|
|
Use the set mls command set to configure the MLS feature in the Catalyst 5000 series switch.
set mls agingtime [agingtime]
agingtime | Keyword to specify the aging time (in seconds) for an MLS entry. |
agingtime | (Optional) MLS aging time of shortcuts to an MLS entry. |
disable | Keyword to disable IP shortcut functions on the Catalyst 5000 series switch, disable any NFCP message processing, delete any existing shortcut entries, and prevent new shortcut entries from being established. |
enable | Keyword to enable IP shortcut functions on the switch, enable NFCP message processing, and allow new shortcut entries to be established. |
include | Keyword to include the specified router(s) to participate in MLS. |
route_processor_ip | Router IP address if DNS is enabled. |
route_processor_name | Name of the router if DNS is enabled. |
statistics | Keyword to set protocols for statistics collection. |
protocol | Keyword to specify protocols. |
protocol | Number of protocol. |
port_num | Number of the port. |
The default agingtime is set to 256 seconds.
Switch command.
Privileged.
If you enter any of the set mls commands on a Catalyst 5000 series switch without MLS, the following warning message displays:
MLS not supported on feature card.When you set the agingtime, it can be configured as multiples of 8 seconds in the range of 8 to 2032 seconds. The values are picked up in numerical order to achieve efficient aging. Any value for agingtime that is not a multiple of 8 seconds is adjusted to the closest one. For example, 65 is adjusted to 64, while 127 is adjusted to 128.
The set mls disable command disables IP shortcut functions on the Catalyst 5000 series switch, does not process any NFCP messages, deletes any existing shortcut entries, and prevents new ones from being established.
The set mls enable command enables the IP shortcut function on this device, processes NFCP messages, and establishes shortcuts for IP data packets.
The Catalyst 5000 series switch does not process NFCP messages from routers that are not configured to participate in MLS. You must use the set mls include command to configure a router to participate in MLS. You can specify multiple router entries on the same command line. The included router entries are saved in NVRAM and retained across a power cycle.
You must enable DNS to resolve the router's IP address.
You can configure only 64 ports using the set mls statistics protocol command.
These examples show how to use the set mls command set to configure MLS:
Console>(enable) set mls agingtime 512 Multilayer switching aging time set to 512 seconds. Console> (enable) Console> (enable) set mls disable Multilayer switching disabled Console> (enable) Console> (enable) set mls enable Multilayer switching enabled Console> (enable) Console> (enable) set mls include 170.170.2.1 Multilayer switching enabled for router 170.170.2.1 Console> (enable) Console> (enable) set mls include Stargate Multilayer switching enabled for router 172.20.15.1 (Stargate) Console> (enable) console>(enable) set mls statistics protocol 17 1934 Protocol 17 port 1934 is added to protocol statistics list. Console> (enable)
set mls nde
clear mls
show mls
show mls statistics
Use the set mls agingtime fast command to specify the MLS aging time of shortcuts to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created.
set mls agingtime fast [fastagingtime] [pkt_threshold]
fastagingtime | (Optional) Valid values are multiples of 8 to any value in the range of 0 to 128 seconds. 0 disables fast aging. If a value is not specified, the default value is used. |
pkt_threshold | (Optional) Valid values are 0, 1, 3, 7, 15, 31, 63, and 127 packets. If a value is not specified, the default value is used. |
The default fastagingtime is 0, no fast aging. The default pkt_threshold is 0.
Switch command.
Privileged.
If you enter any of the set mls agingtime fast commands on a Catalyst 5000 series switch without MLS, the following warning message displays:
mls not supported on feature card.When you set the fastagingtime, it can be configured as multiples of 8 to any value in the range of 0 to 128 seconds.
The default pkt_threshold is 0. It can be configured as one of the 0, 1, 3, 7, 15, 31, 63, and 127 (the values picked for efficient aging). If fastagingtime is not configured exactly the same among these values, it is adjusted to the closest one. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0 packet, respectively (it means no packet switched within 32 seconds after the entry created).
Agingtime applies to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created. A typical example is the MLS entry destined to/sourced from a DNS or TFTP server. This entry may never be used again after it is created. For example, only one request goes to a server and one reply returns from the server, and then the connection is closed.
The agingtime fast option is used to purge entries associated with very short flows, such as DNS and TFTP.
We recommend that you keep the number of MLS entries in the MLS cache below 32K. If the number of MLS entries is more than 32K, some flows (less than 1 percent) are sent to the router.
To keep the number of MLS cache entries below 32K, aging time can be decreased. It can be decreased up to 8 seconds. If the switch has lot of short flows that are used by few packets then fast aging can be used. This is in general happens when the switch is in full flow mode.
If cache entries continue to exceed 32K, decrease the normal agingtime in increments of 64 seconds from the 256-second default.
This example shows how to use the set mls agingtime fast command to set the agingtime:
Console>(enable) set mls agingtime fast 32 0 Multilayer switching fast aging time set to 32 seconds for entries with no more than 0 packet switched. Console> (enable)
set mls nde
clear mls
show mls
show mls statistics
Use the set mls flow command to specify the minimum flow mask used for MLS. This command is needed to collect statistics for the supervisor engine module.
 | Caution Use this command carefully. This command purges all existing shortcuts and affects the number of active shortcuts. This command can increase the cache usage and increase the load on the router. |
| Caution Extreme caution should be used when entering this command if the Catalyst 5000 series switch already has a large number of (greater than 16K) shortcuts. |
| Caution This command should not be placed in scripts that are frequently executed as this may cause all the MLS cache entries to be purged. |
destination | Keyword to set the flow mask to destination flow. |
destination-source | Keyword to set the flow mask to source flow. |
full | Keyword to set the flow mask to an extended access list. |
If there are no access lists on any MLS-RP, the flow mask is set to destination flow.
Switch command.
Privileged.
This command is needed to collect statistics for the supervisor engine module. If the supervisor engine module changes the flow mask in the background frequently, all the shortcuts are purged every time.
Aging time may have to be decreased to reduce the increase in number of flows due to this command. This command is intended to be used for gathering very detailed statistics at the protocol port level. For example, when Netflow Data is exported to an RMON-II probe.
The flow mask is either destination-source or full flow even if no access lists are on MLS-RP.
These examples show how to specify that only expired flows to subnet 171.69.194.0 are exported:
console> (enable) set mls flow destination Configured flow mask is set to destination flow. console> (enable) console> (enable) set mls flow destination-source Configured flow mask is set to destination-source flow. console> (enable) console> (enable) set mls flow full Configured flow mask is set to full flow. console> (enable)
Use the set mls nde command set to configure the NetFlow Data Export (NDE) feature in the Catalyst 5000 series switch to allow command exporting statistics to the preconfigured collector.
set mls nde {disable | enable}
disable | Keyword to disable NDE. |
enable | Keyword to enable NDE. |
collector_ip | IP address of the collector if DNS is enabled. |
collector_name | Name of the collector if DNS is enabled. |
udp_port_num | Number of the UDP port to receive the exported statistics. |
flow | Keyword to add filtering to NDE. |
destination | (Optional) Keyword to specify the destination IP address. |
ip_addr_spec | (Optional) Full IP address or a subnet address in these formats: ip_subnet_addr, ip_addr/subnet_mask, or ip_addr/#subnet_mask_bits. |
source | (Optional) Keyword to specify the source IP address. |
protocol | (Optional) Keyword to specify the protocol type. |
protocol | (Optional) Protocol type; valid values can be 0, tcp, udp, icmp, or a decimal number for other protocol families. 0 indicates "do not care." If the protocol is not tcp or udp, we recommend that you set the dst_port port_number and src_port port_number values to 0, otherwise no flows are displayed. |
src_port | (Optional) Keyword to specify the number of the source port. Used with dst_port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care." If the protocol is not tcp or udp, we recommend that you set the src_port value to 0, otherwise no flows are displayed. |
port_number | Number of the TCP/UDP port (decimal). |
dst_port | (Optional) Keyword to specify the number of the destination port. Used with src_port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care." If the protocol is not tcp or udp, we recommend that you set the dst_port value to 0, otherwise no flows are displayed. |
All expired flows are exported until the filter is specified explicitly.
Switch command.
Privileged.
If you enter any of the set mls nde commands on a Catalyst 5000 series switch without MLS, the following warning message displays:
mls not supported on feature card.Before you use the set mls nde command for the first time, you must configure the host to collect the MLS statistics. The host name and UDP port number are saved in NVRAM, and you do not need to specify them. If you specify a host name and UDP port, values in NVRAM overwrite the old values. Collector's values in NVRAM do not clear when NDE is disabled; this command configures the collector, but does not enable NDE automatically.
The set mls nde enable command enables NDE, exporting statistics to the preconfigured collector.
If you attempt to enable NDE without first specifying a collector, you see this display:
Console>(enable) set mls nde enable Please set host name and UDP port number with `set mls nde <collector_name | collector_ip> <udp_port_number>'. Console>(enable)
The set mls nde flow command adds filtering to the NDE. Expired flows matching the specified criteria are exported. These values are stored in NVRAM. They are not cleared when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when NDE is disabled.
Use the following syntax to specify an IP subnet address:
If the protocol value is not set to tcp or udp, we recommend you set the dst_port and src_port values to 0, otherwise no flows will be displayed.
When you use the set mls nde {collector_ip | collector_name} {udp_port_num} command, the host name and UDP port number are saved in NVRAM and need not be specified again. If a host name and UDP port are specified, values in NVRAM are overwritten with the new values. Collector's values in NVRAM are not cleared when NDE is disabled.
These examples show how to use the set mls nde command set to configure NDE:
Console> (enable) set mls nde Stargate 120 Netflow data export not enabled. Netflow data export to port 120 on 172.20.15.1(Stargate) Console> (enable) Console>(enable) set mls nde enable Netflow data export enabled. Netflow data export to port 120 on 172.20.15.1 (Stargate) Console> (enable) Console> (enable) set mls nde disabled Netflow data export disabled. Console> (enable) Console> (enable) set mls nde flow destination 171.69.194.140/24 Netflow data export: destination filter set to 171.69.194.0/24 Console> (enable) Console> (enable) set mls nde flow destination 171.69.194.140 Netflow data export: destination filter set to 171.69.194.140/32 Console> (enable) Console>(enable) set mls nde flow destination 171.69.194.140/24 source 171.69.173.5/24 Netflow data export: destination filter set to 171.69.194.0/24 Netflow data export: source filter set to 171.69.173.0/24 Console>(enable) console> (enable) set mls nde flow source 171.69.194.140 protocol 51 Netflow data export: source filter set to 171.69.194.140/32 Netflow data export: protocol filter set to 51. Console> (enable) Console>(enable) set mls nde flow dst_port 23 Netflow data export: destination port filter set to 23. Console>(enable) Console>(enable) set mls nde flow source 171.69.194.140 dst_port 23 Netflow data export: destination port filter set to 23 Netflow data export: source filter set to 171.69.194.140/32 Console>(enable)
clear mls
show mls
show mls statistics
set mls
set mls agingtime fast
Use the set module disable command to disable a module.
set module disable mod_num
mod_num | Number of the module. You can specify a series of modules by entering a comma between each module number (for example, 2,3,5). You can specify a range of modules by entering a dash between module numbers (for example, 2-5). |
The default configuration has all modules enabled.
Switch command.
Privileged.
Avoid disabling a module when you are connected via a Telnet session; if you disable your session, you will disconnect your Telnet session.
If there are no other network connections to the Catalyst 5000 series switch (for example, on another module), you have to reenable the module from the console.
This example shows how to disable module 3 when connected via the console port:
Console> (enable) set module disable 3 Module 3 disabled. Console> (enable)
This example shows how to disable module 2 when connected via a Telnet session:
Console> (enable) set module disable 2 This command may disconnect your telnet session. Do you want to continue (y/n) [n]? y Module 2 disabled.
Use the set module enable command to enable a module.
set module enable mod_num
mod_num | Number of the module to enable. |
The default setting has all modules enabled.
Switch command.
Privileged.
If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.
This example shows how to enable module 2:
Console> (enable) set module enable 2 Module 2 enabled. Console> (enable)
Use the set module name command to set the name for a module.
set module name mod_num [mod_name]
mod_num | Number of the module. |
mod_name | (Optional) Name created for the module. |
The default configuration has no module names configured for any modules.
Switch command.
Privileged.
If the module name is not specified, any previously specified name is cleared.
Use the set module name command to set the module for the RSM. Additional set module commands are not supported by the RSM.
This example shows how to set the name for module 1 to Supervisor:
Console> (enable) set module name 1 Supervisor Module name set. Console> (enable)
Use the set multicast router command to manually configure a port as a multicast router port.
set multicast router mod_num/port_num
mod_num | Number of the module. |
port_num | Number of the port on the module. |
By default, no ports are configured as multicast router ports.
Switch command.
Privileged.
When you enable CGMP or IGMP snooping, the ports to which a multicast-capable router is attached are identified automatically. The set multicast router command allows you to configure multicast router ports statically.
This example shows how to configure a multicast router port:
Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)
clear multicast router
set cgmp
set igmp
show multicast router
show multicast group count
Use the set ntp broadcastclient command to enable or disable NTP in broadcast-client mode.
set ntp broadcastclient {enable | disable}
enable | Keyword to enable NTP in broadcast-client mode. |
disable | Keyword to disable NTP in broadcast-client mode. |
The default setting for this command is disabled.
Switch command.
Privileged.
The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to the Catalyst 5000 series switch.
This example shows how to enable an NTP broadcast client:
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled. Console> (enable)
This example shows how to disable an NTP broadcast client:
Console> (enable) set ntp broadcastclient disable NTP Broadcast Client mode disabled. Console> (enable)
Use the set ntp broadcastdelay command to configure a time-adjustment factor so the Catalyst 5000 series switch can receive broadcast packets.
set ntp broadcastdelay microseconds
microseconds | Estimated round-trip time, in microseconds, for NTP broadcasts. Allowable range is from 1 to 999999. |
By default, the NTP broadcast delay is set to 3000.
Switch command.
Privileged.
This example shows how to set the NTP broadcast delay to 4000 microseconds:
Console> (enable) set ntp broadcastdelay 4000 NTP broadcast delay set to 4000 microseconds. Console> (enable)
Use the set ntp client command to enable or disable the Catalyst 5000 series switch as an NTP client.
set ntp client {enable | disable}
enable | Keyword to enable the Catalyst 5000 series switch as an NTP client. |
disable | Keyword to disable the Catalyst 5000 series switch as an NTP client. |
By default, NTP client mode is disabled.
Switch command.
Privileged.
You can configure NTP in either broadcast-client mode or client mode. The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to the Catalyst 5000 series switch. The client mode assumes that the client (the Catalyst 5000 series switch) regularly sends time-of-day requests to the NTP server.
This example shows how to enable NTP client mode:
Console> (enable) set ntp client enable NTP client mode enabled. Console> (enable)
Use the set ntp server command to configure the IP address of the NTP server.
set ntp server ip_addr
ip_addr | IP address of the NTP server providing the clock synchronization. |
There is no default setting for this command.
Switch command.
Privileged.
The client mode assumes that the client (the Catalyst 5000 series switch) sends time-of-day requests regularly to the NTP server. A maximum of ten servers per client is allowed.
This example shows how to configure an NTP server:
Console> (enable) set ntp server 172.20.22.191 NTP server 172.20.22.191 added. Console> (enable)
Use the set password command to change the login password on the CLI.
set passwordThis command has no arguments or keywords.
The default configuration has no password configured.
Switch command.
Privileged.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.
This example shows how to set an initial password:
Console> (enable) set password Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed. Console> (enable)
|
|