|
|
This chapter describes the set commands used in the Catalyst 5000 series switch CLI. For a summary of the available switch CLI commands, refer to the "Switch Command Quick Reference" chapter. For more information about using the switch CLI, refer to the "Switch Command-Line Interface" chapter.
Use the set alias command to define aliases (shorthand versions) of commands.
set alias name command [parameter] [parameter]
name | Alias being created. |
command | Command for which the alias is being created. |
parameter | (Optional) Parameters that apply to the command for which an alias is being created. See the specific command for information about parameters that apply. |
No aliases configured.
Switch command.
Privileged.
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
This example shows how to set arpdel as the alias for the clear arp command:
Console> (enable) set alias arpdel clear arp Command alias added. Console> (enable)
Use the set arp command to add mapping entries to the ARP table and to set the ARP aging time for the table.
set arp ip_addr hw_addr [route_descr]
ip_addr | IP address or IP alias to map to the specified MAC address. |
hw_addr | MAC address to map to the specified IP address or IP alias. |
route_descr | (Optional) Route descriptor. The maximum number of route descriptors allowed in the route_descr parameter is 14. |
Keyword used to set the period of time after which an ARP entry is removed from the ARP table. | |
agingtime | Number of seconds (from 1 to 1,000,000) that entries will remain in the ARP table before being deleted. Setting this value to 0 disables aging. |
No ARP table entries exist, and ARP aging is set to 1200 seconds.
Switch command.
Privileged.
This example shows how to map IP address 198.133.219.232 to MAC address 00-00-0c-40-0f-bc:
Console> (enable) set arp 198.133.219.232 00-00-0c-40-0f-bc ARP entry added. Console> (enable)
This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800 ARP aging time set to 1800 seconds. Console> (enable)
Use the set authentication enable command to enable authentication using the TACACS+ server to determine if a user has privileged access permission.
set authentication enable {tacacs | local} {enable | disable}
tacacs | Keyword that specifies the use of the TACACS+ server to determine if the user has privileged access permission. |
local | Keyword that specifies the use of the local password to determine if the user has privileged access permission. |
enable | Keyword used to enable TACACS+ authentication for login. |
disable | Keyword used to disable TACACS+ authentication for login. |
The default setting of this command is local authentication enabled and TACACS+ authentication disabled.
Switch command.
Privileged.
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enable Tacacs Enable authentication set to enable. Console> (enable)
This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enable Local Enable authentication set to enable. Console> (enable)
set authentication login
show tacacs
Use the set authentication login command to enable TACACS+ authentication for login.
set authentication login {tacacs | local} {enable | disable}
tacacs | Keyword that specifies the use of the TACACS+ server password to determine if the user has access permission to the switch. |
local | Keyword that specifies the use of the local password to determine if the user has access permission to the switch. |
enable | Keyword that enables TACACS+ authentication for login. |
disable | Keyword that disables TACACS+ authentication for login. |
The default setting of this command is local authentication enabled and TACACS+ authentication disabled.
Switch command.
Privileged.
This example shows how to use the TACACS+ server to authenticate access permission to the switch:
Console> (enable) set authentication login tacacs enable Tacacs Login authentication set to enable. Console> (enable)
This example shows how to use the local password to authenticate access permission to the switch:
Console> (enable) set authentication login local enable Local Login authentication set to enable. Console> (enable)
set authentication enable
show tacacs
Use the set banner motd command to program an MOTD banner to appear before session login.
set banner motd c [text] c
c | Delimiting character used to begin and end the message. |
text | (Optional) Message of the day. |
Switch command.
Privileged.
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd # ** System upgrade at 6:00am Tuesday. ** Please log out before leaving on Monday. # MOTD banner set. Console> (enable>
This example shows how to clear the message of the day:
Console> (enable) set banner motd ## MOTD banner cleared. Console> (enable>
Use the set boot config-register command to set the boot configuration register value.
set boot config-register 0xvalue [mod_num]
0xvalue | (Optional) Keyword to set the 16-bit configuration register value. |
mod_num | (Optional) Module number of the Supervisor Engine III containing the Flash device. |
baud | (Optional) Keyword to set the console baud rate. |
1200 | 2400 | 4800 | 9600 | (Optional) Keywords to specify baud rate. |
ignore-config | (Optional) Keywords to set the ignore-config feature. When enabled, causes system software to ignore the configuration information stored in NVRAM the next time the switch is restarted. |
enable | (Optional) Keyword to enable the ignore-config feature. |
disable | (Optional) Keyword to disable the ignore-config feature. |
boot | Keyword to specify the boot image to use on the next restart. |
rommon | (Optional) Keyword to specify booting from the ROM monitor. |
bootflash | (Optional) Keyword to specify booting from the bootflash. |
system | (Optional) Keyword to specify booting from the system. |
The ROM monitor defaults are as follows:
Switch command.
Privileged.
We recommend that you use only the rommon and system options to the set boot config-register boot command.
Each time you enter one of the set boot config-register commands, the system displays all current configuration-register information (the equivalent of entering the show boot command).
The baud rate specified in the configuration register is used by the ROM monitor only and is different from the baud rate specified by the set system baud command.
 | Caution Enabling the ignore-config parameter is the same as entering the clear config all command; that is, it clears the entire configuration stored in NVRAM the next time the switch is restarted. |
This example shows how to specify booting from the ROM monitor:
Console> (enable) set boot config-register rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
This example shows how to specify the default 16-bit configuration register value:
Console> (enable) set boot config-register 0x10f Configuration register is 0x10f break: disabled ignore-config: disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to change the ROM monitor baud rate to 4800:
Console> (enable) set boot config-register baud 4800 Configuration register is 0x90f ignore-config: disabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to enable the ignore-config option:
Console> (enable) set boot config-register ignore-config enable Configuration register is 0x94f ignore-config: enabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to specify rommon as the boot image to use on the next restart:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
Use the set boot system flash command to set the BOOT environment variable which specifies a list of images that the switch loads at startup.
set boot system flash device:[filename] [prepend] [mod_num]
device: | Device where the Flash resides. |
filename | (Optional) Name of the configuration file. |
prepend | (Optional) Keyword used to place the device first in the list of boot devices. |
mod_num | (Optional) Module number of the Supervisor Engine III containing the Flash device. |
Switch command.
Privileged.
A colon (:) is required after the specified device.
You can enter several boot system commands to provide a fail-safe method for booting the switch. The system stores and executes the boot system commands in the order in which you enter them. Remember to clear the old entry when building a new image with a different filename in order to use the new image.
If the file does not exist (for example, if you entered the wrong filename), then the filename is appended to the bootstring, and a message displays, "Warning: File not found but still added in the bootstring."
If the file does exist, but is not a Supervisor Engine III image, the file is not added to the bootstring, and a message displays, "Warning: file found but it is not a valid boot image."
This example shows how to append the filename cat5k_r47_2.cbi on device slot0 to the BOOT environment variable:
Console> (enable)set boot system flash slot0:cat5k_r47_2.cbiBOOT variable = slot0:cat5k_r47_1.cbi;slot0:cat5k_r47_2.cbi;Console> (enable)
This example shows how to prepend bootflash:c to the beginning of the boot string:
Console> (enable) set boot system flash bootflash:c prepend Console> (enable)
Use the set bridge apart command to enable or disable APaRT on FDDI.
set bridge apart {enable | disable}
enable | Keyword that activates the APaRT on FDDI. |
disable | Keyword that deactivates APaRT on FDDI. |
The default configuration has APaRT enabled.
Switch command.
Privileged.
This example shows how to disable APaRT:
Console> (enable) set bridge apart disable APaRT disabled Console> (enable)
Use the set bridge fddicheck command to enable or disable the relearning of MAC addresses (as FDDI MAC addresses) that were already learned from an Ethernet interface (as Ethernet MAC addresses).
set bridge fddicheck {enable | disable}
enable | Keyword that permits FDDI to relearn MAC addresses learned from an Ethernet interface. |
disable | Keyword that prevents FDDI from relearning MAC addresses learned from an Ethernet interface. |
The default configuration has fddicheck disabled.
Switch command.
Privileged.
When fddicheck is enabled, a MAC address seen on the FDDI ring is not learned (stored in FDDI CAM) as an FDDI MAC address if the MAC address was previously learned from an Ethernet interface (as an Ethernet MAC address).
Thus, with fddicheck enabled, MAC addresses previously learned from an Ethernet interface will not be relearned on the FDDI interface until the CAM is cleared.
This command requires information from the FDDI CAM. Therefore, disabling APaRT also automatically disables fddicheck. To enable fddicheck, first enable APaRT.
This example shows how to enable fddicheck on the switch:
Console> (enable) set bridge fddicheck enable FDDICHECK enabled Console> (enable)
Use the set bridge ipx 8022toether command to set the default method for translating IPX packets from FDDI 802.2 to Ethernet. The default translation method specified is used only until the real protocol types are learned.
set bridge ipx 8022toether {8023 | snap | eii | 8023raw}
8023 | Keyword that specifies Ethernet 802.3 as the default translation method. |
snap | Keyword that specifies Ethernet SNAP as the default translation method. |
eii | Keyword that specifies Ethernet II as the default translation method. |
8023raw | Keyword that specifies Ethernet 802.3 RAW as the default translation method. |
The default translation method for FDDI 802.2 to Ethernet networks is 8023 (Ethernet 802.3).
Switch command.
Privileged.
This example shows how to set the default protocol to SNAP for translating IPX packets between FDDI 802.2 and Ethernet networks:
Console> (enable) set bridge ipx 8022toether snap 8022 to ETHER translation set. Console> (enable)
Use the set bridge ipx 8023rawtofddi command to set the default method for translating IPX packets from Ethernet 802.3 to FDDI. The default translation method specified is used only until the real protocol types are learned.
set bridge ipx 8023rawtofddi {8022 | snap | fddiraw}
8022 | Keyword that specifies FDDI 802.2 as the default translation method. |
snap | Keyword that specifies FDDI SNAP as the default translation method. |
fddiraw | Keyword that specifies FDDI RAW as the default translation method. |
The default translation method for Ethernet 802.3 to FDDI networks is SNAP (FDDI SNAP).
Switch command.
Privileged.
This example shows how to set the default translation method to FDDI SNAP for translating IPX packets between Ethernet 802.3 and FDDI networks:
Console> (enable) set bridge ipx 8023rawtofddi snap 8023RAW to FDDI translation set. Console> (enable)
Use the set bridge ipx snaptoether command to set the default method for translating IPX FDDI SNAP frames to Ethernet frames. The default translation specified is used for all broadcast IPX SNAP frames and for any unlearned Ethernet MAC addresses.
set bridge ipx snaptoether {8023 | snap | eii | 8023raw}
8023 | Keyword that specifies Ethernet 802.3 as the default frame type. |
snap | Keyword that specifies Ethernet SNAP as the default frame type. |
eii | Keyword that specifies Ethernet II as the default frame type. |
8023raw | Keyword that specifies Ethernet 802.3 RAW as the default frame type. |
The default translation method for translating IPX FDDI SNAP frames to Ethernet frames is 8023raw (Ethernet 802.3 RAW).
Switch command.
Privileged.
This example shows how to set the default method for translating IPX FDDI SNAP frames to Ethernet frames to SNAP:
Console> (enable) set bridge ipx snaptoether snap Bridge snaptoether default IPX translation set. Console> (enable)
Use the set cam command to add entries into the CAM table and to set the aging time for the CAM table.
set cam {dynamic | static | permanent} {unicast_mac | multicast_mac | route_descr} mod_num/port_nums [vlan]
dynamic | Keyword that specifies that entries are subject to aging. |
static | Keyword that specifies that entries are not subject to aging. Static (nonpermanent) entries will remain in the table until the system is reset. |
permanent | Keyword that specifies that permanent entries are stored in NVRAM until they are removed by the clear cam or clear config command. |
unicast_mac | MAC address of the destination host used for a unicast. |
multicast_mac | MAC address of the destination host used for a multicast. |
route_descr | Route descriptor of the "next hop" relative to this switch. This variable is entered as two hexadecimal bytes in the following format: 004F. |
mod_num | Number of the module. |
port_nums | Number of a specific port. |
vlan | (Optional) Number of the VLAN. This number is optional unless you are setting CAM entries to dynamic, static, or permanent for a trunk port, or if you are using the agingtime keyword. |
agingtime | Keyword used to set the period of time after which an entry is removed from the table. |
agingtime | Number of seconds (0 to 1,000,000) that dynamic entries remain in the table before being deleted. Setting aging time to 0 disables aging. |
The default configuration has a local MAC address, spanning-tree address (01-80-c2-00-00-00), and CDP multicast address for destination port 1/3 (the NMP). The default aging time for all configured VLANs is 300 seconds.
Switch command.
Privileged.
If the given MAC address is a multicast address (the least significant bit of the most significant byte is set to 1) or broadcast address (ff-ff-ff-ff-ff-ff) and multiple ports are specified, the ports must all be in the same VLAN. If the given address is a unicast address and multiple ports are specified, the ports must be in different VLANs.
The set cam command does not support the RSM.
If you enter a route descriptor with no VLAN parameter specified, the default is the VLAN already associated with the port. If you enter a route descriptor, you may only use a single port number (of the associated port).
This example shows how to set the CAM table aging time to 300 seconds:
Console> (enable) set cam agingtime 1 300 Vlan 1 CAM aging time set to 300 seconds. Console> (enable)
This example shows how to add a unicast entry to the table for module 2, port 9:
Console> (enable) set cam static 00-00-0c-a0-03-fa 2/9 Static unicast entry added to CAM table. Console> (enable)
This example shows how to add a permanent multicast entry to the table for module 1, port 1, and module 2, ports 1, 3, and 8 through 12:
Console> (enable) set cam permanent 01-40-0b-a0-03-fa 1/1,2/1,2/3,2/8-12 Permanent multicast entry added to CAM table. Console> (enable)
Use the set cdp command to enable or disable the CDP information display on specified ports.
set cdp {enable | disable} {mod_num/port_num | all}
enable | Keyword that enables the CDP information display. |
disable | Keyword that disables the CDP information display. |
mod_num | Number of the module. |
port_num | Number of the port. |
all | Keyword that specifies all ports. |
The default system configuration has CDP enabled.
Switch command.
Privileged.
The ATM module does not support CDP.
This example shows how to enable the CDP message display for port 1 on module 2:
Console> (enable) set cdp enable 2/1 CDP enabled on port 2/1. Console> (enable)
This example shows how to disable the CDP message display for port 1 on module 2:
Console> (enable) set cdp disable 2/1 CDP disabled on port 2/1. Console> (enable)
Use the set cdp interval command to set the message interval for CDP.
set cdp interval {mod_num/port_num | all} interval
mod_num | Number of the module. |
port_num | Number of the port. |
all | Keyword that specifies all ports. |
interval | Number of seconds (5 to 900) the system waits before sending a message. |
The default has the message interval set to 60 seconds for every port.
Switch command.
Privileged.
This example shows how to set the CDP message interval for port 10 on module 2 to 30 seconds:
Console> (enable) set cdp interval 2/10 30 CDP message interval set to 30 seconds for port 2/10. Console> (enable)
Use the set cgmp command to enable or disable CGMP on a device.
set cgmp {enable | disable}
enable | Keyword used to enable CGMP on a device. |
disable | Keyword used to disable CGMP on a device. |
By default, CGMP is disabled.
Switch command.
Privileged.
CGMP filtering requires a network connection from the Catalyst 5000 series switch to an external router running CGMP.
This example shows how to enable CGMP on a device:
Console> (enable) set cgmp enable
CMGP support for IP multicast enabled.
Console> (enable)
This example shows how to disable CGMP on a device:
Console> (enable)set cgmp disableCMGP support for IP multicast disabled.Console> (enable)
This example shows what happens if you try to enable CGMP if IGMP is already enabled:
Console> (enable) set cgmp enable Disable IGMP Snooping feature to enable CGMP. Console> (enable)
clear multicast router
set multicast router
show multicast group
show multicast group count
Use the set cgmp leave command to enable or disable CGMP leave processing.
set cgmp leave {enable | disable}
enable | Keyword used to enable CGMP leave processing. |
disable | Keyword used to disable CGMP leave processing. |
By default, CGMP leave processing is disabled.
Switch command.
Privileged.
This example shows how to enable CGMP leave processing:
Console> (enable) set cgmp leave enable
CMGP support for leave processing enabled.
Console> (enable)
This example shows how to disable CGMP leave processing:
Console> (enable)set cgmp leave disableCMGP support for leave processing disabled.Console> (enable)
clear multicast router
set multicast router
show multicast group
show multicast group count
show cgmp leave
Use the set enablepass command to change the password for the privileged level of the CLI.
set enablepassThis command has no arguments or keywords.
The default configuration has no enable password configured.
Switch command.
Privileged.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed.
This example shows how to establish a new password:
Console> (enable) set enablepass Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed. Console> (enable)
Use the set fddi alarm command to specify the LER-alarm value for an FDDI port. The value defines the rate at which the LER threshold is exceeded on a link. The LER-alarm value affects the results of the LER threshold test.
set fddi alarm mod_num/port_num value
mod_num | Number of the module. |
port_num | Number of the port. |
value | Value for the LER-alarm parameter. This exponential value represents the number of link errors per second (that is, 10-value link errors per second). Valid values are between 7 and 15. |
The default LER-alarm value is 8 milliseconds (10-8 seconds).
Switch command.
Privileged.
This example shows how to change the LER-alarm value to 10-11 seconds for port 1 on module 4:
Console> (enable) set fddi alarm 4/1 11 Port 4/1 alarm value set to 11. Console> (enable)
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi cutoff command to specify the LER-cutoff value for an FDDI port. The LER-cutoff value determines the LER at which a connection is flagged as faulty. The LER-cutoff value affects the results of the LER threshold test.
set fddi cutoff mod_num/port_num value
mod_num | Number of the module. |
port_num | Number of the port. |
value | Exponential value for the LER-cutoff parameter (that is, 10-value link errors per second). Valid values are between 7 and 15. |
The default LER-cutoff value is 7 milliseconds (10-7 seconds).
Switch command.
Privileged.
This example shows how to change the LER-cutoff value to 10¯10 seconds for port 1 on module 4:
Console> (enable) set fddi cutoff 4/1 10 Port 4/1 cutoff value set to 10. Console> (enable)
set fddi alarm
set fddi tlmin
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi tlmin command to change the TL_MIN value for an FDDI port.
set fddi tlmin mod_num/port_num microseconds
mod_num | Number of the module. |
port_num | Number of the port. |
microseconds | Number of microseconds for the TL_MIN parameter. |
The default value for TL_MIN is 40 microseconds.
Switch command.
Privileged.
The TL_MIN value specifies the minimum time to transmit a PHY line state before advancing to the next PCM state. This setting affects the station and switch interoperability and might hinder the implementation of FDDI repeaters.
This example shows how to change the TL_MIN value to 80 microseconds for port 1 on module 4:
Console> (enable) set fddi tlmin 4/1 80 Port 4/1 tlmin set to 80 usec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi tnotify command to change the TNotify timer value for an FDDI module.
set fddi tnotify mod_num time
mod_num | Number of the module. |
time | Number of seconds for the TNotify timer. Valid times are from 2 to 30 seconds. |
The default value for the TNotify timer is 30 seconds.
Switch command.
Privileged.
The TNotify parameter sets the interval (in seconds) between neighbor notification frames. These frames advertise FDDI module MAC addresses to neighboring devices. Usually, the default setting is sufficient.
This example shows how to change the TNotify timer value to 16 seconds for module 4:
Console> (enable) set fddi tnotify 4 16 Module 4 SMT T-Notify set to 16 sec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi treq
set fddi userdata
show fddi
Use the set fddi treq command to change the TRequest value for an FDDI module.
set fddi treq mod_num time
mod_num | Number of the module. |
time | Number of seconds for the TRequest value. Valid times are from 2502 to 165,000 microseconds. |
The default value for the TRequest is 165,000 microseconds.
Switch command.
Privileged.
The TRequest parameter specifies the default TRT value for the FDDI module. This value is used when negotiating the TRT with other stations. The TRT is used to control ring scheduling during normal operation and to detect and recover from serious ring error situations. Whenever the TRT expires, the station uses the TRequest value to negotiate with other stations for the lowest value. The default setting of 165,000 microseconds is sufficient for most networks.
This example shows how to change the TRequest value to 3500 microseconds for module 4:
Console> (enable) set fddi treq 4 3500 Mac 4/1 T-request set to 3500 usec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi userdata
show fddi
Use the set fddi userdata command to configure the user-data string in the SMT MIB of an FDDI module.
set fddi userdata mod_num [userdata_string]
mod_num | Number of the module. |
userdata_string | (Optional) Unique character string that identifies the node. |
The default value for the FDDI user-data string is "Catalyst 5000."
Switch command.
Privileged.
The user-data string identifies the FDDI module or Catalyst 5000 series switch when you use a management tool to configure and maintain an internetwork or when you access the FDDI module remotely. The userdata_string might be a term identifying the network node or the users connected to the network node.
This example shows how to change the user-data string to Engineering for module 4:
Console> (enable) set fddi userdata 4 Engineering Module 4 SMT User Data set to Engineering. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi treq
show fddi
Use the set igmp command to enable or disable IGMP snooping on the switch.
set igmp {enable | disable}
enable | Keyword used to enable IGMP snooping on the switch. |
disable | Keyword used to disable IGMP snooping on the switch. |
IGMP snooping is disabled.
Switch command.
Privileged.
IGMP snooping is supported only on Catalyst 5000 series switches using a Supervisor Engine III with an NFFC installed.
Before enabling IGMP snooping, you must disable CGMP and CGMP leave processing (by using the set cgmp and set cgmp leave commands).
This example shows how to enable IGMP snooping on the switch:
Console> (enable) set igmp enable IGMP Snooping is enabled. CGMP is disabled. Console> (enable)
This example shows what happens if you try to enable IGMP if CGMP is already enabled:
Console> (enable) set igmp enable Disable CGMP to enable IGMP Snooping feature. Console> (enable)
clear igmp statistics
clear multicast router
set multicast router
show igmp statistics
show multicast router
show multicast group
Use the set interface command to configure the in-band and SLIP interfaces on the switch.
set interface {sc0 | sl0} {up | down}
sc0 | Keyword that specifies the in-band interface. |
sl0 | Keyword that specifies the SLIP interface. |
up | Keyword used to bring the interface into operation. |
down | Keyword used to bring the interface out of operation. |
vlan | (Optional) Number of the VLAN to be assigned to the interface. |
ip_addr | (Optional) IP address. |
netmask | (Optional) Subnet mask. |
broadcast | (Optional) Broadcast address. |
slip_addr | IP address of the console port. |
dest_addr | IP address of the host to which the console port will be connected. |
The default configuration has the in-band interface (sc0) in VLAN 1 with the IP address, subnet mask, and broadcast address set to 0.0.0.0. The default configuration for the SLIP interface (sl0) is IP address and broadcast address set to 0.0.0.0.0.
Switch command.
Privileged.
There are two configurable network interfaces on a Catalyst 5000 series switch: in-band (sc0) and SLIP (sl0). Configuring the sc0 interface with an IP address and subnet mask allows you to access the switch CLI via Telnet from a remote host. The sc0 interface should be assigned to an active VLAN configured on the switch (the default is VLAN 1). Make sure the IP address you assign is in the same subnet as other stations in that VLAN.
Configuring the sl0 interface with an IP address and destination address allows you to make a point-to-point connection to a host through the console port. Use the slip attach command to activate SLIP on the console port (you will not be able to access the CLI via a terminal connected to the console port until you use the slip detach command to deactivate SLIP on the console port).
This example shows how to use set interface sc0 and set interface sl0 from the console port. It also shows how to bring down interface sc0 using a terminal connected to the console port:
Console> (enable) set interface sc0 192.200.11.44 255.255.255.0 Interface sc0 IP address and netmask set. Console> (enable) set interface sl0 192.200.10.45 192.200.10.103 Interface sl0 SLIP and destination address set. Console> (enable) set interface sc0 down. Interface sc0 administratively down. Console> (enable)
This example shows how to set the IP address for sc0 through a Telnet session. Note that the default netmask for that IP address class will be used (for example, a class C address will use 255.255.255.0, a class B will use 255.255.0.0):
Console> (enable) set interface sc0 192.200.11.40 This command may disconnect active telnet sessions. Do you want to continue (y/n) [n]? y Interface sc0 IP address set.
This example shows how to take the interface out of operation through a Telnet session:
Console> (enable) set interface sc0 down This command will inactivate telnet sessions. Do you want to continue (y/n) [n]? y Interface sc0 administratively down.
This example shows how to assign the sc0 interface to a particular VLAN:
Console> (enable) set interface sc0 5 Interface sc0 vlan set. Console> (enable)
This example shows what happens when you assign the sc0 interface to a nonactive VLAN:
Console> (enable) set interface sc0 200 Vlan is not active, user needs to set vlan 200 active Interface sc0 vlan set. Console> (enable)
Use the set ip alias command to add aliases of IP addresses.
set ip alias name ip_addr
name | Name of the alias being defined. |
ip_addr | IP address of the alias being defined. |
The default configuration has one IP alias (0.0.0.0) configured as the default.
Switch command.
Privileged.
This example shows how to define an IP alias of mercury for IP address 192.122.174.234:
Console> (enable) set ip alias mercury 192.122.174.234 IP alias added. Console> (enable)
Use the set ip dns command to enable or disable DNS.
set ip dns {enable | disable}
enable | Keyword used to enable DNS. |
disable | Keyword used to disable DNS. |
DNS is disabled.
Switch command.
Privileged.
This example shows how to enable DNS:
Console> (enable) set ip dns enable DNS is enabled. Console> (enable)
This example shows how to disable DNS:
Console> (enable) set ip dns disable DNS is disabled. Console> (enable)
Use the set ip dns domain command to set the default DNS domain name.
set ip dns domain name
name | Default DNS domain name. |
This command has no default setting.
Switch command.
Privileged.
If you specify a domain name on the command line, the system attempts to resolve the host name as entered. If the system cannot resolve the host name as entered, it appends the default DNS domain name as defined with the set ip dns domain command. If you specify a domain name with a trailing dot, the program considers this an absolute domain name.
This example shows how to set the default DNS domain name:
Console> (enable) set ip dns domain yow.com Default DNS domain name set to yow.com. Console> (enable)
clear ip dns domain
show ip dns
Use the set ip dns server command to set the IP address of a DNS server.
set ip dns server ip_addr [primary]
ip_addr | IP address of the DNS server. |
primary | (Optional) Keyword used to configure a DNS server as the primary server. |
This command has no default setting.
Switch command.
Privileged.
You can configure up to three DNS name servers as backup. You can also configure any DNS server as the primary server. The primary server is queried first. If the primary server fails, the backup servers are queried.
If DNS is disabled, you must use the IP address with all commands that require explicit IP addresses or manually define an alias for that address. The alias has priority over DNS.
These examples show how to set the IP address of a DNS server:
Console> (enable) set ip dns server 198.92.30.32 198.92.30.32 added to DNS server table as primary server. Console> (enable) set ip dns server 171.69.2.132 primary 171.69.2.132 added to DNS server table as primary server. Console> (enable) set ip dns server 171.69.2.143 primary 171.69.2.143 added to DNS server table as primary server.
This example shows what happens if you enter more than three DNS name servers as backup:
Console> (enable) set ip dns server 161.44.128.70 DNS server table is full. 161.44.128.70 not added to DNS server table.
clear ip dns server
show ip dns
Use the set ip fragmentation command to enable or disable the fragmentation of IP packets bridged between FDDI and Ethernet networks. Note that FDDI and Ethernet networks have different MTUs.
set ip fragmentation {enable | disable}
enable | Keyword that permits fragmentation for IP packets bridged between FDDI and Ethernet networks. |
disable | Keyword that disables fragmentation for IP packets bridged between FDDI and Ethernet networks. |
The default value is IP fragmentation enabled.
Switch command.
Privileged.
If IP fragmentation is disabled, packets are dropped.
This example shows how to disable IP fragmentation:
Console> (enable) set ip fragmentation disable Bridge IP fragmentation disabled. Console> (enable)
Use the set ip permit command to enable or disable the IP permit list. Use the set ip permit ip_addr command to specify an IP address to be added to the IP permit list.
set ip permit {enable | disable}
enable | Keyword used to enable the IP permit list. |
disable | Keyword used to disable the IP permit list. |
ip_addr | IP address to be added to the IP permit list. An IP alias or host name that can be resolved through DNS can also be used. |
mask | (Optional) Subnet mask of the specified IP address. |
The IP permit list is disabled.
Switch command.
Privileged.
You can configure up to ten entries in the permit list. If the IP permit list is enabled, but the permit list has no entries configured, a caution displays on the screen.
This example shows how to enable the IP permit list:
Console> (enable) set ip permit enable IP permit list enabled. WARNING!! IP permit list has no entries. Console> (enable)
This example shows how to add an IP address to the IP permit list:
Console> (enable) set ip permit 172.100.101.102 172.100.101.102 added to IP permit list. Console> (enable)
This example shows how to add an IP address using an IP alias or host name to the IP permit list:
Console> (enable) set ip permit batboy batboy added to IP permit list. Console> (enable)
This example shows how to add a subnet mask of the IP address to the IP permit list:
Console> (enable) set ip permit 172.160.161.0 255.255.192.0 172.160.128.0 with mask 255.255.192.0 added to IP permit list. Console> (enable)
This example shows how to disable the IP permit list:
Console> (enable) set ip permit disable IP permit list disabled. Console> (enable)
clear ip permit
set ip permit
show ip permit
Use the set ip redirect command to enable or disable ICMP redirect messages on the Catalyst 5000 series switch.
set ip redirect {enable | disable}
enable | Keyword that permits ICMP redirect messages to be returned to the source host. |
disable | Keyword that prevents ICMP redirect messages from being returned to the source host. |
The default configuration has ICMP redirect enabled.
Switch command.
Privileged.
This example shows how to deactivate ICMP redirect messages:
Console> (enable) set ip redirect disable ICMP redirect messages disabled. Console> (enable)
Use the set ip route command to add IP addresses or aliases to the IP routing table.
set ip route destination gateway [metric] [primary]
destination | IP address or IP alias of the network or specific host to be added. Use default as the destination to set the new entry as the default route. |
gateway | IP address or IP alias of the router. |
metric | (Optional) Value used to indicate the number of hops between the switch and the gateway. |
primary | (Optional) Keyword used with the Multiple Default IP Gateways feature to specify the default IP gateway with the highest priority. |
The default configuration routes the local network through the sc0 interface with metric 0 as soon as sc0 is configured.
Switch command.
Privileged.
You can configure up to three default gateways. The primary is the highest priority. If a primary is not designated, priority is based on the order of input. If two primary definitions are entered, the second definition becomes the primary and the first definition is now the secondary default IP gateway.
These examples show how to add three default routes to the IP routing table, checking after each addition using the show ip route command:
Console> (enable) set ip route default 192.122.173.42 1 primary Route added. Console> (enable) Console> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------- default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0 Console> (enable) Console> (enable) set ip route default 192.122.173.43 1 Route added. Console> (enable) Console> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------- default 192.122.173.43 G 0 sc0 default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0 Console> (enable) Console> (enable) set ip route default 192.122.173.44 1 Route added. Console> (enable) Console> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------- default 192.122.173.44 G 0 sc0 default 192.122.173.43 G 0 sc0 default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0 Console> (enable)
Use the set ip unreachable command to enable or disable ICMP unreachable messages on the switch.
set ip unreachable {enable | disable}
enable | Keyword that allows IP unreachable messages to be returned to the source host. |
disable | Keyword that prevents IP unreachable messages from being returned to the source host. |
The default has ICMP unreachable messages enabled.
Switch command.
Privileged.
When you enable ICMP unreachable messages, the switch returns an ICMP unreachable message to the source host whenever it receives an IP datagram that it cannot deliver. When you disable ICMP unreachable messages, the switch does not notify the source host when it receives an IP datagram that it cannot deliver.
For example, a switch has the ICMP unreachable message function enabled and IP fragmentation disabled. If an FDDI frame is received and needs to transmit to an Ethernet port, the switch cannot fragment the packet. The switch drops the packet and returns an IP unreachable message to the Internet source host.
This example shows how to disable ICMP unreachable messages:
Console> (enable) set ip unreachable disable ICMP Unreachable message disabled. Console> (enable)
Use the set length command to configure the number of lines in the terminal display screen.
set length number [default]
number | Number of lines to display on the screen (0 to 512). |
default | (Optional) Keyword that sets the number of lines in the terminal display screen for the current administration session and all other sessions. This keyword is only available in privileged mode. |
The default value is 24 lines upon starting a session. When the value is changed in a session, it applies only to that session. When you use the clear config command, the number of lines in the terminal display screen is reset to the factory default of 100.
Switch command.
Privileged.
Output from a single command that overflows a single display screen is followed by the --More-- prompt. At the --More-- prompt, you can press Ctrl-C, q, or Q to interrupt the output and return to the prompt, press the Spacebar to display an additional screen of output, or press Return to display one more line of output.
Setting the screen length to 0 turns off the scrolling feature and causes the entire output to display at once. Unless the default keyword is used, a change to the terminal length value applies only to the current session.
This example shows how to set the screen length to 60 lines:
Console> (enable) set length 60 Screen length for this session set to 60. Console> (enable)
This example shows how to set the default screen length to 40 lines:
Console> (enable) set length 40 default Screen length set to 40. Console> (enable)
Use the set logging console command to enable and disable the sending of system logging messages to the console.
set logging console {enable | disable}
enable | Keyword used to enable system message logging to the console. |
disable | Keyword used to disable system message logging to the console. |
By default, system message logging to the console is enabled.
Switch command.
Privileged.
This example shows how to enable system message logging to the console:
Console (enable) set logging console enable
System logging messages will be sent to the console.
Console (enable)
This example shows how to disable system message logging to the console:
Console (enable) set logging console disable
System logging messages will not be sent to the console.
set logging level
set logging session
show logging
show logging buffer
Use the set logging level command to set the facility and severity level used when logging system messages.
set logging level facility severity [default]
facility | Value that specifies the type of system messages to capture. Facility types are shown in Table 7-1. |
severity | Value that specifies the severity level of system messages to capture. Severity level definitions are shown in Table 7-2. |
default | (Optional) Keyword that causes the specified logging level to apply to all sessions. If default is not used, the specified logging level applies only to the current session. |
| Facility Name | Definition |
|---|---|
cdp | Cisco Discovery Protocol |
mcast | Multicast |
disl | Dynamic Inter-Switch Link |
dvlan | Dynamic VLAN |
earl | Encoded Address Recognition Logic |
fddi | Fiber Distributed Data Interface |
ip | Internet Protocol |
pruning | VTP pruning |
snmp | Simple Network Management Protocol |
spantree | Spanning-Tree Protocol |
sys | System |
tac | Terminal Access Controller |
tcp | Transmission Control Protocol |
telnet | Terminal emulation Protocol |
tftp | Trivial File Transfer Protocol |
vtp | Virtual Terminal Protocol |
vmps | VLAN Membership Policy Server |
kernel | Kernel |
filesys | File System |
drip | Dual Ring Protocol |
pagp | Port Aggregation Protocol |
mgmt | Management |
mls | Multilayer Switching |
protfilt | Protocol Filter |
| Severity Level | Keyword | Description |
|---|---|---|
0 | emergencies | System unusable |
1 | alerts | Immediate action required |
2 | critical | Critical condition |
3 | errors | Error conditions |
4 | warnings | Warning conditions |
5 | notifications | Normal bug significant condition |
6 | informational | Informational messages |
7 | debugging | Debugging messages |
By default, facility is set to all and level is set to 0.
Switch command.
Privileged.
This example shows how to set the default facility and severity level for system message logging:
Console (enable) set logging level snmp 2 default
System logging facility <snmp> set to severity 2(critical).
Console (enable)
show logging
show logging buffer
Use the set logging server command to enable and disable system message logging to configured syslog servers, and to add a syslog server to the system logging server table.
set logging server {enable | disable}
enable | Keyword used to enable system message logging to configured syslog servers. |
disable | Keyword used to disable system message logging to configured syslog servers. |
ip_addr | IP address of the syslog server to be added to the configuration. An IP alias or a host name that can be resolved through DNS can also be used. |
By default, no syslog servers are configured to receive system messages.
Switch command.
Privileged.
This example shows how to enable system message logging to the console:
Console (enable) set logging server enable
System logging messages will be sent to the configured syslog servers.
Console (enable)
This example shows how to add a syslog server to the system logging server table:
Console (enable) set logging server 171.69.192.205
171.69.192.205 added to the System logging server table.
Console (enable)
clear logging server
show logging
Use the set logging session command to enable or disable the sending of system logging messages to the current login session.
set logging session {enable | disable}
enable | Keyword used to enable the sending of system logging messages to the current login session. |
disable | Keyword used to disable the sending of system logging messages to the current login session. |
By default, system message logging to the current login session is enabled.
Switch command.
Privileged.
This example shows how to prevent system logging messages from being sent to the current login session:
Console> (enable) set logging session disable System logging messages will not be sent to the current login session. Console> (enable)
This example shows how to cause system logging messages to be sent to the current login session:
Console> (enable) set logging session enable System logging messages will be sent to the current login session. Console> (enable)
set logging console
set logging level
show logging
show logging buffer
Use the set logout command to set the number of minutes until the system automatically disconnects an idle session.
set logout timeout
timeout | Number of minutes (0 to 10,000) until the system automatically disconnects an idle session. Setting the value to 0 disables the automatic disconnection of idle sessions. |
The default value is 20 minutes.
Switch command.
Privileged.
This example shows how to set the number of minutes until the system automatically disconnects an idle session:
Console> (enable) set logout 20 Sessions will be automatically logged out after 20 minutes of idle time. Console> (enable)
This example shows how to disable the automatic disconnection of idle sessions:
Console> (enable) set logout 0 Sessions will not be automatically logged out. Console> (enable)
Use the set mls command set to configure the MLS feature in the Catalyst 5000 series switch.
set mls agingtime [agingtime]
agingtime | Keyword used to specify the aging time (in seconds) for an MLS entry. |
agingtime | (Optional) MLS aging time of shortcuts to an MLS entry. |
disable | Keyword used to disable IP shortcut functions on the Catalyst 5000 series switch, disable any NFCP message processing, delete any existing shortcut entries, and prevent new shortcut entries from being established. |
enable | Keyword used to enable IP shortcut functions on the switch, enable NFCP message processing, and allow new shortcut entries to be established. |
include | Keyword used to include the specified router(s) to participate in MLS. |
ip_addr | Router IP address, or name of the router if DNS is enabled. |
The default agingtime is set to 256 seconds. The default fastagingtime is set to 0 seconds. The default pkt_threshold is 0.
Switch command.
Privileged.
If you enter any of the set mls commands on a Catalyst 5000 series switch without MLS, the following warning message displays:
MLS not supported on feature card.The set mls disable command disables IP shortcut functions on the Catalyst 5000 series switch, does not process any NFCP messages, deletes any existing shortcut entries, and prevents new ones from being established.
The set mls enable command enables the IP shortcut function on this device, processes NFCP messages, and starts establishing shortcuts for IP data packets.
The Catalyst 5000 series switch does not process NFCP messages from routers that are not configured to participate in MLS. You must use the set mls include command to configure a router to participate in MLS. You can specify multiple router entries on the same command line. The included router entries are saved in NVRAM and retained across a power cycle.
You must enable DNS to resolve the router's IP address.
These examples show how to use the set mls command set to configure MLS:
console>(enable) set mls agingtime 512 MLS aging time set to 512 seconds. Console> (enable) console>(enable) set mls agingtime fast 32 0 MLS fast aging time set to 32 seconds for entries with no more than 0 packet switched. Console> (enable) Console> (enable) set mls disable Multilayer switching disabled Console> (enable) Console> (enable) set mls enable Multilayer switching enabled Console> (enable) Console> (enable) set mls include 170.170.2.1 Multilayer switching enabled for router 170.170.2.1 Console> (enable) Console> (enable) set mls include Stargate Multilayer switching enabled for router 172.20.15.1 (Stargate) Console> (enable)
set mls nde
clear mls
show mls
show mls statistics
Use the set mls agingtime fast command to specify the MLS aging time of shortcuts to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created.
set mls agingtime fast [fastagingtime] [pkt_threshold]
fastagingtime | (Optional) Valid values are: 32, 64, 96 or 128 seconds. A "0" entry disables fast aging. If a value is not specified, the default value is used. |
pkt_threshold | (Optional) Valid values: 0, 1, 3, 7, 15, 31, and 63 packets. A "0" entry disables fast aging. If a value is not specified, the default value is used. |
The default fastagingtime is 0, no fast aging. The default pkt_threshold is 0.
Switch command.
Privileged.
If you enter any of the set mls agingtime fast commands on a Catalyst 5000 series switch without MLS, the following warning message displays:
mls not supported on feature card.If fastagingtime is not configured exactly the same as the valid values, it is adjusted to the closest one. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0 packet, respectively (it means no packet is switched within 32 seconds after the entry is created).
Agingtime applies to an MLS entry that has no more than <pkt_threshold> packets switched within <fastagingtime> seconds after it is created. A typical example is the MLS entry destined to/sourced from a DNS or TFTP server. This entry may never be used again after it is created. For example, only one request goes to a server and one reply returns from the server, and then the connection is closed.
The agingtime fast option is used to purge entries associated with very short flows, such as DNS and TFTP.
We recommend that you keep the number of MLS entries in the MLS cache below 32K. If the number of MLS entries is more than 32K, some flows (less than 1 percent) are sent to the router.
To keep the number of MLS cache entries below 32K, enable agingtime fast. Initially set it at
128 seconds. If the number of cache entries continues to exceed 32K, decrease the setting; start with 96, then 64, and 32 as necessary.
If cache entries continue to exceed 32K, decrease the normal agingtime in increments of 64 seconds from the 256-second default.
This example shows how to use the set mls agingtime fast command to set the agingtime:
console>(enable) set mls agingtime fast 32 0 MLS fast aging time set to 32 seconds for entries with no more than 0 packet switched. Console> (enable)
set mls nde
clear mls
show mls
show mls statistics
Use the set mls nde command set to configure the NetFlow Data Export (NDE) feature in the Catalyst 5000 series switch to allow command exporting statistics to the preconfigured collector.
set mls nde {disable | enable}
disable | Keyword used to disable NDE. |
enable | Keyword used to enable NDE. |
collector_ip | IP address of the collector, or name of the collector if DNS is enabled. |
udp_port_num | Number of the UDP port to receive the exported statistics. |
flow | (Optional) Keyword used to add filtering to NDE. |
protocol | (Optional) Protocol type; valid values can be 0, tcp, udp, icmp, or a decimal number for other protocol families. 0 indicates "do not care." If protocol is not tcp or udp, we recommend that the dst_port and src_port values be set to 0, otherwise no flows are displayed. |
src_port | (Optional) Number of the source port. Used with dst_port to specify the port pair if the protocol is tcp or udp. If 0 is entered, this indicates "do not care." If protocol is not tcp or udp, we recommend that the src_port value be set to 0, otherwise no flows are displayed. |
dst_port | (Optional) Number of the destination port. Used with src_port to specify the port pair if the protocol is tcp or udp. If 0 is entered, this indicates "do not care." If protocol is not tcp or udp, we recommend that the dst_port value be set to 0, otherwise no flows are displayed. |
All expired flows are exported until the filter is explicitly specified.
Switch command.
Privileged.
If you enter any of the set mls nde commands on a Catalyst 5000 series switch without MLS, the following warning message displays:
mls not supported on feature card.Before you use the set mls nde command for the first time, you must configure the host to collect the MLS statistics. The host name and UDP port number are saved in NVRAM and you do not need to specify them. If you do specify a host name and UDP port, values in NVRAM overwrite the old values. Collector's values in NVRAM do not clear when NDE is disabled; this command configures the collector, but does not automatically enable NDE.
The set mls nde enable command enables NDE, exporting statistics to the preconfigured collector.
If you attempt to enable NDE without first specifying a collector, you see this display:
Console>(enable) set mls nde enable Please set host name and UDP port number with `set mls nde <collector_name | collector_ip> <udp_port_number>'. Console>(enable)
The set mls nde flow command adds filtering to the NDE. Expired flows matching the specified criteria are exported. These values are stored in NVRAM. They are not cleared when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when NDE is disabled.
Use the following syntax to specify an IP subnet address:
If the protocol value is not set to tcp or udp, we recommend that the dst_port and src_port values be set to 0, otherwise no flows will be displayed.
These examples show how to use the set mls nde command set to configure NDE:
Console> (enable) set mls nde Stargate 120 Netflow data export not enabled. Netflow data export to port 120 on 172.20.15.1(Stargate) Console> (enable) Console>(enable) set mls nde enable Netflow data export enabled. Netflow data export to port 120 on 172.20.15.1 (Stargate) Console> (enable) Console> (enable) set mls nde disabled Netflow data export disabled. Console> (enable) console> (enable) set mls nde flow destination 171.69.194.140/24 Netflow data export: destination filter set to 171.69.194.0/24 Console> (enable) console> (enable) set mls nde flow destination 171.69.194.140 Netflow data export: destination filter set to 171.69.194.140/32 (Only flows to host 171.69.194.140 that are expired are exported) Console> (enable) console> (enable) set mls nde flow destination 171.69.194.140/24 source 171.69.173.5/24 Netflow data export: destination filter set to 171.69.194.0/24 Netflow export source filter set to 171.69.173.0/24 (Only flows to subnet 171.69.194.0 from sub net 171.69.173.0 that are expired are exported) Console> (enable) console> (enable) set mls nde flow dst_port 23 Netflow data export: source port filter set to 23. (Only flows to destination port 23 are exported ) Console> (enable) console> (enable) set mls nde flow source 171.69.194.140 dst_port 23 Netflow data export: destination filter set to 171.69.194.140/32 Netflow data export: source port filter set to 23. Console> (enable)
show mls statistics
clear mls
show mls
set mls
set mls agingtime fast
Use the set module disable command to disable a module.
set module disable mod_num
mod_num | Number of the module. You can specify a series of modules by entering a comma between each module number (for example 2,3,5). You can specify a range of modules by entering a dash between module numbers (for example, 2-5). |
The default configuration has all modules enabled.
Switch command.
Privileged.
Avoid disabling a module when you are connected via a Telnet session; if you disable your session, you will be disconnected from your Telnet session. If there are no other network connections to the Catalyst 5000 series switch (for example, on another module), to reenable the module, you have to get in via the console.
This example shows how to disable module 3 when connected via the console port:
Console> (enable) set module disable 3 Module 3 disabled. Console> (enable)
This example shows how to disable module 2 when connected via a Telnet session:
Console> (enable) set module disable 2 This command may disconnect your telnet session. Do you want to continue (y/n) [n]? y Module 2 disabled.
Use the set module enable command to enable a module.
set module enable mod_num
mod_num | Number of the module to enable. |
The default setting has all modules enabled.
Switch command.
Privileged.
If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.
This example shows how to enable module 2:
Console> (enable) set module enable 2 Module 2 enabled. Console> (enable)
Use the set module name command to set the name for a module.
set module name mod_num [mod_name]
mod_num | Number of the module. |
mod_name | (Optional) Name created for the module. |
The default configuration has no module names configured for any modules.
Switch command.
Privileged.
If the module name is not specified, any previously specified name is cleared.
Use the set module name command to set the module for the RSM. Additional set module commands are not supported by the RSM.
This example shows how to set the name for module 1 to Supervisor:
Console> (enable) set module name 1 Supervisor Module name set. Console> (enable)
Use the set multicast router command to manually configure a port as a multicast router port.
set multicast router mod_num/port_num
mod_num | Number of the module. |
port_num | Number of the port on the module. |
By default, no ports are configured as multicast router ports.
Switch command.
Privileged.
When you enable CGMP or IGMP snooping, the ports to which a multicast-capable router is attached are automatically identified. The set multicast router command allows you to configure multicast router ports statically.
This example shows how to configure a multicast router port:
Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)
clear multicast router
set cgmp
set igmp
show multicast router
show multicast group count
Use the set ntp broadcastclient command to enable or disable NTP in broadcast-client mode.
set ntp broadcastclient {enable | disable}
enable | Keyword used to enable NTP in broadcast-client mode. |
disable | Keyword used to disable NTP in broadcast-client mode. |
The default setting for this command is disabled.
Switch command.
Privileged.
The broadcast-client mode assumes that a broadcast server, such as a router, regularly sends time-of-day information to the Catalyst 5000 series switch.
This example shows how to enable an NTP broadcast client:
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled. Console> (enable)
This example shows how to disable an NTP broadcast client:
Console> (enable) set ntp broadcastclient disable NTP Broadcast Client mode disabled. Console> (enable)
Use the set ntp broadcastdelay command to configure a time-adjustment factor so the Catalyst 5000 series switch can receive broadcast packets.
set ntp broadcastdelay microseconds
microseconds | Estimated round-trip time, in microseconds, for NTP broadcasts. Allowable range is from 1 to 999999. |
By default, the NTP broadcast delay is set to 3000.
Switch command.
Privileged.
This example shows how to set the NTP broadcast delay to 4000 microseconds:
Console> (enable) set ntp broadcastdelay 4000 NTP broadcast delay set to 4000 microseconds. Console> (enable)
Use the set ntp client command to enable or disable the Catalyst 5000 series switch as an NTP client.
set ntp client {enable | disable}
enable | Keyword used to enable the Catalyst 5000 series switch as an NTP client. |
disable | Keyword used to disable the Catalyst 5000 series switch as an NTP client. |
By default, NTP client mode is disabled.
Switch command.
Privileged.
You can configure NTP in either broadcast-client mode or client mode. The broadcast-client mode assumes that a broadcast server, such as a router, regularly sends time-of-day information to the Catalyst 5000 series switch. The client mode assumes that the client (the Catalyst 5000 series switch) regularly sends time-of-day requests to the NTP server.
This example shows how to enable NTP client mode:
Console> (enable) set ntp client enable NTP client mode enabled. Console> (enable)
Use the set ntp server command to configure the IP address of the NTP server.
set ntp server ip_addr
ip_addr | IP address of the NTP server providing the clock synchronization. |
There is no default setting for this command.
Switch command.
Privileged.
The client mode assumes that the client (the Catalyst 5000 series switch) regularly sends time-of-day requests to the NTP server. A maximum of ten servers per client is allowed.
This example shows how to configure an NTP server:
Console> (enable) set ntp server 172.20.22.191 NTP server 172.20.22.191 added. Console> (enable)
Use the set password command to change the login password on the CLI.
set passwordThis command has no arguments or keywords.
The default configuration has no password configured.
Switch command.
Privileged.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.
This example shows how to set an initial password:
Console> (enable) set password Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed. Console> (enable)
Use the set port broadcast command to set the broadcast/multicast suppression for one or more ports.
set port broadcast mod_num/port_num threshold[%]
mod _num | Number of the module. |
port_num | Number of the port. |
threshold | Number of packets-per-second of broadcast/multicast traffic allowed on the port, or the percentage of total available bandwidth that can be used by broadcast/multicast traffic. |
% | (Optional) Keyword used if threshold is expressed as a percentage of total available bandwidth that can be used by broadcast/multicast traffic. |
The default system configuration has broadcast/multicast suppression disabled.
Switch command.
Privileged.
Although bandwidth-based broadcast/multicast suppression applies to all ports on a module, you must still specify a port number according to the syntax rules of the set port broadcast mod_num/port_num threshold [%] command. For example, if you specify port 3 on module 4 (4/3), broadcast/multicast suppression is applied to every port on module 4. You can specify any port number between 1 and 24.
Only the Ethernet switching module (10BaseT 48 port, Telco, WS-X5012) supports bandwidth-based broadcast/multicast suppression on a per port basis.
This command is not supported by the RSM.
On a Token Ring module, uplink ports connect to different switching buses, so the software/firmware knows which SAMBA to set. This is different from other modules with SAMBA, where set applies to all ports, and the SAMBA of switching bus A (to which SAGE inband link is connected) cannot be set for broadcast suppression.
This example shows how to limit broadcast traffic to 500 packets per second on ports 2/1 through 3/24:
Console> (enable) set port broadcast 2/1-3/24 500
Ports 2/1-3/24 broadcast traffic limited to 500 packets.
Console> (enable)
This example shows how to limit broadcast traffic to 20 percent to all ports on module 4 (see "Usage Guidelines" for more information):
Console> (enable)set port broadcast 4/3 20%Port 4/1-24 broadcast traffic limited to 20%.Console> (enable)
This example shows how to allow unlimited broadcast traffic to all ports on module 4 (see "Usage Guidelines" for more information):
Console> (enable)set port broadcast 4/3 100%Port 4/1-24 broadcast traffic unlimited.Console> (enable)
Use the set port channel command to enable or disable Fast EtherChannel on Fast Ethernet module ports.
set port channel [port_list] {on | off | desirable | auto}
port_list | [Optional] Module and ports to bundle. Enter the port_list in the following format: mod_num/port/num. |
on | Keyword that enables and forces Fast EtherChannel for the specified module ports. |
off | Keyword that disables Fast EtherChannel for the specified module ports. |
desirable | Keyword that sets Fast EtherChannel mode to desirable for the specified module ports. |
auto | Keyword that sets Fast EtherChannel mode to auto for the specified module ports. |
The default system configuration has Fast EtherChannel auto set on all module ports.
Switch command.
Privileged.
Make sure that all ports in the channel are configured with the same port speed, duplex mode, and so forth. For more information on Fast EtherChannel, refer to the "Configuring Ethernet and Fast Ethernet Switching Modules" chapter in the Catalyst 5000 Series Software Configuration Guide.
This command is not supported by the RSM.
This command is not supported by the three-port Gigabit Ethernet switching module (WS-X5403).
This example shows how to enable Fast EtherChannel on ports 5-8 of Fast Ethernet module 2:
Console> (enable) set port channel 2/5-8 on Ports 2/5-8 channel mode set to on. Console> (enable)
This example shows how to disable Fast EtherChannel on ports 5-8 of Fast Ethernet module 2:
Console> (enable) set port channel 2/5-8 off Ports 2/5-8 disabled and channel mode set to off. Console> (enable)
Use the set port disable command to disable a port or a range of ports.
set port disable mod_num/port_num
mod _num | Number of the module. |
port_num | Number of the port. |
The default system configuration has all ports enabled.
Switch command.
Privileged.
This command is not supported by the RSM.
This example shows how to disable a port using the set port disable command:
Console> (enable) set port disable 5/10 Port 5/10 disabled. Console> (enable)
Use the set port duplex command to configure the duplex type of an Ethernet or Fast Ethernet port or range of ports.
set port duplex mod_num/port_num {full | half | auto}
mod_num | Number of the module. |
port_num | Number of the port. |
full | Keyword that specifies full-duplex transmission. |
half | Keyword that specifies half-duplex transmission. |
auto | Keyword that specifies auto transmission. |
The default configuration for 10-Mbps and 100-Mbps modules has all Ethernet ports set to half duplex. The default configuration for 10/100-Mbps Fast Ethernet modules has all ports set to auto.
Switch command.
Privileged.
You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex. When a port is in autosensing mode, both its speed and duplex are determined by autosensing. An error message like the following is generated if you attempt to set the transmission type of autosensing Fast Ethernet ports to half- or full-duplex mode:
Console> (enable) set port duplex 2/1 full (1 port - failed)
Port 2/1 is in auto-sensing mode. Console> (enable)
The set port duplex command is not valid on the 48-port module or the RSM.
The set port duplex command is not valid when issued against a Token Ring port. Use the set tokenring portmode command instead. If you enter a set port duplex command, you are directed to use the proper command.
The three-port Gigabit Ethernet switching module (WS-X5403) can only be configured as full duplex.
This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full Port 2/1 set to full-duplex. Console> (enable)
This example shows what the set port duplex command displays if entered against a Token Ring port:
Console> (enable) set port duplex 3/1 full Port 3/1 is Token Ring, use `set tokenring portmode' command instead Console> (enable)
Use the set port enable command to enable a port or a range of ports.
set port enable mod_num/port_num
mod _num | Number of the module. |
port_num | Number of the port. |
The default system configuration has all ports enabled.
Switch command.
Privileged.
This command is not supported on the RSM.
This example shows how to enable port 3 on module 2:
Console> (enable) set port enable 2/3 Port 2/3 enabled. Console> (enable)
Use the set port filter command to configure a MAC address filter or a protocol filter for ports on your Token Ring module.
set port filter mod_num/port_num {mac_addr | protocol_type} {permit | deny}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
mac_addr | MAC address contained in the packets to be filtered. You can enter this address in canonical format (00-11-33-44-55) or noncanonical (00:11:22:33:44:55) format. |
protocol_type | Protocol type that you want to filter. For a list of the protocol types that you can filter, see Table 7-3 through Table 7-5. |
permit | Keyword used to specify that the filter can permit packets with the specified MAC address or protocol type. |
deny | Keyword used to specify that the filter can deny packets with the specified MAC address or protocol type. |
The command has no default setting.
Switch command.
Privileged.
You can configure up to 16 MAC address filters or 16 protocol (eight SAPs and eight DSAPs) filters per port on the Token Ring module. Refer to Table 7-3 through Table 7-5 for lists of SAPs and Ethertypes that you can use when defining protocol filters.
Table 7-3 and Table 7-4 list the SAPs that you can use to define protocol classes.
| Hexadecimal Value | Description |
|---|---|
X'02' | LLC Sublayer Management |
X'06' | DoD Internet |
X'x6' | National Standards Bodies |
X'0E' | Proway Network Management |
X'4E' | Manufacturing Message Service |
X'7E' | ISO 8208 |
X'8E' | Proway Active Station List Maintenance |
X'FE' | OSI Network Layer Protocols |
X'42' | Bridge Spanning-Tree Protocol |
| Hexadecimal Value | Description |
|---|---|
X'04' | SNA Path Control Individual |
X'F0' | NetBIOS |
X'F4' | LAN Management Individual |
X'F8' | IMPL |
X'FC' | Discovery |
X'DC' | Dynamic Address Resolution |
X'D4' | Resource Management |
Table 7-5 lists the possible Ethertypes that you can use to define protocol filters.
| Hexadecimal Value | Description |
|---|---|
X'0000' through X'05DC' | IEEE 802.3 |
X'0600' | Xerox XNS IDP |
X'0800' | DoD IP |
X'0801' | X.75 Internet |
X'0802' | NBS Internet |
X'0803' | ECMA Internet |
X'0804' | CHAOSnet |
X'0805' | X.25 Level 3 |
X'0806' | ARP (for IP and CHAOS) |
X'6001' | DEC MOP Dump/Load Assistance |
X'6002' | DEC MOP Remote Console |
X'6003' | DEC DECnet Phase IV |
X'6004' | DEC LAT |
X'6005' | DEC DECnet Diagnostics |
X'6010' through X'6014' | 3Com Corporation |
X'7000' through X'7002' | Ungermann-Bass download |
X'7030' | Proteon |
X'7034' | Cabletron |
X'8035' | Reverse ARP |
X'8046' through X'8047' | AT&T |
X'8088' through X'808A' | Xyplex |
X'809B' | Kinetics Ethertalk (Appletalk over Ethernet) |
X'80C0' through X'80C3' | Digital Communications Associates |
X'80D5' | IBM SNA Services over Ethernet |
X'80F2' | Retix |
X'80F3' through X'80F5' | Kinetics |
X'80F7' | Apollo Computer |
X'80FF' through X'8103' | Wellfleet Communications |
X'8137' through X'8138' | Novell |
The following example shows how to configure a port filter on port 2 MAC address 00:40:0b:01:bc:65 of module 3:
Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 permit Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to permit. Console> (enable)
clear port filter
show port filter
Use the set port flowcontrol command to set the receive flow control value for a particular port.
set port flowcontrol {receive | send} [mod_num/port_num] {off | on | desired}
receive | Keyword that indicates whether the port can be flow controlled by an attached device. |
send | Keyword that indicates whether the local port can send flow control to an attached device. |
mod_num | (Optional) Number of the module. |
port_num | (Optional) Number of the port on the module. |
off | Keyword that, when used with receive, prevents this port from being flow-controlled by an attached device. When used with send, the local port does not send flow-control frames to the far end. |
on | Keyword that, when used with receive, requires this port to be flow-controlled by an attached device. When used with send, the local port sends flow-control frames to the far end. |
desired | Keyword that, when used with receive, allows the port to operate with an attached device that insists on flow-controlling the port or with an attached device that does not insist on flow-controlling the port. When used with send, the local port sends flow control if the far end wants to see flow-control frames. |
Default for receive is off. Default for send is desired.
Switch command.
Privileged.
This command is not supported for the RSM.
These examples show how to use the set port flowcontrol command:
Console> (enable) set port flowcontrol receive 3/1 on Port 3/1 will require far end to send flow control Console> (enable) Console> (enable) set port flowcontrol receive 3/1 desired Port 3/1 will allow far end to send flowcontrol Console> (enable) Console> (enable) set port flowcontrol receive 3/1 off Port 3/1 will not allow far end to send flowcontrol Console> (enable) Console> (enable) set port flowcontrol send 3/1 on Port 3/1 will send flowcontrol to far end. Console> (enable) Console> (enable) set port flowcontrol send 3/1 desired Port 3/1 will send flowcontrol to far end if far end supports it Console> (enable) Console> (enable) set port flowcontrol send 3/1 off Port 3/1 will not send flowcontrol to far end Console> (enable)
Use the set port level command to set the priority level of a port or range of ports on the switching bus.
set port level mod_num/port_num {normal | high}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
normal | Keyword that sets the port priority to normal. |
high | Keyword that sets the port priority to high. |
The default configuration has all ports at normal priority level.
Switch command.
Privileged.
Packets traveling through a port set at normal priority are served only after packets traveling through a port set at high priority are served.
This command is not supported for the RSM.
This example shows how to set the priority level for port 2 on module 1 to high:
Console> (enable) set port level 1/2 high Port 1/2 port level set to high. Console> (enable)
set port disable
set port duplex
set port enable
set port name
set port speed
set port trap
show port
Use the set port membership command to dynamically or statically assign membership of a port or range of ports to a VLAN.
set port membership mod_num/port_num {dynamic | static}
mod_num | Module number. |
port_num | Port number. |
dynamic | Keyword used to dynamically assign VLAN membership to a port. |
static | Keyword used to statically assign VLAN membership to a port. |
Default port membership is static.
Switch command.
Privileged.
When a port is assigned a VLAN dynamically, the show port command output identifies the VLAN as dynamic and, if the dynamic port is shut down by a VMPS, its status is shown as shutdown.
This command is not supported on the RSM.
This command is not supported by the three-port Gigabit Ethernet switching module (WS-X5403).
Token Ring does not currently support dynamic VLAN membership---all Token Ring ports are static. If you issue a set port membership dynamic command against a Token Ring port, the following message is generated:
Feature not supported for Module x.
These examples show how to assign VLAN membership to one or more ports using the set port membership command:
Console> (enable) set port membership 3/1-3 dynamic Ports 3/1-3 vlan assignment set to dynamic. Spantree port fast start option enabled for ports 3/1-3. Console> (enable) Console> (enable) set port membership 4/2 dynamic Ports 4/1-12 vlan assignment set to dynamic. Spantree port fast start option enabled for port 4/2. Console> (enable)
Use the set port name command to configure a name for a port.
set port name mod_num/port_num [name_string]
mod_num | Number of the module. |
port_num | Number of the port. |
name_string | (Optional) String that describes the port. |
The default configuration has no port name configured for any port.
Switch command.
Privileged.
If you do not specify the name string, the port name is cleared.
This command is not supported for the RSM.
This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy Port 4/1 name set. Console> (enable)
set port disable
set port duplex
set port enable
set port speed
set port trap
show port
Use the set port negotiation command to enable or disable the link negotiation protocol on the specified port.
set port negotiation mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port. |
enable | Keyword used to enable the link negotiation protocol. |
disable | Keyword used to disable the link negotiation protocol. |
The default is link negotiation protocol enabled.
Switch command.
Privileged.
This command only applies to ports on the Gigabit Ethernet switching module (WS-X5403).
This example shows how to disable link negotiation protocol on port 1, module 4:
Console> (enable) set port negotiation 4/1 disable Link negotiation protocol disabled on port 4/1. Console> (enable)
Use the set port protocol command to enable or disable protocol membership of ports.
set port protocol mod_num/port_num {ip | ipx | group} {on | off | auto}
mod_num | Number of the module. |
port_num | Number of the port. |
ip | Keyword used to specify IP protocol. |
ipx | Keyword used to specify Internetwork Packet Exchange protocol. |
group | Keyword used to specify Appletalk, Decnet, and Vines protocols. |
on | Keyword used to indicate the port will receive all the flood traffic for that protocol. |
off | Keyword used to indicate the port will not receive any flood traffic for that protocol. |
auto | Keyword used to indicate the port will be added to the protocol group only after receiving packets of the specific protocol. |
By default, ports are configured to on for the IP protocol groups, and auto for IPX and Group.
Switch command.
Privileged.
Protocol filtering is supported only on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. Trunking ports are always members of all the protocol groups.
If the port configuration is set to auto, the port initially does not receive any flood packets for that protocol. When the corresponding protocol packets are received on that port, the supervisor engine detects this and adds the port to the protocol group.
Ports configured as auto are removed from the protocol group if no packets are received for that protocol within a certain period of time. This aging time is set to 60 minutes. They are also removed from the protocol group on detection of a link down.
Protocol filtering is only supported on MLS-based Catalyst 5000 series switches.
This example shows how to disable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx off IPX protocol disabled on port 2/1. Console> (enable)
This example shows how to enable automatic IP membership of port 1 on module 5:
Console> (enable) set port protocol 5/1 ip auto IP protocol set to auto mode on module 5/1. Console> (enable)
Use the set port security command to configure port security on a port or range of ports on an Ethernet module.
set port security mod_num/port_num {enable | disable} [mac_addr]
mod_num | Number of the module. |
port_num | Number of the port. |
enable | Keyword used to enable port security. |
disable | Keyword used to disable port security. |
mac_addr | (Optional) Secure MAC address of the enabled port. |
The default configuration has port security disabled.
Switch command.
Privileged.
If the MAC address is not given, the command turns on learning mode so that the first MAC address seen on the port becomes the secure MAC address.
If you issue this command against a Token Ring port, the following message is generated:
Feature not supported for Module x.
This command is not supported by the three-port Gigabit Ethernet switching module (WS-X5403).
This example shows how to set port security with a learned MAC address:
Console> (enable)set port security 3/1 enablePort 3/1 port security enabled with the learned mac address.Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable)set port security 3/1 enable 01-02-03-04-05-06Port 3/1 port security enabled with 01-02-03-04-05-06 as the secure mac address.Console> (enable)
Use the set port speed command to configure the speed of a port interface. You can configure the speed of a Fast Ethernet interface.
set port speed mod_num/port_num {4 | 10 | 16 | 100 | auto}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
4 | 10 | 16 | 100 | auto | Keyword used to set a port speed to 4, 10, 16, 100 Mbps, or autospeed detection mode. |
The default configuration has all module ports set to auto.
Switch command.
Privileged.
You can configure Fast Ethernet interfaces on the 10/100-Mbps Fast Ethernet switching module to either 10 Mbps or 100 Mbps, or set to autosensing mode, allowing them to sense and distinguish between 10-Mbps and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. If you set the interfaces to autosensing mode, they automatically configure themselves to operate at the proper speed and transmission type.
You can configure Token Ring interfaces on the Token Ring module to either 4 Mbps or 16 Mbps, or to autospeed detection mode, allowing them to sense and distinguish between 4-Mbps and 16-Mbps port transmission speed. If you set the interfaces to autospeed detection mode, they automatically configure themselves to operate at the proper speed.
If you change the transmission speed of a port that is open to 4 or 16 Mbps, the port will close and reopen at the new transmission speed. If a port closes and reopens on an existing ring using a transmission speed different from that which the ring is operating, the ring will beacon.
If the ports on the Token Ring module are configured to automatically sense the speed of the ring, the first port inserted on the ring does not set the speed, because it is unable to detect the speed.
This command is not supported by the three-port Gigabit Ethernet switching module (WS-X5403).
This example shows how to configure port 1 on module 2 to auto:
Console> (enable) set port speed 2/1 auto Port 2/1 speed set to auto-sensing mode. Console> (enable)
This example shows how to configure port 2 on module 2 port speed to 10 Mbps:
Console> (enable) set port speed 2/2 10 Port 2/2 speed set to 10 Mbps. Console> (enable)
This example shows how to configure port 4 on module 3 port speed to 16 Mbps:
Console> (enable) set port speed 3/4 16 Port(s) 3/4 speed set to 16Mbps. Console> (enable)
set port disable
set port enable
set port name
set port trap
show port
Use the set port trap command to enable or disable the operation of the standard SNMP link trap (up or down) for a port or range of ports.
set port trap mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port. |
enable | Keyword used to activate the SNMP link trap. |
disable | Keyword used to deactivate the SNMP link trap. |
The default configuration has all port traps disabled.
Switch command.
Privileged.
This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable Port 1/2 up/down trap enabled. Console> (enable)
set port disable
set port duplex
set port enable
set port name
set port speed
show port
Use the set prompt command to change the prompt for the CLI.
set prompt prompt_string
prompt_string | String to use as the command prompt. |
The default configuration has the prompt set to Console>.
Switch command.
Privileged.
In Catalyst 5000 series software release 4.1(1) and later, if you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. However, if you specify a different prompt string using the set prompt command, that string is used for the prompt.
This example shows how to set the prompt to system100>:
Console> (enable) set prompt system100> system100> (enable)
Use the set protocolfilter command to activate or deactivate protocol filtering.
set protocolfilter {enable | disable}
enable | Keyword used to activate protocol filtering. |
disable | Keyword used to deactivate protocol filtering. |
The default configuration has protocol filtering disabled.
Switch command.
Privileged.
This example shows how to activate protocol filtering:
Console> (enable) set protocolfilter enable Protocol filtering enabled on this switch. Console> (enable)
This example shows how to deactivate protocol filtering:
Console> (enable) set protocolfilter disable Protocol filtering disabled on this switch. Console> (enable)
Use the set rsmautostate command to enable/disable line protocol state determination of the RSM(s) due to port state changes. When you enable rsmautostate, VLAN interfaces on the RSM are active only when there is at least one other active interface within the Catalyst 5000 series switch. This could be a physical end-user port, a trunk connection for which the VLAN is active, or even another RSM with an equivalent VLAN interface.
set rsmautostate {enable | disable}
enable | Keyword used to activate line protocol state determination. |
disable | Keyword used to deactivate line protocol state determination. |
The default configuration has line protocol state determination disabled.
Switch command.
Privileged.
This feature is useful for discontinuing the advertisement of routing paths when access to them is severed (either through fault or administrative disabling).
If you disable rsmautostate, you may have to use the shutdown/no shutdown Cisco IOS command to disable and then restart the VLAN interface to bring the RSM back up.
This example shows how to enable the line protocol state determination of the RSM:
Console> (enable) set rsmautostate enable Console> (enable)
This example shows how to disable the line protocol state determination of the RSM:
Console> (enable) set rsmautostate disable Console> (enable)
Use the set snmp community command to set SNMP communities and associated access types.
set snmp community {read-only | read-write | read-write-all} [community_string]
read-only | Keyword that assigns read-only access to the specified SNMP community. |
read-write | Keyword that assigns read-write access to the specified SNMP community. |
read-write-all | Keyword that assigns read-write access to the specified SNMP community. |
community_string | (Optional) Specifies the name of the SNMP community. |
The default configuration has the following communities and access types defined:
Switch command.
Privileged.
There are three configurable SNMP communities, one for each access type. If you do not specify the community string, the community string configured for that access type is cleared.
This example shows how to set read-write access to the SNMP community called yappledapple:
Console> (enable) set snmp community read-write yappledapple SNMP read-write community string set. Console> (enable)
This example shows how to clear the community string defined for read-only access:
Console> (enable) set snmp community read-only SNMP read-only community string cleared. Console> (enable)
Use the set snmp rmon command to enable or disable SNMP RMON support.
set snmp rmon {enable | disable}
enable | Keyword used to activate SNMP remote monitoring support. |
disable | Keyword used to deactivate SNMP remote monitoring support. |
The default for remote monitoring support is disabled.
Switch command.
Privileged.
RMON statistics are collected on a segment basis instead of a repeater port basis for the Catalyst 5000 series group switching Ethernet modules (WS-X5020 and WS-X5223).
The RMON feature deinstalls all of the domains for all of the interfaces on an Ethernet module that has been removed from the system.
RMON is enabled for Ethernet and Token Ring ports.
Supported RMON groups enabled are Ethernet, Token Ring, history, alarm, and events as specified in RFC 1757.
Use of this command requires a separate software license.
This example shows how to enable RMON support:
Console> (enable) set snmp rmon enable SNMP RMON support enabled. Console> (enable)
This example shows how to disable RMON support:
Console> (enable) set snmp rmon disable SNMP RMON support disabled. Console> (enable)
Use the set snmp trap command to enable or disable the different SNMP traps on the system, or to add an entry into the SNMP authentication trap receiver table.
set snmp trap {enable | disable} [all | module | chassis | bridge | repeater | auth | vtp | ippermit | vmps | config | entity | stpx]
enable | Keyword used to activate SNMP traps. |
disable | Keyword used to deactivate SNMP traps. |
all | (Optional) Keyword that specifies all trap types. |
module | (Optional) Keyword that specifies the moduleUp and moduleDown traps from the CISCO-STACK-MIB. |
chassis | (Optional) Keyword that specifies the chassisAlarmOn and chassisAlarmOff traps from the CISCO-STACK-MIB. |
bridge | (Optional) Keyword that specifies the newRoot and topologyChange traps from RFC 1493 (the BRIDGE-MIB). |
repeater | (Optional) Keyword that specifies the rptrHealth, rptrGroupChange, and rptrResetEvent traps from RFC 1516 (the SNMP-REPEATER-MIB). |
auth | (Optional) Keyword that specifies the authenticationFailure trap from RFC 1157. |
vtp | (Optional) Keyword that specifies the VTP from the CISCO-VTP-MIB. |
ippermit | (Optional) Keyword that specifies the IP Permit Denied access from the CISCO-STACK-MIB. |
vmps | (Optional) Keyword that specifies the vmVmpsChange trap from the CISCO-VLAN-MEMBERSHIP-MIB. |
config | (Optional) Keyword that specifies the sysConfigChange trap from the CISCO-STACK-MIB. |
entity | (Optional) Keyword that specifies the entityMIB trap from the ENTITY-MIB. |
stpx | (Optional) Keyword that specifies the STPX trap. |
rcvr_addr | IP address or IP alias of the system to receive SNMP traps. |
rcvr_community | Community string to use when sending authentication traps. |
The default configuration has SNMP traps disabled.
Switch command.
Privileged.
An IP permit trap is sent when unauthorized access based on the IP permit list is attempted.
Use the show snmp command to verify the appropriate traps were configured.
This example shows how to enable SNMP chassis traps:
Console> (enable) set snmp trap enable chassis SNMP chassis alarm traps enabled. Console> (enable)
This example shows how to enable all traps:
Console> (enable) set snmp trap enable All SNMP traps enabled. Console> (enable)
This example shows how to disable SNMP chassis traps:
Console> (enable) set snmp trap disable chassis SNMP chassis alarm traps disabled. Console> (enable)
This example shows how to add an entry in the SNMP trap receiver table:
Console> (enable) set snmp trap 192.122.173.42 public SNMP trap receiver added. Console> (enable)
clear ip permit
clear port filter
set ip permit
show ip permit
show port counters
show snmp
test snmp trap
Use the set span command to enable or disable SPAN, and to set up the port and VLAN analyzer.
set span enable
enable | Keyword that enables SPAN. |
disable | Keyword that disables SPAN. |
src_mod | Monitored module (source). |
src_ports | Monitored port(s) (source). |
src_vlan | Monitored VLAN (source). |
dest_mod | Monitoring module (destination). |
dest_port | Monitoring port (destination). |
rx | (Optional) Keyword that specifies that information received at the source is monitored. |
tx | (Optional) Keyword that specifies that information transmitted from the source is monitored. |
both | (Optional) Keyword that specifies that information both transmitted from the source and received at the source is monitored. |
The default configuration has port monitoring disabled, port 1/1 as the monitoring port (destination), VLAN 1 as the monitored VLAN (source), and both transmit and receive packets monitored. If the parameter rx, tx, or both is not specified, the default is both.
Switch command.
Privileged.
After SPAN is enabled and the defaults established, subsequent commands replace source ports, VLANs, and destination ports.
Use either a dedicated remote monitor probe or a Sniffer analyzer to monitor ports.
You may specify an RSM port as the source port in set span. If you specify an RSM port as the destination port, you receive this message:
Route switch port cannot be a Monitor port.
If you are setting the SPAN for Token Ring, and the source and destination ports specified are not in the context of the same Token Ring module, you receive this message:
Source port and destination port must be on the same module.
This example shows how to enable SPAN on the Catalyst 5000 series switch, and how to monitor transmit traffic on port 2/3 through port 2/4:
Console> (enable) set span enable span enabled. Console> (enable) set span 2/3 2/4 tx Enabled monitoring of ports 2/3 transmit traffic by ports 2/4. Console> (enable)
This example shows how to enable SPAN on multiple source ports:
Console> (enable) set span 2/1,3/1-2,5/7 1/2
If the above source ports are on different VLANs, you see this error message:
Failed to configure span feature
Use the set spantree backbonefast command to enable or disable the Spanning-Tree Backbone Fast Convergence feature.
set spantree backbonefast {enable | disable}
enable | Keyword that enables the Spanning-Tree Backbone Fast Convergence feature. |
disable | Keyword that disables the Spanning-Tree Backbone Fast Convergence feature. |
The default configure has the Spanning-Tree Backbone Fast Convergence feature disabled.
Switch command.
Privileged.
The Spanning-Tree Backbone Fast Convergence feature is not supported on Token Ring VLANs.
For the Spanning-Tree Backbone Fast Convergence feature to work, you must enable it on all switches in the network.
This example shows how to enable the Spanning-Tree Backbone Fast Convergence feature:
Console> (enable) set spantree backbonefast enable Backbonefast enabled for all VLANs. Console> (enable)
Use the set spantree disable command to disable the spanning-tree algorithm for a VLAN.
set spantree disable [vlan]
vlan | (Optional) Number of the VLAN. If the VLAN number is not specified, the default, VLAN 1, is used. |
The default configuration has all spanning trees enabled.
Switch command.
Privileged.
This example shows how to disable the spanning-tree algorithm for VLAN 1:
Console> (enable) set spantree disable 1 VLAN 1 bridge spanning tree disabled. Console> (enable)
set spantree enable
show spantree
Use the set spantree enable command to enable the spanning-tree algorithm for a VLAN.
set spantree enable [vlan]
vlan | (Optional) Number of the VLAN. If a VLAN number is not specified, the default, VLAN 1, is used. |
The default configuration has all spanning trees enabled.
Switch command.
Privileged.
This example shows how to activate the spanning-tree algorithm for VLAN 1:
Console> (enable) set spantree enable 1 VLAN 1 bridge spanning tree enabled. Console> (enable)
set spantree disable
show spantree
Use the set spantree fwddelay command to set the bridge forward delay for a VLAN.
set spantree fwddelay delay [vlan]
delay | Number of seconds (4 to 30) for the bridge forward delay. |
vlan | (Optional) Number of the VLAN; if a VLAN number is not specified, VLAN 1 is assumed. |
The default configuration has the bridge forward delay set to 15 seconds for all VLANs.
Switch command.
Privileged.
This example shows how to set the bridge forward delay for VLAN 100 to 16 seconds:
Console> (enable) set spantree fwddelay 16 100 Spantree 100 forward delay set to 16 seconds. Console> (enable)
Use the set spantree hello command to set the bridge hello time for a VLAN.
set spantree hello interval [vlan]
interval | Number of seconds (1 to 10) the system waits before sending a bridge hello message (a multicast message indicating that the system is active). |
vlan | (Optional) Number of the VLAN; if a VLAN number is not specified, VLAN 1 is assumed. |
The default configuration has the bridge hello time set to two seconds for all VLANs.
Switch command.
Privileged.
This example shows how to set the spantree hello time for VLAN 100 to three seconds:
Console> (enable) set spantree hello 3 100 Spantree 100 hello time set to 3 seconds. Console> (enable)
Use the set spantree maxage command to set the bridge maximum aging time for a VLAN.
set spantree maxage agingtime [vlan]
agingtime | Maximum number of seconds (6 to 40) that the system retains the information received from other bridges through Spanning-Tree Protocol. |
vlan | (Optional) Number of the VLAN; if a VLAN number is not specified, VLAN 1 is assumed. |
The default configuration is 20 seconds for all VLANs.
Switch command.
Privileged.
This example shows how to set the maximum aging time for VLAN 1000 to 25 seconds:
Console> (enable) set spantree maxage 25 1000 Spantree 1000 max aging time set to 25 seconds. Console> (enable)
Use the set spantree multicast-address command to specify the bridge functional address instead of the IEEE Spanning-Tree Protocol address when you configure a TrBRF to use the IEEE Spanning-Tree Protocol.
set spantree multicast-address trbrf_num {ieee | ibm}
trbrf_num | Number of the TrBRF for which you are setting the address. |
ieee | Keyword used to specify that the IEEE Spanning-Tree Protocol address be used. |
ibm | Keyword used to specify that the IBM Spanning-Tree Protocol address be used. |
The default configuration has IEEE.
Switch command.
Privileged.
This command applies only to Token Ring modules, and only to a TrBRF that runs IEEE Spanning-Tree Protocol.
The following example shows how to specify the bridge functional address to be used:
Console> (enable) set spantree multicast-address ibm 100
Use the set spantree portcost command to set the path cost for a port or TrCRF.
set spantree portcost {mod_num/port_num | trcrf} cost
mod_num | Number of the module. |
port_num | Number of the port on the module. |
trcrf | Number of the TrCRF for which you are setting the path cost. |
cost | Number from 0 to 65535 that indicates the cost of the path; zero (0) is low cost and 65535 is high cost. |
The default configuration is as follows:
10 Gbps module port cost = 2
1 Gbp module port cost = 4
622 Mbps module port cost = 6
155 Mbps module port cost = 14
100 Mbps module port cost = 19
45 Mbps module port cost = 39
16 Mbp module port cost = 80
10 Mbps module port cost = 100
4 Mbps module port cost = 250
10/100 Mbps module port cost = See Usage Guidelines
4/16 Mbps module port cost = See Usage Guidelines
Switch command.
Privileged.
The Spanning-Tree Protocol uses port path costs to determine which port to select as a forwarding port. You should assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media. The possible range is 0 to 65535.
For 10/100 and 4/16 modules, the default port cost is set automatically depending on the current speed of the port. For example, if a 10/100 port is working at 10 Mbps, the port cost is 100. If the port speed changes to 100 Mbps, the port cost automatically adjusts to 19.
The following example shows how to set the port cost for port 12 on module 2 to 19:
Console> (enable) set spantree portcost 2/12 19 Spantree port 2/12 path cost set to 19. Console> (enable)
Use the set spantree portfast command to allow a port that is connected to a single workstation or PC to start faster when it is connected.
set spantree portfast mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
enable | Keyword that enables the spanning-tree port fast-start feature on the port. |
disable | Keyword that disables the spanning-tree port fast-start feature on the port. |
The default configuration has the port fast-start feature disabled.
Switch command.
Privileged.
When a port configured with the spantree portfast enable command is connected, the port immediately enters the spanning-tree forwarding state rather than going through the normal spanning-tree states such as listening and learning. Use this command on ports that are connected to a single workstation or PC only; do not use it on ports that are connected to networking devices such as hubs, routers, switches, bridges, or concentrators.
This example shows how to enable the spanning-tree port fast-start feature on port 2 on module 1:
Console> (enable) set spantree portfast 1/2 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution. Spantree port 1/2 fast start enabled. Console> (enable)
Use the set spantree portpri command to set the bridge priority for a spanning-tree port or TrCRF.
set spantree portpri {mod_num/port_num | trcrf} [priority | trcrf_priority]
mod_num | Number of the module. |
port_num | Number of the port on the module. |
trcrf | Keyword used to specify the number of the TrCRF for which you are setting the bridge priority. |
priority | (Optional) Number that represents the cost of a link in a spanning-tree bridge. The priority level is from 0 (high) to 63 (low). |
trcrf_priority | (Optional) Number that represents the cost of the TrCRF. The priority level is from 0 (high) to 7 (low). |
The default configuration has all ports with bridge priority set to 32.
Switch command.
Privileged.
The specified bridge priority on an ATM port applies to all emulated LANs on that port.
This example shows how to set the priority of port 1 on module 4 to 63:
Console> (enable) set spantree portpri 4/1 63 Bridge port 4/1 priority set to 63. Console> (enable)
Use the set spantree portstate command to manually set the state of a TrCRF.
set spantree portstate trcrf {block | forward | auto} [trbrf]
trcrf | Number of the TrCRF for which you are manually setting the state. |
block | forward | auto | Keywords used to set the TrCRF to a blocked state (block), forwarding state (forward), or to have the Spanning-Tree Protocol determine the correct state automatically (auto). |
trbrf | (Optional) Number of the parent TrBRF. |
There is no default configuration for this command.
Switch command.
Privileged.
Use this command only to set the port state when the TrCRF is in SRT mode and the TrBRF is running the IBM Spanning-Tree Protocol, or the TrCRF is in SRB mode and the TrBRF is running the IEEE Spanning-Tree Protocol.
When you enable Spanning-Tree Protocol, every switch in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, the ports then stabilize to the forwarding or blocking state. However, with TrBRFs and TrCRFs, there are two exceptions to this rule that require you to manually set the state of the logical ports of a TrBRF:
If either condition exists, use the set spantree portstate command to manually set the state of a TrCRF to blocked or forwarding mode or set the Spanning-Tree Protocol to determine the correct state automatically.
This example shows the manual setting of TrCRF 900 to a forwarding state:
Console> (enable) set spantree portstate 900 forward reserve_nvram : requested by block = 0 reserve_nvram : granted to block = 0 release_nvram : releasing block = 0 Console> (enable)
show spantree
show spantree portstate
Use the set spantree portvlancost command to assign a lower path cost to a set of VLANs on a port.
set spantree portvlancost mod_num/port_num [cost cost] [vlan_list]
mod_num | Number of the module. |
port_num | Number of the port. |
cost cost | (Optional) Keyword that indicates the path cost. |
vlan_list | (Optional) If you do not explicitly list a VLAN, the VLANs listed in prior invocations of this command are affected. If no cost is explicitly listed, and previous cost values are specified in prior invocations, then the portvlancost is set to 1 less than the current portcost for a port. However, this may not assure load balancing in all cases. |
The value specified is used as the path cost of the port for the specified set of VLANs. The rest of the VLANs have a path cost equal to the port path cost, set via the set spantree portcost command (if not set, the value is the default path cost of the port).
Switch command.
Privileged.
The set spantree portvlancost command applies only to trunk ports.
These examples show various ways to use the set spantree portvlancost command:
Console> (enable) set spantree portvlancost 2/10 cost 25 1-20 Cannot set portvlancost to a higher value than the port cost, 10, for port 2/10. Console> (enable) Console> (enable) set spantree portvlancost 2/10 1-20 Port 2/10 VLANs 1-20 have a path cost of 9. Console> (enable) Console> (enable) set spantree portvlancost 2/10 cost 4 1-20 Port 2/10 VLANs 1-20 have path cost 4. Port 2/10 VLANs 21-1000 have path cost 10. Console> (enable) Console> (enable) set spantree portvlancost 2/10 cost 6 21 Port 2/10 VLANs 1-21 have path cost 6. Port 2/10 VLANs 22-1000 have path cost 10. Console> (enable)
These examples show how to use the set spantree portvlancost command without explicitly specifying cost:
Console> (enable) set spantree portvlancost 1/2 Port 1/2 VLANs 1-1005 have path cost 3100. Console> (enable) Console> (enable) set spantree portvlancost 1/2 21 Port 1/2 VLANs 1-20,22-1005 have path cost 3100. Port 1/2 VLANs 21 have path cost 3099. Console> (enable)
Use the set spantree portvlanpri command to set the port priority for a subset of VLANs in the trunk port.
set spantree portvlanpri mod_num/port_num priority [vlans]
mod_num | Number of the module. |
port_num | Number of the port. |
priority | Number that represents the cost of a link in a spanning-tree bridge. The priority level is from 0 to 63, with 0 indicating high priority and 63 indicating low priority. |
vlans | (Optional) VLANs that use the specified priority level. |
The default configuration has the port VLAN priority set to 0, with no VLANs specified.
Switch command.
Privileged.
Use this command to add VLANs to a specified port priority level. Subsequent calls to this command do not replace VLANs that are already set at a specified port priority level.
This feature is not supported for the RSM.
The set spantree portvlanpri command applies only to trunk ports. Do not use Token Ring ports as trunk ports. If you enter this command, you see this message:
Port xx is not a trunk-capable port
This example shows how to set the port priority for module 1, port 2, on VLANs 21 to 40:
Console> (enable) set spantree portvlanpri 1/2 16 21-40 Port 1/2 vlans 3,6-20,41-1000 using portpri 32 Port 1/2 vlans 1-2,4-5,21-40 using portpri 16 Console> (enable)
clear spantree portvlanpri
show spantree
Use the set spantree priority command to set the bridge priority for a VLAN.
set spantree priority bridge_priority [vlan]
bridge_priority | Number representing the priority of the bridge. The priority level is from 0 to 65535, with 0 high priority and 65535 low priority. |
vlan | (Optional) Number of the VLAN. If you do not specify a VLAN number, VLAN 1 is used. |
The default configuration has the bridge priority set to 32768.
Switch command.
Privileged.
This feature is not supported for the RSM.
This example shows how to set the bridge priority of VLAN 1 to 4096:
Console> (enable) set spantree priority 4096 VLAN 1 bridge priority set to 4096. Console> (enable)
Use the set spantree root command to set the primary or secondary root for specific VLANs or for all VLANs of the switch.
set spantree root [secondary] [vlan_list] [dia network_diameter]
secondary | (Optional) Keyword that designates this switch as a secondary root, should the primary root fail. |
vlan_list | (Optional) Number of the VLAN. If you do not specify a VLAN number, VLAN 1 is used. |
dia network_diameter | (Optional) Keyword that specifies the maximum number of bridges between any two points of attachment of end stations. Valid values of network diameter are 1 through 7. |
hello hello_time | (Optional) Keyword that specifies in seconds, the duration between generation of configuration messages by the root switch. |
If the secondary keyword is not specified, the default is to make the switch the primary root.
The default value of the network diameter is seven.
If not specified, the current value of hello_time from the NVRAM is used.
This command is run on backbone or distribution switches.
You can run the secondary root many times, to create backup switches in case of a root failure.
The secondary command reduces the bridge priority value to 16384.
This command increases path costs to a value greater than 3000.
Switch command.
Privileged.
This example shows how to use the set spantree root command:
Console>(enable) set spantree root 1-10 dia 4 VLANs 1-10 bridge priority set to 8192 VLANs 1-10 bridge max aging time set to 14 seconds. VLANs 1-10 bridge hello time set to 2 seconds. VLANs 1-10 bridge forward delay set to 9 seconds. Switch is now the root switch for active VLANs 1-6. Console> (enable)
This example shows that setting the bridge priority to 8192 was not sufficient to make this switch the root. So, the priority was further reduced to 7192 (100 less than the current root switch) to make this switch the root switch. However, reducing it to this value did not make it the root switch for active VLANs 16 and 17.
Console>(enable) set spantree root 11-20. VLANs 11-20 bridge priority set to 7192 VLANs 11-10 bridge max aging time set to 20 seconds. VLANs 1-10 bridge hello time set to 2 seconds. VLANs 1-10 bridge forward delay set to 13 seconds. Switch is now the root switch for active VLANs 11-15,18-20. Switch could not become root switch for active VLAN 16-17. Console> (enable) Console>(enable) set spantree root secondary 22,24 dia 5 hello 1 VLANs 22,24 bridge priority set to 16384. VLANs 22,24 bridge max aging time set to 10 seconds. VLANs 22,24 bridge hello time set to 1 second. VLANs 22,24 bridge forward delay set to 7 seconds. Console> (enable)
Use the set spantree uplinkfast command to enable fast switchover to alternate ports when the root port fails. This command applies to a switch, not to a WAN.
set spantree uplinkfast {enable | disable} [rate station_update_rate] [all-protocols off | on]
enable | Keyword to enable fast switchover. |
disable | Keyword to disable fast switchover. |
rate | (Optional) Keyword to specify the number of multicast packets transmitted per 100 ms when an alternate port is chosen after the root port goes down. |
station_update_rate | (Optional) Number of multicast packets transmitted per 100 ms when an alternate port is chosen after the root port goes down. |
all-protocols | (Optional) Keyword to specify whether or not to generate multicast packets for all protocols (IP, IPX, Appletalk, and Layer 2 packets). |
off | Keyword to turn off the all-protocols feature. |
on | Keyword to turn on the all-protocols feature. |
The default station_update_rate is 15 packets per 100 ms.
Switch command.
Privileged.
The set spantree uplinkfast enable command has the following results:
If you run set spantree uplinkfast enable on a switch that has this feature already enabled, only the station update rate is updated. The rest of the parameters are not modified.
If you run set spantree uplinkfast disable on a switch, the uplinkfast feature is disabled but the switch priority and port cost values are not reset to the factory defaults. To reset the values to the factory defaults, enter the clear spantree uplinkfast command.
The default station_update_rate value is 15 packets per 100 ms, which is equivalent to a 1 percent load on a 10-Mbps Ethernet port. If you specify this value as 0, the switch does not generate station-update-rate packets.
You do not have to turn on the all-protocols feature on Catalyst 5000 series switches which have both the uplinkfast and protocol filtering features enabled. The all-protocols feature should be used only on Catalyst 5000 series switches that have uplinkfast enabled but do not have protocol filtering enabled, and that have upstream switches in the network using protocol filtering enabled. Since the switch with uplinkfast does not have protocol filtering, you must enter the all-protocols option to inform the uplinkfast feature whether or not to generate multicast packets for all protocols.
This example shows how to enable spantree uplinkfast and specify the number of multicast packets transmitted to 40 packets per 100 ms:
Console>(enable) set spantree uplinkfast enable rate 40 VLANs 1-1000 bridge priority set to 49152. The port cost and portvlancost of all ports increased to above 3000. Station update rate set to 40 packets/100ms. uplinkfast turned on for bridge. Console> (enable)
This example shows how to disable the spantree uplinkfast feature:
console> (enable) set spantree uplinkfast disable Uplinkfast disabled for switch. Use clear spantree uplinkfast to return stp parameters to default. console>(enable) clear spantree uplink This command will cause all portcosts, portvlancosts, and the bridge priority on all vlans to be set to default. Do you want to continue (y/n) [n]? y VLANs 1-1005 bridge priority set to 32768. The port cost of all bridge ports set to default value. The portvlancost of all bridge ports set to default value. uplinkfast disabled for bridge. Console> (enable)
This example shows how to turn on the all-protocols feature:
Console> (enable) set spantree uplinkfast enable all-protocols on uplinkfast update packets enabled for all protocols. uplinkfast already enabled for bridge. Console> (enable)
This example shows how to turn off the all-protocols feature:
Console> (enable) set spantree uplinkfast enable all-protocols off uplinkfast all-protocols field set to off. uplinkfast already enabled for bridge. Console> (enable)
Use the set summertime command to specify whether the system should set the clock ahead one hour during daylight saving time.
set summertime {enable | disable} [zone]
enable | Keyword used to cause the system to set the clock ahead one hour during daylight saving time. |
disable | Keyword used to prevent the system from setting the clock ahead one hour during daylight saving time. |
zone | (Optional) Time zone used by the set summertime command. |
By default, the set summertime command is disabled.
Switch command.
Privileged.
This command advances the clock one hour at 2:00 a.m. on the first Sunday in April and moves back the clock one hour at 2:00 a.m. on the last Sunday in October.
This example shows how to cause the system to set the clock ahead one hour during daylight saving time:
Console> (enable) set summertime enable PDT Summertime is enabled and set to "PDT". Console> (enable)
This example shows how to prevent the system from setting the clock ahead one hour during daylight saving time:
Console> (enable) set summertime disable Summertime disabled. Console> (enable)
Use the set system baud command to set the console port baud rate.
set system baud rate
rate | The baud rate. Valid rates are 600, 1200, 2400, 4800, 9600, 19200, and 38400. |
The default value is 9600 baud.
Switch command.
Privileged.
This example shows how to set the system baud rate to 19200:
Console> (enable) set system baud 19200 System console port baud rate set to 19200. Console> (enable)
Use the set system contact command to identify a contact person for the system.
set system contact [contact_string]
contact_string | (Optional) Text string that typically contains the name of the person to contact for system administration. If no contact string is specified, the system contact string is cleared. |
The default configuration has no system contact configured.
Switch command.
Privileged.
This example shows how to set the system contact string:
Console> (enable) set system contact Susan ext.24 System contact set. Console> (enable)
Use the set system location command to identify the location of the system.
set system location [location_string]
location_string | (Optional) Text string that indicates where the system is located. If no location string is specified, the system location is cleared. |
This command has no default setting.
Switch command.
Privileged.
This example shows how to set the system location string:
Console> (enable) set system location Closet 230 4/F System location set. Console> (enable)
Use the set system modem command to enable or disable modem control lines on the console port.
set system modem {enable | disable}
enable | Keyword used to activate modem control lines on the console port. |
disable | Keyword used to deactivate modem control lines on the console port. |
The default configuration has modem control lines disabled.
Switch command.
Privileged.
This example shows how to disable modem control lines on the console port:
Console> (enable) set system modem disable Modem control lines disabled on console port. Console> (enable)
Use the set system name command to configure a name for the system.
set system name [name_string]
name_string | (Optional) Text string that identifies the system. If no name is specified, the system name is cleared. |
The default configuration has no system name configured.
Switch command.
Privileged.
In Catalyst 5000 series software release 4.1(1) and later, if you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. However, if you specify a different prompt string using the set prompt command, that string is used for the prompt.
In Catalyst 5000 series software release 4.1(1) and later, if you do not specify a system name, the system name is cleared, and a DNS lookup is initiated for a system name. If a name is found, that is the name used; if no name is found, no name is designated.
The system name can be 255 characters long and the prompt can be 20 characters long. The system name is truncated appropriately when used as a prompt; a greater-than symbol (>) is appended to the truncated system name. If the system name was found from a DNS lookup, it is truncated to remove the domain name.
If the prompt is obtained using the system name, it is updated whenever the system name changes. You can overwrite this prompt any time by setting the prompt manually. Any change in the prompt is reflected in all current open sessions.
This example shows how to set the system name to Information Systems:
Console> (enable) set system name Information Systems System name set. Console> (enable)
Use the set tacacs attempts command to configure the maximum number of login attempts allowed to the TACACS+ server.
set tacacs attempts count
count | Number of login attempts allowed (1 to 10). |
The default value for this command is 3.
Switch command.
Privileged.
This example shows how to configure the TACACS+ server to allow a maximum of six login attempts:
Console> (enable) set tacacs attempts 6 Tacacs number of attempts set to 6. Console> (enable)
Use the set tacacs directedrequest command to enable or disable the TACACS+ directed-request option. When enabled, you can direct a request to any of the configured TACACS+ servers and only the username is sent to the specified server.
set tacacs directedrequest {enable | disable}
enable | Keyword used to send the portion of the address before the @ sign (the username) to the host specified after the @ sign. |
disable | Keyword used to send the entire address string to the default TACACS+ server. |
This default configuration has the TACACS+ directed-request option disabled.
Switch command.
Privileged.
When tacacs directedrequest is enabled, you must specify a configured TACACS+ server after the @ sign. If the specified host name does not match the IP address of a configured TACACS+ server, the request is rejected. When tacacs directedrequest is disabled, the Catalyst 5000 series switch queries the list of servers beginning with the first server in the list and then sends the entire string, accepting the first response from the server. This command is useful for sites that have developed their own TACACS+ server software to parse the entire address string and make decisions based on the contents of the string.
This example shows how to enable the tacacs directedrequest option:
Console> (enable) set tacacs directedrequest enable Tacacs direct request has been enabled. Console> (enable)
Use the set tacacs key command to set the key for TACACS+ authentication and encryption.
set tacacs key key
key | Printable ASCII characters used for authentication and encryption. Key length is limited to 100 characters. |
The default value of key is null.
Switch command.
Privileged.
The key must be the same as the key used on the TACACS+ server. All leading spaces are ignored. Spaces within the key and at the end of the key are included. Double quotation marks are not required, even if there are spaces between words in the key, unless the quotation marks themselves are part of the key. The key can consist of any printable ASCII characters except the tab character.
This example shows how to set the authentication and encryption key:
Console> (enable) set tacacs key Who Goes There The tacacs key has been set to Who Goes There. Console> (enable)
clear spantree uplinkfast
show tacacs
Use the set tacacs server command to define a TACACS+ server.
set tacacs server ip_addr [primary]
ip_addr | IP address of the server on which the TACACS+ server resides. |
primary | (Optional) Keyword used to designate the specified server as the primary TACACS+ server. |
There is no default setting for this command.
Switch command.
Privileged.
You can configure a maximum of three servers. The primary server, if configured, is contacted first. If no primary server is configured, the first server configured becomes the primary server.
This example shows how to configure the server on which the TACACS+ server resides and to designate it as the primary server:
Console> (enable) set tacacs server 170.1.2.20 primary 170.1.2.20 added to TACACS server table as primary server. Console> (enable)
clear tacacs server
show tacacs
Use the set tacacs timeout command to set the response timeout interval for the TACACS+ server daemon. The TACACS+ server must respond to a TACACS+ authentication request before this interval expires or the next configured server is queried.
set tacacs timeout seconds
seconds | Timeout response interval in seconds (1 to 255). |
The default value for this command is 5 seconds.
Switch command.
Privileged.
This example shows how to set the response timeout interval for the TACACS+ server to eight seconds:
Console> (enable) set tacacs timeout 8 Tacacs timeout set to 8 seconds. Console> (enable)
Use the set time command to change the time of day on the system clock.
set time [day_of_week] [mm/dd/yy] [hh:mm:ss]
day_of_week | (Optional) Day of the week. |
mm/dd/yy | (Optional) Month, day, and year. |
hh:mm:ss | (Optional) Current time in 24-hour format. |
This command has no default setting.
Switch command.
Privileged.
This example shows how to set the system clock to Friday, May 9, 1997, 7:50 a.m:
Console> (enable) set time fri 5/9/97 7:50 Fri May 9 1997, 07:50:00 Console> (enable)
Use the set timezone command to set the time zone for the system.
set timezone [zone_name ] [hours [minutes]]
zone_name | (Optional) Name of the time zone to be displayed. |
hours | (Optional) Number of hours offset from UTC. |
minutes | (Optional) Number of minutes offset from UTC. If the specified hours value is a negative number, then the minutes value is assumed to be negative as well. |
By default, the time zone is set to UTC.
Switch command.
Privileged.
The set timezone command is effective only when NTP is running. If you explicitly set the time and NTP is disengaged, the set timezone command has no effect. If you have enabled NTP and have not entered the set timezone command, the Catalyst 5000 series switch displays UTC by default.
This example shows how to set the time zone to Pacific Standard Time with an offset of minus eight hours from UTC:
Console> (enable) set timezone PST -8 Timezone set to "PST", offset from UTC is -8 hours. Console> (enable)
Use the set tokenring acbits command to specify whether AC bits are set unconditionally or conditionally when a port forwards certain LLC frames.
set tokenring acbits mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
enable | Keyword used to unconditionally (enable) set AC bits when a port forwards certain LLC frames. |
disable | Keyword used to conditionally (disable) set AC bits when a port forwards certain LLC frames. |
The default configuration is disable.
Switch command.
Privileged.
You can use the set tokenring acbits command to specify whether the AC bits should be set unconditionally on repeated source-routed LLC frames, which include source-routed frames with a RIF length greater than two and all Spanning-Tree Explorer and All-Routes Explorer frames.
If you set this parameter to disable, the setting of these bits is based on whether the frame was actually forwarded.
This example shows port 4 on module 4 is enabled to unconditionally set the AC bits when forwarding certain LLC frames.
Console> (enable) set tokenring acbits 4/4 enable Port 4/4 acbits enabled. Console> (enable)
This example shows port 4 on module 4 is disabled to conditionally set the AC bits when forwarding certain LLC frames.
Console> (enable) set tokenring acbits 4/4 disable Port 4/4 acbits disabled. Console> (enable)
show tokenring
Use the set tokenring configloss command to specify thresholds that, when exceeded during the user-specified interval, cause the port to be administratively disabled.
set tokenring configloss mod_num/port_num [threshold thresh_num] [interval int_num]
mod_num | Number of the module. |
port_num | Number of the port on the module. |
threshold | (Optional) Keyword used to set the threshold for configuration losses. |
thresh_num | Valid values are 1 to 100; the default is 8. |
interval | (Optional) Keyword used to set the interval at which the configuration loss is measured. |
interval_num | Valid values are 1 to 99 minutes; the default is 10. |
The default threshold configuration is 8; the default interval is 10.
Switch command.
Privileged.
Configuration loss occurs when a port completes a connection, allows data traffic to flow, and subsequently closes. The configuration loss threshold is used to control the number of configuration losses that can occur within a specified time. When the threshold is exceeded, the port is disabled and you must enable it by using the set port enable command or an SNMP manager.
The following example shows how to set a configuration loss threshold of 25 and an interval of 5 minutes for port 1 on module 4:
Console> (enable) set tokenring configloss 4/1 threshold 25 interval 5 Port 4/1 configloss threshold set to 25, interval set to 5. Console> (enable)
show tokenring
Use the set tokenring distrib-crf command to enable or disable distribution of TrCRF VLANs.
set tokenring distrib-crf {enable | disable}
enable | Keyword used to enable distribution of TrCRF VLANs. |
disable | Keyword used to disable distribution of TrCRF VLANs. |
Switch command.
Privileged.
This example shows how to enable distribution of TrCRF VLANs:
Console> (enable) set tokenring distrib-crf enable
This example shows how to disable distribution of TrCRF VLANs:
Console> (enable) set tokenring distrib-crf disable
show tokenring
Use the set tokenring etr command to enable or disable a Token Ring port's use of the early token release procedure when transmitting frames.
set tokenring etr mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
enable | disable | Keyword used to specify that early token release should be used (enable) or not used (disable) when transmitting frames. |
For 16-Mbps and autospeed-detection ports, the default configuration is to enable early token release.
Switch command.
Privileged.
You cannot enable early token release for 4-Mbps ports. Enabling or disabling early token release on a port causes the port to close and reopen.
This example shows how to enable early token release on port 2 on module 3:
Console> (enable) set tokenring etr 3/2 enable Port 3/2 Early Token Release enabled. Console> (enable)
This example shows how to disable early token release on port 2 on module 3:
Console> (enable) set tokenring etr 3/2 disable Port 3/2 Early Token Release disabled. Console> (enable)
show tokenring
Use the set tokenring portmode command to specify the connection type and access protocol used by a port.
set tokenring portmode mod_num/port_num {auto | fdxcport | hdxcport | fdxstation | hdxstation | riro}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
auto | Keyword used to set the port to detect the connection mode. |
fdxcport | Keyword used to set the port to operate as a concentrator port in full-duplex mode. |
hdxcport | Keyword used to set the port to operate as a concentrator port in half-duplex mode. |
fdxstation | Keyword used to set the port to operate as a station in full-duplex mode. |
hdxstation | Keyword used to set the port to operate as a station in half-duplex mode. |
riro | Parameter applicable to fiber-optic modules only. |
The default configuration has the port detect the mode of connection.
Switch command.
Privileged.
This example shows how to set the port mode to autosensing on port 1 on module 4:
Console> (enable) set tokenring portmode 4/1 auto Port 4/1 mode set to auto. Console> (enable)
This example shows how to set port 2 on module 4 to operate as a concentrator port in full-duplex mode:
Console> (enable) set tokenring portmode 4/2 fdxcport Port 4/2 mode set to fdxcport. Console> (enable)
show tokenring
Use the set tokenring priority command to specify the highest Token Ring frame priority that shall go to the low-priority transmit queue and the minimum Token Ring frame priority that is used when requesting a token.
set tokenring priority mod_num/port_num {threshold thresh_num | minxmit min_num}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
threshold | Keyword used to specify the priority queue threshold. |
thresh_num | Valid values are 0 to 7; the default is 3. |
minxmit | Keyword used to specify the minimum frame priority to be used. |
min_num | Valid values are 0 to 6; the default is 4. |
The default configuration for threshold is 3. The default configuration for minxmit is 4.
Switch command.
Privileged.
This example shows how to set the priority threshold levels on port 2 on module 4:
Console> (enable) set tokenring priority 4/2 threshold 6 Port 2 priority threshold set to 6. Console> (enable)
This example shows how to set the minimum priority levels on port 2 on module 4:
Console> (enable) set tokenring priority 4/2 minxmit 5 Port 2 priority minxmit set to 5. Console> (enable)
show tokenring
Use the set tokenring reduction command to reduce broadcast storms in an externally looped network.
set tokenring reduction {enable | disable}
enable | disable | Keywords used to turn broadcast reduction on (enable) or off (disable). |
The default configuration is enabled.
Switch command.
Privileged.
The following example shows how to enable All-Routes Explorer reduction:
Console> (enable) set tokenring reduction enable Tokenring reduction enabled Console> (enable)
The following example shows how to disable All-Routes Explorer reduction:
Console> (enable) set tokenring reduction disable Tokenring reduction disabled Console> (enable)
Use the set trunk command to configure trunk ports and to add VLANs to the allowed VLAN list for existing trunks.
set trunk mod_num/port_num [on | off | desirable | auto | nonegotiate] [vlan_range] [isl | dot1q | dot10 | lane]
mod_num | Number of the module. |
port_num | Number of the port on the module. |
on | (Optional) Keyword that puts the port into permanent trunking mode and negotiates to convert the link into a trunk port. The port becomes a trunk port even if the other end of the link does not agree to the change. This mode is not allowed on IEEE 802.1Q ports. This is the only possible mode for ATM ports. |
off | (Optional) Keyword that negotiates to convert the link into a nontrunk port. The port converts to a nontrunk port even if the other end of the link does not agree to the change. This is the default mode for FDDI trunks. This option is not allowed for ATM ports. |
desirable | (Optional) Keyword that triggers negotiations to switch the state of the link from a nontrunk to a trunk port. This mode is not allowed on IEEE 802.1Q, FDDI, and ATM ports. |
auto | (Optional) Keyword that indicates that the port can become a trunk port if another device on that link desires to be a trunk. This mode is not allowed on IEEE 802.1Q, FDDI, and ATM ports. This is the default mode for Fast Ethernet ports. |
nonegotiate | (Optional) Keyword used with ISL and IEEE 802.1Q Fast Ethernet trunks that causes the port to become a trunk but prevents the port from sending DISL frames. |
vlan_range | (Optional) VLANs to add to the list of allowed VLANs on the trunk. The VLAN range is 1 to 1000. |
isl | (Optional) Keyword used to specify an ISL trunk on a Fast Ethernet port. If no trunk type keyword is specified when configuring a Fast Ethernet trunk, ISL is used as the default. |
dot1q | (Optional) Keyword used to specify an IEEE 802.1Q trunk on a Fast Ethernet port. IEEE 802.1Q trunks are supported in Catalyst 5000 series software release 4.1(1) and later with 802.1Q-capable hardware, and must use the nonegotiate mode. |
dot10 | (Optional) Keyword used to specify an IEEE 802.10 trunk on a FDDI/CDDI port. |
lane | (Optional) Keyword used to specify an ATM LANE trunk on an ATM port. |
All ports except ATM LANE ports are nontrunk ports by default. ATM LANE ports are always configured as trunk ports.
Switch command.
Privileged.
Trunking capabilities are hardware dependent. The set trunk command is used to configure trunk ports and to add VLANs to the allowed VLAN list for existing trunks. To remove VLANs from the allowed list for a trunk, enter the clear trunk mod_num/port_num vlan_range command.
When a Catalyst 5000 series switch port that is configured to auto detects a link bit, and it determines that the other end of the link is a trunk port, the Catalyst 5000 series switch automatically converts the port configured to auto into trunking mode. The trunk port reverts to a nontrunk port if the link goes down.
For trunking to take effect on Fast Ethernet ports, the ports must be in the same VTP domain. However, you can use the on mode to force a port to become a trunk, even if it is in a different domain.
To return a trunk to its default trunk type and mode, enter the clear trunk mod_num/port_num command.
You cannot change the set of VLANs allowed on the RSM port.
If you enter the set trunk command on a Token Ring port, you receive a message indicating that the port is "not a trunk-capable port."
This example shows how to set port 2 on module 1 as a trunk port:
Console> (enable) set trunk 1/2 on Port(s) 1/2 trunk mode set to on. Console> (enable)
This example shows how to add VLANs 5 through 50 to the allowed VLAN list for a trunk port (VLANs were previously removed from the allowed list with the clear trunk command):
Console> (enable) set trunk 1/1 5-50 Adding vlans 5-50 to allowed list. Port(s) 1/1 allowed vlans modified to 1,5-50,101-1005. Console> (enable)
This example shows how to set port 5 on module 4 as an 802.1Q trunk port:
Console> (enable) set trunk 4/5 nonegotiate dot1q Port(s) 4/5 trunk mode set to nonegotiate. Port(s) 4/5 trunk type set to dot1q. Console> (enable)
clear trunk
set vtp
show trunk
show vtp domain
Use the set vlan command to group ports into a virtual LAN.
set vlan vlan_num mod_num/port_list
vlan_num | Number identifying the VLAN. |
mod_num | Number of the module. This parameter is not valid when defining or configuring TrBRFs. |
port_list | Numbers of the port on the module belonging to the VLAN. This parameter does not apply to TrBRFs. |
name name | (Optional) Keyword that defines a text string used as the name of the VLAN (1 to 32 characters). |
type {ethernet | fddi | fddinet | trcrf | trbrf} | (Optional) Keywords used to identify the VLAN type. |
state {active | suspend} | (Optional) Keyword used to specify whether the state of the VLAN is active or suspended. VLANs in suspended state do not pass packets; the default is active. |
said said | (Optional) Keyword that specifies the security association identifier. Possible values are 1 to 4294967294. This parameter does not apply to TrCRFs or TrBRFs. |
mtu mtu | (Optional) Keyword that specifies the maximum transmission unit (packet size, in bytes) that the VLAN can use. Possible values are 576 to 18190. |
ring ring_num | (Optional) Keyword that specifies the logical ring number for Token Ring VLANs. Possible values are hexadecimal numbers 0x1 to 0xFFF. For Token Ring VLANs, this parameter is valid and required only when defining a TrCRF. |
bridge bridge_num | (Optional) Keyword that specifies the identification number of the bridge. Possible values are hexadecimal numbers 0x1 to 0xF. For Token Ring VLANs, the default is 0F. This parameter is not valid for TrCRFs. |
parent vlan_num | (Optional) Keyword used to set a parent VLAN. The range for vlan_num is 2 to 1005. This parameter identifies the TrBRF to which a TrCRF belongs and is required when defining a TrCRF. |
mode {srt | srb} | (Optional) Bridging mode of a TrCRF. Valid values for this parameter are srt and srb. |
stp {ieee | ibm} | (Optional) Keyword that specifies which version of the Spanning-Tree Protocol for a TrBRF to use, source routing transparent (ieee), and source route bridging (ibm). |
translation vlan_num | (Optional) Keyword that specifies a translational VLAN used to translate FDDI or Token Ring to Ethernet. Possible values are 1 to 1005. |
backupcrf {off | on} | (Optional) Keyword that specifies whether the TrCRF is a backup path for traffic. |
aremaxhop hopcount | (Optional) Keyword that specifies the maximum number of hops for All-Routes Explorer frames. Possible values are 1 to 13; the default is 7. This parameter is only valid when defining or configuring TrCRFs. |
stemaxhop hopcount | (Optional) Keyword that specifies the maximum number of hops for spanning-tree explorer frames. Possible values are 1 to 13; the default is 7. This parameter is only valid when defining or configuring TrCRFs. |
The default configuration has all switched Ethernet ports and Ethernet repeater ports in VLAN 1. The default SAID is 100001 for VLAN 1, 100002 for VLAN 2, 100003 for VLAN 3, and so on. The default type is Ethernet. The default MTU is 1500 bytes. The default state is active.
The default TrBRF is 1005 and the default TrCRF is 1003. The default MTU for TrBRFs and TrCRFs is 4472. The default state is active.
Switch command.
Privileged.
You cannot use the set vlan command until the Catalyst 5000 series switch is either in VTP transparent mode (set vtp mode transparent) or until a VTP domain name has been set (set vtp domain name).
Valid MTU values for Token Ring VLAN are 1500 or 4472. While you can enter any value for the MTU value, the value you enter defaults to the next lowest valid value.
You cannot set multiple VLANs for ISL ports using this command. The VLAN name can be from 1 to 32 characters in length. If adding a new VLAN, the VLAN number must be within the range 2 to 1001. When modifying a VLAN, the valid range for the VLAN number is 2 to 1005.
On a new Token Ring VLAN, if you do not specify the parent parameter for a TrCRF, the default TrBRF (1005) is used.
This example shows how to set VLAN 850 to include ports 3 through 7 on module 3. Ports 3 through 7 were assigned to TrCRF 1003, therefore, the message reflects the modification of VLAN 1003:
Console> (enable) set vlan 850 3/4-7 VLAN 850 modified. VLAN 1003 modified. VLAN Mod/Ports ---- ----------------------- 850 3/4-7 Console> (enable)
Use the set vmps server command to configure the IP address of the VMPS server to be queried.
set vmps server ip_addr [primary]
ip_addr | IP address of the VMPS server. |
primary | (Optional) Keyword that identifies the specified device as the primary VMPS server. |
If no IP address is specified, VMPS uses the local VMPS configuration.
Switch command.
Privileged.
You can specify the IP addresses of up to three VMPS servers. You can define any VMPS server as the primary VMPS server.
If the primary VMPS server is down, all subsequent queries go to a secondary VMPS server. VMPS checks on the primary server's availability once every five minutes. When the primary VMPS server comes back online, subsequent VMPS queries are directed back to the primary VMPS server.
To use a co-resident VMPS (when VMPS is enabled in a device), configure one of the three VMPS addresses as the IP address of interface sc0.
This example shows how to define a VMPS server:
Console> (enable) set vmps server 192.168.10.140 primary 192.168.10.140 added to VMPS table as primary domain server. Console> (enable) set vmps server 192.168.69.171 192.168.69.171 added to VMPS table as backup domain server. Console> (enable)
Use the set vmps state command to enable or disable VMPS.
set vmps state {enable | disable}
enable | Keyword used to enable VMPS. |
disable | Keyword used to disable VMPS. |
By default, VMPS is disabled.
Switch command.
Privileged.
Before using the set vmps state command, you must use the set vmps tftpserver command to specify the IP address of the server from which the VMPS database is downloaded.
This example shows how to enable VMPS:
Console> (enable) set vmps state enable Vlan membership Policy Server enabled. Console> (enable)
This example shows how to disable VMPS:
Console> (enable) set vmps state disable All the VMPS configuration information will be lost and the resources released on disable. Do you want to continue (y/n[n]):y VLAN Membership Policy Server disabled. Console> (enable)
Use the set vmps tftpserver command to specify the TFTP server's IP address where the VMPS database is downloaded and the VMPS storage location.
set vmps tftpserver ip_addr [filename]
ip_addr | IP address of the TFTP server from which the VMPS database is downloaded. |
filename | (Optional) VMPS configuration filename on the TFTP server. |
If filename is not specified, the set vmps tftpserver command uses the default filename vmps-config-database.1.
Switch command.
Privileged.
This example shows how to specify the server from which the VMPS database is downloaded and the configuration filename:
Console> (enable) set vmps tftpserver 192.168.69.100 vmps_config.1 IP address of the TFTP server set to 192.168.69.100 VMPS configuration filename set to vmps_config.1 Console> (enable)
Use the set vtp command to set the options for VTP.
set vtp [domain domain_name] [mode {client | server | transparent}] [passwd passwd] [pruning {enable | disable}] [v2 {enable | disable}]
domain domain_name | (Optional) Keywords used to define the name that identifies the VLAN management domain. The domain_name can be 1 to 32 characters in length. |
mode {client | server | transparent} | (Optional) Keywords that specify the VTP mode. |
passwd passwd | (Optional) Keyword used to define the VLAN trunk protocol password. The VTP password can be 8 to 64 characters in length. |
pruning {enable | disable} | (Optional) Keywords that enable or disable VTP pruning for the entire management domain. |
v2 {enable | disable} | (Optional) Keyword used to set version 2 mode. |
The defaults are as follows: server mode, no password, pruning disabled, and v2 disabled.
Switch command.
Privileged.
All switches in a VTP domain must run the same version of VTP. VTP version 1 and VTP version 2 do not operate on switches in the same VTP domain. VTP version 2 is supported in software release 3.1(1) and later and is disabled by default.
If all switches in a domain are VTP version 2-capable, you only need to enable VTP version 2 on one switch (using the set vtp v2 enable command); the version number is then propagated to the other version 2-capable switches in the VTP domain.
VTP supports three different modes: server, client, and transparent. If you make a change to the VTP or VLAN configuration on a switch in server mode, that change is propagated to all of the switches in the same VTP domain.
If the receiving switch is in server mode, the configuration is not changed.
If the receiving switch is in client mode, the client switch changes its configuration to duplicate the configuration of the server. If you have switches in client mode, make sure to make all VTP or VLAN configuration changes on a switch in server mode.
If the receiving switch is in transparent mode, the configuration is not changed. Switches in transparent mode do not participate in VTP. If you make VTP or VLAN configuration changes on a switch in transparent mode, the changes are not propagated to the other switches in the network.
If you assign a VTP password, no VTP or VLAN configuration changes can be made without first entering the password.
The pruning keyword is used to enable or disable VTP pruning for the VTP domain. VTP pruning causes information about each pruning eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN out a particular switch port. Use the set vtp pruneeligible and clear vtp pruneeligible commands to specify which VLANs should or should not be pruned when pruning is enabled for the domain.
To disable VTP, enter the set vtp domain domain name mode transparent command. This disables VTP from the domain, but does not remove the domain from the switch. Use the clear config all command to remove the domain from the switch.
| Caution Be careful when you use the clear config all command. This command clears the entire switch configuration, not just the VTP domain. |
This example shows how to use the set vtp command:
Console> (enable) set vtp domain Engineering mode client VTP domain Engineering modified Console> (enable)
show vtp domain
set vlan
clear vlan
show vlan
set vtp pruneeligible
clear vtp pruneeligible
Use the set vtp pruneeligible command to specify which VLANs in the VTP domain are eligible for pruning.
set vtp pruneeligible vlan_range
vlan_range | Range of VLAN numbers. |
By default, VLANs 2 through 1000 are eligible for pruning.
Switch command.
Privileged.
VTP pruning causes information about each pruning eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN out a particular switch port. Use the set vtp command to enable VTP pruning.
By default, VLANs 2 through 1000 are pruning eligible. You do not need to use the set vtp pruneeligible command unless you have previously used the clear vtp pruneeligible command to make some VLANs pruning ineligible.
If VLANs have been made pruning ineligible, use the set vtp pruneeligible command to make them pruning eligible again.
This example shows how to configure pruning eligibility for VLANs 120 and 150:
Console> (enable) set vtp pruneeligible 120,150 Vlans 120,150 eligible for pruning on this device. VTP domain nada modified. Console> (enable)
In this example, VLANs 200-500 were made pruning ineligible using the clear vtp pruneeligible command. This example shows how to make VLANs 220 through 320 pruning eligible again:
Console> (enable) set vtp pruneeligible 220-320 Vlans 2-199,220-320,501-1000 eligible for pruning on this device. VTP domain Company modified. Console> (enable)
clear vtp pruneeligible
show vtp domain
set vtp
|
|