|
|
Use the show ip user Exec command to display global Internet Protocol (IP) configuration information.
show ip
This command has no additional arguments or keywords.
This command has no default value.
User Exec
This example shows how to display global IP configuration information:
hostname# show ip IP Address:172.20.129.131 Subnet Mask:255.255.255.0 Default Gateway:172.20.129.1 Management VLAN: 1 Domain name: cisco.com Name server 1:171.69.2.132 Name server 2:198.92.30.32 HTTP server :Enabled HTTP port : 80 RIP :Enabled
ip (address)
ip (default-gateway)
ip (domain-name)
ip (http port)
ip (http server)
ip (mgmt-vlan)
ip (name-server)
Use the show line privileged Exec command to display line-configuration information, including baud rate, data bits, stop bits, parity setting, autobaud, and auto answer.
show line
This command has no arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display line-configuration information:
hostname# show line RS-232 configuration: 9600 baud, 8 data bits, 1 stop bits, None parity Autobaud:Enabled Modem dialin:Enabled Idle time-out:0 Modem Init String: Silent time:0 Password Threshold:3
autobaud
databits
line console
modem (dialin)
parity
show (terminal)
stopbits
terminal
Use the show mac-address-table privileged Exec command to display addresses in the MAC address table for a switched port or module.
show mac-address-table [permanent | dynamic | restricted static] [address mac-address]
[interface type module/port]
permanent | Displays static addresses. |
dynamic | Displays dynamic addresses. |
restricted static | Displays restricted static addresses. |
mac-address | Displays specified MAC address. Valid value is 48-bit hardware address. |
type | Interface type: ethernet, fastethernet, fddi, atm, or port-channel. |
module | Module interface number: |
port | Port number: |
This command has no default value.
Privileged Exec
If this command is invoked with no options, the system displays all information in the address table. Otherwise, the system displays only the specific elements requested.
This example shows how to display all MAC addresses configured in the system.
hostname# show mac-address-table Number of permanent addresses :0 Number of restricted static addresses :0 Number of dynamic addresses :9 Address Dest Interface Type Source Interface List ------------------------------------------------------------------------------------ 00D0.5868.F583 FastEthernet 2 Dynamic All 00E0.1E74.6ADA FastEthernet 1 Dynamic All 00E0.1E74.6AC0 FastEthernet 1 Dynamic All 0060.47D5.2770 FastEthernet 2 Dynamic All 00D0.5868.F580 FastEthernet 2 Dynamic All 00D0.5868.C8C0 FastEthernet 2 Dynamic All 00D0.5868.EF00 FastEthernet 2 Dynamic All 00E0.1E74.6080 FastEthernet 2 Dynamic All 00D0.C0F5.5B80 FastEthernet 2 Dynamic All
This example shows how to display all restricted static MAC addresses configured in the system. Note that the source ports for corresponding addresses are displayed only when the restricted static keyword is specified.
hostname# show mac-address-table restricted static
Number of permanent addresses :0
Number of restricted static addresses :1
Number of dynamic addresses :9
Address Dest Interface Type Source Interface List
------------------------------------------------------------------------------------
FEED.BEEF.FACE Ethernet 0/1 Static Et0/1,Et0/2,Et0/3
Et0/4,Et0/5,Et0/6
Et0/7,Et0/8,Et0/9
Et0/10,Et0/11,Et0/12
clear (mac-address-table)
mac-address-table (aging-time)
mac-address-table (permanent)
mac-address-table (restricted static)
show (mac-address-table aging-time)
show (mac-address-table security)
Use the show (mac-address-table aging-time) privileged Exec command to display the length of time the switch keeps dynamic MAC addresses in memory before discarding.
show mac-address-table aging-time
This command has no arguments or keywords.
None
Privileged Exec
This example shows how to display the MAC address table aging-time value.
hostname# show mac-address-table aging-time Aging time in seconds: 300
clear (mac-address-table)
mac-address-table (aging-time)
mac-address-table (permanent)
mac-address-table (restricted static)
show (mac-address-table)
show (mac-address-table security)
Use the show (mac-address-table security) privileged Exec command to display the addressing security configuration.
show mac-address-table security
This command has no arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the address table security information.
hostname# show mac-address-table security Action upon address violation : Suspend
InterfaceAddressing SecurityAddress Table SizeClear Address ---------------------------------------------------------------------------- Ethernet 0/1Enabled 10Yes Ethernet 0/2DisabledN/A No Ethernet 0/3DisabledN/ANo
clear (mac-address-table)
mac-address-table (aging-time)
mac-address-table (permanent)
mac-address-table (restricted static)
port secure
port secure (clear)
show (mac-address-table)
show (mac-address-table aging-time)
Use the show port block privileged Exec command to display the current state of unknown unicast and multicast address forwarding.
show port block {unicast | multicast}
unicast | Displays forwarding state for unicast addresses. |
multicast | Displays forwarding state for multicast addresses. |
This command does not have a default value.
Privileged Exec
This example shows how to display the current forwarding state for unknown unicast addresses:
hostname#show port block unicast Ports receiving unmatched unicast addresses: Ethernet 0/1, Ethernet 0/2, Ethernet 0/3, Ethernet 0/4 Ethernet 0/5, Ethernet 0/6, Ethernet 0/7, Ethernet 0/8 Ethernet 0/9, Ethernet 0/10, Ethernet 0/11, Ethernet 0/12 Ethernet 0/25, FastEthernet 0/26, FastEthernet 0/27
This example shows how to display the current forwarding state for unknown multicast addresses for all ports:
hostname#show port block multicast Ports receiving unregistered multicast addresses: Ethernet 0/1, Ethernet 0/2, Ethernet 0/3, Ethernet 0/4 Ethernet 0/5, Ethernet 0/6, Ethernet 0/7, Ethernet 0/8 Ethernet 0/9, Ethernet 0/10, Ethernet 0/11, Ethernet 0/12 Ethernet 0/25, FastEthernet 0/26, FastEthernet 0/27
Use the show port monitor privileged Exec command to display the current monitor port setting and if enabled, the monitor port and the ports being monitored.
show port monitor
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the current status of the monitor port setting. If the port monitoring state is enabled, this command also displays the monitor port and the ports being monitored:
hostname# show port monitor
The following are sample displays. In the first display, the monitor port is enabled and information on the monitored ports is displayed.
Port Monitoring State : Enabled Monitor Port : Ethernet 0/1 Ports being monitored : Ethernet 0/2, Ethernet 0/3, Ethernet 0/4
In this display, the monitor port is disabled.
Port Monitoring State : Disabled
monitor-port
monitor-port (monitored)
monitor-port (port)
Use the show port system privileged Exec command to display miscellaneous port system information.
show port system
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display port system information:
hostname# show port system Switching ModeFragmentFree Use of store and forward for multicastDisabled Network PortEthernet0/27 Half duplex backpressure (10Mbps)Disabled Enhanced Congestion Control (10Mbps)Disabled Default port LED display mode:Port Status
switching-mode
multicast-store-and-forward
network-port
back-pressure
ecc
Use the show running-config privileged Exec command to display the current settings of the configuration commands that modify the system default configuration.
show running-config
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the current settings of the configuration commands that modify the system default configuration:
hostname# show running-config Building configuration... Current configuration: ! tftp accept tftp server "171.71.114.222" tftp filename "c:\au\xbv1op.bin" ! ! ! ! ! ip address 172.20.128.103 255.255.255.0 ip default-gateway 172.20.128.1 ! ! bridge-group enable ! ! ! enable password level 15 "CATALYST" ! interface Ethernet 0/1 ! interface Ethernet 0/2 ! interface Ethernet 0/3 ! interface Ethernet 0/4 ! interface Ethernet 0/5 ! interface Ethernet 0/6 ! interface Ethernet 0/7 ! interface Ethernet 0/8 ! interface Ethernet 0/9 ! interface Ethernet 0/10 ! interface Ethernet 0/11 ! interface Ethernet 0/12 ! interface Ethernet 0/13 ! interface Ethernet 0/14 ! interface Ethernet 0/15 ! interface Ethernet 0/16 ! interface Ethernet 0/17 ! interface Ethernet 0/18 ! interface Ethernet 0/19 ! interface Ethernet 0/20 ! interface Ethernet 0/21 ! interface Ethernet 0/22 ! interface Ethernet 0/23 ! interface Ethernet 0/24 ! interface Ethernet 0/25 ! interface FastEthernet 0/26 ! interface FastEthernet 0/27 ! ! line console end
Use the show snmp privileged Exec command to display Simple Network Management Protocol (SNMP) configuration information.
show snmp [traps | set-hosts]
traps | Displays SNMP trap information. |
set-hosts | Displays SNMP set-hosts information. |
This command has no default value.
Privileged Exec
This example shows how to display information about SNMP traps:
hostname# show snmp traps Authentication trap: Enabled Link up/link down trap: Enabled Address violation trap: Enabled Broadcast storm control trap: Disabled VTP traps: Enabled HostCommunity String -------------------------------------------- 172.20.128.165public 172.20.128.166private 172.20.128.167public 172.20.128.168private
This example shows how to display information about SNMP set-hosts.
hostname# show snmp set-hosts Read community strings configured: public public2 public3 public4 Write community strings configured: private private2 private3 private4 Set hosts configured: writer1 writer2 writer3 writer4
show (snmp contact)
show (snmp hostname)
show (snmp location)
snmp-server community
snmp-server (contact)
snmp-server (enable traps)
snmp-server (host)
snmp-server (location)
snmp-server (set-host)
Use the show snmp contact privileged Exec command to display the Simple Network Management Protocol (SNMP) contact.
show snmp contact
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the SNMP contact:
hostname# show snmp contact John Smith
show (snmp)
show (snmp hostname)
show (snmp location)
snmp-server community
snmp-server (contact)
snmp-server (enable traps)
snmp-server (host)
snmp-server (location)
snmp-server (set-host)
Use the show snmp hostname privileged Exec command to display the name of the Simple Network Management Protocol (SNMP) system.
show snmp hostname
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the name of the SNMP system:
hostname# show snmp hostname hostname
hostname
show (snmp)
show (snmp contact)
show (snmp location)
snmp-server community
snmp-server (contact)
snmp-server (enable traps)
snmp-server (host)
snmp-server (location)
snmp-server (set-host)
Use the show snmp location privileged exec command to display the Simple Network Management Protocol (SNMP) location string.
show snmp location
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the SNMP location:
hostname# show snmp location Building M
hostname
show (snmp)
show (snmp contact)
show (snmp hostname)
snmp-server community
snmp-server (contact)
snmp-server (enable traps)
snmp-server (host)
snmp-server (location)
snmp-server (set-host)
Use the show spantree privileged Exec command to display the Spanning Tree Protocol (STP) configuration for enabled bridge groups or VLANs.
show spantree [bridge-group | vlan]
bridge-group | Number from 1 to 4. |
vlan | Number from 1 to 1005. |
Displays spanning-tree configuration for all bridge groups or VLANs.
Privileged Exec
If you specify bridge-group, the system displays the spanning-tree configuration only for the specified bridge groups and their member ports. If you do not specify bridge-group, the system displays the spanning-tree configuration for all bridge groups and their member ports. If you disable bridge groups, the system displays the configuration for VLANs.
If you specify vlan, the system displays the spanning-tree operating parameters for the specified VLAN.
This example shows how to display the spanning-tree configuration when bridge groups are enabled.
hostname# show spantree
Bridge-group 1 is executing the IEEE compatible Spanning Tree Protocol
Bridge Identifier has priority 32768, address 00E0.1E87.3A00
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 00E0.1E87.3A00
Root port is N/A, cost of root path is 0
Topology change flag not set, detected flag not set
Timers: hold 1, topology change 0
hello 2, max age 20, forward delay 15
Timers: hello 2, topology change 35, notification 2
Port Ethernet 0/1 of Bridge-group1 is Blocking
Port path cost 100, Port priority 128
Designated root has priority 32768, address 00E0.1E87.3A00
Designated bridge has priority 32768, address 00E0.1E87.3A00
Designated port is Ethernet 0/1, path cost 0
Timers: message age 20, forward delay 15, hold 1
Port Ethernet 0/2 of Bridge-group1 is Blocking
Port path cost 100, Port priority 128
Designated root has priority 32768, address 00E0.1E87.3A00
Designated bridge has priority 32768, address 00E0.1E87.3A00
Designated port is Ethernet 0/2, path cost 0
Timers: message age 20, forward delay 15, hold 1
This example shows how to display the spanning-tree configuration for VLAN 1:
hostname# show spantree 1
VLAN1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00e0.1e69.2300
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0053.4500.0000
Root port is Ethernet 0/4, cost of root path is 130
Topology change flag not set, detected flag not set
Topology changes 12, last topology change occured 0d00h02m31s ago
Times: hold 1, topology change 35
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Port Ethernet 0/1 of VLAN1 is down
Port path cost 10, Port priority 128
Designated root has priority 32768, address 0053.4500.0000
Designated bridge has priority 32768, address 00e0.1e69.2300
Designated port is Ethernet 0/1, path cost 130
Timers: message age 0, forward delay 14, hold 0
Port Ethernet 0/4 of VLAN1 is FORWARDING
Port path cost 10, Port priority 128
Designated root has priority 32768, address 0053.4500.0000
Designated bridge has priority 32768, address 00c0.1d80.55ee
Designated port is 27, path cost 120
Timers: message age Ethernet 0/4, forward delay 0, hold 0
Port Ethernet 0/6 of VLAN1 is FORWARDING
Port path cost 10, Port priority 128
Designated root has priority 32768, address 0053.4500.0000
Designated bridge has priority 32768, address 00e0.1e69.2300
Designated port is Ethernet 0/6, path cost 130
Timers: message age 0, forward delay 0, hold 0
bridge (forwarding-time)
bridge (hello-time)
bridge (max-age)
bridge (priority)
bridge-group
bridge-group (allow-overlap)
bridge-group (enable)
show (spantree-option)
show (spantree-template)
spantree
spantree (cost)
spantree (start-forwarding)
spantree-template (priority)
vlan
Use the show spantree-option privileged Exec command to display the path cost and the port priority of the two Spanning Tree Protocol (STP) port parameter options and their assigned VLANs.
show spantree-option
This command has no additional arguments or keywords.
STP port option values for all trunk ports appears.
Privileged Exec
This command is not functional when bridge groups are enabled.
This example shows how to display the port-configuration option:
hostname# show spantree-option
Trunk Port A
============
Priority (option 1): 128
Path cost (option 1): 10
VLANs Assigned to option 1 priority: 1-1005
VLANs Assigned to option 1 pathcost: 1, 6-1005
Trunk Port A
============
Priority (option 2): 128
Path cost (option 2): 10
VLANs Assigned to option 2 priority: None
VLANs Assigned to option 2 pathcost: 2-5
Trunk Port B
============
Priority (option 1): 128
Path cost (option 1): 10
VLANs Assigned to option 1 priority: 1-1005
VLANs Assigned to option 1 pathcost: 1-1005
Trunk Port B
============
Priority (option 2): 128
Path cost (option 2) : 10
VLANs Assigned to option 2 priority: None
VLANs Assigned to option 2 pathcost: None
show (spantree)
show (spantree-template)
spantree
spantree (cost)
spantree (start-forwarding)
spantree-template (priority)
vlan
Use the show spantree-template privileged Exec command to display current Spanning Tree Protocol (STP) values for a specified bridge template. Values include the forward-delay time, hello time, max-age time when the switch is operating as the root, and the bridge priority.
show spantree-template [bridge-template-id]
bridge-template-id | Number from 1 to 4. |
STP bridge parameters for all templates are displayed.
Privileged Exec
If you specify bridge-template-id, the system displays the bridge parameters for that VLAN only. This command is not functional when bridge groups are enabled.
This example shows how to display the current values of bridge template 1:
hostname# show spantree-template 1 Bridge Template 1 Bridge Priority: 32768 (8000 hex) Max age when operating as root: 20 second(s) Hello time when operating as root: 2 second(s) Forward delay when operating as root: 15 second(s) VLANs assigned to option: 1, 3, 5, 7
show (spantree)
show (spantree-option)
show (spantree-template)
show (vlan)
spantree
spantree (cost)
spantree (start-forwarding)
spantree-template (forwarding-time)
spantree-template (hello-time)
spantree-template (max-age)
spantree-template (priority)
spantree-template (vlan)
vlan
Use the show spantree privileged Exec command to display the Spanning-Tree Protocol (STP) configuration status of the switch.
show spantree [vlan]
vlan | Number from 1 to 1005. |
The spanning-tree configuration for all VLANs is displayed.
Privileged Exec
This command displays the number of spanning-tree instances that are currently running, VLANs for which STP is enabled, and so on. If you specify vlan, the system also displays the spanning-tree operating parameters for the specified VLAN.
This example shows how to display the spanning-tree configuration for VLAN 1:
hostname# show spantree 1
VLAN1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00e0.1e69.2300
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0053.4500.0000
Root port is Ethernet 0/4, cost of root path is 130
Topology change flag not set, detected flag not set
Topology changes 12, last topology change occured 0d00h02m31s ago
Times: hold 1, topology change 35
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Port Ethernet 0/1 of VLAN1 is down
Port path cost 10, Port priority 128
Designated root has priority 32768, address 0053.4500.0000
Designated bridge has priority 32768, address 00e0.1e69.2300
Designated port is Ethernet 0/1, path cost 130
Timers: message age 0, forward delay 14, hold 0
Port Ethernet 0/4 of VLAN1 is FORWARDING
Port path cost 10, Port priority 128
Designated root has priority 32768, address 0053.4500.0000
Designated bridge has priority 32768, address 00c0.1d80.55ee
Designated port is 27, path cost 120
Timers: message age Ethernet 0/4, forward delay 0, hold 0
Port Ethernet 0/6 of VLAN1 is FORWARDING
Port path cost 10, Port priority 128
Designated root has priority 32768, address 0053.4500.0000
Designated bridge has priority 32768, address 00e0.1e69.2300
Designated port is Ethernet 0/6, path cost 130
Timers: message age 0, forward delay 0, hold 0
show (spantree)
show (spantree-option)
show (spantree-template)
spantree
spantree (cost)
spantree (start-forwarding)
spantree-template (priority)
vlan
Use the show storm-control privileged Exec command to display the current settings for the storm control rising and falling threshold parameters.
show storm-control
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the settings for the storm control rising and falling threshold parameters:
hostname# show storm-control Current Setting : Enabled Rising Threshold : 500 (packets/sec) Falling Threshold : 250 (packets/sec) Action on Broadcast Storm : disable port Send Trap on broadcast storm : Enabled
This display shows an example of the message that appears when a broadcast storm is detected.
Action on broadcast storm: Block Rising threshold: 500 packets/sec Falling threshold: 250 packets/sec Send trap upon broadcast storm: Enabled Ethernet 0/1 was above threshold at 0day(s) 14hour(s) 53minute(s) 09second(s) from system start-up
Use the show tacacs Exec command to display the values for the Cisco Terminal Access Controller Access Control System Plus (TACACS+) configuration options.
show tacacs
This command has no additional arguments or keywords.
This command has no default value.
User and privileged Exec
This example shows how to display the TACACS+ configuration values.
hostname# show tacacs enable use-tacacs: enabled login tacacs: enabled tacacs-server last-resort:password tacacs-server hosts: spaniel.cisco.com monarch.cisco.com 172.20.129.111 tacacs-server key: 001same_as_server tacacs-server login attempts: 3 tacacs-server timeout: 5 seconds tacacs-server directed-request: disabled
enable (use-tacacs)
login (tacacs)
tacacs-server (attempts)
tacacs-server (directed-request)
tacacs-server (host)
tacacs-server (key)
tacacs-server (last-resort)
tacacs-server (timeout)
Use the show terminal Exec command to display the attributes of the console sessions.
show terminal
This command has no arguments or keywords.
This command has no default value.
User and privileged Exec
Using this command from user Exec mode displays baud, databits, stopbits, and parity. Using this command from the privileged Exec mode displays this information plus autobaud enable status, modem dialin enable status, idle timeout value, modem init string value, silent time value, and password threshhold value.
This example shows how to display terminal attributes from the user Exec mode.
hostname> show terminal RS-232 configuration: 9600 baud, 8 data bits, 1 stop bits, None parity
This example shows how to display terminal attributes from the privileged Exec mode.
hostname# show terminal RS-232 configuration: 9600 baud, 8 data bits, 1 stop bits, None parity Autobaud: Enabled Modem dialin: Enabled Idle time-out: 0 Modem Init String: Silent time: 0 Password Threshold: 3
autobaud
databits
line console
modem (dialin)
parity
password-thresh
silent-time
stopbits
terminal
time-out
Use the show tftp privileged Exec command to display the configuration status of the Trivial File Transfer Protocol (TFTP) attributes.
show tftp
This command has no arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display terminal attributes from the privileged Exec mode.
hostname# show tftp TFTP Server: 171.71.114.222 TFTP Firmware Upgrade File: c:\switch\xbv1op.bin Accept Remote TFTP: Enabled Auto Configuration: Disabled Upgrade Status: No upgrade currently in progress. Config File Status: No configuration upload/download is in progress.
copy (nvram tftp)
copy (tftp)
service (config)
tftp (accept)
tftp (filename)
tftp (server)
Use the show trunk privileged Exec command to display trunking information for trunkable ports.
show trunk {A | B | port-channel} [allowed-vlans | prune-eligible | joined-vlans |
joining-vlans]
A | Display trunk A information. |
B | Display trunk B information. |
port-channel | Display information for port channel trunk ports. |
allowed-vlans | Display allowed VLANs. |
prune-eligible | Display VLANs that have pruning enabled. |
joined-vlans | Display VLANs transmitting flood traffic. |
joining-vlans | Display VLANs receiving flood traffic. |
This command has no default value.
Privileged Exec
A port can be designated a trunk if it is a single-port Fast Ethernet or ATM module. This command is not functional when bridge groups are enabled.
This example shows how to display information for trunk A.
hostname# show trunk A DISL state: autoTrunking status: OnEncapsulation type: ISL
This example shows how to display the list of allowed VLANs on trunk B:
hostname# show trunk B allowed-vlans 1,2, 50-100.
This example shows how to display the list of pruning-eligible VLANs on trunk A:
hostname# show trunk A prune-eligible 2-1005
trunk
trunk-vlan
vtp trunk pruning-disable
Use the show uplink-fast privileged Exec command to display UplinkFast configuration information for the switch or module.
show uplink-fast
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display UplinkFast configuration information for the switch.
hostname# show uplink-fast Uplink fastEnabled Uplink fast frame generation rate15
uplink-fast
uplink-fast (multicast-rate)
clear (uplink-fast statistics)
show (uplink-fast statistics)
Use the show uplink-fast statistics privileged Exec command to display UplinkFast statistics.
show uplink-fast statistics
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display the UplinkFast statistics for the switch.
hostname# show uplink-fast statistics Uplink fast transitions5 Uplink fast station learning frames127
clear (uplink-fast statistics)
show (uplink-fast)
uplink-fast
uplink-fast (multicast-rate)
Use the show usage privileged Exec command to display exception statistics (receive errors, transmit errors, and security violations) and frame-count utilization statistics generated by the switch.
show usage [exception | utilization]
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This example shows how to display exception statistics for the switch.
hostname# show usage exception Receive Transmit Security Receive Transmit Security Errors Errors Violations Errors Errors Violations -------------------------------- -------------------------------- 1 : 0 0 0 13 :0 0 0 2 : 0 0 0 14 :0 0 0 3 : 0 0 0 15 :0 0 0 4 : 0 0 0 16 :0 0 0 5 : 0 0 0 17 :0 0 0 6 : 0 0 0 18 :0 0 0 7 : 0 0 0 19 :0 0 0 8 : 0 0 0 20 :0 0 0 9 : 0 0 0 21 :0 0 0 10 : 0 0 0 22 :0 0 0 11 : 0 0 0 23 :0 0 0 12 : 0 0 0 24 :0 0 0 AUI: 0 0 0 A : 0 0 0 B : 0 0 0
This example shows how to display utilization statistics for the switch.
hostname# show usage utilization Receive Forward Transmit Receive Forward Transmit -------------------------------- -------------------------------- 1 : 0 0 0 13 :0 0 0 2 : 0 0 0 14 :0 0 0 3 :4346934 4345774 22948 15 :0 0 0 4 : 0 0 0 16 :0 0 0 5 : 0 0 0 17 :0 0 0 6 : 0 0 0 18 :0 0 0 7 : 0 0 0 19 :0 0 0 8 : 0 0 0 20 :0 0 0 9 : 0 0 0 21 :0 0 0 10 : 0 0 0 22 :0 0 0 11 : 0 0 0 23 :0 0 0 12 : 0 0 0 24 :0 0 0 AUI: 0 0 4062257 A : 0 0 0 B : 0 0 0
None
Use the show version user Exec command to display basic hardware and firmware version information.
show version
This command has no additional arguments or keywords.
This command has no default value.
User and privileged Exec
This example shows how to display the switch hardware and firmware versions accessible from user Exec mode for a Catalyst 2820 switch with two modules.
hostname> show version Cisco Catalyst 1900/2820 Enterprise Edition Software Version V9.00.00(12) written from 171.071.114.222 Copyright (c) Cisco Systems, Inc. 1993-1999 DS2820-1 uptime is 2day(s) 19hour(s) 34minute(s) 41second(s) cisco Catalyst 2820 (486sxl) processor with 2048K/1024K bytes of memory Hardware board revision is 1 Upgrade Status: No upgrade currently in progress. Config File Status: No configuration upload/download is in progress 25 Fixed Ethernet/IEEE 802.3 interface(s) SLOT A: FDDI (Fiber DAS Model), Version 00 v1.14 written from 172.031.004.151: valid SLOT B: 100Base-TX(1 Port UTP Model), Version 0 Base Ethernet Address: 00-E0-1E-87-21-40
This example shows how to display the switch hardware and firmware versions accessible from privileged Exec mode for the Catalyst1900switch.
hostname# show version Cisco Catalyst 1900/2820 Enterprise Edition Software Version V9.00.00(12) written from 171.071.114.222 Copyright (c) Cisco Systems, Inc. 1993-1999 uptime is 2day(s) 22hour(s) 50minute(s) 21second(s) cisco Catalyst 1900 (486sxl) processor with 2048K/1024K bytes of memory Hardware board revision is 1 Upgrade Status: No upgrade currently in progress. Config File Status: No configuration upload/download is in progress 27 Fixed Ethernet/IEEE 802.3 interface(s) Base Ethernet Address: 00-E0-1E-7E-BE-80
Use the show vlan privileged Exec command to display the settings of VLAN configuration parameters.
show vlan [vlan]
vlan | Number from 1 to 1005. |
This command has no default value.
Privileged Exec
If you do not specify vlan, the system displays all VLAN configuration parameters. This command is not functional when bridge groups are enabled.
This example shows how to display the settings of the VLAN configuration parameters:
hostname# show vlan VLAN NameStatusPorts ---- -------------------------------- --------- ---------------------------- 1 defaultactive1-15
2 VLAN0002 active16-18
3 VLAN0003 active
4 VLAN0004active
5 VLAN0005active
6 VLAN0006active
7 VLAN0007active
8 VLAN0008active
9 VLAN0009active
10 VLAN0010active
11 VLAN0011active
12 VLAN0012active
13 VLAN0013active
14 VLAN0014active
15 VLAN0015active
1002 fddi-defaultsuspended
1003 token-ring-defaultsuspended
1004 fddinet-defaultsuspended
1005 trnet-defaultsuspended
VLANTypeSAIDMTUParentRingNoBridgeNoStpTrans1Trans2 ------------------------------------------------------ 1enet1000011500000IEEE10021003
2enet1000021500000IEEE00
3enet1000031500000
4enet1000041500-000
5enet1000051500-000
6enet1000061500-000
7enet1000071500-000
8enet1000081500-0---00
9enet1000091500-0-- -00
10enet1000101500-0---00
11enet1000111500-0---00
12enet1000121500-0---00
13enet1000131500-0---00
14enet1000141500-000
15enet1000151500000
1002FDDI1010021500000IEEE11003
1003Token_Ring1010031500100510IEEE111002
1004FDDI_Net1010041500001IEEE001005Token_Ring_Net1010051500001IEEE00
vlan
spantree
spantree-template (vlan)
Use the show vlan-membership privileged Exec command to display the VLAN assignment and membership type for all switch ports.
show vlan-membership
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This command is not functional when bridge groups are enabled.
This example shows how to display the VLAN assignment and membership type for all switch ports:
hostname# show vlan-membership
Port VLAN Membership Type Port VLAN Membership Type --------------------------------------------------------------------------- 1 1 Static 14 2 Static 2 1 Static 15 2 Static 3 1 Static 16 2 Static 4 1 Static 17 2 Static 5 1 Static 18 2 Static 6 1 Static 19 2 Static 7 1 Dynamic 20 2 Static 8 1 Dynamic 21 2 Static 9 1 Dynamic 22 2 Static 10 1 Dynamic 23 2 Static 11 1 Dynamic 24 2 Static 12 1 Dynamic AUI2 Static 13 1 Dynamic A 1 Static B 2Static
vlan
vlan-membership (reconfirm)
vlan-membership (server)
vlan-membership (server retry)
Use the show vlan-membership server privileged Exec command to display both configuration and statistical information for VLAN membership policy servers.
show vlan-membership server
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This command is not functional when bridge groups are enabled.
This example shows how to display configuration and statistical information for VLAN membership policy servers:
hostname# show vlan-membership server
VMPS Query Protocol Version 1
Current VMPS 172.20.128.22
Total queries 1700 Total responses 1684
Total wrong version responses 0 Total denied responses 0
Total wrong domain responses 0 Total shutdown responses 0
Total no resource responses 0 Total VMPS changes 0
1st VMPS IP address 172.20.128.22
2nd VMPS IP address 172.20.128.88
3rd VMPS IP address None
4th VMPS IP address None
Primary VMPS 172.20.128.22
Number of retries before changing server 10
vlan
vlan-membership
vlan-membership (reconfirm)
vlan-membership (server retry)
Use the show vtp privileged Exec command to display VLAN Trunk Protocol (VTP) information.
show vtp
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This command is not functional when bridge groups are enabled.
This example shows how to display VTP statistics:
hostname# show vtp
VTP version: 1
Configuration revision: 3
Maximum VLANs supported locally: 1005
Number of existing VLANs: 5
VTP domain name : Zorro
VTP password : vtp_server
VTP operating mode : Server
VTP pruning mode : Enabled
VTP traps generation : Enabled
Configuration last modified by: 0.0.0.0 at 00-00-0000 00:00:00
clear (vtp statistics)
delete (vtp)
show (vtp statistics)
vtp
vtp trunk pruning-disable
Use the show vtp statistics privileged Exec command to display the transmit, receive, and error statistics of VLAN Trunk Protocol (VTP) messages and VTP pruning statistics.
show vtp statistics
This command has no additional arguments or keywords.
This command has no default value.
Privileged Exec
This command displays the following information:
This command is not functional when bridge groups are enabled.
This example shows how to display VTP messages and pruning statistics:
hostname# show vtp statistics
Receive Statistics Transmit Statistics
----------------------------------- -----------------------------------
Summary Adverts 0 Summary Adverts 0
Subset Adverts 0 Subset Adverts 0
Advert Requests 0 Advert Requests 0
Configuration Errors:
Revision Errors 0
Digest Errors 0
VTP Pruning Statistics:
Port Join Received Join Transmitted Summary Adverts received
with no pruning support
---- ------------- ---------------- ------------------------
A 0 0 0
B 0 0 0
show (vtp)
vtp
vtp trunk pruning-disable
Use the shutdown interface configuration command to disable an interface. Use the no shutdown command to restart a disabled interface.
shutdown
no shutdown
This command has no arguments or keywords.
This command has no default value.
Interface configuration
This example shows how to disable Ethernet port 1:
hostname(config)# interface ethernet 0/1 hostname(config-if)# shutdown
This example shows how to disable ATM module 1:
hostname(config)# interface atm 1 hostname(config-if)# shutdown
Use the silent-time line configuration command to set the number of minutes for which the switch does not respond after the password attempt threshold is exceeded. Use the no silent-time command to disable the silent time interval.
silent-time minutes
no silent-time
minutes | A number from 1 to 65500. |
None
Line configuration
This example shows how to set the silent time interval to 10 minutes.
hostname(config-line)# silent-time 10
This example shows how to disable the silent time interval.
hostname(config-line)# no silent-time
Use the snmp-server community global configuration command to set the read-only or read-write Simple Network Management Protocol (SNMP) community strings. The no form of this command deletes the existing community string.
snmp-server community string [ro | rw]
no snmp-server community string
string | Community string of 1 to 32 alphanumeric characters. No blank character spaces are allowed. |
ro | Configures read-only access. |
rw | Configures read-write access. |
The default value of the first read-only community string is public, and the default value of the first read-write community string is private. The default values of all other community strings are null strings.
Global configuration
The switch supports four read-only and four read-write community strings. Duplicate community strings replace each other. New community strings are added to the first available entry. When there is no available entry, new comunity strings are not added to the system, and an error messages is displayed. By default, an SNMP community string permits read-only access if no access type is specified.
These commands show how to add read-only community string public1 to the system.
hostname(config)# snmp-server community public1 hostname(config)# snmp-server community public1 ro
This command shows how to add read-write community string private1 to the system.
hostname(config)# snmp-server community private1 rw
This command shows how to remove SNMP community string public1.
hostname(config)# no snmp-server community public1
show (snmp)
snmp-server contact
snmp-server enable
snmp-server host
snmp-server location
snmp-server set-host
Use the snmp-server contact global configuration command to enter the name of a Simple Network Management Protocol (SNMP) contact person. Use the no snmp-server contact command to delete the existing SNMP contact name.
snmp-server contact contact-string
no snmp-server contact
contact-string | Character string of 1 to 255 alphanumeric characters. |
This command has no default value.
Global configuration
This example shows how to set the SNMP contact name to systemadmin:
hostname(config)# snmp-server contact systemadmin
show (snmp)
show (snmp contact)
show (snmp hostname)
show (snmp location)
snmp-server community
snmp-server (enable traps)
snmp-server (host)
snmp-server (location)
snmp-server (set-host)
Use the snmp-server enable-trap global configuration command to enable one or all Simple Network Management Protocol (SNMP) traps that the switch can generate. Use the no snmp-server enable-trap command to disable one or all traps.
snmp-server enable traps {all | authentication | link-up-down | address-violation | bsc | vtp}
no snmp-server enable traps {all | authentication | link-up-down | address-violation | bsc | vtp}
all | All traps. |
authentication | Authentication failure trap. |
link-up-down | Link-up and link-down traps. |
address-violation | Address violation trap. |
bsc | Broadcast storm control trap. |
vtp | VLAN Trunk Protocol (VTP) trap. |
Authentication failure, link-up and link-down, address violation, and IP address change traps generation are enabled. Broadcast storm trap generation is disabled.
Global configuration
This example shows how to disable generation of link-up and link-down traps:
hostname(config)# no snmp-server enable-trap link-up-down
show (snmp)
show (snmp contact)
show (snmp hostname)
show (snmp location)
snmp-server community
snmp-server (contact)
snmp-server (host)
snmp-server (location)
snmp-server (set-host)
Use the snmp-server host global configuration command to specify a Simple Network Management Protocol (SNMP) trap host and the corresponding community string. Use the no snmp-server host command to delete the existing trap host.
snmp-server host host community-string
no snmp-server host host
host | IP address or name of host between 1 and 32 alphanumeric characters. |
community-string | Community string between 1 and 32 alphanumeric characters. |
No trap hosts are configured.
Global configuration
You can configure a maximum of four trap hosts.
This example shows how to specify 172.20.128.126 as the recipient of SNMP traps and trap-string as the community string:
hostname(config)# snmp-server host 172.20.128.126 trap-string
show (snmp)
show (snmp contact)
show (snmp hostname)
show (snmp location)
snmp-server community
snmp-server (contact)
snmp-server (enable traps)
snmp-server (location)
snmp-server (set-host)
Use the snmp-server location global configuration command to specify a Simple Network Management Protocol (SNMP) location. Use the no snmp-server location command to delete the existing SNMP location.
snmp-server location location-string
no snmp-server location
location-string | String between 1 and 255 alphanumeric characters. |
No SNMP location is specified.
Global configuration
This example shows how to specify the SNMP location string as sysadmin-office:
hostname(config)# snmp-server location sysadmin-office
show (snmp)
show (snmp contact)
show (snmp hostname)
show (snmp location)
snmp-server community
snmp-server (contact)
snmp-server (enable traps)
snmp-server (host)
snmp-server (set-host)
Use the snmp-server set-host global configuration command to allow a specified host to perform Simple Network Management Protocol (SNMP) set operations on the switch. Use the no snmp-server set-host command to delete an existing host from the allowed list of set hosts.
snmp-server set-host host
no snmp-server set-host host
host | IP address or host name from 1 to 32 alphanumeric characters. |
No write hosts are configured.
Global configuration
You can specify a maximum of four set hosts. If, after specifying four set hosts, you need to add one more, you must delete a set host using the no snmp-server set-host command. When no set hosts are defined, any host can perform SNMP set operations.
This example shows how to add 172.20.128.126 to the list of hosts:
hostname(config)# snmp-server set-host 172.20.128.126
show (snmp)
show (snmp contact)
show (snmp hostname)
show (snmp location)
snmp-server community
snmp-server (contact)
snmp-server (enable traps)
snmp-server (host)
snmp-server (location)
Use the spantree global configuration command to enable the Spanning-Tree Protocol (STP) on up to four bridge groups or up to ten VLANs. Use the no spantree command to disable STP for the specified bridge groups or for the specified VLANs.
spantree {[bridge-group bridge-group...] | [vlan vlan-list...]}
no spantree {[bridge-group bridge-group...] | [vlan vlan-list...]}
bridge-group | Up to four numbers between 1 and 4 (separated by spaces). |
vlan-list | Up to ten numbers specified by values between 1 and 1005 (separated by spaces). |
Spanning tree is enabled on each bridge group.
Spanning tree is enabled on the first 64 VLANs (VLAN numbers from 1 to 64).
Global configuration
This example shows how to disable STP on bridge group 4 and bridge group 2:
hostname(config)# no spantree bridge-group 4 2
This example shows how to enable STP for VLAN 16, 24, and 30:
hostname(config)# spantree vlan 16 24 30
Use the spantree cost interface configuration command to change the Spanning-Tree Protocol (STP) path cost for an interface. Use the no spantree cost command to select the default port path cost value.
spantree cost cost-value
no spantree cost
cost-value | Valid range is 1 to 65535. |
You can calculate the default port path cost with this formula:
Interface configuration
If you use the spantree cost command to change the path cost for a Fast Ethernet port that is grouped with a Fast EtherChannel link, the newly configured path cost applies to all ports grouped in the same Fast EtherChannel link.
This example shows how to change the spanning-tree path cost for Ethernet port 1 to the value 100:
hostname(config)# interface ethernet 0/1 hostname(config-if)# spantree cost 100
interface
show (spantree)
show (spantree-option)
Use the spantree-option interface configuration command to configure the path cost or the port priority of the spanning-tree port parameter option. Use the no spantree-option command to use the default value for the path cost or port priority parameters.
spantree-option option {cost | priority} value
no spantree-option option {cost | priority}
option | Port configuration option for trunk ports. Valid values are 1 and 2. |
cost | Path cost. |
priority | Port priority. |
value | For path cost, valid range is 1 to 65535; for port priority, valid range is 0 to 255. |
The default value for path cost is 10.
The default value for port priority is 128.
Interface configuration
This example shows how to assign a path cost of 300 to port configuration option 1 on trunk port A:
hostname(config)# interface fastethernet A
hostname(config-if)# spantree-option 1 cost 300
interface
show (spantree-option)
spantree (cost)
spantree-option (vlan)
Use the spantree-option vlan interface configuration command to move the assignment of the Spanning-Tree Protocol (STP) port parameter option for one or more VLANs to the other port parameter option on trunk ports.
spantree-option option {cost | priority} vlan vlan-list
option | Port parameter option for trunk ports. Valid values are 1 and 2. |
cost | Path cost. |
priority | Port priority. |
vlan-list | Up to 10 VLANs. Valid range is 1 to 1005 (separated by spaces). |
The default value for the port parameter option is 1.
Interface configuration
If you use the spantree-option vlan command for a Fast Ethernet port that is an aggregated port group member, the assignment of the port parameter option and the VLAN range also applies to other members of the aggregated port group.
This command is not functional when bridge groups are enabled.
This example shows how to assign port configuration option 1 path cost to VLAN 300 on trunk port 0/26:
hostname(config)# interface fastethernet 0/26
hostname(config-if)# spantree-option 1 cost vlan 300
Use the spantree priority interface configuration command to change the Spanning-Tree Protocol (STP) port priority of an interface. Use the no spantree priority command to set the port priority to its default value.
spantree priority priority-value
no spantree priority
priority-value | Valid range is 0 to 255. |
The default is 128.
Interface configuration
If you use the spantree priority command to change the priority for a Fast Ethernet port that is grouped with a Fast EtherChannel link, the newly specified priority applies to all ports in that group.
This example shows how to change the STP port priority for Ethernet port 1 to the value 100:
hostname(config)# interface ethernet 0/1
hostname(config-if)# spantree priority 100
interface
show (spantree-option)
Use the spantree start-forwarding interface configuration command to enable Port Fast forwarding mode for a nontrunk switch port. Use the no spantree start-forwarding command to disable Port Fast forwarding mode.
spantree start-forwarding
no spantree start-forwarding
This command has no additional arguments or keywords.
The Port Fast mode is enabled for nontrunk ports.
Interface configuration
Port Fast forwarding mode skips Spanning-Tree Protocol (STP) intermediate states (such as listening and learning) when a port moves from blocking to forwarding state, thereby providing access to the network without delay.
This example shows how to disable Port Fast forwarding mode for Ethernet interface 23:
hostname(config)# interface ethernet 0/23
hostname(config-if)# no spantree start-forwarding
configure
interface
spantree-template (forwarding-time)
Use the spantree-template forwarding-time global configuration command to specify the Spanning-Tree Protocol (STP) forward-delay interval for a bridge parameter template. Use the no spantree-template command to set the bridge template forwarding time to its default value.
spantree-template bridge-template-id forwarding-time seconds
no spantree-template bridge-template-id forwarding-time seconds
bridge-template-id | Number from 1 to 4. |
seconds | Forward delay in seconds. Valid range is 4 to 30. |
The default forward time value is 15 seconds.
Global configuration
You can also use forwarding time as a short-timer interval to age out dynamically learned unicast addresses when a topology change occurs in your network.
The value you specify for forwarding delay must reflect the following relationship:
This command is not functional when bridge groups are enabled.
This example shows how to assign a forward-delay interval of 20 seconds to bridge template 1:
hostname(config)# spantree-template 1 forwarding-time 20
show (spantree-template)
spantree
spantree-template (hello-time)
spantree-template (max-age)
spantree-template (priority)
spantree-template (vlan)
Use the spantree-template hello-time global configuration command to specify the Spanning-Tree Protocol (STP) hello time for a bridge parameter template.
spantree-template bridge-template-id hello-time seconds
bridge-template-id | Number from 1 to 4. |
seconds | Hello time in seconds. Valid range is 1 to 10. |
The default hello time value is 2 seconds.
Global configuration
Hello time is the interval between successive Bridge Protocol Data Unit (BPDU) transmissions by a root bridge. The value you specify for hello time must reflect the following relationship:
This command is not functional when bridge groups are enabled.
This example shows how to specify a hello time of 5 seconds for bridge template 1:
hostname(config)# spantree-template 1 hello-time 5
show (spantree-template)
spantree-template (forwarding-time)
spantree-template (max-age)
spantree-template (priority)
spantree-template (vlan)
Use the spantree-template max-age global configuration command to specify the Spanning-Tree Protocol (STP) maximum age for a bridge parameter template. Use the no spantree-template command to set the maximum age argument to its default value.
spantree-template bridge-template-id max-age seconds
no spantree-template
bridge-template-id | Number from 1 to 4. |
seconds | Maximum age in seconds. Valid range is 6 to 40. |
The default maximum age is 20 seconds.
Global configuration
The maximum age is the age of the Bridge Protocol Data Unit (BPDU) message. The age of the BPDU message is the time since the generation of the BPDU by the root. This age is conveyed to enable a bridge to discard old or obsolete information. The value you specify for the maximum age must satisfy the following relationship:
This command is not functional when bridge groups are enabled.
This example shows how to specify a maximum age of 30 seconds for bridge template 1:
hostname(config)# spantree-template 1 max-age 30
show (spantree-template)
spantree-template (forwarding-time)
spantree-template (hello-time)
spantree-template (priority)
spantree-template (vlan)
Use the spantree-template priority global configuration command to specify the Spanning-Tree Protocol (STP) priority of a bridge parameter template. Use the no spantree-template priority command to set the bridge template priority to its default value.
spantree-template bridge-template-id priority value
no spantree-template bridge-template-id priority value
bridge-template-id | Number from 1 to 4. |
value | Bridge priority. Valid range is 1 to 65535. |
The default bridge priority is 32768.
Global configuration
This command is not functional when bridge groups are enabled.
This example shows how to specify a bridge priority value of 30 for bridge template 1:
hostname(config)# spantree-template 1 priority 30
show (spantree-template)
spantree-template (forwarding-time)
spantree-template (hello-time)
spantree-template (max-age)
spantree-template (vlan)
Use the spantree-template vlan global configuration command to move the assignment of a Spanning-Tree Protocol (STP) bridge template for a set of VLANs to a new bridge template. Use the no spantree-template vlan command to set the VLAN list to the default bridge template.
spantree-template bridge-template-id vlan vlan-list
no spantree-template bridge-template-id vlan vlan-list
bridge-template-id | Number from 1 to 4. |
vlan-list | Up to 10 VLANs ranging from 1 to 1005 (separated by spaces). |
The default bridge template is 1 for all VLANs.
Global configuration
If STP is enabled for a VLAN, STP uses the bridge parameters. This command is not functional when bridge groups are enabled.
This example shows how to assign bridge parameter template 2 to VLAN 30:
hostname(config)# spantree-template 2 vlan 30
show (spantree-template)
spantree-template (forwarding-time)
spantree-template (hello-time)
spantree-template (max-age)
spantree-template (priority)
Use the speed line-configuration command to set the transmitting and receiving speed of a port.
speed {2400 | 9600 | 19200 | 38400 | 57600}
2400 | 2400 baud. |
9600 | 9600 baud. |
19200 | 19200 baud. |
38400 | 38400 baud. |
57600 | 57600 baud. |
The default speed is 9600 baud.
Line configuration
This example shows how to set the speed of a port to 57600 baud.
hostname(config)# line console hostname(config-line)# speed 57600
autobaud
databits
line console
modem (dialin)
parity
show (line)
show (terminal)
stopbits
terminal
Use the stopbits line configuration command to set the number of stop bits for a port.
stopbits {1 | 2}
1 | 1 stop bit. |
2 | 2 stop bits. |
1 stop bit.
Line configuration
This example shows how to set the number of stop bits to 1:
hostname(config-line)# stopbits 1
autobaud
databits
line console
modem (dialin)
parity
show (line)
show (terminal)
speed
terminal
Use the storm-control global configuration command to specify a threshold that signals either the start or the end of a broadcast storm, and whether the offending port should be blocked. Use the no storm-control command to specify that broadcast storms should be ignored.
storm-control {filter | {{rising | falling}threshold}
no storm-control [rising | falling]
filter | Disable the port during a broadcast storm. |
rising | Threshold that signals the start of a broadcast storm. |
falling | Threshold that signals the end of a broadcast storm. |
threshold | Rising or falling threshold in packets per second. Valid range is 10 to 14400. |
The default value of the rising threshold is 500 broadcast packets per second.
The default value of the falling threshold is 250 packets per second.
The default value of the filter argument is to take no action against the port causing a broadcast storm.
Global configuration
This example shows how to set the threshold for the start of a broadcast storm to 1000 broadcast packets per second:
hostname(config)# storm-control rising 1000
This example shows how to block a port causing a broadcast storm:
hostname(config)# storm-control filter
Use the switching-mode global configuration command to choose between store-and-forward and fragment-free switching mode. Use the no switching-mode to set the switching mode to its default value.
switching-mode {store-and-forward | fragment-free}
no switching-mode
store-and-forward | Switch does not forward until entire frame has been received. |
fragment-free | Switch forwards as soon as destination address is received or as soon as frame is identified as not a collision fragment. |
The default switching mode is FragmentFree.
Global configuration
This example shows how to set the switching mode to store-and-forward:
hostname(config)# switching-mode store-and-forward
multicast-store-and-forward
show (port system)
Use the tacacs-server attempts global configuration command to set the maximum permitted number of login attempts when Cisco Terminal Access Controller Access Control System Plus (TACACS+) is enabled. Use the no tacacs-server attempts command to set the number to the default value.
tacacs-server attempts integer
no tacacs-server attempts
integer | A number between 1 and 10. |
Three login attempts.
Global configuration
This example shows how to set the maximum number of allowed login attempts to 7.
hostname(config)# tacacs-server attempts 7
enable (use-tacacs)
login (tacacs)
show (tacacs)
tacacs-server (directed-request)
tacacs-server (host)
tacacs-server (key)
tacacs-server (last-resort)
tacacs-server (timeout)
Use the tacacs-server directed-request global configuration command to enable the Cisco Terminal Access Controller Access Control System Plus (TACACS+) directed-request option. Use the no tacacs-server directed-request command to disable the ability to choose between configured TACACS servers.
tacacs-server directed-request
no tacacs-server directed-request
This command has no additional arguments or keywords.
The directed request option is disabled.
Global configuration
Use this command to direct your login request to a specific TACACS+ authentication server instead of to the default server. It sends only the portion of the login user name before the @ symbol to the TACACS+ server specified after the @ symbol. In other words, the switch interprets the string userid@server as a request to authenticate userid at the TACACS+ server server. If the server name specified by the user does not match the IP address of a TACACS+ server configured by the administrator, the user login is rejected.
Disabling tacacs-server directed-request results in the switch sending the whole login string---both before and after the @ symbol---to the default TACACS+ server.
The tacacs-server directed-request command is useful for sites that have developed their own TACACS+ server software that parses the entire login string and makes decisions based on it.
This example shows how to enable the directed-request option.
hostname(config)# tacacs-server directed-request
enable (use-tacacs)
login (tacacs)
show (tacacs)
tacacs-server (attempts)
tacacs-server (host)
tacacs-server (key)
tacacs-server (last-resort)
tacacs-server (timeout)
Use the tacacs-server host global configuration command to designate a Cisco Terminal Access Controller Access Control System Plus (TACACS+) server (by host name or IP address). Use the no tacacs-server host command to delete a server address from the TACACS+ server list.
tacacs-server host hostaddress
no tacacs-server host hostaddress
hostaddress | Host name or IP address of TACACS+ server. |
No TACACS+ server is specified.
Global configuration
Use this command to specify up to three servers (one per command); during authentication, the switch will contact the servers in the order that you entered them.
This example shows how to designate the host name spaniel and the server IP address 172.21.130.51 as a TACACS+ server.
hostname(config)# tacacs-server host spaniel.cisco.com
hostname(config)# tacacs-server host 172.21.130.51
This example shows how to delete the server host name server.yourfirm.com from the TACACS+ server list.
hostname(config)# no tacacs-server host server.yourfirm.com
enable (use-tacacs)
login (tacacs)
show (tacacs)
tacacs-server (attempts)
tacacs-server (directed-request)
tacacs-server (key)
tacacs-server (last-resort)
tacacs-server (timeout)
The tacacs-server key global configuration command defines the key used to encrypt the messages exchanged with the Cisco Terminal Access Controller Access Control System Plus (TACACS+) servers. If no key is defined, the messages are not encrypted.
tacacs-server key key
no tacacs-server key
key | An encryption key between 1 and 100 characters. The key can include any printable ASCII character except tabs. |
No key is defined.
Global configuration
The string specified for the key must be the same as that defined on the server.
All leading spaces are ignored, but spaces within and at the end of the key are not. Double quotes are not required unless they are a part of the key.
This example shows how to specify the TACACS+ encryption key 001same_as_server.
hostname(config)# tacacs-server key 001same_as_server
enable (use-tacacs)
login (tacacs)
show (tacacs)
tacacs-server (attempts)
tacacs-server (directed-request)
tacacs-server (host)
tacacs-server (last-resort)
tacacs-server (timeout)
Use the tacacs-server last-resort global configuration command to specify what action should be taken when Cisco Terminal Access Controller Access Control System Plus (TACACS+) servers cannot be reached. Use the no tacacs-server last-resort to designate no last-resort action.
tacacs-server last-resort [password | succeed]
no tacacs-server last-resort
password | Your local authentication password as specified by the enable password command. |
succeed | Access to privileged level is granted. |
No last resort option is specified.
Global configuration
When your system cannot reach your TACACS+ servers:
This example shows how to configure the network to permit access to the switch if the TACACS+ server cannot be reached for authentication.
hostname(config)# tacacs-server last-resort succeed
enable (use-tacacs)
login (tacacs)
show (tacacs)
tacacs-server (attempts)
tacacs-server (directed-request)
tacacs-server (host)
tacacs-server (key)
tacacs-server (timeout)
Use the tacacs-server timeout global configuration command to specify the maximum time that the switch waits for the Cisco Terminal Access Controller Access Control System Plus (TACACS+) server to reply during the authentication process. Use the no tacacs-server timeout command to restore the default value.
tacacs-server timeout seconds
no tacacs-server timeout
seconds | A number between 1 and 255 (seconds). |
5 seconds.
Global configuration
This example shows how to set the timeout value to 10 seconds.
hostname(config)# tacacs-server timeout 10
enable (use-tacacs)
login (tacacs)
show (tacacs)
tacacs-server (attempts)
tacacs-server (directed-request)
tacacs-server (host)
tacacs-server (key)
tacacs-server (last-resort)
Use the terminal user Exec command to set the attributes of the console port.
terminal [speed {2400 | 9600 | 19200 | 38400 | 56000}] [databits {7 | 8}] [stopbits {1 | 2}]
[parity {none | odd | even | mark | space}]
speed | Transmit and receive speeds: 2400, 9600, 19200, 38400, or 56000. |
databits | Number of data bits per character: 7 or 8. |
stopbits | Asynchronous line stop bits: 1 or 2. |
parity | Terminal parity: none, odd, even, mark, or space. |
The default settings for the console port attributes are 9600 baud, 8 data bits, 1 stop bit, and no parity.
User Exec
This example shows how to set the baud rate to 19200:
> terminal speed 19200
This example shows how to set the baud rate to 19200, the data bits to 7, the stop bits to 1, and the parity toeven:
> terminal speed 19200 databits 7 stopbits 1 parity even
autobaud
databits
line console
modem (dialin)
parity
show (line)
speed
stopbits
Use the tftp accept global configuration command to specify whether the switch will accept a Trivial File Transfer Protocol (TFTP) delivery (a "put") of a firmware image or a configuration file from a host. Use the no tftp accept command to decline the TFTP put of a firmware image or a configuration file.
tftp accept
no tftp accept
This command has no additional arguments or keywords.
TFTP delivery is disabled.
Global configuration
This example shows how to enable the TFTP put:
hostname(config)# tftp accept
This example shows how to disable the TFTP put:
hostname(config)# no tftp accept
copy (nvram tftp)
copy (tftp)
tftp (filename)
tftp (server)
Use the tftp filename global configuration command to specify a filename for the Trivial File Transfer Protocol (TFTP) dowload of switch firmware. Use the no tftp filename command to delete the existing filename.
tftp filename filename
no tftp filename
filename | Filename between 1 and 80 alphanumeric characters. |
No filename is configured.
Global configuration
This example shows how to specify the filename as cat2820.bin. The location of this file is c:\bin\.
hostname(config)# tftp filename c:\bin\cat2820.bin
copy (nvram tftp)
copy (tftp)
tftp (accept)
tftp (server)
Use the tftp server global configuration command to specify the Internet Protocol (IP) address or host name of the Trivial File Transfer Protocol (TFTP) server. Use the no tftp server command to delete the IP address or host name of the TFTP server.
tftp server host
no tftp server
host | IP address or host name of 1 to 32 alphanumeric characters. |
This command has no default value.
Global configuration
This example shows how to specify the IP address of the TFTP server as 192.2.1.20:
hostname(config)# tftp server 192.2.1.20
This example shows how to specify the host name of the TFTP server as spaniel:
hostname(config)# tftp server spaniel
copy (nvram tftp)
copy (tftp)
tftp (accept)
tftp (filename)
Use the time-out line configuration command to configure the line idle timeout period for the console port. Use the no time-out command to disable the timeout value.
time-out seconds
no time-out
seconds | A value in seconds between 30 and 65500. |
None
Line configuration
The following example shows how to set the timeout for the console port to 200.
hostname(config-line)# time-out 200
The following example shows how to disable the timeout function.
hostname(config-line)# no time-out
Use the trunk interface configuration command to set a Fast Ethernet port to Dynamic Inter-Switch Link (DISL) protocol trunk mode.
trunk [on | off | desirable | auto | nonegotiate]
on | Configures the port into permanent Inter-Switch Link (ISL) trunk mode and negotiates with the connected device to convert the link to trunk mode. The port converts to trunk mode even if the other end of the link does not. |
off | Disables port trunk mode and negotiates with the connected device to convert the link to nontrunk. The port converts to nontrunk even if the other end of the link does not. Use this state when an ISL port is connected to another ISL port that does not support the DISL protocol. |
desirable | Triggers the port to negotiate the link from nontrunking to trunk mode. The port negotiates to a trunk port if the connected device is either in the On, Desirable, or Auto state. Otherwise, the port becomes a nontrunk port. |
auto | Enables a port to become a trunk only if the connected device has the state set to On or Desirable. |
nonegotiate | Configures port to permanent ISL trunk mode, and no negotiation takes place with the partner. |
The default DISL configuration state for a Fast Ethernet port is off.
Interface configuration
This command applies only to one Fast Ethernet port. If you use this command for a Fast Ethernet port that is an aggregate port-group member, the newly configured value also applies to all other aggregate port-group members.
This command is not functional when bridge groups are enabled.
This example shows how to set Fast Ethernet port A to trunk mode:
hostname(config)# interface fastethernet 0/26
hostname(config-if)# trunk on
interface
show (trunk)
trunk-vlan
Use the trunk-vlan interface configuration command to select up to ten VLANs for trunk grouping. Use the no trunk-vlan command to disable VLANs from grouping as a trunk.
trunk-vlan vlan-list
no trunk-vlan vlan-list
vlan-list | Up to 10 VLAN IDs between 1 and 1005 (separated by spaces). |
All VLANs (1 to 1005) are in trunk mode on Fast Ethernet ports.
Interface configuration
This command applies only to a single Fast Ethernet port. If you use this command for a Fast Ethernet port that is an aggregate port-group member, the newly configured value also applies to all other aggregate port-group members.
This command is not functional when bridge groups are enabled.
This example shows how to disable trunk mode for VLANs 5, 8, and 10 on Fast Ethernet trunk port B:
hostname(config)# interface fastethernet 0/26
hostname(config-if)# no trunk-vlan 5 8 10
Use the uplink-fast global configuration command to enable the UplinkFast capability for the switch. Use the no uplink-fast command to disable the UplinkFast capability for the switch.
uplink-fast
no uplink-fast
This command has no arguments or keywords.
UplinkFast is disabled.
Global configuration
Use this command when every access switch and distribution switch has at least one redundant uplink. A switch begins using the alternate paths as soon as it detects that the root port has gone down. The new root port transitions to forwarding state immediately without going through the listening and learning states, as with normal Spanning Tree Protocol (STP) procedures.
This command is not functional when bridge groups are enabled.
This example shows how to enable the UplinkFast capability for the switch:
hostname(config)# uplink-fast
clear (uplink-fast statistics)
show (uplink-fast)
show (uplink-fast statistics)
uplink-fast (multicast-rate)
Use the uplink-fast multicast-rate global configuration command to specify the rate at which station-learning frames are generated when UplinkFast is enabled.
uplink-fast multicast-rate value
value | Number from 0 to 300 specifying the rate at which station-learning frames are generated in frames per 100 ms. |
The default station-learning frame-generation rate is 15/100 ms.
Global configuration
If UplinkFast is enabled and the root port fails, station-learning frames (multicast frames) are generated on the new root port. Each frame has the source address of a station that was reachable on the old root port. Limit the rate at which station-learning frames are generated to avoid broadcast storms.
If you specify a value of 0, multicast frames are not generated.
This command is not functional when bridge groups are enabled.
This example shows how to configure the station-learning frame-generation rate to 20/100 ms:
hostname(config)# uplink-fast multicast rate 20
clear (uplink-fast statistics)
show (uplink-fast)
show (uplink-fast statistics)
uplink-fast
Use the vlan global configuration command to configure a VLAN with a number, name, IEEE 802.10 SAID value, state, maximum transmission unit (MTU) size that the VLAN can carry, and VLAN type. This command also specifies two types of VLAN identifiers that can be translationally bridged. Use the no vlan command to delete a VLAN or to negate the configuration of a translational bridge VLAN.
vlan vlan [name vlan-name] [sde said-value] [state {operational | suspended}] [mtu mtu-size]
[{ethernet | fddi | tokenring} ring-number ring-no parent-vlan parent-vlan | {fddi-net | tr-net}
bridge-number bridge-number stp-type {ibm | ieee}] [tlb-1 vlan1 tlb-2 vlan2]
no vlan vlan
vlan | Unique Inter Switch Link (ISL) VLAN identifier between 1 and 1005. |
vlan-name | Unique VLAN or ATM emulated LAN (ELAN) name between 1 and 32 alphanumeric characters. The name provides a mapping between an ISL VLAN identifier and an ATM ELAN name. |
said-value | Unique IEEE 802.10 VLAN identifier between 1 and 4294967294. |
operational | Change state to operational. |
suspended | Change state to suspended. |
mtu-size | Number of bytes that can be carried on a frame in a VLAN. |
ethernet | Ethernet. |
fddi | FDDI. |
tokenring | Token Ring. |
ring-no | Ring number of a Token Ring or FDDI VLAN between 0 and 4095. |
parent-vlan | Parent VLAN ID of a Token Ring or FDDI VLAN between 1 and 1005. The parent VLAN must be either a Token-Ring-Net or an FDDI-Net VLAN for Token Ring or FDDI VLAN, respectively. |
fddi-net | FDDI network. |
tr-net | Token Ring network. |
bridge-number | Bridge number of a Token-Ring-Net or an FDDI-Net VLAN between 1 and 15. |
ibm | IBM Spanning-Tree Protocol. |
ieee | IEEE 802.1d spanning-tree. |
vlan1 | First VLAN bridge to be translationally bridged. |
vlan2 | Second VLAN bridge to be translationally bridged. |
This command has the following default values:
Global configuration
The VLAN type and the two translationally bridged VLAN types must be mutually exclusive; one is Ethernet, one is FDDI, and one is Token Ring.
This command is not functional when bridge groups are enabled.
This example shows how to configure VLAN 2 with the name Engineering:
hostname(config)# vlan 2 name Engineering
This example shows how to configure VLAN 1002 as a translational bridge between VLAN1 and VLAN 1003:
hostname(config)# vlan 1002 tlb-1 1 tlb-2 1003
show (vlan)
show (vlan-membership)
show (vlan-membership server)
vlan-membership
vlan-membership (reconfirm)
vlan-membership (server)
vlan-membership (server retry)
Use the vlan-membership interface configuration command to assign a port to a VLAN. Use the no vlan-membership command to remove a port from a VLAN.
vlan-membership {static {vlan} | dynamic}
no vlan-membership
static | Sets VLAN membership type as static. |
vlan | Static VLAN number from 1 to 1005. |
dynamic | Sets VLAN membership type as dynamic. |
This command has the following default values:
Interface configuration
If you want to know the VLAN membership of a port that has been set to dynamic but is static by default, query the VLAN Membership Policy Server (VMPS).
This command is not functional when bridge groups are enabled.
This example shows how to configure Ethernet port 6 as a dynamic VLAN port:
hostname(config)# interface ethernet 0/6
hostname(config-if)# vlan-membership dynamic
interface
show (vlan)
show (vlan-membership)
show (vlan-membership server)
vlan
vlan-membership (reconfirm)
vlan-membership (server)
vlan-membership (server retry)
Use the vlan-membership reconfirm privileged Exec command to reconfirm the VLAN assignment for all dynamic ports.
vlan-membership reconfirm
This command has no additional arguments or keywords.
This command has no default.
Privileged Exec
You can determine the VLAN membership of a dynamic port by querying the VLAN Membership Policy Server (VMPS).
This command is not functional when bridge groups are enabled.
This example shows how to reconfirm the VLAN membership for all dynamic ports:
hostname# vlan-membership reconfirm
show (vlan)
show (vlan-membership)
show (vlan-membership server)
vlan
vlan-membership
vlan-membership (server)
vlan-membership (server retry)
Use the vlan-membership server global configuration command to specify an IP address for the VLAN Membership Policy Server (VMPS). Use the no vlan-membership server command to delete the VMPS address.
vlan-membership server ip-addr [primary]
no vlan-membership server ip-addr
ip-addr | IP address. |
primary | Configure VMPS as primary server. |
The first server is the primary server.
Global configuration
A VMPS assigns memberships to dynamic VLAN ports based on the content of packets it receives. You can configure a maximum of four VMPSs. You can configure one of the four servers as a primary server. By default, the first server is selected as a primary server. If the primary server cannot be reached in a query attempt after the number of retries is equal to the globally configured retry count, the secondary servers are used consecutively.
This command is not functional when bridge groups are enabled.
This example shows how to configure an IP address for a primary VLAN VMP server:
hostname(config)# vlan-membership server 172.20.128.88 primary
show (vlan)
show (vlan-membership)
show (vlan-membership server)
vlan
vlan-membership
vlan-membership (reconfirm)
vlan-membership (server retry)
Use the vlan-membership server retry global configuration command to configure the retry count for VLAN Membership Policy Servers (VMPS).
vlan-membership server retry count
count | Number from 1 to 10. |
count is 10 for each server.
Global configuration
This command is not functional when bridge groups are enabled.
This example shows how to specify a retry count of 5 for all VMP servers.
hostname(config)# vlan-membership server retry 5
show (vlan)
show (vlan-membership)
show (vlan-membership server)
vlan
vlan-membership
vlan-membership (reconfirm)
vlan-membership (server)
Use the vtp global configuration command to specify the operating mode, domain name, generation of traps, and pruning capabilities of VLAN Trunk Protocol (VTP). Also use this command to set a password for the VTP domain.
vtp [server | transparent | client] [domain domain-name] [trap {enable | disable}] [password password] [pruning {enable | disable}]
server | VTP server operating mode. If selected, the switch updates its VLAN configuration from configurations reported by other trunked VTP devices and allows configuration to be modified locally. Any changes are distributed through VTP messages. |
transparent | VTP transparent operating mode. If selected, the switch allows configuration to be modified locally, but configuration changes are not advertised by VTP messages. VTP messages received are forwarded to trunks without being processed. |
client | VTP client operating mode. If selected, the switch advertises and learns configuration changes in VTP messages similar to server mode, although it neither allows configuration to be modified locally, nor stores configuration to nonvolatile memory. |
domain-name | VTP management domain name from 1 to 32 alphanumeric characters. |
enable | Enable generation of VTP traps such as Configuration Revision Error Trap, Configuration Digest Error Trap, and MTU Too Big Trap. Enable pruning. |
disable | Disable generation of VTP traps and pruning. |
password | Password between 8 and 64 alphanumeric characters. Password is case insensitive. |
The default VTP mode is server, and the default trap-generation is enabled. The default VTP pruning mode is enabled.
Global configuration
If you create a VTP password, it generates a secret value. This value is used in the calculation of the MD5 digest of a VTP advertisement. The MD5 digest ensures the validity of VTP advertisements.
This command is not functional when bridge groups are enabled.
This example configures a VTP domain named Engineering Department with trap control enabled.
hostname(config)# vtp domain "Engineering Department" trap enable
delete (vtp)
show (vtp)
show (vtp statistics)
vtp trunk pruning-disable
Use the vtp trunk pruning-disable interface configuration command to disable VLAN Trunk Protocol (VTP) pruning for a set of VLANs on a trunk port. Use the no vtp trunk pruning-disable command to enable pruning for a set of VLANs on a trunk port.
vtp trunk pruning-disable vlan-list
no vtp trunk pruning-disable vlan-list
vlan-list | Up to 10 VLANs for which pruning is disabled. Valid range is 1 to 1005 (separated by spaces). |
VTP pruning is enabled for all VLANs on both trunk ports.
Interface configuration
A VLAN is pruned when the switch does not need to receive flooded traffic because it has no other VLAN ports. Pruning reduces unnecessary bandwidth usage on a trunk. By default, all VLANs can be pruned.
If you specify this command for a trunk port that is an aggregate port-group member, the new configuration also applies to the other members of the aggregate port-group.
This command is not functional when bridge groups are enabled.
This example shows how to disable the pruning of VLAN 2 on trunk port A.
hostname(config)# interface fastethernet A hostname(config-if)# vtp trunk pruning-disable 2
Posted: Mon Nov 1 13:10:24 PST 1999
Copyright 1989-1999©Cisco Systems Inc.