-time command to set the aging time to the default value.
mac-address-table aging-time <seconds>
no mac-address-table aging-time
seconds | A value from 10 to 1000000 seconds. |
300 seconds
Global configuration
This example shows how to specify a MAC address table aging time of 250000 seconds.
hostname(config)# mac-address-table aging-time 250000
clear (mac-address-table)
mac-address-table (restricted static)
show (mac-address-table)
Use the mac-address-table permanent global configuration command to associate a permanent unicast or multicast MAC address with a particular switched port interface (specified by type and module/port). Use the no mac-address-table permanent command to delete a permanent MAC address.
mac-address-table permanent mac-address type module/port
no mac-address-table permanent mac-address type module/port
mac-address | MAC address. |
type | Interface type: ethernet, fastethernet, fddi, atm, or port-channel. |
module | Module interface number: 0 for fixed |
port | Port interface number ranging from 1 to 28: 1 to 25 Ethernet (fixed) |
No permanent addresses are assigned.
Global configuration
Use the arguments module/port only for switched ports and modules. When deleting an address by using the no mac-address-table permanent command, specify the interface on which the address resides.
If you delete an address that is not present in the address table, the following error message appears:
% Error: MAC address not found
This example shows how to specify that packets with the multicast destination address 0140.C80A.2F07 should be forwarded on the Fast Ethernet interface 27.
hostname(config)# mac-address-table permanent 0140.C80A.2F07 fastethernet 0/27
clear (mac-address-table)
mac-address-table (aging-time)
mac-address-table (restricted static)
show (mac-address-table)
Use the mac-address-table restricted static global configuration command to associate a restricted static address with a particular switched port interface (specified as type module/port). Use the no mac-address-table restricted static command to delete a restricted static address.
mac-address-table restricted static mac-address type module/port src-if-list
no mac-address-table restricted static mac-address type module/port
mac-address | MAC address. |
type | Interface type: ethernet, fastethernet, fddi, atm, and port-channel. |
module | Module interface number: 0 for fixed |
port | Port interface number ranging from 1 to 28: 1 to 25 Ethernet (fixed) |
src-if-list | List of acceptable interfaces separated by spaces. |
No addresses are assigned.
Global configuration
Use the arguments module/port only for switched ports and modules. Traffic to a restricted static address is only accepted from the interfaces specified in src-if-list.
This example shows how to configure a packet with MAC address of 0040.C80A.2F07 to come in on either Ethernet interface 1 or Ethernet interface 2 and be forwarded to the Fast Ethernet interface 27.
hostname(config)# mac-address-table restricted static 0040.C80A.2F07 fastethernet 0/27 ethernet 0/1 ethernet 0/2
clear (mac-address-table)
mac-address-table (aging-time)
mac-address-table (permanent)
show (mac-address-table)
Use the menu privileged Exec command to access the main menu console.
menu
This command has no arguments or keywords.
Privileged Exec
This example shows how to display the main menu console.
2820# menu
Catalyst 2820 - Main Menu
[C] Console Settings
[S] System
[N] Network Management
[P] Port Configuration
[A] Port Addressing
[D] Port Statistics Detail
[M] Monitoring
[V] Virtual LAN
[R] Multicast Registration
[F] Firmware
[I] RS-232 Interface
[U] Usage Summaries
[H] Help
[K] Command Line
[X] Exit Management Console
Enter Selection:
None
Use the modem dialin line configuration command to enable auto-answer dial-in on a port. Use the no modem dialin command to disable dial-in.
modem dialin
no modem dialin
This command has no additional arguments or keywords.
No modem dial-in is enabled.
Line configuration
This example shows how to enable auto-answer dial-in.
hostname(config-line)# modem dialin
autobaud
databits
line console
modem (init-string)
parity
show (line)
show (terminal)
stopbits
terminal
Use the modem init-string line-configuration command to configure the modem initialization string. Use the no modem init-string command to delete the modem initialization string.
modem init-string init-string
no modem init-string
init-string | The initalization string provided by your modem manufacturer. |
No initialization string is sent to the modem.
Line configuration
This example shows how to configure a Hayes-compatible modem to reset to defaults and to set the verbosity level to terse.
hostname(config-line)# modem init-string "Z V0"
A default initialization string is provided by your modem manufacturer. Do not include the AT prefix or end-of-line suffix in your string.
autobaud
databits
line console
modem (dialin)
parity
stopbits
terminal
Use the monitor-port global configuration command to enable port monitoring. Use the no monitor-port command to disable monitoring.
monitor-port
no monitor-port
This command has no arguments or keywords.
No ports are monitored.
Global configuration
Before you enable port monitoring, ensure that your capture list has one or more ports listed and a monitor port assigned. To add ports to the capture list, use the monitor-port monitored command. To assign a monitor port, use the monitor-port port command.
This example shows how to enable port monitoring.
hostname(config)# monitor-port
monitor-port (monitored)
monitor-port (port)
show (port monitor)
Use the monitor-port monitored global configuration command to add ports to the monitoring capture list. Use the no monitor-port monitored command to delete ports from the list.
monitor-port monitored [module/port]
no monitor-port monitored [module/port]
module | Interface number from 0 to 2. |
port | Port interface number ranging from 1 to 27: 1 to 25 Ethernet (fixed) |
No ports are monitored.
Global configuration
Use the arguments module/port for switched ports and modules only. If you do not specify the list of ports to add or delete in the no command form, all ports are deleted.
This example shows how to add port 26 to the capture list.
hostname(config)# monitor-port monitored 0/26
This example shows how to delete port 2 from the capture list.
hostname(config)# no monitor-port monitored 0/2
This example shows how to delete all ports from the capture list.
hostname(config)# no monitor-port monitored
monitor-port
monitor-port (port)
Use the monitor-port port global configuration command to specify the port to which monitored frames are sent. Use the no monitor-port port command to clear the monitor port.
monitor-port port module/port
no monitor-port port
module | Interface number between 0 and 2. |
port | Port interface number ranging from 1 to 27: 1 to 25 Ethernet (fixed) |
No monitor port is defined.
Global configuration
Use the arguments module/port for switched ports and modules only. One or more ports must be listed in the port capture list for frame monitoring to occur.
This example shows how to set port 1 to receive monitored frames.
hostname(config)# monitor-port port 0/1
monitor-port
monitor-port (monitored)
Use the multicast-store-and-forward global configuration command to set multicast traffic forwarding to store-and-forward mode. Use the no multicast-store-and-forward command to set multicast traffic forwarding to the method specified by the switching-mode command.
multicast-store-and-forward
no multicast-store-and-forward
This command has no arguments or keywords.
Store-and-forward switching for multicast traffic is disabled.
Global configuration
This example shows how to set the multicast traffic forwarding to store-and-forward.
hostname(config)# multicast-store-and-forward
This example shows how to set the multicast traffic forwarding to the method specified by the switching-mode command.
hostname(config)# no multicast-store-and-forward
Use the network-port global configuration command to set a network port. Use the no network-port command to clear a network port.
network-port module/port
no network-port
module | Module number from 0 to 2. Use the module argument only for switched modules. |
port | Port number from 1 to 27. Use the port argument only for switched ports. |
A network port does not exist.
Global configuration
When you configure a port as a network port, the following restrictions apply:
The following example shows how to set port 2 as a network port.
hostname(config)# network-port 0/2
Use the pagp-port-priority interface configuration command to specify the Port Aggregation Protocol (PAgP) hot-standby priority for a single Fast Ethernet port.
pagp-port-priority priority
priority | Number from 0 to 255. |
The default priority is 128.
Interface configuration
This command has the following restrictions:
The following example shows how to set the PAgP priority for Fast Ethernet port A to 100:
hostname(config)# interface fastethernet 0/26
hostname(config-if)# pagp-port-priority 100
port-channel (mode)
show (interfaces)
port-channel (preserve-order)
port-channel (template-port)
Use the parity line-configuration command to set the parity of the port.
parity {none | odd | even | mark | space}
none | No parity. |
odd | Odd parity. |
even | Even parity. |
mark | Mark parity. |
space | Space parity. |
The default is no parity.
Line configuration
The following example shows how to set the parity of an Ethernet port to odd:
hostname(config-line)# parity odd
autobaud
databits
line console
modem (dialin)
show (line)
show (terminal)
stopbits
terminal
Use the password-thresh line configuration command to limit the number of incorrect password attempts to the switch. Use the no password-thresh command to allow unlimited incorrect password attempts.
password-thresh attempts
no password-thresh
attempts | A number from 1 to 65500. |
Three attempts
Line configuration
The following example shows how to limit the number of unsuccessful password attempts to 4.
hostname(config-line)# password-thresh 4
The following example shows how to remove password attempt limitations to the switch.
hostname(config-line)# no password-thresh
show (terminal)
silent-time
time-out
Use the ping user and privileged Exec command to send an ICMP echo message (ping) to the specified IP address or host name.
ping {ip-address | hostname}
ip-address | Host IP address. |
hostname | Host name. |
This command has no default value.
User and privileged Exec
If you specify a host name rather than an IP address, the configured name server (which is configured by using the ip (name-server) command) resolves the host name to the IP address.
The following example shows how to ping the host named penguins:
> ping penguins
Translating "penguins"...domain server (171.68.10.70) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 171.69.71.25, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/6 ms
ip (address)
ip (default-gateway)
ip (domain-name)
ip (mgmt-vlan)
ip (name-server)
port-channel (mode)
port-channel (preserve-order)
port-channel (template-port)
show (interfaces)
show (ip)
Use the port block interface configuration command to block the flooding of unknown multicast or unicast packets. Use the no port block command to enable the flooding of unknown multicast or unicast packets.
port block {multicast | unicast}
no port block {multicast | unicast}
multicast | Unknown multicast addresses. |
unicast | Unknown unicast addresses. |
Flooding is enabled.
Interface configuration
The following example shows how to block the flooding of unknown multicast addresses:
hostname(config-if)# port block multicast
The following example shows how to allow the flooding of unknown unicast addresses:
hostname(config-if)# no port block unicast
interface
show (interfaces)
show (port block)
Use the port-channel mode global configuration command to select the way in which two Fast Ethernet ports aggregate using Port Aggregation Protocol (PAgP) to form a Fast EtherChannel link. Use the no port-channel mode command to disable Fast EtherChannel links.
port-channel mode [on | auto | desirable | off]
no port-channel mode
on | Forces the port to aggregate without negotiation. |
auto | Port responds to PAgP packets it receives but does not initiate PAgP packet negotiation. |
desirable | Port initiates negotiations with other ports by sending PAgP packets. |
off | Prevents the port from aggregating without negotiation. |
Off
Global configuration
When a Fast EtherChannel link is formed, the port-channel interface is enabled. The port channel remains enabled until both ports lose the link. In the case of port-channel auto or desirable mode, when a port-channel member port detects a partner port that is misconfigured, disabled, or is not bidirectional, the port-channel member port goes down.
Both the auto and desirable modes allow ports to negotiate with connected ports to determine if they can form a channel based on criteria such as trunking state, VLAN numbers, and so on.
This command is not functional when bridge groups are enabled.
The following example shows how to create a Fast EtherChannel link when the PAgP status of connecting devices is uncertain:
hostname(config)# port-channel mode desirable
The following example shows how to create a channel interface and enable a Fast EtherChannel link with PAgP disabled.
hostname(config)# port-channel mode on
pagp-port-priority
port-channel (preserve-order)
port-channel (template-port)
show (interfaces)
Use the port-channel preserve-order global configuration command to preserve the frame transmission order on the channel interface. Use the no port-channel preserve-order command to allow frame transmission misordering on the channel interface.
port-channel preserve-order
no port-channel preserve-order
This command has no additional arguments or keywords.
The default is no frame ordering.
Global configuration
The no port-channel preserve-order command allows frame transmission misordering for maximum load balancing.
This command is not functional when bridge groups are enabled.
The following example shows how to preserve frame transmission order on the channel interface:
hostname(config)# port-channel preserve-order
port-channel (mode)
show (interfaces)
Use the port-channel template-port global configuration command to specify a Fast Ethernet port after which other grouped member ports are modeled.
port-channel template-port template-port
template-port | For Catalyst 2820 switches, Fast Ethernet port 1 or 2. |
Fast Ethernet port 1 for the Catalyst 2820 series switches.
Fast Ethernet port 0/26 for the Catalyst 1900 series switches.
Global configuration
The configuration parameters for which the specified Fast Ethernet port serves as a model or template are as follows:
The configuration parameters remain the same for all member ports after aggregation. After the group is created, any change to the parameters of any member port or port channel applies to all other ports in the group.
This command is available only when bridge groups are enabled.
The following example shows how to specify Fast Ethernet port 27 as the template port for member ports configuration:
hostname(config)# port-channel template-port fastethernet 0/27
port-channel (mode)
show (interfaces)
Use the port secure interface configuration command to enable addressing security. Use the no port secure command to disable addressing security or to set the maximum number of addresses allowed on the interface to the default value.
port secure [max-mac-count count]
no port secure [max-mac-count]
max-mac-count | Maximum number of addresses allowed on port. |
count | Number from 1 to 132. |
The default is 132.
Interface configuration
The following example shows how to set the maximum MAC address count to 100.
hostname(config-if)# port secure max-mac-count 100
The following example shows how to disable port security.
hostname(config-if)# no port secure
The following example shows how to set the MAC address count maximum to the default 132.
hostname(config-if)# no port secure max-mac-count
interface
port (block)
port secure (clear)
show (interfaces)
show (mac-address-table security)
Use the port secure clear interface configuration command to enables the clearing of static addresses on a secure port when the link goes down. The no port secure clear command resets the port secure configuration to retain static addresses in the event of link failure.
port secure clear
no port secure clear
This command has no arguments or keywords.
Disabled
Interface configuration
This command is available only on ports that have the port secure command enabled.
This example shows how to set a port to clear its static addresses when the link is broken.
hostname(config)# interface ethernet 0/1 hostname(config-if)# port secure clear
port secure
show (mac-address-table security)
Use the reload privileged Exec command to immediately reset the switch or module.
reload [type module]
type | Interface type: FDDI and ATM. |
module | Interface number of a module: |
The entire switch is reset.
Privileged Exec
After you enter this command, the system displays the following message:
Reset system, [Y]es or [N]o ?
Press Y or N as desired.
After the reset, the switch or module retains all configured system parameters and static addresses and removes all dynamic addresses.
The following example shows how to reset the entire switch:
hostname# reload
The following example shows how to reset the FDDI module in slot A.
hostname# reload fddi A
Use the reload in privileged Exec command to specify the number of seconds before the switch resets.
reload in <seconds>
seconds | A value in seconds between 1 and 4294967. |
None
Privileged Exec
If this command is executed again during the reset delay, the switch restarts the reset delay to the new delay time.
This example shows how to reset the system in 10 seconds.
hostname# reload in 10
Use the rip global configuration command to enable the automatic discovery of IP gateways by running the Routing Information Protocol (RIP) listener. Use the no rip command to disable the RIP listener.
rip
no rip
This command has no arguments or keywords.
The RIP listener is enabled.
Global configuration
The following example shows how to disable the RIP listener:
hostname(config)# no rip
Use the service config global configuration command to enable automatic download of the switch configuration file from a Trivial File Transfer Protocol (TFTP) host during power up. Use the no service config command to disable automatic download of the configuration file.
service config
no service config
This command has no additional arguments or keywords.
Auto configuration is disabled.
Global configuration
The following example shows how to enable auto configuration:
hostname(config)# service config
show (running-config)
copy (nvram tftp)
copy (tftp)
show (version)
Use the session Exec command to open a session to an ATM module with an independent operating system.
session {number}
number | Module slot number: |
This command has no default value.
User and privileged Exec
The following example shows how to open a session to the ATM module installed in slot B of the switch:
switch> session B
None
Use the show bridge-group privileged Exec command to display the current bridge group configuration and port membership.
show bridge-group
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This command is available only when bridge groups are enabled.
The following example shows how to display the current bridge-group configuration and port membership:
hostname# show bridge-group Allow overlapping bridge-groups: Disabled Bridge GroupMember Ports ------------------------------------------------------------------------------------ 12, 4, 5, 9-20 221-25 31, 3, 6, 7, 8 4A, B
bridge (forwarding-time)
bridge (hello-time)
bridge (max-age)
bridge (priority)
bridge-group
bridge-group (allow-overlap)
bridge-group (enable)
show (spantree)
spantree
Use the show cdp interface user Exec command to display Cisco Discovery Protocol (CDP) status and configuration information for a switched port or module.
show cdp interface [type module/port]
type | Interface type. Valid values are ethernet, fastethernet, fddi, atm, and port-channel. |
module | Module interface number: |
port | Port number: |
This command has no default value.
User Exec
If you do not specify the type and module/port options, CDP configuration on all interfaces is displayed.
The following example shows how to display the CDP configuration on all interfaces.
> show cdp interface Ethernet 0/1 : Cdp enabled Ethernet 0/2 : Cdp enabled Ethernet 0/3 : Cdp enabled Ethernet 0/4 : Cdp enabled Ethernet 0/5 : Cdp enabled Ethernet 0/6 : Cdp enabled Ethernet 0/7 : Cdp enabled Ethernet 0/8 : Cdp enabled Ethernet 0/9 : Cdp enabled Ethernet 0/10 : Cdp enabled Ethernet 0/11 : Cdp enabled Ethernet 0/12 : Cdp enabled Ethernet 0/13 : Cdp enabled Ethernet 0/14 : Cdp enabled Ethernet 0/15 : Cdp enabled Ethernet 0/16 : Cdp enabled Ethernet 0/17 : Cdp enabled Ethernet 0/18 : Cdp enabled Ethernet 0/19 : Cdp enabled Ethernet 0/20 : Cdp enabled Ethernet 0/21 : Cdp enabled Ethernet 0/22 : Cdp enabled Ethernet 0/23 : Cdp enabled Ethernet 0/24 : Cdp enabled Ethernet 0/25 : Cdp enabled FastEthernet 0/26 : Cdp enabled FastEthernet 0/27 : Cdp enabled
cdp (advertise-v2)
cdp (enable)
cdp (holdtime)
cdp (timer)
show (bridge-group)
show cdp (neighbors)
Use the show cdp neighbors user Exec command to display information on network neighbors the switch discovers by using Cisco Discovery Protocol (CDP).
show cdp neighbors [type module/port] [detail]
type | Interface type. Valid values are ethernet, fastethernet, fddi, atm, and port-channel. |
module | Module interface number: |
port | Port number: |
detail | List details about network neighbors including device ID, entry address, platform, capabilities, remote interface, and local interface. |
This command has no default value.
User Exec
If you do not specify an option, the switch displays discovered neighbors from all interfaces. If you specify the type and module/port of an interface, the discovered neighbors from that interface appear.
The following example shows how to display all discovered switch neighbors by using CDP.
hostname# show cdp neighbors
Capability Codes:R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, P - Repeater, H - Host, I - IGMP
DeviceID IP Addr Local Port Capability Platform Remote Port
Switch_1 172.20.249.205 Et0/2 TS cisco 1900 2
Switch_2 172.20.249.206 Et0/3 TS cisco 2820 16
The following example shows how to display in detail discovered switch neighbors for Fast Ethernet port 26.
hostname# show cdp neighbors fastethernet 0/9 detail
Capability Codes:R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, P - Repeater, H - Host, I - IGMP
DeviceID IP Addr Local Port Capability Platform Remote Port
Switch_1 172.20.249.205 Et0/2 TS cisco 1900 2
cdp (advertise-v2)
cdp (enable)
cdp (holdtime)
cdp (timer)
show (bridge-group)
show cdp (interface)
Use the show cgmp privileged Exec command to display the Cisco Group Management Protocol (CGMP) status, CGMP Fast Leave status, CGMP hold time, multicast group information, and multicast router information.
show cgmp
This command has no arguments or keywords.
None
Privileged Exec
This example shows how to display CGMP status for managed devices.
hostname# show cgmp CGMP Status : Enabled CGMP Fast Leave Status : Disabled CGMP Holdtime (secs) : 600 Allow reserved address to join as GDA: Enabled VLAN Address Destination ----------------------------------------------------------------------- 1 0100.5E00.0128 Fa2 VLAN Router Address Expiration Interface ----------------------------------------------------------------------- 1 00E0.1E68.7751 589 sec Fa2
cgmp
cgmp (hold-time)
cgmp (leave-processing)
cgmp (remove)
clear (cgmp)
Use the show cluster privileged Exec command to display cluster information for the switch.
show cluster
This command has no arguments or keywords.
None
Privileged Exec
The following example shows how to display cluster information to a member switch.
hostname# show cluster Cluster name:Example_Cluster Member number:3 Management ip address:172.20.249.205 Command device mac address:00D0.5868.FEC0
Use the show history user Exec command to display the user and privileged Exec commands used in this session.
show history
This command has no additional arguments or keywords.
This command has no default value.
User Exec
The display does not include configuration commands.
The following example shows how to display the Exec commands used in the current session:
> show history ena end disab show hi
Use the show interfaces privileged Exec command to display statistics and status for all or specified interfaces.
show interfaces [type module/port] [basic | secondary]
type | Interface type: |
module | Module interface number: |
port | Port number: |
basic | Basic FDDI settings. |
secondary | Secondary FDDI settings. |
If you do not specify a type or a module/port, statistics and status for all interfaces appear. Use the basic and secondary arguments only with FDDI ports.
Privileged Exec
The output to this command varies depending on the network for which an interface has been configured.
The following example shows how to display statistics and status for all interfaces:
hostname# show interfaces
The following example shows how to display statistics and status for Ethernet port 1.
hostname# show interfaces ethernet 0/1 Ethernet 0/1 is Suspended-no-linkbeat Hardware is Built-in 10Base-T Address is 00E0.1EA2.FBC1 MTU 1500 bytes, BW 10000 Kbits 802.1d STP State: Blocking Forward Transitions: 2 Port monitoring: Disabled Unknown unicast flooding: Disabled Unregistered multicast flooding: Disabled Description: ests Duplex setting: Full duplex Back pressure: Disabled
Receive Statistics Transmit Statistics
------------------------------------- -------------------------------------
Total good frames 0 Total frames 0
Total octets 0 Total octets 0
Broadcast/multicast frames 0 Broadcast/multicast frames 0
Broadcast/multicast octets 0 Broadcast/multicast octets 0
Good frames forwarded 0 Deferrals 0
Frames filtered 0 Single collisions 0
Runt frames 0 Multiple collisions 0
No buffer discards 0 Excessive collisions 0
Queue full discards 0
Errors: Errors:
FCS errors 0 Late collisions 0
Alignment errors 0 Excessive deferrals 0
Giant frames 0 Jabber errors 0
Address violations 0 Other transmit errors 0
The following example shows how to display statistics and status for Fast Ethernet port A.
hostname# show interfaces fastethernet 0/26
The following is a sample display for a single-port 100BaseTX port in trunk mode. Trunk-related information does not display if the interface is not in trunk mode.
FastEthernet0/26 is enabled
Hardware is built-in 100BaseTX
Address is 0053.4500.0201
MTU 1500 bytes, BW 100000 Kbit
802.1d STP State: Forwarding, Forward Transitions: 1
Broadcast forwarding: Blocked due broadcast storm
Description: port-A
Duplex/Flow Control setting: full duplex with flow control
Auto-negotiation status: auto-negotiate
Enhanced congestion control: disabled
Receive Statistics Transmit Statistics
------------------------------------- -------------------------------------
Total good frames 48588 Total frames 35638
Total octets 4663880 Total octets 2696516
Broadcast/multicast frames 37004 Broadcast/multicast frames 33261
Broadcast/multicast octets 3256467 Broadcast/multicast octets 2183516
Good frames forwarded 48567 Deferrals 0
Frames filtered 21 Single collisions 0
Runt frames 0 Multiple collisions 0
No buffer discards 0 Excessive collisions 0
Queue full discards 0
Errors: Errors:
FCS errors 0 Late collisions 0
Alignment errors 0 Excessive deferrals 0
Giant frames 0 Jabber errors 0
Address violations 0 Other transmit errors 0
The following example shows how to display statistics and status for FDDI module 1:
hostname# show interfaces fddi 1 fddi 1 is suspended-ring-down Hardware is FDDI Module (Fiber DAS Model), Version 00 Module Description: Dual Attach Station, Ring status: Not operational Address is 0053.4500.0201 MTU 4352 bytes, BW 100000 Kbit 802.1d STP State: N/A, Forward Transitions: 0 Broadcast storm control: blocked Description: Novell SNAP frame translation: Automatic Unmatched SNAP frame destination: All Receive Statistics Transmit Statistics ------------------------------------- ------------------------------------- Good FDDI frames 0 Good FDDI frames 256 Good FDDI octets 0 Good FDDI octets 19716 No buffer discards 0 No buffer discards 0 IP frames fragmented 0 Ring down discards 0 Frames filtered 0 Queue full discards 0 Good frames forwarded 0 Errors: FCS Error 0 Invalid data length 0 Error flag set 0 Bad IP header 0 Other receive errors 0 Address violations 0
The following example shows how to display basic FDDI settings for FDDI module 1:
hostname# show interfaces fddi 1 basic
------------------------ MAC and SMT Information -------------------------- SMT version 2 Upstream neighbor 00-00-F8-00-00-00 MIB version 1 Station address 00-00-00-C0-1D-F4-76-65 Number of MACs 1 Downstream neighbor 00-00-F8-00-00-00 Non master ports 2 Optical bypass Not present ECM state In Attachment state Isolated ------Port Information------- ------A Port------ ------B Port------ Connection policy (rejects) None None Neighbor type None None Current path Isolated Isolated Available paths Primary+Secondary Primary+Secondary PMD class Multimode Multimode PCM state Connect Connect Link error alarm activated False False Link confidence test failures 0 0 Link error monitor rejections 0 0 Aggregate link error count 0 0
The following example shows how to display secondary FDDI settings for FDDI module 2.
hostname# show interfaces fddi 2 secondary Notification timer value: 30 second(s) Use authorization string: Disabled Authorization string:
------------MAC and SMT Information-----------
Remote disconnect flag False
Station path status Separated
Requested token rotation time 164986880 ns
Negotiated token rotation time 164986880 ns
Old upstream neighbor 00-00-F8-00-00-00
Old downstream neighbor 00-00-F8-00-00-00
MAC's downstream port type None
Frame error flag False
Frame processing functions fs_repeating
MAC's available pathsPrimary+Secondary
The following example shows how to display status information on ATM module 1:
hostname# show interfaces atm 1 Atm 1 is suspended-ATM-LANE-down Hardware is ATM 155 UTP, Version 02 Module Description: Category 5 UTP Address is 0053.4500.0201 ATM Network Status: Not operational 802.1d STP State: N/A, Forward Transitions: 0 Broadcast storm control: blocked Description/name of port:
Receive Statistics Transmit Statistics
------------------------------------- -------------------------------------
Good AAL5 frames 0 Good AAL5 frames 0
Good ATM cells 0 Good ATM cells 0
Broadcast/multicast frames 0 Broadcast/multicast frames 0
Good frames forwarded 0 Queue full discards 0
Frames filtered 0
Runt frames 0
No buffer discards 0
Other discards 0
Errors:
CRC errors 0
Cell HEC errors 0
Giant frames 0
Address violations 0
The following example shows how to display statistics and status for a port channel. The statistics for each port are the sum of all packets that went through all member ports in the channel.
hostname# show interfaces port-channel
PortChannel is Enabled
802.1d STP State: Forwarding Forward Transitions: 1
Port-channel mode: auto, preserve-order: Disabled
Port parameters template port: A
Active port: A
Port Member Priority Cap. Partner Partner Partner Partner
Device-id Port-id Priority Cap.
-----------------------------------------------------------------------
A Yes 128 1 00-E0-1E-7E-C2-C0 A 128 3
B Yes 128 1 00-E0-1E-7E-C2-C0 B 128 3
Receive Statistics Transmit Statistics
------------------------------------- -------------------------------------
Total good frames 139 Total frames 1789
Total octets 13038 Total octets 142757
Broadcast/multicast frames 138 Broadcast/multicast frames 1763
Broadcast/multicast octets 12936 Broadcast/multicast octets 140191
Good frames forwarded 138 Deferrals 0
Frames filtered 1 Single collisions 0
Runt frames 0 Multiple collisions 0
No buffer discards 0 Excessive collisions 0
Queue full discards 0
Errors: Errors:
FCS errors 0 Late collisions 0
Alignment errors 0 Excessive deferrals 0
Giant frames 0 Jabber errors 0
Address violations 0 Other transmit errors 0
back-pressure
description
duplex
fddi (authorization)
fddi (auth-string)
fddi (novell-snap-translation)
fddi (unmatched-snap-translation)
interface
Posted: Mon Nov 1 13:08:33 PST 1999
Copyright 1989-1999©Cisco Systems Inc.