|
|
This chapter describes the set commands used in the Catalyst 5000 series switch CLI. For a summary of the available switch CLI commands, refer to the "Switch Command Quick Reference " chapter. For more information about using the switch CLI, refer to the "Switch Command-Line Interface" chapter.
Other commands are described elsewhere in this publication:
Switch CLI:
ATM module CLI:
Use the set alias command to define aliases (shorthand versions) of commands.
set alias name command [parameter] [parameter]| name | Alias being created. |
| command | Command for which the alias is being created. |
| parameter | (Optional) Parameters that apply to the command for which an alias is being created. See the specific command for information about parameters that apply. |
No aliases configured.
Switch command.
Privileged.
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
This example shows how to set arpdel as the alias for the clear arp command:
Console> (enable) set alias arpdel clear arp Command alias added. Console> (enable)
Use the set arp command to add mapping entries to the ARP table and to set the ARP aging time for the table.
set arp ip_addr hw_addr [route_descr]| ip_addr | IP address or IP alias to map to the specified MAC address. |
| hw_addr | MAC address to map to the specified IP address or IP alias. |
| route_descr | Route descriptor. The maximum number of route descriptors allowed in the route_descr parameter is 14. |
| agingtime | Keyword used to set the period of time after which an ARP entry is removed from the ARP table. |
| agingtime | Number of seconds (from 1 to 1,000,000) that entries will remain in the ARP table before being deleted. Setting this value to 0 disables aging. |
No ARP table entries exist, and ARP aging is set to 1200 seconds.
Switch command.
Privileged.
This example shows how to map IP address 198.133.219.232 to MAC address 00-00-0c-40-0f-bc:
Console> (enable) set arp 198.133.219.232 00-00-0c-40-0f-bc ARP entry added. Console> (enable)
This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800 ARP aging time set to 1800 seconds.
Use the set authentication enable command to enable authentication using the TACACS+ server to determine if a user has privileged access permission.
set authentication enable {tacacs | local} {enable | disable}| tacacs | Keyword that specifies the use of the TACACS+ server to determine if the user has privileged access permission. |
| local | Keyword that specifies the use of the local password to determine if the user has privileged access permission. |
| enable | Keyword used to enable TACACS+ authentication for login. |
| disable | Keyword used to disable TACACS+ authentication for login. |
The default setting of this command is local authentication enabled and TACACS+ authentication disabled.
Switch command.
Privileged.
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enable Tacacs Enable authentication set to enable. Console> (enable)
This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enable Local Enable authentication set to enable. Console> (enable)
set authentication login
show tacacs
Use the set authentication login command to enable TACACS+ authentication for login.
set authentication login {tacacs | local} {enable | disable}| tacacs | Keyword that specifies the use of the TACACS+ server password to determine if the user has access permission to the switch. |
| local | Keyword that specifies the use of the local password to determine if the user has access permission to the switch. |
| enable | Keyword that enables TACACS+ authentication for login. |
| disable | Keyword that disables TACACS+ authentication for login. |
The default setting of this command is local authentication enabled and TACACS+ authentication disabled.
Switch command.
Privileged.
This example shows how to use the TACACS+ server to authenticate access permission to the switch:
Console> (enable) set authentication login tacacs enable Tacacs Login authentication set to enable. Console> (enable)
This example shows how to use the local password to authenticate access permission to the switch:
Console> (enable) set authentication login local enable Local Login authentication set to enable. Console> (enable)
set authentication enable
show tacacs
Use the set banner motd command to program a message-of-the-day banner to appear before session login.
set banner motd c [text] c| c | Delimiting character used to begin and end the message. |
| text | (Optional) The message of the day. |
Switch command.
Privileged.
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd # ** System upgrade at 6:00am Tuesday. ** Please log out before leaving on Monday. # MOTD banner set.
This example shows how to clear the message of the day:
Console> (enable> set banner motd ## MOTD banner cleared. Console> (enable>
Use the set boot config-register command to set the boot configuration register value.
set boot config-register 0xvalue [mod_num]| mod_num | (Optional) Module number of the supervisor engine III containing the Flash device. |
| disable | Keyword to disable the ignore-config feature. |
| enable | Keyword to enable the ignore-config feature. |
| rommon | Keyword to specify booting from the ROM monitor. |
| bootflash | Keyword to specify booting from the bootflash. |
| system | Keyword to specify booting from the system. |
Switch command.
Privileged.
This example shows how to use the set boot config-register command:
Console> (enable) set boot config-register rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable) set boot config-register 0x10f Configuration register is 0x10f break: disabled ignore-config: disabled console baud: 9600 boot: image specified by the boot system commands
Use the set boot system flash command to set the BOOT environment variable which specifies a list of images that the switch loads at startup.
set boot system flash device:[filename] [mod_num] [prepend]| device: | Device where the Flash resides. |
| filename | (Optional) Name of the configuration file. |
| mod_num | (Optional) Module number of the supervisor engine III containing the Flash device. |
| prepend | (Optional) Keyword used to place the device first in the list of boot devices. |
Switch command.
Privileged.
A colon is required between the word "device" and the specified device.
You can enter several boot system commands to provide a fail-safe method for booting the switch. The system stores and executes the boot system commands in the order in which you enter them. Remember to clear the old entry when building a new image with a different filename in order to use the new image.
This example shows how to use the set boot system flash command:
Console> (enable) set boot system flash slot0:cat5k_r47_1.cbi BOOT variable = slot0:cat5k_r47_1.cbi; Console> (enable) set boot system flash slot0:cat5k_r47_2.cbi BOOT variable = slot0:cat5k_r47_1.cbi;slot0:cat5k_r47_2.cbi;
Use the set bridge apart command to enable or disable APaRT on FDDI.
set bridge apart {enable | disable}| enable | Keyword that activates the APaRT on FDDI. |
| disable | Keyword that deactivates APaRT on FDDI. |
The default configuration has APaRT enabled.
Switch command.
Privileged.
This example shows how to disable APaRT:
Console> (enable) set bridge apart disable APaRT disabled Console> (enable)
Use the set bridge fddicheck command to enable or disable the relearning of MAC addresses (as FDDI MAC addresses) that were already learned from an Ethernet interface (as Ethernet MAC addresses).
set bridge fddicheck {enable | disable}| enable | Keyword that permits FDDI to re-learn MAC addresses learned from an Ethernet interface. |
| disable | Keyword that prevents FDDI from re-learning MAC addresses learned from an Ethernet interface. |
The default configuration has fddicheck disabled.
Switch command.
Privileged.
When fddicheck is enabled, a MAC address seen on the FDDI ring is not learned (stored in FDDI CAM) as an FDDI MAC address if the MAC address was previously learned from an Ethernet interface (as an Ethernet MAC address).
Thus, with fddicheck enabled, MAC addresses previously learned from an Ethernet interface will not be re-learned on the FDDI interface until the CAM is cleared.
This command requires information from the FDDI CAM. Therefore, disabling APaRT also automatically disables fddicheck. To enable fddicheck, first enable APaRT.
This example shows how to enable fddicheck on the switch:
Console> (enable) set bridge fddicheck enable FDDICHECK enabled Console> (enable)
Use the set bridge ipx 8022toether command to set the default method for translating IPX packets from FDDI 802.2 to Ethernet. The default translation method specified is used only until the real protocol types are learned.
set bridge ipx 8022toether {8023 | snap | eii | 8023raw}| 8023 | Keyword that specifies Ethernet 802.3 as the default translation method. |
| snap | Keyword that specifies Ethernet SNAP as the default translation method. |
| eii | Keyword that specifies Ethernet II as the default translation method. |
| 8023raw | Keyword that specifies Ethernet 802.3 raw as the default translation method. |
The default translation method for FDDI 802.2 to Ethernet networks is 8023 (Ethernet 802.3).
Switch command.
Privileged.
This example shows how to set the default protocol to SNAP for translating IPX packets between FDDI 802.2 and Ethernet networks:
Console> (enable) set bridge ipx 8022toether snap 8022 to ETHER translation set. Console> (enable)
Use the set bridge ipx 8023rawtofddi command to set the default method for translating IPX packets from Ethernet 802.3 to FDDI. The default translation method specified is used only until the real protocol types are learned.
set bridge ipx 8023rawtofddi {8022 | snap | fddiraw}| 8022 | Keyword that specifies FDDI 802.2 as the default translation method. |
| snap | Keyword that specifies FDDI SNAP as the default translation method. |
| fddiraw | Keyword that specifies FDDI RAW as the default translation method. |
The default translation method for Ethernet 802.3 to FDDI networks is SNAP (FDDI SNAP).
Switch command.
Privileged.
This example shows how to set the default translation method to FDDI SNAP for translating IPX packets between Ethernet 802.3 and FDDI networks:
Console> (enable) set bridge ipx 8023rawtofddi snap 8023RAW to FDDI translation set. Console> (enable)
Use the set bridge ipx snaptoether command to set the default method for translating IPX FDDI SNAP frames to Ethernet frames. The default translation specified is used for all broadcast IPX SNAP frames and for any unlearned Ethernet MAC addresses.
set bridge ipx snaptoether {8023 | snap | eii | 8023raw}| 8023 | Keyword that specifies Ethernet 802.3 as the default frame type. |
| snap | Keyword that specifies Ethernet SNAP as the default frame type. |
| eii | Keyword that specifies Ethernet II as the default frame type. |
| 8023raw | Keyword that specifies Ethernet 802.3 RAW as the default frame type. |
The default translation method for translating IPX FDDI SNAP frames to Ethernet frames is 8023RAW (Ethernet 802.3 RAW).
Switch command.
Privileged.
This example shows how to set the default method for translating IPX FDDI SNAP frames to Ethernet frames to SNAP:
Console> (enable) set bridge ipx snaptoether snap Bridge snaptoether default IPX translation set. Console> (enable)
Use the set cam command to add entries into the CAM table and to set the aging time for the CAM table.
set cam {dynamic | static | permanent} {unicast_mac | multicast_mac | route_descr} mod_num/port_nums [vlan]| dynamic | Keyword that specifies that entries are subject to aging. |
| static | Keyword that specifies that entries are not subject to aging. Static (nonpermanent) entries will remain in the table until the system is reset. |
| permanent | Keyword that specifies that permanent entries are stored in NVRAM until they are removed by the clear cam or clear config command. |
| unicast_mac | MAC address of the destination host used for a unicast. |
| multicast_mac | MAC address of the destination host used for a multicast. |
| route_descr | Route descriptor of the "next hop" relative to this switch. This variable is entered as 2 hexadecimal bytes in the following format: 004F. Do not use a "-" to separate the bytes. |
| mod_num | Number of the module. |
| port_nums | Number of a specific port. |
| vlan | (Optional) Number of the VLAN. The VLAN number is optional unless you are setting CAM entries to dynamic, static, or permanent for a trunk port, or if you are using the agingtime keyword. |
| agingtime | Keyword used to set the period of time after which an entry is removed from the table. |
| agingtime | Number of seconds (0 to 1,000,000) that dynamic entries remain in the table before being deleted. Setting aging time to 0 disables aging. |
The default configuration has a local MAC address, spanning-tree address (01-80-c2-00-00-00), and CDP multicast address for destination port 1/3 (the NMP). The default aging time for all configured VLANs is 300 seconds.
Switch command.
Privileged.
If the given MAC address is a multicast address (the least significant bit of the most significant byte is set to 1) or broadcast address (ff-ff-ff-ff-ff-ff) and multiple ports are specified, the ports must all be in the same VLAN. If the given address is a unicast address and multiple ports are specified, the ports must be in different VLANs.
The set cam command does not support the RSM.
If a route descriptor is entered with no VLAN parameter specified, the default is the VLAN already associated with the port. If a route descriptor is entered, only a single port number (of the associated port) may be used.
This example shows how to set the CAM table aging time to 300 seconds:
Console> (enable) set cam agingtime 1 300 Vlan 1 CAM aging time set to 300 seconds. Console> (enable) Console
This example shows how to add a unicast entry to the table for module 2, port 9, and how to add a permanent multicast entry to the table for module 1, port 1, and module 2, ports 1, 3, and 8 through 12:
Console> (enable) set cam static 00-00-0c-a0-03-fa 2/9 Static unicast entry added to CAM table. Console> (enable) set cam permanent 01-40-0b-a0-03-fa 1/1,2/1,2/3,2/8-12 Permanent multicast entry added to CAM table. Console> (enable)
Use the set cdp command to enable or disable the CDP information display on specified ports.
set cdp {enable | disable} {mod_num/port_num | all}| enable | Keyword that enables the CDP information display. |
| disable | Keyword that disables the CDP information display. |
| mod_num | Number of the module. |
| port_num | Number of the port. |
| all | Keyword that specifies all ports. |
The default system configuration has CDP enabled.
Switch command.
Privileged.
The ATM module does not support CDP.
This example shows how to enable the CDP message display for port 1 on module 2:
Console> (enable) set cdp enable 2/1 CDP enabled on port 2/1. Console> (enable)
This example shows how to disable the CDP message display for port 1 on module 2:
Console> (enable) set cdp disable 2/1 CDP disabled on port 2/1. Console> (enable)
Use the set cdp interval command to set the message interval for CDP.
set cdp interval {mod_num/port_num | all} interval| mod_num | Number of the module. |
| port_num | Number of the port. |
| all | Keyword that specifies all ports. |
| interval | Number of seconds (5 to 900) the system waits before sending a message. |
The default has the message interval set to 60 seconds for every port.
Switch command.
Privileged.
This example shows how to set the CDP message interval for port 10 on module 2 to 30 seconds:
Console> (enable) set cdp interval 2/10 30 CDP message interval set to 30 seconds for port 2/10. Console> (enable)
Use the set cgmp command to enable or disable CGMP on a device.
set cgmp {enable | disable}| enable | Keyword used to enable CGMP on a device. |
| disable | Keyword used to disable CGMP on a device. |
By default, CGMP is disabled.
Switch command.
Privileged.
CGMP filtering requires a network connection from the Catalyst 5000 series switch to an external router running CGMP.
This example shows how to enable and disable CGMP on a device:
Console> (enable) set cgmp enableCMGP support for IP multicast enabled.Console> (enable)set cgmp disableCMGP support for IP multicast disabled.Console> (enable)
clear multicast router
set multicast router
show multicast group
show multicast group count
Use the set cgmp leave command to enable or disable the CGMP leave processing.
set cgmp {enable | disable}| enable | Keyword used to enable CGMP leave processing. |
| disable | Keyword used to disable CGMP leave processing. |
By default, CGMP leave processing is disabled.
Switch command.
Privileged.
clear multicast router
set multicast router
show multicast group
show multicast group count
Use the set enablepass command to change the password for the privileged level of the command-line interface.
set enablepassThis command has no arguments or keywords.
The default configuration has no enable password configured.
Switch command.
Privileged.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed.
This example shows how to establish a new password:
Console> (enable) set enablepass Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed. Console> (enable)
Use the set fddi alarm command to specify the LER-alarm value for an FDDI port. The value defines the rate at which the LER threshold is exceeded on a link. The LER-alarm value affects the results of the LER threshold test.
set fddi alarm mod_num/port_num value| mod_num | Number of the module. |
| port_num | Number of the port. |
| value | Value for the LER-alarm parameter. This exponential value represents the number of link errors per second (that is, 10-value link errors per second). Valid values are between 7 and 15. |
The default LER-alarm value is 8 milliseconds (10-8 seconds).
Switch command.
Privileged.
This example shows how to change the LER-alarm value to 10-11 seconds for port 1 on module 4:
Console> (enable) set fddi alarm 4/1 11 Port 4/1 alarm value set to 11. Console> (enable)
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi cutoff command to specify the LER-cutoff value for an FDDI port. The LER-cutoff value determines the LER at which a connection is flagged as faulty. The LER-cutoff value affects the results of the LER threshold test.
set fddi cutoff mod_num/port_num value| mod_num | Number of the module. |
| port_num | Number of the port. |
| value | Exponential value for the LER-cutoff parameter (that is, 10-value link errors per second). Valid values are between 7 and 15. |
The default LER-cutoff value is 7 milliseconds (10-7 seconds).
Switch command.
Privileged.
This example shows how to change the LER-cutoff value to 10¯10 seconds for port 1 on module 4:
Console> (enable) set fddi cutoff 4/1 10 Port 4/1 cutoff value set to 10. Console> (enable)
set fddi alarm
set fddi tlmin
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi tlmin command to change the TL_MIN value for an FDDI port.
set fddi tlmin mod_num/port_num microseconds| mod_num | Number of the module. |
| port_num | Number of the port. |
| microseconds | Number of microseconds for the TL_MIN parameter. |
The default value for TL_MIN is 40 microseconds.
Switch command.
Privileged.
The TL_MIN value specifies the minimum time to transmit a PHY line state before advancing to the next PCM state. This setting affects the station and switch interoperability and might hinder the implementation of FDDI repeaters.
This example shows how to change the TL_MIN value to 80 microseconds for port 1 on module 4:
Console> (enable) set fddi tlmin 4/1 80 Port 4/1 tlmin set to 80 usec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi tnotify command to change the TNotify timer value for an FDDI module.
set fddi tnotify mod_num time| mod_num | Number of the module. |
| time | Number of seconds for the TNotify timer. Valid times are from 2 to 30 seconds. |
The default value for the TNotify timer is 30 seconds.
Switch command.
Privileged.
The TNotify parameter sets the interval (in seconds) between neighbor notification frames. These frames advertise FDDI module MAC addresses to neighboring devices. Usually, the default setting is sufficient.
This example shows how to change the TNotify timer value to 16 seconds for module 4:
Console> (enable) set fddi tnotify 4 16 Module 4 SMT T-Notify set to 16 sec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi treq
set fddi userdata
show fddi
Use the set fddi treq command to change the TRequest value for an FDDI module.
set fddi treq mod_num time| mod_num | Number of the module. |
| time | Number of seconds for the TRequest value. Valid times are from 2502 to 165,000 microseconds. |
The default value for the TRequest is 165,000 microseconds.
Switch command.
Privileged.
The TRequest parameter specifies the default TRT value for the FDDI module. This value is used when negotiating the TRT with other stations. The TRT is used to control ring scheduling during normal operation and to detect and recover from serious ring error situations. Whenever the TRT expires, the station uses the TRequest value to negotiate with other stations for the lowest value. The default setting of 165,000 microseconds is sufficient for most networks.
This example shows how to change the TRequest value to 3500 microseconds for module 4:
Console> (enable) set fddi treq 4 3500 Mac 4/1 T-request set to 3500 usec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi userdata
show fddi
Use the set fddi userdata command to configure the user-data string in the SMT MIB of an FDDI module.
set fddi userdata mod_num [userdata_string]| mod_num | Number of the module. |
| userdata_string | (Optional) Character string that identifies the node in a meaningful way. |
The default value for the FDDI user-data string is "Catalyst 5000."
Switch command.
Privileged.
The user-data string is useful for identifying the FDDI module or Catalyst 5000 series switch when using a management tool to configure and maintain an internetwork or when accessing the FDDI module remotely. The user-data string might be a term identifying the function of the network node or the users connected to the network node.
This example shows how to change the user-data string to Engineering for module 4:
Console> (enable) set fddi userdata 4 Engineering Module 4 SMT User Data set to Engineering. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi treq
show fddi
Use the set interface command to configure network interfaces.
set interface {sc0 | sl0} {up | down}| sc0 | Keyword that specifies the in-band interface. |
| sl0 | Keyword that specifies the SLIP interface. |
| up | Keyword used to bring the interface into operation. |
| down | Keyword used to bring the interface out of operation. |
| ip_addr | (Optional) IP address. |
| netmask | (Optional) Subnet mask. |
| broadcast | (Optional) Broadcast mask. |
| slip_addr | IP address of the console port. |
| dest_addr | IP address of the host to which the console port will be connected. |
The default configuration is sc0 and sl0 with IP address, netmask, and broadcast set as 0.0.0.0. The destination address for sl0 is also 0.0.0.0.
Switch command.
Privileged.
The set interface command can be used to assign network addresses administratively, subnet masks for the Catalyst 5000 series switch interfaces, and destination addresses for SLIP interfaces. It can also be used administratively to bring the interfaces up or down. There are two configurable network interfaces on a Catalyst 5000 series switch: in-band (sc0) and SLIP (sl0). Once you assign an IP address to sc0, the Catalyst 5000 series switch becomes accessible through Ethernet and FDDI interfaces.
This example shows how to use set interface sc0 and set interface sl0 from the console port. It also shows how to administratively bring down interface sc0 using a console terminal:
Console> (enable) set interface sc0 192.200.11.44 255.255.255.0 Interface sc0 IP address and netmask set. Console> (enable) set interface sl0 192.200.10.45 192.200.10.103 Interface sl0 SLIP and destination address set. Console> (enable) set interface sc0 down. Interface sc0 administratively down. Console> (enable)
This example shows how to set the IP address for sc0 through a Telnet session:
Console> (enable) set interface sc0 192.200.11.40 This command may disconnect active telnet sessions. Do you want to continue (y/n) [n]? y Interface sc0 IP address set.
This example shows how to take the interface out of operation through a Telnet session:
Console> (enable) set interface sc0 down This command will inactivate telnet sessions. Do you want to continue (y/n) [n]? y Interface sc0 administratively down.
This example shows how to identify the VLAN on which to store the IP address:
Console> (enable) set interface sc0 5 Interface sc0 vlan set. Console> (enable) set interface sc0 200 Vlan is not active, user needs to set vlan 200 active Interface sc0 vlan set. Console> (enable)
Use the set ip alias command to add aliases of IP addresses.
set ip alias name ip_addr| name | Name of the alias being defined. |
| ip_addr | IP address of the alias being defined. |
The default configuration has one IP alias (0.0.0.0) configured as the default.
Switch command.
Privileged.
This example shows how to define an IP alias of mercury for IP address 192.122.174.234:
Console> (enable) set ip alias mercury 192.122.174.234 IP alias added. Console> (enable)
Use the set ip dns command to enable or disable DNS.
set ip dns {enable | disable}| enable | Keyword used to enable DNS. |
| disable | Keyword used to disable DNS. |
DNS is disabled.
Switch command.
Privileged.
This example shows how to enable and disable DNS:
Console> (enable) set ip dns enable DNS is enabled. Console> (enable) set ip dns disable DNS is disabled. Console> (enable)
Use the set ip dns domain command to set the default DNS domain name.
set ip dns domain name| name | Default DNS domain name. |
This command has no default setting.
Switch command.
Privileged.
If you specify a specific domain name on the command line, the system will attempt to resolve the host name as entered. If the system cannot resolve the host name as entered, it appends the default DNS domain name as defined with the set ip dns domain command. If you specify a domain name with a trailing dot, the program considers this name an absolute domain name.
This example shows how to set the default DNS domain name:
Console> (enable) set ip dns domain yow.com Default DNS domain name set to yow.com. Console> (enable)
clear ip dns domain
show ip dns
Use the set ip dns server command to set the IP address of a DNS server.
set ip dns server ip_addr [primary]| ip_addr | IP address of the DNS server. |
| primary | (Optional) Keyword used to configure a DNS server as the primary server. |
This command has no default setting.
Switch command.
Privileged.
You can configure up to three DNS name servers as backup. You can also configure any DNS server as the primary server. The primary server is the first one to be queried. If the primary server fails, the backup servers are queried.
If DNS is disabled, you must use the IP address with all commands that require explicit IP addresses or manually define an alias for that address. The alias has priority over DNS.
These examples show how to set the IP address of a DNS server:
Console> (enable) set ip dns server 198.92.30.32 198.92.30.32 added to DNS server table as primary server. Console> (enable) set ip dns server 171.69.2.132 primary 171.69.2.132 added to DNS server table as primary server. Console> (enable) set ip dns server 161.44.128.70 DNS server table is full. 161.44.128.70 not added to DNS server table.
clear ip dns server
show ip dns
Use the set ip fragmentation command to enable or disable the fragmentation of IP packets bridged between FDDI and Ethernet networks. Note that FDDI and Ethernet networks have different MTUs.
set ip fragmentation {enable | disable}| enable | Keyword that permits fragmentation for IP packets bridged between FDDI and Ethernet networks. |
| disable | Keyword that disables fragmentation for IP packets bridged between FDDI and Ethernet networks. |
The default value is IP fragmentation enabled.
Switch command.
Privileged.
If IP fragmentation is disabled, packets will be dropped.
This example shows how to disable IP fragmentation:
Console> (enable) set ip fragmentation disable Bridge IP fragmentation disabled. Console> (enable)
Use the set ip permit command to enable or disable the IP permit list. Use the set ip permit ip_addr command to specify an IP address to be added to the IP permit list.
set ip permit {enable | disable}| enable | Keyword used to enable the IP permit list. |
| disable | Keyword used to disable the IP permit list. |
| ip_addr | IP address to be added to the IP permit list. An IP alias or host name that can be resolved through DNS can also be used. |
| mask | (Optional) Subnet mask of the specified IP address. |
The IP permit list is disabled.
Switch command.
Privileged.
You can configure up to 10 entries in the permit list. If the IP permit list is enabled, but the permit list has no entries configured, a caution is displayed on the screen.
This example shows how to use the set ip permit command:
Console> (enable) set ip permit enable IP permit list enabled. WARNING!! IP permit list has no entries. Console> (enable) set ip permit 172.100.101.102 172.100.101.102 added to IP permit list. Console> (enable) set ip permit batboy batboy added to IP permit list. Console> (enable) set ip permit 172.160.161.0 255.255.192.0 172.160.128.0 with mask 255.255.192.0 added to IP permit list. Console> (enable) set ip permit disable IP permit list disabled.
clear ip permit
set ip permit
show ip permit
Use the set ip redirect command to enable or disable ICMP redirect messages on the Catalyst 5000 series switch.
set ip redirect {enable | disable}| enable | Keyword that permits ICMP redirect messages to be returned to the source host. |
| disable | Keyword that prevents ICMP redirect messages from being returned to the source host. |
The default configuration has ICMP redirect enabled.
Switch command.
Privileged.
This example shows how to deactivate ICMP redirect messages:
Console> (enable) set ip redirect disable ICMP redirect messages disabled. Console> (enable)
Use the set ip route command to add IP addresses or aliases to the IP routing table.
set ip route destination gateway [metric]| destination | IP address or IP alias of the network or specific host to be added. Use default as the destination to set the new entry as the default route. |
| gateway | IP address or IP alias of the router. |
| metric | (Optional) Value used to indicate whether the destination network is local or remote. Use 0 for local and 1 for remote. |
The default configuration routes the local network through the sc0 interface with metric 0 as soon as sc0 is configured.
Switch command.
Privileged.
This example shows how to add a route to the IP routing table:
Console> (enable) set ip route 192.122.173.211 192.122.173.1 Route added. Console> (enable)
This example shows how to add a default route to the IP routing table:
Console> (enable) set ip route default 192.122.173.1 Route added. Console> (enable)
Use the set ip unreachable command to enable or disable ICMP unreachable messages on the switch.
set ip unreachable {enable | disable}| enable | Keyword that allows IP unreachable messages to be returned to the source host. |
| disable | Keyword that prevents IP unreachable messages from being returned to the source host. |
The default has ICMP unreachable messages enabled.
Switch command.
Privileged.
When enabled, the switch returns an ICMP unreachable message to the source host whenever it receives an IP datagram that it cannot deliver. When disabled, the switch does not notify the source host when it receives an IP datagram that it cannot deliver.
For example, a switch has the ICMP unreachable message function enabled and IP fragmentation disabled. If an FDDI frame is received and needs to be transmitted to an Ethernet port, the switch will not be able to fragment the packet. The switch will drop the packet and return an IP unreachable message to the Internet source host.
This example shows how to disable ICMP unreachable messages:
Console> (enable) set ip unreachable disable ICMP Unreachable message disabled. Console> (enable)
Use the set length command to configure the number of lines in the terminal display screen.
set length number [default]| number | Number of lines to display on the screen (0 to 512). |
| default | (Optional) Keyword that sets the number of lines in the terminal display screen for the current administration session and all other sessions. This keyword is only available in privileged mode. |
The default value is 24 lines upon starting a session. When the value is changed in a session, it applies only to that session. When you use the clear config command, the number of lines in the terminal display screen is reset to the factory default of 100.
Switch command.
Normal and privileged.
Output from a single command that overflows a single display screen is followed by the --More-- prompt. At the --More-- prompt, you can press Ctrl-C, q, or Q to interrupt the output and return to the prompt, press the Spacebar to display an additional screen of output, or press Return to display one more line of output.
Setting the screen length to 0 turns off the scrolling feature and causes the entire output to be displayed at once. Unless the default keyword is used, a change to the terminal length value applies only to the current session.
This example shows how to set the screen length to 60 lines:
Console> set length 60 Screen length for this session set to 60. Console>
This example shows how to set the default screen length to 40 lines:
Console> (enable) set length 40 default Screen length set to 40. Console> (enable)
Use the set logging console command to enable and disable the sending of system logging messages to the console.
set logging console {enable | disable}| enable | Keyword used to enable system message logging to the console. |
| disable | Keyword used to disable system message logging to the console. |
By default, system message logging to the console is enabled.
Switch command.
Privileged.
This example shows how to enable and disable system message logging to the console:
Console (enable) set logging console enableSystem logging messages will be sent to the console.Console (enable) set logging console disableSystem logging messages will not be sent to the console.
set logging level
set logging session
show logging
show logging buffer
Use the set logging level command to set the facility and severity level used when logging system messages.
set logging level facility severity [default]| facility | Value that specifies the type of system messages to be captured. Facility types are shown in Table 7-1. |
| severity | Value that specifies the severity level of system messages to be captured. Severity level definitions are shown in Table 7-2. |
| default | (Optional) Keyword that causes the specified logging level to be applied to all sessions. If default is not used, the specified logging level applies only to the current session. |
| Facility Name | Definition |
|---|---|
| cdp | Cisco Discovery Protocol |
| cgmp | Cisco Group Management Protocol |
| disl | Dynamic Inter-Switch Link |
| dvlan | Dynamic VLAN |
| earl | Encoded Address Recognition Logic |
| fddi | Fiber Distributed Data Interface |
| filesys | Flash File System |
| ip | Internet Protocol |
| kernel | Kernel |
| pruning | VTP pruning |
| snmp | Simple Network Management Protocol |
| spantree | Spanning-Tree Protocol |
| sys | System |
| tac | Terminal Access Controller |
| tcp | Transmission Control Protocol |
| telnet | Terminal emulation protocol |
| tftp | Trivial File Transfer Protocol |
| vmps | VLAN Membership Policy Server |
| vtp | Virtual Terminal Protocol |
| Severity Level | Keyword | Description |
|---|---|---|
| 0 | emergencies | System unusable |
| 1 | alerts | Immediate action required |
| 2 | critical | Critical condition |
| 3 | errors | Error conditions |
| 4 | warnings | Warning conditions |
| 5 | notifications | Normal bug significant condition |
| 6 | informational | Informational messages |
| 7 | debugging | Debugging messages |
By default, facility is set to all and level is set to 0.
Switch command.
Privileged.
This example shows how to set the default facility and severity level for system message logging:
Console (enable) set logging level snmp 2 default
System logging facility set to severity 2(critical).
Console (enable)
show logging
show logging buffer
Use the set logging server command to enable and disable system message logging to configured syslog servers, and to add a syslog server to the system logging server table.
set logging server {enable | disable}| enable | Keyword used to enable system message logging to configured syslog servers. |
| disable | Keyword used to disable system message logging to configured syslog servers. |
| ip_addr | IP address of the syslog server to be added to the configuration. An IP alias or a host name that can be resolved through DNS can also be used. |
By default, no syslog servers are configured to receive system messages.
Switch command.
Privileged.
This example shows how to enable system message logging to the console:
Console (enable) set logging server enable
System logging messages will be sent to the configured syslog servers.
Console (enable)
This example shows how to add a syslog server to the system logging server table:
Console (enable) set logging server 171.69.192.205
171.69.192.205 added to the System logging server table.
Console (enable)
clear logging server
show logging
Use the set logging session command to enable or disable the sending of system logging messages to the current login session.
set logging session {enable | disable}| enable | Keyword used to enable the sending of system logging messages to the current login session. |
| disable | Keyword used to disable the sending of system logging messages to the current login session. |
By default, system message logging to the current login session is enabled.
Switch command.
Privileged.
This example shows how to prevent system logging messages from being sent to the current login session:
Console> (enable) set logging session disable System logging messages will not be sent to the current login session. Console> (enable)
This example shows how to cause system logging messages to be sent to the current login session:
Console> (enable) set logging session enable System logging messages will be sent to the current login session. Console> (enable)
set logging console
set logging level
show logging
show logging buffer
Use the set logout command to set the number of minutes until the system automatically disconnects an idle session.
set logout timeout| timeout | Number of minutes (0 to 10,000) until the system automatically disconnects an idle session. Setting the value to 0 disables the automatic disconnection of idle sessions. |
The default value is 20 minutes.
Switch command.
Privileged.
This example shows how to set the number of minutes until the system automatically disconnects an idle session:
Console> (enable) set logout 20 Sessions will be automatically logged out after 20 minutes of idle time. Console> (enable) set logout 0 Sessions will not be automatically logged out. Console> (enable)
Use the set module disable command to disable a module.
set module disable mod_num| mod_num | Number of the module. You can specify a series of modules by entering a comma between each module number (for example 2,3,5). You can specify a range of modules by entering a dash between module numbers (for example, 2-5). |
The default configuration has all modules enabled.
Switch command.
Privileged.
Avoid disabling a module when connected via a Telnet session because if your session is established on the module being disabled, the session will hang. The supervisor module cannot be disabled.
This example shows how to disable module 3 when connected via the console port:
Console> (enable) set module disable 3 Module 3 disabled. Console> (enable)
This example shows how to disable module 2 when connected via a Telnet session:
Console> (enable) set module disable 2 This command may disconnect your telnet session. Do you want to continue (y/n) [n]? y Module 2 disabled.
Use the set module enable command to enable a module.
set module enable mod_num| mod_num | Number of the module to enable. |
The default setting has all modules enabled.
Switch command.
Privileged.
If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.
This example shows how to enable module 2:
Console> (enable) set module enable 2 Module 2 enabled. Console> (enable)
Use the set module name command to set the name for a module.
set module name mod_num [mod_name]| mod_num | Number of the module. |
| mod_name | (Optional) Name being created for the module. |
The default configuration has no module names configured for any modules.
Switch command.
Privileged.
If the module name is not specified, any previously specified name is cleared.
Use the set module name command to set the module for the RSM. Additional set module commands are not supported by the RSM.
This example shows how to set the name for module 1 to Supervisor:
Console> (enable) set module name 1 Supervisor Module name set. Console> (enable)
Use the set multicast router command to configure multicast router ports.
set multicast router mod_num/port_num| mod_num | Number of the module. |
| port_num | Number of the port on the module. |
By default, no ports are configured as multicast router ports.
Switch command.
Privileged.
When CGMP is enabled, it automatically identifies the ports to which a CGMP-capable router is attached. The set multicast router command allows you to configure multicast router ports statically.
This example shows how to configure a multicast router port:
Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)
set cgmp
show multicast group
show multicast group count
Use the set ntp broadcastclient command to enable or disable NTP in broadcast-client mode.
set ntp broadcastclient {enable | disable}| enable | Keyword used to enable NTP in broadcast-client mode. |
| disable | Keyword used to disable NTP in broadcast-client mode. |
The default setting for this command is disabled.
Switch command.
Privileged.
The broadcast client mode assumes that a broadcast server, such as a router, is regularly sending time-of-day information to the Catalyst 5000 series switch.
This example shows how to enable and disable an NTP broadcast client:
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled. Console> (enable) set ntp broadcastclient disable NTP Broadcast Client mode disabled.
Use the set ntp broadcastdelay command to configure a time-adjustment factor for the receiving of broadcast packets by the Catalyst 5000 series switch.
set ntp broadcastdelay microseconds| microseconds | Estimated round-trip time, in microseconds, for NTP broadcasts. Allowable range is from 1 to 999999. |
By default, the NTP broadcast delay is set to 3000.
Switch command.
Privileged.
This example shows how to set the NTP broadcast delay to 4000 microseconds:
Console> (enable) set ntp broadcastdelay 4000 NTP broadcast delay set to 4000 microseconds. Console> (enable)
Use the set ntp client command to enable or disable the Catalyst 5000 series switch as an NTP client.
set ntp client {enable | disable}| enable | Keyword used to enable the Catalyst 5000 series switch as an NTP client. |
| disable | Keyword used to disable the Catalyst 5000 series switch as an NTP client. |
By default, NTP client mode is disabled.
Switch command.
Privileged.
You can configure NTP in either broadcast client mode or client mode. The broadcast-client mode assumes that a broadcast server, such as a router, is regularly sending time-of-day information to the Catalyst 5000 series switch. The client mode assumes that the client (the Catalyst 5000 series switch) is regularly sending time-of-day requests to the NTP server.
This example shows how to enable NTP client mode:
Console> (enable) set ntp client enable NTP client mode enabled. Console> (enable)
Use the set ntp server command to configure the IP address of the NTP server.
set ntp server ip_addr| ip_addr | IP address of the NTP server providing the clock synchronization. |
There is no default setting for this command.
Switch command.
Privileged.
The client mode assumes that the client (the Catalyst 5000 series switch) is regularly sending time-of-day requests to the NTP server. A maximum of ten servers per client is allowed.
This example shows how to configure an NTP server:
Console> (enable) set ntp server 172.20.22.191 NTP server 172.20.22.191 added. Console> (enable)
Use the set password command to change the login password on the command-line interface.
set passwordThis command has no arguments or keywords.
The default configuration has no password configured.
Switch command.
Privileged.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.
This example shows how to set an initial password:
Console> (enable) set password Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed. Console> (enable)
Use the set port broadcast command to set the broadcast/multicast suppression for one or more ports.
set port broadcast mod_num/port_num threshold[%]| mod _num | Number of the module. |
| port_num | Number of the port. |
| threshold | Number of packets-per-second of broadcast/multicast traffic allowed on the port, or the percentage of total available bandwidth that can be used by broadcast/multicast traffic. |
| % | (Optional) Keyword used if threshold is expressed as a percentage of total available bandwidth that can be used by broadcast/multicast traffic. |
The default system configuration has broadcast/multicast suppression disabled.
Switch command.
Privileged.
Although bandwidth-based broadcast/multicast suppression applies to all ports on a module, you must still specify a port number according to the syntax rules of the set port broadcast mod_num/port_num threshold [%] command. For example, if you specify port 3 on module 4 (4/3), broadcast/multicast suppression will be applied to every port on module 4. You can specify any port number between 1 and 24.
Only the Ethernet Switching Module (10BaseT 48 port, Telco, WS-X5012) supports bandwidth-based broadcast/multicast suppression on a per port basis.
This command is not supported by the RSM.
This example shows how to limit broadcast traffic to 500 packets per second on ports 2/1-3/24:
Console> (enable) set port broadcast 2/1-3/24 500
Ports 2/1-3/24 broadcast traffic limited to 500 packets.
This example shows how to limit broadcast traffic to 20 percent to all ports on module 4 (see the Usage Guidelines for more information about this example):
Console> (enable)set port broadcast 4/3 20%Port 4/1-24 broadcast traffic limited to 20%.
This example shows how to allow unlimited broadcast traffic to all ports on module 4 (see the Usage Guidelines for more information about this example):
Console> (enable)set port broadcast 4/3 100%Port 4/1-24 broadcast traffic unlimited.
Use the set port channel command to enable or disable Fast EtherChannel on Fast Ethernet module ports.
set port channel port_list (mod_num/port/num) {on | off | desirable | auto}| port_list (mod_num/port_num) | Module and ports to bundle. |
| on | Keyword that enables and forces Fast EtherChannel for the specified module ports. |
| off | Keyword that disables Fast EtherChannel for the specified module ports. |
| desirable | Keyword that sets Fast EtherChannel mode to desirable for the specified module ports. |
| auto | Keyword that sets Fast EtherChannel mode to auto for the specified module ports. |
The default system configuration has Fast EtherChannel auto set on all module ports.
Switch command.
Privileged.
Make sure that all ports in the channel are configured with the same port speed, duplex mode, and so forth. For more detailed information on using Fast EtherChannel, refer to the "Configuring Ethernet and Fast Ethernet Switching Modules" chapter in the Catalyst 5000 Series Software Configuration Guide.
This command is not supported by the RSM.
This example shows how to enable Fast EtherChannel on ports 5-8 of Fast Ethernet module 2:
Console> (enable) set port channel 2/5-8 on Warning: Configure same speed, duplex, % broadcast limit, vlan and trunk mode for all ports in the channel. Disable spanning tree for the vlans that the channelled ports belong. Use with caution. Ports 2/5-8 channel mode set to on.
This example shows how to disable Fast EtherChannel on ports 5-8 of Fast Ethernet module 2:
Console> (enable) set port channel 2/5-8 off Ports 2/5-8 disabled and channel mode set to off. Console> (enable)
Use the set port disable command to disable a port or a range of ports.
set port disable mod_num/port_num| mod _num | Number of the module. |
| port_num | Number of the port. |
The default system configuration has all ports enabled.
Switch command.
Privileged.
This command is not supported by the RSM.
This example shows how to disable a port using the set port disable command:
Console> (enable) set port disable 5/10 Port 5/10 disabled. Console> (enable)
Use the set port duplex command to configure the duplex type of an Ethernet or Fast Ethernet port or range of ports.
set port duplex mod_num/port_num {full | half | auto}| mod_num | Number of the module. |
| port_num | Number of the port. |
| full | Keyword that specifies full-duplex transmission. |
| half | Keyword that specifies half-duplex transmission. |
| auto | Keyword that specifies auto transmission. |
The default configuration for 10-Mbps and 100-Mbps modules has all Ethernet ports set to half duplex. The default configuration for 10/100-Mbps Fast Ethernet modules has all ports set to auto.
Switch command.
Privileged.
Ethernet and Fast Ethernet interfaces can be configured to either full duplex or half duplex. When a port is in autosensing mode, both its speed and duplex are determined by autosensing. An error message like the following is generated if you attempt to set the transmission type of autosensing Fast Ethernet ports to half- or full-duplex mode:
Console> (enable) set port duplex 2/1 full (1 port - failed) Port 2/1 is in auto-sensing mode.
The set port duplex command is not valid on the 48-port module or the RSM.
This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full Port 2/1 set to full-duplex. Console> (enable)
Use the set port enable command to enable a port or a range of ports.
set port enable mod_num/port_num| mod _num | Number of the module. |
| port_num | Number of the port. |
The default system configuration has all ports enabled.
Switch command.
Privileged.
This command is not supported on the RSM.
This example shows how to enable port 3 on module 3:
Console> (enable) set port enable 2/3 Port 2/3 enabled. Console> (enable)
Use the set port level command to set the priority level of a port or range of ports on the switching bus.
set port level mod_num/port_num {normal | high}| mod_num | Number of the module. |
| port_num | Number of the port on the module. |
| normal | Keyword that sets the port priority to normal. |
| high | Keyword that sets the port priority to high. |
The default configuration has all ports at normal priority level.
Switch command.
Privileged.
Packets traveling through a port set at normal priority are served only after packets traveling through a port set at high priority are served.
This example shows how to set the priority level for port 2 on module 1 to high:
Console> (enable) set port level 1/2 high Port 1/2 port level set to high. Console> (enable)
set port disable
set port duplex
set port enable
set port name
set port speed
set port trap
show port
Use the set port membership command to dynamically or statically assign membership of a port or range of ports to a VLAN.
set port membership mod_num/port_num {dynamic | static}| mod_num | Module number. |
| port_num | Port number. |
| dynamic | Keyword used to dynamically assign VLAN membership to a port. |
| static | Keyword used to statically assign VLAN membership to a port. |
Default port membership is static.
Switch command.
Privileged.
When a port is assigned a VLAN dynamically, the show port command output identifies the VLAN as dynamic and, if the dynamic port is shut down by a VMPS, its status will be shown as shutdown.
This command is not supported on the RSM.
These examples show how to assign VLAN membership to one or more ports using the set port membership command:
Console> (enable) set port membership 3/1-3 dynamic Ports 3/1-3 vlan assignment set to dynamic. Spantree port fast start option enabled for ports 3/1-3. Console> (enable) Console> (enable) set port membership 4/2 dynamic Ports 4/1-12 vlan assignment set to dynamic. Spantree port fast start option enabled for port 4/2. Console> (enable)
Use the set port name command to configure a name for a port.
set port name mod_num/port_num [name_string]| mod_num | Number of the module. |
| port_num | Number of the port. |
| name_string | (Optional) String that describes the port. |
The default configuration has no port name configured for any port.
Switch command.
Privileged.
If the name string is not specified, the port name is cleared.
This command is not supported for the RSM.
This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy Port 4/1 name set. Console> (enable)
set port disable
set port duplex
set port enable
set port speed
set port trap
show port
Use the set port security command to configure port security on a port or range of ports on an Ethernet module.
set port security mod_num/port_num {enable | disable} [mac_addr]| mod_num | Number of the module. |
| port_num | Number of the port. |
| enable | Keyword used to enable port security. |
| disable | Keyword used to disable port security. |
| mac_addr | (Optional) Secure MAC address of the enabled port. |
The default configuration has port security disabled.
Switch command.
Privileged.
If the MAC address is not given, the command turns on learning mode so that the first MAC address seen on the port becomes the secure MAC address.
This example shows how to set port security with a learned MAC address:
Console> (enable)set port security 3/1 enablePort 3/1 port security enabled with the learned mac address.
This example shows how to set port security with a specific MAC address:
Console> (enable)set port security 3/1 enable 01-02-03-04-05-06Port 3/1 port security enabled with 01-02-03-04-05-06 as the secure mac address.
Use the set port speed command to configure the speed of a port interface. You can configure the speed of a Fast Ethernet interface.
set port speed mod_num/port_num { 10 | 100 | auto}| mod_num | Number of the module. |
| port_num | Number of the port on the module. |
| 10 | 100 | auto | Keyword used to set a port speed to 10, 100 Mbps, or auto speed detection mode. The default is auto. |
The default configuration has all module ports set to auto.
Switch command.
Privileged.
Fast Ethernet interfaces on the 10/100-Mbps Fast Ethernet Switching module can be configured to either 10 Mbps or 100 Mbps. They can also be set to autosensing mode, allowing them to sense and distinguish between 10-Mbps and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. Set at autosensing mode, the interfaces automatically configure themselves to operate at the proper speed and transmission type.
This example shows how to use the set port speed command to configure port 1 on module 2 to auto:
Console> (enable) set port speed 2/1 auto Port 2/1 speed set to auto-sensing mode. Console> (enable) set port speed 2/2 10 Port 2/2 speed set to 10 Mbps. Console> (enable) set port speed 2/3 100 Port 2/3 speed set to 100 Mbps.
This example shows how to set ports 2, 3, and 4 on module 3 to 16 Mbps, 4 Mbps, and auto speed detection mode:
Console> (enable) set port speed Usage: set port speed<4|10|16|100|auto> Console> (enable) set port speed 3/4 16 Port(s) 3/4 speed set to 16Mbps. Console> (enable) set port speed 3/4 auto Port(s) 3/4 speed set to auto detect.
set port disable
set port enable
set port name
set port trap
show port
Use the set port trap command to enable or disable the operation of the standard SNMP link trap (up or down) for a port or range of ports.
set port trap mod_num/port_num {enable | disable}| mod_num | Number of the module. |
| port_num | Number of the port. |
| enable | Keyword used to activate the SNMP link trap. |
| disable | Keyword used to deactivate the SNMP link trap. |
The default configuration has all port traps disabled.
Switch command.
Privileged.
This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable Port 1/2 up/down trap enabled. Console> (enable)
set port disable
set port duplex
set port enable
set port name
set port speed
show port
Use the set prompt command to change the prompt for the command-line interface.
set prompt prompt_string| prompt_string | String to use as the command prompt. |
The default configuration has the prompt set to Console>.
Switch command.
Privileged.
This example shows how to set the prompt to system100>:
Console> (enable) set prompt system100> system100> (enable)
Use the set snmp community command to set SNMP communities and associated access types.
set snmp community {read-only | read-write | read-write-all} [community_string]| read-only | Keyword that assigns read-only access to the specified SNMP community. |
| read-write | Keyword that assigns read-write access to the specified SNMP community. |
| read-write-all | Keyword that assigns read-write access to the specified SNMP community. |
| community_string | (Optional) Specifies the name of the SNMP community. |
The default configuration has the following communities and access types defined:
Switch command.
Privileged.
There are three configurable SNMP communities, one for each access type. If the community string is not specified, the community string configured for that access type is cleared.
This example shows how to set read-write access to the SNMP community called yappledapple:
Console> (enable) set snmp community read-write yappledapple SNMP read-write community string set.
This example shows how to clear the community string defined for read-only access:
Console> (enable) set snmp community read-only SNMP read-only community string cleared. Console> (enable)
Use the set snmp rmon command to enable or disable SNMP RMON support.
set snmp rmon {enable | disable}| enable | Keyword used to activate SNMP remote monitoring support. |
| disable | Keyword used to deactivate SNMP remote monitoring support. |
The default for remote monitoring support is disabled.
Switch command.
Privileged.
The following configurations and implementations are supported:
This example shows how to enable and disable RMON support:
Console> (enable) set snmp rmon enable SNMP RMON support enabled. Console> (enable) set snmp rmon disable SNMP RMON support disabled.
Use the set snmp trap command to enable or disable the different SNMP traps on the system, or to add an entry into the SNMP authentication trap receiver table.
set snmp trap {enable | disable} [all | module | chassis | bridge | repeater | auth | vtp | ippermit | vmps]| enable | Keyword used to activate SNMP traps. |
| disable | Keyword used to deactivate SNMP traps. |
| all | (Optional) Keyword that specifies all types of traps. |
| module | (Optional) Keyword that specifies the moduleUp and moduleDown traps from the CISCO-STACK-MIB. |
| chassis | (Optional) Keyword that specifies the chassisAlarmOn and chassisAlarmOff traps from the CISCO-STACK-MIB. |
| bridge | (Optional) Keyword that specifies the newRoot and topologyChange traps from RFC 1493 (the BRIDGE-MIB). |
| repeater | (Optional) Keyword that specifies the rptrHealth, rptrGroupChange, and rptrResetEvent traps from RFC 1516 (the SNMP-REPEATER-MIB). |
| auth | (Optional) Keyword that specifies the authenticationFailure trap from RFC 1157. |
| vtp | (Optional) Keyword that specifies the VTP from the CISCO-VTP-MIB. |
| ippermit | (Optional) Keyword that specifies the ip Permit Denied access from the CISCO-STACK-MIB. |
| vmps | (Optional) Keyword that specifies the vmVmpsChange trap from the CISCO-VLAN-MEMBERSHIP-MIB. |
| rcvr_addr | IP address or IP alias of the system to receive SNMP traps. |
| rcvr_community | Community string to use when sending authentication traps. |
The default configuration has SNMP traps disabled.
Switch command.
Privileged.
An IP permit trap is sent when unauthorized access based on the IP permit list is attempted.
This example shows how to enable SNMP chassis traps:
Console> (enable) set snmp trap enable chassis SNMP chassis alarm traps enabled. Console> (enable)
This example shows how to add an entry in the SNMP trap receiver table:
Console> (enable) set snmp trap 192.122.173.42 public SNMP trap receiver added. Console> (enable)
clear ip permit
clear snmp trap
set ip permit
show ip permit
show port counters
test snmp trap
Use the set span command to enable or disable SPAN, and to set up the port and VLAN analyzer.
set span enable| enable | Keyword that enables SPAN. |
| disable | Keyword that disables SPAN. |
| src_mod | Monitored module (source). |
| src_ports | Monitored port(s) (source). |
| src_vlan | Monitored VLAN (source). |
| dest_mod | Monitoring module (destination). |
| dest_port | Monitoring port (destination). |
| rx | (Optional) Keyword that specifies that information received at the source is monitored. |
| tx | (Optional) Keyword that specifies that information transmitted from the source is monitored. |
| both | (Optional) Keyword that specifies that information both transmitted from the source and received at the source is monitored. |
The default configuration has port monitoring disabled, port 1/1 as the monitoring port (destination), VLAN 1 as the monitored VLAN (source), and both transmit and receive packets monitored. If the parameter rx, tx, or both is not specified, the default is both.
Switch command.
Privileged.
After SPAN is enabled and the defaults established, subsequent commands replace source ports, VLANs, and destination ports.
Use either a dedicated remote monitor probe or a Sniffer analyzer to monitor ports.
You may specify an RSM port as the source port in set span. If you specify an RSM port as the destination port, you will receive the following message:
Route switch port cannot be a Monitor port.
This example shows how to enable SPAN on the Catalyst 5000 series switch, and how to monitor transmit traffic on port 2/3 through port 2/4:
Console> (enable) set span enable span enabled. Console> (enable) set span 2/3 2/4 tx Enabled monitoring of ports 2/3 transmit traffic by ports 2/4. Console> (enable)
This example shows how to enable SPAN on multiple source ports.
Console> (enable) set span 2/1,3/1-2,5/7 1/2
If the above source ports are on different vlans, you'll see an error message:
Failed to configure span feature
Use the set spantree disable command to disable the spanning-tree algorithm for a VLAN.
set spantree disable [vlan]| vlan | (Optional) Number of the VLAN. If the VLAN number is not specified, the default, VLAN 1, is used. |
The default configuration has all spanning trees enabled.
Switch command.
Privileged.
This example shows how to disable the spanning-tree algorithm for VLAN 1:
Console> (enable) set spantree disable 1 VLAN 1 bridge spanning tree disabled. Console> (enable)
set spantree enable
show spantree
Use the set spantree enable command to enable the spanning-tree algorithm for a VLAN.
set spantree enable [vlan]| vlan | (Optional) Number of the VLAN. If a VLAN number is not specified, the default, VLAN 1, is used. |
The default configuration has all spanning trees enabled.
Switch command.
Privileged.
This example shows how to activate the spanning-tree algorithm for VLAN 1:
Console> (enable) set spantree enable 1 VLAN 1 bridge spanning tree enabled. Console> (enable)
set spantree disable
show spantree
Use the set spantree fwddelay command to set the bridge forward delay for a VLAN.
set spantree fwddelay delay [vlan]| delay | Number of seconds (4 to 30) for the bridge forward delay. |
| vlan | (Optional) Number of the VLAN; if a VLAN number is not specified, VLAN 1 is assumed. |
The default configuration has the bridge forward delay set to 15 seconds for all VLANs.
Switch command.
Privileged.
This example shows how to set the bridge forward delay for VLAN 100 to 16 seconds:
Console> (enable) set spantree fwddelay 16 100 Spantree 100 forward delay set to 16 seconds. Console> (enable)
Use the set spantree hello command to set the bridge hello time for a VLAN.
set spantree hello interval [vlan]| interval | Number of seconds (1 to 10) the system waits before sending a bridge hello message (a multicast message indicating that the system is active). |
| vlan | (Optional) Number of the VLAN; if a VLAN number is not specified, VLAN 1 is assumed. |
The default configuration has the bridge hello time set to 2 seconds for all VLANs.
Switch command.
Privileged.
This example shows how to set the spantree hello time for VLAN 100 to 3 seconds:
Console> (enable) set spantree hello 3 100 Spantree 100 hello time set to 3 seconds. Console> (enable)
Use the set spantree maxage command to set the bridge maximum aging time for a VLAN.
set spantree maxage agingtime [vlan]| agingtime | Maximum number of seconds (6 to 40) that the system retains the information received from other bridges through Spanning-Tree Protocol. |
| vlan | (Optional) Number of the VLAN; if a VLAN number is not specified, VLAN 1 is assumed. |
The default configuration is 20 seconds for all VLANs.
Switch command.
Privileged.
This example shows how to set the maximum aging time for VLAN 1000 to 25 seconds:
Console> (enable) set spantree maxage 25 1000 Spantree 1000 max aging time set to 25 seconds. Console> (enable)
Use the set spantree portcost command to set the path cost for a port or TrCRF.
set spantree portcost {mod_num/port_num | trcrf} cost| mod_num | Number of the module. |
| port_num | Number of the port on the module. |
| trcrf | Number of the TrCRF for which you are setting the path cost. |
| cost | Number from 0 to 65535 that indicates the cost of the path. Zero (0) is a low cost and 65535 is a high cost. |
The default configuration is as follows:
Switch command.
Privileged.
The Spanning-Tree Protocol uses port path costs to determine which port to select as a forwarding port. Therefore, lower numbers should be assigned to ports attached to faster media (such as full duplex) and higher numbers should be assigned to ports attached to slower media. The possible range is 1 to 65535. The recommended path cost is 1000/LAN speed in Mbps.
This example shows how to set the port cost for port 4 on module 3 to 10 Mbps:
Console> (enable) set port speed 3/4 10 Port(s) 3/4 speed set to 10Mbps. Console> (enable)
Use the set spantree portfast command to allow a port that is connected to a single workstation or PC to start faster when it is connected.
set spantree portfast mod_num/port_num {enable | disable}| mod_num | Number of the module. |
| port_num | Number of the port on the module. |
| enable | Keyword that enables the spanning-tree port fast-start feature on the port. |
| disable | Keyword that disables the spanning-tree port fast-start feature on the port. |
The default configuration has the port fast-start feature disabled.
Switch command.
Privileged.
When a port configured with the spantree portfast enable command is connected, the port immediately enters the spanning-tree forwarding state rather than going through the normal spanning-tree states such as listening and learning. Use this command on ports that are connected to a single workstation or PC only; do not use it on ports that are connected to networking devices such as hubs, routers, switches, bridges, or concentrators.
This example shows how to enable the spanning-tree port fast-start feature on port 2 on module 1:
Console> (enable) set spantree portfast 1/2 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution. Spantree port 1/2 fast start enabled. Console> (enable)
Use the set spantree portpri command to set the bridge priority for a spanning-tree port or TrCRF.
set spantree portpri {mod_num/port_num | trcrf} priority| mod_num | Number of the module. |
| port_num | Number of the port on the module. |
| trcrf | Keyword that identifies the TrCRF for which you are setting the bridge priority. |
| priority | Number that represents the cost of a link in a spanning-tree bridge. The priority level is from 0 (high) to 63 (low). |
The default configuration has all ports with bridge priority set to 32.
Switch command.
Privileged.
The specified bridge priority on an ATM port applies to all emulated LANs on that port.
This example shows how to set the priority of port 1 on module 4 to 63:
Console> (enable) set spantree portpri 4/1 63 Bridge port 4/1 priority set to 63. Console> (enable)
Use the set spantree portstate command to manually set the state of a TrCRF.
set spantree portstate trcrf {block | forward | auto} [trbrf]| trcrf | Number of the TrCRF for which you are manually setting the state. |
| block | forward | auto | Keywords used to set the TrCRF to a blocked state (block), forwarding state (forward) or to have the correct state automatically determined by the Spanning-Tree Protocol (auto). |
| trbrf | (Optional) Number of the parent TrBRF. |
There is no default configuration for this command.
Switch command.
Privileged.
When Spanning-Tree Protocol is enabled, every switch in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, the ports then stabilize to the forwarding or blocking state. However, with TrBRFs and TrCRFs, there are two exceptions to this rule that require you to manually set the state of the logical ports of a TrBRF. The two exceptions are if:
If either of these conditions exists, use the set spantree portstate command to manually set the state of a TrCRF to blocked or forwarding mode or you can set for the correct state to be automatically determined by the Spanning-Tree Protocol.
This example shows the manual setting of TrCRF 900 to a forwarding state:
Console> (enable) set spantree portstate 900 forward reserve_nvram : requested by block = 0 reserve_nvram : granted to block = 0 release_nvram : releasing block = 0 Console> (enable)
Use the set spantree portvlancost command to assign a lower path cost to a set of VLANs on a port.
set spantree portvlancost mod_num/port_num [cost cost] [VLAN_list]| mod_num | Number of the module. |
| port_num | Number of the port. |
| cost cost | (Optional) Keyword indicating the cost of the path. |
| VLAN_list | (Optional) If no VLANs are explicitly listed, VLANs listed in prior invocations of this command are affected. If no cost is explicitly listed, and previous cost values are specified in prior invocations, then the portvlancost is set to 1 less than the current portcost for a port. However, this may not assure load balancing in all cases. |
The value specified is used as the path cost of the port for the specified set of VLANs. The rest of the VLANs have a path cost equal to that of the port path cost, set via the set spantree portcost command (if not set, the value is the default path cost of the port).
Switch command.
Privileged.
This example shows how to use the set spantree portvlancost command:
console> (enable) set spantree portvlancost 2/10 cost 25 1-20 Cannot set portvlancost to a higher value than the port cost, 10, for port 2/10. console> (enable) set spantree portvlancost 2/10 1-20 Port 2/10 VLANs 1-20 have a path cost of 9. console> (enable) set spantree portvlancost 2/10 cost 4 1-20 Port 2/10 VLANs 1-20 have path cost 4. Port 2/10 VLANs 21-1000 have path cost 10. console> (enable) set spantree portvlancost 2/10 cost 6 21 Port 2/10 VLANs 1-21 have path cost 6. Port 2/10 VLANs 22-1000 have path cost 10.
This example shows how to use the set spantree portvlancost command without explicitly specifying cost:
Console> (enable) set spantree portvlancost 1/2 Port 1/2 VLANs 1-1005 have path cost 3100. Console> (enable) set spantree portvlancost 1/2 21 Port 1/2 VLANs 1-20,22-1005 have path cost 3100. Port 1/2 VLANs 21 have path cost 3099. Console> (enable)
Use the set spantree portvlanpri command to set the port priority for a subset of VLANs in the trunk port.
set spantree portvlanpri mod_num/port_num priority [vlans]| mod_num | Number of the module. |
| port_num | Number of the port. |
| priority | Number that represents the cost of a link in a spanning-tree bridge. The priority level is from 0 to 63, with 0 indicating high priority and 63 indicating low priority. |
| vlans | (Optional) VLANs to use the specified priority level. |
The default configuration has the port VLAN priority set to 0, with no VLANs specified.
Switch command.
Privileged.
Use this command to add VLANs to a specified port priority level. Subsequent calls to this command do not replace VLANs that are already set at a specified port priority level.
This feature is not supported for the RSM.
The set spantree portvlanpri command applies only to trunk ports.
This example shows how to set the port priority for module 1, port 2, on VLANs 21 to 40:
Console> (enable) set spantree portvlanpri 1/2 16 21-40 Port 1/2 vlans 3,6-20,41-1000 using portpri 32 Port 1/2 vlans 1-2,4-5,21-40 using portpri 16 Console> (enable)
clear spantree portvlanpri
show spantree
Use the set spantree priority command to set the bridge priority for a VLAN.
set spantree priority bridge_priority [vlan]| bridge_priority | Number representing the priority of the bridge. The priority level is from 0 to 65535, with 0 being high priority and 65535 being low priority. |
| vlan | (Optional) Number of the VLAN. If a VLAN number is not specified, VLAN 1 is used. |
The default configuration has the bridge priority set to 32768.
Switch command.
Privileged.
This example shows how to set the bridge priority of VLAN 1 to 4096:
Console> (enable) set spantree priority 4096 VLAN 1 bridge priority set to 4096. Console> (enable)
Use the set spantree root command to set the primary or secondary root for specific VLANs or for all VLANs of the switch.
set spantree root [secondary] [VLAN_list] [dia network diameter]| secondary | (Optional) Keyword that designates this switch as a secondary root, should the primary root fail. |
| VLAN_list | (Optional) Number of the VLAN. If a VLAN number is not specified, VLAN 1 is used. |
| dia network_diameter | (Optional) Keyword that specifies the maximum number of bridges between any two points of attachment of end stations. The value of network diameter can range between 1 through 7. |
| hello hello time | (Optional) Keyword that specifies in seconds, the duration between generation of configuration messages by the root switch. |
If the keyword secondary is not specified, the default is to make the switch the primary root.
The default value of the network diameter is 7.
If not specified, the current value of hello_time from the NVRAM is used.
This command is run on backbone or distribution switches, as opposed to access switches.
You can run the secondary root many times, to create backup switches in case of a root failure.
The secondary command reduces the bridge priority value to 16384.
This command increases path costs to a value greater than 3000.
Switch command.
Privileged.
This example shows how to use the set spantree root command:
console>(enable) set spantree root 1-10 dia 4 VLANs 1-10 bridge priority set to 8192 VLANs 1-10 bridge max aging time set to 14 seconds. VLANs 1-10 bridge hello time set to 2 seconds. VLANs 1-10 bridge forward delay set to 9 seconds. Switch is now the root switch for active VLANs 1-6.
This example shows that setting the bridge priority to 8192 was not sufficient to make this switch the root. So, the priority was further reduced to 7192 (100 less than that of the current root switch) to make this switch the root switch. However, reducing it to this value did not make it the root switch for active VLANs 16 and 17.
console>(enable) set spantree root 11-20. VLANs 11-20 bridge priority set to 7192 VLANs 11-10 bridge max aging time set to 20 seconds. VLANs 1-10 bridge hello time set to 2 seconds. VLANs 1-10 bridge forward delay set to 13 seconds. Switch is now the root switch for active VLANs 11-15,18-20. Switch could not become root switch for active VLAN 16-17. console>(enable) set spantree root secondary 22,24 dia 5 hello 1 VLANs 22,24 bridge priority set to 16384. VLANs 22,24 bridge max aging time set to 10 seconds. VLANs 22,24 bridge hello time set to 1 second. VLANs 22,24 bridge forward delay set to 7 seconds.
Use the set spantree uplinkfast command to enable fast switchover to alternate ports when the root port fails. This command applies to a switch, not to a WAN.
set spantree uplinkfast {enable | disable} [rate station_update_rate]| enable | Keyword used to enable fast switchover. |
| disable | Keyword used to disable fast switchover. |
| rate station_update_rate | (Optional) Keyword rate station_update_rate specifies the number of multicast packets transmitted per 100 ms when an alternate port is chosen after the root port goes down. The default value is 15 packets/100 ms, which is equivalent to a load of 1 percent on a 10Mbps Ethernet. If this value is specified as 0, the generation of these packets is turned off. |
The default value for rate is 15.
Switch command.
Privileged.
This command has the following results:
If set spantree uplinkfast enable is run on a switch that has this feature already enabled, only the station update rate is updated. The rest of the parameters are not modified.
If set spantree uplinkfast disable is run on a switch, the uplinkfast feafure is disabled but the switch priority and port cost values are not reset to the factory defaults. To reset the values to the factory defaults, use the clear spantree uplinkfast command.
This example shows how to enable spantree uplinkfast:
console>(enable) set spantree uplinkfast enable rate 40 VLANs 1-1000 bridge priority set to 49152. The port cost and portvlancost of all ports increased to above 3000. Station update rate set to 40 packets/100ms. uplinkfast turned on for bridge.
Use the set summertime command to specify whether the system should set the clock ahead one hour during daylight saving time.
set summertime {enable | disable} [zone]| enable | Keyword used to cause the system to set the clock ahead one hour during daylight saving time. |
| disable | Keyword used to prevent the system from setting the clock ahead one hour during daylight saving time. |
| zone | (Optional) Time zone used by the set summertime command. |
By default, the set summertime command is disabled.
Switch command.
Privileged.
This command uses regulations that advance the clock one hour at 2:00 a.m. on the first Sunday in April and move back the clock one hour at 2:00 a.m. on the last Sunday in October.
This example shows how to cause the system to set the clock ahead one hour during daylight saving time:
Console> (enable) set summertime enable PDT Summertime is enabled and set to "PDT". Console> (enable)
This example shows how to prevent the system from setting the clock ahead one hour during daylight saving time:
Console> (enable) set summertime disable Summertime disabled. Console> (enable)
Use the set system baud command to set the console port baud rate.
set system baud rate| rate | The baud rate. Valid rates are 600, 1200, 2400, 4800, 9600, 19200, and 38400. |
The default value is 9600 baud.
Switch command.
Privileged.
This example shows how to set the system baud rate to 19200:
Console> (enable) set system baud 19200 System console port baud rate set to 19200. Console> (enable)
Use the set system contact command to identify a contact person for the system.
set system contact [contact_string]| contact_string | (Optional) Text string that typically contains the name of the person to contact for system administration. If no contact string is specified, the system contact string is cleared. |
The default configuration has no system contact configured.
Switch command.
Privileged.
This example shows how to set the system contact string:
Console> (enable) set system contact Susan ext.24 System contact set. Console> (enable)
Use the set system location command to identify the location of the system.
set system location [location_string]| location_string | (Optional) Text string that indicates where the system is located. If no location string is specified, the system location is cleared. |
This command has no default setting.
Switch command.
Privileged.
This example shows how to set the system location string:
Console> (enable) set system location Closet 230 4/F System location set. Console> (enable)
Use the set system modem command to enable or disable modem control lines on the console port.
set system modem {enable | disable}| enable | Keyword used to activate modem control lines on the console port. |
| disable | Keyword used to deactivate modem control lines on the console port. |
The default configuration has modem control lines disabled.
Switch command.
Privileged.
This example shows how to disable modem control lines on the console port:
Console> (enable) set system modem disable Modem control lines disabled on console port. Console> (enable)
Use the set system name command to configure a name for the system.
set system name [name_string]| name_string | (Optional) Text string that identifies the system. If no name is specified, the system name is cleared. |
The default configuration has no system name configured.
Switch command.
Privileged.
This example shows how to set the system name to Information Systems:
Console> (enable) set system name Information Systems System name set. Console> (enable)
Use the set tacacs attempts command to configure the maximum number of login attempts allowed to the TACACS+ server.
set tacacs attempts count| count | Number of login attempts allowed (1 to 10). |
The default value for this command is 3.
Switch command.
Privileged.
This example shows how to configure the TACACS+ server to allow a maximum of six login attempts:
Console> (enable) set tacacs attempts 6 Tacacs number of attempts set to 6. Console> (enable)
Use the set tacacs directedrequest command to enable or disable the TACACS+ directed-request option. When enabled, you can direct a request to any of the configured TACACS+ servers and only the username will be sent to the specified server.
set tacacs directedrequest {enable | disable}| enable | Keyword used to send the portion of the address before the @ sign (the username) to the host specified after the @ sign. |
| disable | Keyword used to send the entire address string to the default TACACS+ server. |
This default configuration has the TACACS+ directed-request option disabled.
Switch command.
Privileged.
When tacacs directedrequest is enabled, users must specify a configured TACACS+ server after the @ sign. If the specified host name does not match the IP address of a configured TACACS+ server, the request is rejected. When tacacs directedrequest is disabled, the Catalyst 5000 series switch queries the list of servers beginning with the first server in the list and then sends the entire string, accepting the first response from the server. This command is useful for sites that have developed their own TACACS+ server software to parse the entire address string and make decisions based on the contents of the string.
This example shows how to enable the tacacs directedrequest option:
Console> (enable) set tacacs directedrequest enable Tacacs direct request has been enabled. Console> (enable)
Use the set tacacs key command to set the key used for TACACS+ authentication and encryption.
set tacacs key key| key | Printable ASCII characters used for authentication and encryption. Key length is limited to 100 characters. |
The default value of key is null.
Switch command.
Privileged.
The key must be the same as the key used on the TACACS+ server. All leading spaces are ignored. Spaces within the key and at the end of the key are included. Double quotation marks are not required, even if there are spaces between words in the key, unless the quotation marks themselves are part of the key. The key can consist of any printable ASCII characters except the tab character.
This example shows how to set the authentication and encryption key:
Console> (enable) set tacacs key Who Goes There The tacacs key has been set to Who Goes There. Console> (enable)
clear spantree uplinkfast
show tacacs
Use the set tacacs server command to define a TACACS+ server.
set tacacs server ip_addr [primary]| ip_addr | IP address of the server on which the TACACS+ server resides. |
| primary | (Optional) Keyword used to designate the specified server as the primary TACACS+ server. |
There is no default setting for this command.
Switch command.
Privileged.
A maximum of three servers can be configured. The primary server, if configured, is contacted first. If no primary server is configured, the first server configured becomes the primary server.
This example shows how to configure the server on which the TACACS+ server resides and to designate it as the primary server:
Console> (enable) set tacacs server 170.1.2.20 primary 170.1.2.20 added to TACACS server table as primary server. Console> (enable)
clear tacacs server
show tacacs
Use the set tacacs timeout command to set the response timeout interval for the TACACS+ server daemon. The TACACS+ server must respond to a TACACS+ authentication request before this interval expires or the next configured server will be queried.
set tacacs timeout seconds| seconds | Timeout response interval in seconds (1 to 255). |
The default value for this command is five seconds.
Switch command.
Privileged.
This example shows how to set the response timeout interval for the TACACS+ server to eight seconds:
Console> (enable) set tacacs timeout 8 Tacacs timeout set to 8 seconds. Console> (enable)
Use the set time command to change the time of day on the system clock.
set time [day_of_week] [mm/dd/yy] [hh:mm:ss]| day_of_week | (Optional) Day of the week. |
| mm/dd/yy | (Optional) Month, day, and year. |
| hh:mm:ss | (Optional) Current time in 24-hour format. |
This command has no default setting.
Switch command.
Privileged.
This example shows how to set the system clock to Friday, May 9, 1997, 7:50 a.m:
Console> (enable) set time fri 5/9/97 7:50 Fri May 9 1997, 07:50:00 Console> (enable)
Use the set timezone command to set the time zone for the system.
set timezone [zone_name ] [hours [minutes]]| zone_name | (Optional) Name of the time zone to be displayed. |
| hours | (Optional) Number of hours offset from UTC. |
| minutes | (Optional) Number of minutes offset from UTC. If the specified hours value is a negative number, then the minutes value is assumed to be negative as well. |
By default, the time zone is set to UTC.
Switch command.
Privileged.
The set timezone command is effective only when NTP is running. If you explicitly set the time and NTP is disengaged, the set timezone command has no effect. If you have enabled NTP and have not entered the set timezone command, the Catalyst 5000 series switch displays UTC by default.
This example shows how to set the time zone to Pacific Standard Time with an offset of minus eight hours from UTC:
Console> (enable) set timezone PST -8 Timezone set to "PST", offset from UTC is -8 hours. Console> (enable)
Use the set trunk command to configure trunk ports.
set trunk mod_num/port_num [on | off | desirable | auto] [vlan_range]| mod_num | Number of the module. |
| port_num | Number of the port. |
| on | (Optional) Keyword that puts the port into permanent ISL trunking mode and negotiates to convert the link into a trunk port. The port becomes a trunk port even if the other end of the link does not agree to the change. |
| off | (Optional) Keyword that negotiates to convert the link into a nontrunk port. The port converts to a nontrunk port even if the other end of the link does not agree to the change. This is the default mode for FDDI trunks. This option is not allowed for ATM ports. |
| desirable | (Optional) Keyword that triggers negotiations to switch the state of the link from a nontrunk to a trunk port. This option is not allowed on FDDI and ATM ports. |
| auto | (Optional) Keyword that indicates that the port can become a trunk port if another device on that link desires to be a trunk. This option is not allowed on FDDI and ATM ports. This is the default mode for Fast Ethernet ports. |
| vlan_range | (Optional) VLANs to add to the list of allowed VLANs on the trunk. The VLAN range is 1 to 1000. |
All ports are nontrunk ports by default.
Switch command.
Privileged.
Trunking capabilities are hardware dependent. The set trunk command adds VLANs and ports to existing trunk groups; it does not replace existing VLANs and ports with new VLANs and ports.
When a Catalyst 5000 series switch port that is configured to auto detects a link bit, and it determines that the other end of the link is a trunk port, the Catalyst 5000 series switch automatically converts the port configured to auto into trunking mode. The trunk port reverts to a nontrunk port when its link goes down.
For trunking to take effect on Fast Ethernet ports, the ports must be in the same domain. However, you can use the on mode to force a port to become a trunk, even if it is in a different domain.
To return a trunk to a normal switched port, use the clear trunk command.
You cannot change the set of VLANs allowed on the RSM port.
This example shows how to set port 2 on module 1 as a trunk port:
Console> (enable) set trunk 1/2 1-5 Port 1/2 allowed vlans modified to 1-1000. Console> (enable) set trunk 1/2 on Port 1/2 mode set to on. Console> (enable)
clear trunk
set vtp
show trunk
show vtp domain
Use the set vlan command to group ports into a virtual LAN.
set vlan vlan_num mod/ports... set vlan vlan_num [name name] [type {ethernet | fddi | fddinet | trcrf | trbrf}]| vlan_num | Number identifying the VLAN. |
| mod | Number of the module. This parameter is not valid when defining or configuring TrBRFs. |
| ports... | Numbers of the port on the module belonging to the VLAN. This parameter does not apply to TrBRFs. |
| name name | (Optional) Keyword that defines a text string used as the name of the VLAN (1 to 32 characters). |
| type {ethernet | fddi | fddinet | trcrf | trbrf} | (Optional) Keyword used to identify the VLAN type. |
| state {active | suspend} | (Optional) Keyword used to specify whether the state of the VLAN is active or suspended. VLANs in suspended state do not pass packets. The default is active. |
| said said | (Optional) Keyword that specifies the security association identifier. Possible values are 1 to 4294967294. This parameter does not apply to TrCRFs or TrBRFs. |
| mtu mtu | (Optional) Keyword that specifies the maximum transmission unit (packet size, in bytes) that the VLAN can use. Possible values are 1500 to 18190. For Token Ring VLANs, the default is 4472. |
| ring ring_number | (Optional) Keyword that specifies the logical ring number for Token Ring VLANs. Possible values are hexadecimal numbers 01 to FFF. For Token Ring VLANs, this parameter is valid and required only when defining a TrCRF. |
| bridge bridge_num | (Optional) Keyword that specifies the identification number of the bridge. Possible values are hexadecimal numbers 01 to 0F. For Token Ring VLANs, the default is 0F. This parameter is not valid for TrCRFs. |
| parent vlan_num | (Optional) Keyword used to set a parent VLAN. The range for vlan_num is 1 to 1005. This parameter identifies the TrBRF to which a TrCRF belongs and is required when defining a TrCRF. |
| mode {srt | srb} | Bridging mode of a TrCRF. Valid values for this parameter are srt and srb. |
| stp {ieee | ibm | auto} | (Optional) Keyword that specifies which version of the Spanning-Tree Protocol for a TrBRF to use, source routing transparent (ieee), source route bridging (ibm), or to have the Spanning-Tree Protocol automatically determined (auto) based on the bridging mode. |
| translation vlan_num | (Optional) Keyword that specifies a translational VLAN used to translate FDDI or Token Ring to Ethernet. Possible values are 1 to 1005. |
| backupcrf {off | on} | Whether the TrCRF is a backup path for traffic. |
| aremaxhop hopcount | Maximum number of hops for all-routes explorer frames. Possible values are 1 to 14. The default is 7. This parameter is only valid when defining or configuring TrCRFs. |
| stemaxhop hopcount | Maximum number of hops for spanning-tree explorer frames. Possible values are 1 to 14. The default is 7. This parameter is only valid when defining or configuring TrCRFs. |
The default configuration has all switched Ethernet ports and Ethernet repeater ports in VLAN 1. The default SAID is 100001 for VLAN 1, 100002 for VLAN 2, 100003 for VLAN 3, and so on. The default type is Ethernet. The default MTU is 1500 bytes. The default state is active.
The default TrBRF is 1005 and the default TrCRF is 1003. The default MTU for TrBRFs and TrCRFs is 4472. The default state is active.
Switch command.
Privileged.
You cannot set multiple VLANs for ISL ports using this command. The VLAN name can be from 1 to 32 characters in length. The VLAN number must be within the range 1 to 1005.
This example shows how to set VLAN 850 to include ports 3 through 7 on module 3. Ports 3 through seven were assigned to TrCRF 1003, therefore, the message reflects the modification of VLAN 1003:
Console> (enable) set vlan 850 3/4-7 VLAN 850 modified. VLAN 1003 modified. VLAN Mod/Ports ---- ----------------------- 850 3/4-7
Use the set vmps server command to configure the IP address of the VMPS server to be queried.
set vmps server ip_addr [primary]| ip_addr | IP address of the VMPS server. |
| primary | (Optional) Keyword that identifies the specified device as the primary VMPS server. |
If no IP address is specified, VMPS uses the local VMPS configuration.
Switch command.
Privileged.
You can specify the IP addresses of up to three VMPS servers. You can define any VMPS server as the primary VMPS server.
If the primary VMPS server is down, all subsequent queries go to a secondary VMPS server. VMPS checks on the primary server's availability once every five minutes. When the primary VMPS server comes back online, subsequent VMPS queries are directed back to the primary VMPS server.
In order to use a co-resident VMPS (when VMPS is enabled in a device), configure one of the three VMPS addresses to be the IP address of interface sc0.
This example shows how to define a VMPS server:
Console> (enable) set vmps server 192.168.10.140 primary 192.168.10.140 added to VMPS table as primary domain server. Console> (enable) set vmps server 192.168.69.171 192.168.69.171 added to VMPS table as backup domain server. Console> (enable)
Use the set vmps state command to enable or disable VMPS.
set vmps state {enable | disable}| enable | Keyword used to enable VMPS. |
| disable | Keyword used to disable VMPS. |
By default, VMPS is disabled.
Switch command.
Privileged.
Before using the set vmps state command, you must use the set vmps tftpserver command to specify the IP address of the server from which the VMPS database is downloaded.
This example shows how to enable and disable VMPS:
Console> (enable) set vmps state enable Vlan membership Policy Server enabled. Console> (enable) set vmps state disable All the VMPS configuration information will be lost and the resources released on disable. Do you want to continue (y/n[n]):y VLAN Membership Policy Server disabled. Console> (enable)
Use the set vmps tftpserver command to specify the IP address of the server from which the VMPS database is downloaded and the VMPS storage location.
set vmps tftpserver ip_addr [filename]| ip_addr | IP address of the TFTP server from which the VMPS database is downloaded. |
| filename | (Optional) VMPS configuration filename on the TFTP server. |
If filename is not specified, the set vmps tftpserver command uses the default filename vmps-config-database.1.
Switch command.
Privileged.
This example shows how to specify the server from which the VMPS database is downloaded, and the filename of the configuration file:
Console> (enable) set vmps tftpserver 192.168.69.100 vmps_config.1 IP address of the TFTP server set to 192.168.69.100 VMPS configuration filename set to vmps_config.1 Console> (enable)
Use the set vtp command to set the options for VTP.
set vtp [domain name] [mode {client | server | transparent}] [passwd passwd] [pruning {enable | disable}] [v2 {enable | disable}]| v2 {enable | disable} | (Optional) Keyword used to set version 2 mode. |
| domain name | (Optional) Keyword used to define the name that identifies the VLAN management domain. The name can be 1 to 32 characters in length. |
| mode {client | server | transparent} | (Optional) Keywords that specify the VTP mode of operation. |
| passwd passwd | (Optional) Keyword used to define the VLAN trunk protocol password. The passwd can be 8 to 64 characters in length. |
| pruning {enable | disable} | (Optional) Keywords that enable or disable VTP pruning in the entire management domain. |
The defaults are as follows: server mode, no password, pruning disabled, and v2 disabled.
Switch command.
Privileged.
VTP version 1 and VTP version 2 are not interoperable on switches in the same VTP domain. The following guidelines apply to switches within the same VTP domain:
This example shows how to use the set vtp command:
Console> (enable) set vtp domain Engineering mode client VTP domain Engineering modified Console> (enable)
Use the set vtp pruneeligible command to configure pruning eligibility for the device.
set vtp pruneeligible vlan_range| vlan_range | Range of VLAN numbers. |
The pruning function is disabled by default. By default, VLANs 2-100 are eligible for pruning.
Switch command.
Privileged.
When the set vtp pruneeligible command is entered, the system will display a list of all pruning-eligible VLANs. VTP pruning does not take effect on a vlan_range that is not eligible for pruning. You can invoke this command independently of the pruning mode.
After entering the set vtp pruneeligible command for VLANs 120 and 150, you see the following display:
Console> (enable) set vtp pruneeligible 120,150 Vlans 120,150 eligible for pruning on this device. VTP domain nada modified. Console> (enable)
clear vtp pruneeligible
show vtp domain
|
|