|
|
This chapter describes how to administer and manage Catalyst 5000, 4000, 2948G, 2926G, and 2926 series switches.
This chapter consists of these sections:
The Catalyst 5000, 4000, 2926G, or 2926 series switches are multimodule systems. You can see what modules are installed, as well as the MAC address ranges and version numbers for each module, using the show module [mod_num] command. Specify a particular module number to see detailed information on that module.
The Catalyst 2948G, 2926G, and 2926 series switches are fixed-configuration switches, but are logically modular. You must apply configuration commands to the appropriate module. For example, on a Catalyst 2926G series switch, the 24 Fast Ethernet ports belong logically to module 2.
This example shows how to check module status on a Catalyst 5000 series switch. The output shows that there are two supervisor engine modules (one in standby mode), six additional modules (including an RSM in slot 5 and a two-slot 10BaseT Ethernet module in slots 6 and 7), and a LightStream 1010 ATM ASP) installed in the chassis.
Console> (enable) show module Mod Module-Name Ports Module-Type Model Serial-Num Status --- ------------------- ----- --------------------- --------- --------- ------- 1 4 10/100BaseTX Supervis WS-X5530 009979082 ok 2 2 10/100BaseTX Supervis WS-X5530 007451586 standby 3 48 10BaseT Ethernet WS-X5012A 007879593 ok 4 1 Network Analysis/RMON WS-X5380 008175475 ok 5 1 Route Switch WS-X5302 007460757 ok 6 10BaseT Ethernet Ext 7 48 10BaseT Ethernet WS-X5014 007879658 ok 8 1 MM OC-3 ATM WS-X5155 003414855 ok 9 2 UTP OC-3 Dual-Phy ATM WS-X5156 007646048 ok 13 ASP/SRP Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------- 1 00-e0-4f-ac-b0-00 to 00-e0-4f-ac-b3-ff 1.8 3.1.2 4.3(1a) 2 00-e0-4f-ac-b0-00 to 00-e0-4f-ac-b3-ff 1.3 3.1.2 4.3(1a) 3 00-10-7b-50-1b-00 to 00-10-7b-50-1b-2f 0.202 4.2(108) 4.3(1a) 4 00-e0-14-10-18-00 0.100 4.1.1 4.3(0.31) 5 00-e0-1e-91-d5-14 to 00-e0-1e-91-d5-15 5.0 20.7 11.3(3a)WA4(5) 7 00-10-7b-5d-30-40 to 00-10-7b-5d-30-6f 0.102 4.2(108) 4.3(1a) 8 00-e0-1e-a9-20-b9 1.2 1.3 3.2(7) 9 00-e0-1e-e5-07-27 2.1 1.3 51.1(1) Mod Sub-Type Sub-Model Sub-Serial Sub-Hw --- -------- --------- ---------- ------ 1 NFFC WS-F5521 0008936340 1.0 1 uplink WS-U5537 0007288247 2.0 2 NFFC WS-F5521 0011462777 1.1 2 uplink WS-U5531 0007464204 1.1 Console> (enable)
This example shows how to check module status on a Catalyst 2926 series switch. The Catalyst 2926 series switches have two logical modules, a supervisor engine and a 24-port Fast Ethernet switching module.
Console> (enable) show module Mod Module-Name Ports Module-Type Model Serial-Num Status --- ------------------- ----- --------------------- --------- --------- ------- 1 2 100BaseTX Supervisor WS-X2926T 007475320 ok 2 24 10/100BaseTX Ethernet WS-X2926L 007424148 ok Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------- 1 00-10-0d-40-34-00 to 00-10-0d-40-37-ff 2.1 2.4(1) 4.3(1a) 2 00-e0-1e-f5-9d-58 to 00-e0-1e-f5-9d-6f 1.1 2.4(1) 4.3(1a) Mod Sub-Type Sub-Model Sub-Serial Sub-Hw --- -------- --------- ---------- ------ 1 EARL 1+ WS-F5511 0007472321 1.0 Console> (enable)
This example shows how to check module status on a Catalyst 2948G series switch. On the Catalyst 2948G series switches, there are two logical modules but both are in slot 1.
Console> (enable) show module Mod Slot Ports Module-Type Model Status --- ---- ----- ------------------------- ------------------- -------- 1 1 0 Switching Supervisor WS-X2948 ok 2 1 50 10/100/1000 Ethernet WS-X2948G ok Mod Module-Name Serial-Num --- ------------------- -------------------- 1 JAB023806JR 2 JAB0240004D Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------- 1 00-10-7b-f4-ce-00 to 00-10-7b-f4-d1-ff 1.0 4.4(1) 4.4(1) 2 00-10-7b-f4-d1-9e to 00-10-7b-f4-d1-fd 1.0 Console> (enable)
This example shows how to check module status on a specific module:
Console> (enable) show module 3 Mod Module-Name Ports Module-Type Model Serial-Num Status --- ------------------- ----- --------------------- --------- --------- ------- 3 48 10BaseT Ethernet WS-X5012A 007879593 ok Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------- 3 00-10-7b-50-1b-00 to 00-10-7b-50-1b-2f 0.202 4.2(108) 4.3(1a) Console> (enable)
You can see summary or detailed information on the switch ports using the show port [mod_num[/port_num]] command. To see summary information on all of the ports on the switch, enter the show port command with no arguments. Specify a particular module number to see information on the ports on that module only. Enter both the module number and the port number to see detailed information about the specified port.
The Catalyst 2948G, 2926G, and 2926 series switches are fixed-configuration switches, but are logically modular. To apply configuration commands to a particular port, you must specify the appropriate logical module. For more information, see the "Checking Module Status" section.
This example shows how to see information on the ports on a specific module only:
Console> (enable) show port 2
Port Name Status Vlan Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
2/1 connected trunk normal full 1000 1000BaseSX
2/2 notconnect 1 normal full 1000 1000BaseSX
2/3 notconnect 1 normal full 1000 No GBIC
2/4 notconnect 1 normal full 1000 No GBIC
2/5 notconnect 1 normal full 1000 No GBIC
2/6 notconnect 1 normal full 1000 No GBIC
Port Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex
----- -------- ----------------- ----------------- -------- -------- -------
2/1 disabled No disabled 9
2/2 disabled No disabled 10
2/3 disabled No disabled 11
2/4 disabled No disabled 12
2/5 disabled No disabled 13
2/6 disabled No disabled 14
Port Send FlowControl Receive FlowControl RxPause TxPause Unsupported
admin oper admin oper opcodes
----- -------- -------- -------- -------- ------- ------- -----------
2/1 desired off off off 0 0 0
2/2 desired off off off 0 0 0
2/3 desired off off off 0 0 0
2/4 desired off off off 0 0 0
2/5 desired off off off 0 0 0
2/6 desired off off off 0 0 0
Port Status Channel Channel Neighbor Neighbor
mode status device port
----- ---------- --------- ----------- ------------------------- ----------
2/1 connected auto not channel
2/2 notconnect auto not channel
2/3 notconnect auto not channel
2/4 notconnect auto not channel
2/5 notconnect auto not channel
2/6 notconnect auto not channel
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
2/1 - 0 0 0 0
2/2 - 0 0 0 0
2/3 - 0 0 0 0
2/4 - 0 0 0 0
2/5 - 0 0 0 0
2/6 - 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
2/1 0 0 0 0 0 0 0
2/2 0 0 0 0 0 0 0
2/3 0 0 0 0 0 0 0
2/4 0 0 0 0 0 0 0
2/5 0 0 0 0 0 0 0
2/6 0 0 0 0 0 0 0
Last-Time-Cleared
--------------------------
Tue Dec 8 1998, 13:26:01
Console> (enable)
This example shows how to see information on an individual port:
Console> (enable) show port 2/1
Port Name Status Vlan Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
2/1 connected trunk normal full 1000 1000BaseSX
Port Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex
----- -------- ----------------- ----------------- -------- -------- -------
2/1 disabled No disabled 9
Port Send FlowControl Receive FlowControl RxPause TxPause Unsupported
admin oper admin oper opcodes
----- -------- -------- -------- -------- ------- ------- -----------
2/1 desired off off off 0 0 0
Port Status Channel Channel Neighbor Neighbor
mode status device port
----- ---------- --------- ----------- ------------------------- ----------
2/1 connected auto not channel
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
2/1 - 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
2/1 0 0 0 0 0 0 0
Last-Time-Cleared
--------------------------
Tue Dec 8 1998, 13:26:01
Console> (enable)
You can display the capabilities of any port in a switch using the show port capabilities [[mod_num][/port_num]] command.
This example shows you how to display the port capabilities for switch ports:
Console> (enable) show port capabilities 1 Model WS-X5509 Port 1/1 Type 100BaseTX Speed 100 Duplex half,full Trunk encap type ISL Trunk mode on,off,desirable,auto,nonegotiate Channel 1/1-2 Broadcast suppression percentage(0-100) Flow control no Security yes Membership static,dynamic Fast start yes Rewrite no -------------------------------------------------------------- Model WS-X5509 Port 1/2 Type 100BaseTX Speed 100 Duplex half,full Trunk encap type ISL Trunk mode on,off,desirable,auto,nonegotiate Channel 1/1-2 Broadcast suppression percentage(0-100) Flow control no Security yes Membership static,dynamic Fast start yes Rewrite no Console> (enable) show port capabilities 7/1 Model WS-X5014 Port 7/1 Type 10BaseT Speed 10 Duplex half,full Trunk encap type no Trunk mode off Channel no Broadcast suppression percentage(0-100) Flow control no Security yes Membership static,dynamic Fast start yes Rewrite no Console> (enable) show port capabilities 8 Model WS-X5155 Port 8/1 Type OC3 MMF ATM Speed 155 Duplex full Trunk encap type LANE Trunk mode on Channel no Broadcast suppression no Flow control no Security no Membership static Fast start no Rewrite no Console> (enable)
You can use the set alias command to define command aliases (shorthand versions of commands) for frequently used or long and complex commands. Command aliases can save you time and can help prevent typing errors when you are configuring or monitoring the switch.
The name argument defines the command alias. The command and parameter arguments define the command to enter when the command alias is entered at the command line.
To define a command alias on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Define a command alias on the switch. | set alias name command [parameter] [parameter] |
Step 2 Verify the currently defined command aliases. | show alias [name] |
This example shows how to define two command aliases, sm8, that issues the show module 8 command, and sp8, that issues the show port 8 command. This example also shows how to verify the currently defined command aliases and what happens when you enter the command aliases at the command line:
Console> (enable) set alias sm8 show module 8 Command alias added. Console> (enable) set alias sp8 show port 8 Command alias added. Console> (enable) show alias sm8 show module 8 sp8 show port 8 Console> (enable) sm8 Mod Module-Name Ports Module-Type Model Serial-Num Status --- ------------------- ----- --------------------- --------- --------- ------- 8 2 DS3 Dual PHY ATM WS-X5166 007243262 ok Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------- 8 00-60-2f-45-26-2f 2.0 1.3 51.1(103) Console> (enable) sp8 Port Name Status Vlan Level Duplex Speed Type ----- ------------------ ---------- ---------- ------ ------ ----- ------------ 8/1 notconnect trunk normal full 45 DS3 ATM 8/2 notconnect trunk normal full 45 DS3 ATM Port ifIndex ----- ------- 8/1 285 8/2 286 Use 'session' command to see ATM counters. Last-Time-Cleared -------------------------- Thu Sep 10 1998, 16:56:08 Console> (enable)
You can use the set ip alias command to define textual aliases for IP addresses. IP aliases can make it easier to refer to other network devices when using ping, telnet, and other commands, even when Domain Name System (DNS) is not enabled.
The name argument defines the IP alias. The ip_addr argument defines the IP address to which the name refers.
To define an IP alias on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Define an IP alias on the switch. | set ip alias name ip_addr |
Step 2 Verify the currently defined IP aliases. | show ip alias [name] |
This example shows how to define two IP aliases, sparc, that refers to IP address 172.20.52.3, and cat5509, that refers to IP address 172.20.52.71. This example also shows how to verify the currently defined IP aliases and what happens when you use the IP aliases with the ping command:
Console> (enable) set ip alias sparc 172.20.52.3 IP alias added. Console> (enable) set ip alias cat5509 172.20.52.71 IP alias added. Console> (enable) show ip alias default 0.0.0.0 sparc 172.20.52.3 cat5509 172.20.52.71 Console> (enable) ping sparc sparc is alive Console> (enable) ping cat5509 cat5509 is alive Console> (enable)
You can access the switch command-line interface (CLI) using Telnet. In addition, you can use Telnet from the switch to access other devices in the network. Up to eight simultaneous Telnet sessions are possible.
To Telnet to another device on the network from the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Open a Telnet session with a remote host. | telnet host [port] |
This example shows how to Telnet from the switch to a remote host:
Console> (enable) telnet labsparc Trying 172.16.10.3... Connected to labsparc. Escape character is '^]'. UNIX(r) System V Release 4.0 (labsparc) login:
These sections describe how to use IP ping:
You can use IP ping to test connectivity to remote hosts. If you attempt to ping a host in a different IP subnetwork, you must define a static route to the network or have a router configured to route between those subnets.
To stop a ping in progress, press Ctrl-C.
Ping will return one of the following responses:
To ping another device on the network from the switch, perform one of these tasks in privileged mode:
| Task | Command |
|---|---|
| ping host |
| ping -s host [packet_size] [packet_count] |
This example shows how to ping a remote host:
Console> (enable) ping labsparc labsparc is alive Console> (enable) ping 172.16.10.3 172.16.10.3 is alive Console> (enable)
This example shows how to ping a remote host using the ping options:
Console> (enable) ping -s 172.16.10.3 1000 8 PING 172.20.52.3: 1000 data bytes 1008 bytes from 172.16.10.3: icmp_seq=0. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=1. time=5 ms 1008 bytes from 172.16.10.3: icmp_seq=2. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=3. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=4. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=5. time=5 ms 1008 bytes from 172.16.10.3: icmp_seq=6. time=6 ms 1008 bytes from 172.16.10.3: icmp_seq=7. time=5 ms ----172.16.10.3 PING Statistics---- 8 packets transmitted, 8 packets received, 0% packet loss round-trip (ms) min/avg/max = 5/5/6 Console> (enable)
These sections describe how to use IP traceroute:
You can use IP traceroute to identify the path that packets take through the network on a hop-by-hop basis. The command output displays all network layer (Layer 3) devices, such as routers, that the traffic passes through on the way to the destination.
Switches can participate as the source or destination of the traceroute command but will not appear as a hop in the traceroute command output.
The traceroute command uses the Time To Live (TTL) field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a User Datagram Protocol (UDP) datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an Internet Control Message Protocol (ICMP) time-exceeded message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message.
To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host (or until the maximum TTL is reached).
To determine when a datagram reaches its destination, traceroute sets the UDP destination port in the datagram to a very large value which the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP port unreachable error to the source. This message indicates to the traceroute facility that it has reached the destination.
To trace the path that packets take through the network, perform this task in privileged mode:
| Task | Command |
|---|---|
Execute IP traceroute to trace the path packets take through the network. | traceroute [-n] [-w wait_time] [-i initial_ttl] [-m max_ttl] [-p dest_port] [-q nqueries] [-t tos] host [data_size] |
This example shows the basic usage of the traceroute command:
Console> (enable) traceroute 10.1.1.100 traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 40 byte packets 1 10.1.1.1 (10.1.1.1) 1 ms 2 ms 1 ms 2 10.1.1.100 (10.1.1.100) 2 ms 2 ms 2 ms Console> (enable)
This example shows how to perform a traceroute with six queries to each hop with packets of 1400 bytes each:
Console> (enable) traceroute -q 6 10.1.1.100 1400 traceroute to 10.1.1.100 (10.1.1.100), 30 hops max, 1440 byte packets 1 10.1.1.1 (10.1.1.1) 2 ms 2 ms 2 ms 1 ms 2 ms 2 ms 2 10.1.1.100 (10.1.1.100) 2 ms 4 ms 3 ms 3 ms 3 ms 3 ms Console> (enable)
These sections describe how to use the Domain Name System (DNS):
DNS is a distributed database with which you can map host names to IP addresses through the DNS protocol from a DNS server. When you configure DNS on the switch, you can substitute the host name for the IP address with all IP commands, such as ping, telnet, upload, and download.
To use DNS, you must have a DNS name server present on your network.
You can specify a primary DNS name server on the switch as well as two backup servers. The first server specified is the primary unless you explicitly identify the primary server. The switch sends DNS queries to the primary server first. If the query to the primary server fails, the backup servers are queried.
Table 13-1 shows the default DNS configuration.
| Feature | Default Value |
|---|---|
DNS enable state | Disabled |
DNS default domain name | Null |
DNS servers | None specified |
The following sections describe how to configure DNS:
To set up and enable DNS on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the IP address of one or more DNS servers. | set ip dns server ip_addr [primary] |
Step 2 Set the domain name. | set ip dns domain name |
Step 3 Enable DNS. | set ip dns enable |
Step 4 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to set up and enable DNS on the switch and verify the configuration:
Console> (enable) set ip dns server 10.2.2.1 10.2.2.1 added to DNS server table as primary server. Console> (enable) set ip dns server 10.2.24.54 primary 10.2.24.54 added to DNS server table as primary server. Console> (enable) set ip dns server 10.12.12.24 10.12.12.24 added to DNS server table as backup server. Console> (enable) set ip dns domain corp.com Default DNS domain name set to corp.com Console> (enable) set ip dns enable DNS is enabled Console> (enable) show ip dns DNS is currently enabled. The default DNS domain name is: corp.com DNS name server status ---------------------------------------- ------- dns_serv2 dns_serv1 primary dns_serv3 Console> (enable)
To clear DNS servers from the DNS server table, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Remove one or all of the DNS servers from the table. | clear ip dns server [ip_addr | all] |
Step 2 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to clear a DNS server from the DNS server table:
Console> (enable) clear ip dns server 10.12.12.24 10.12.12.24 cleared from DNS table Console> (enable)
This example shows how to clear all of the DNS servers from the DNS server table:
Console> (enable) clear ip dns server all All DNS servers cleared Console> (enable)
To clear the default DNS domain name, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Clear the default DNS domain name. | clear ip dns domain |
Step 2 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to clear the default DNS domain name:
Console> (enable) clear ip dns domain Default DNS domain name cleared. Console> (enable)
To disable DNS, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable DNS on the switch. | set ip dns disable |
Step 2 Verify the DNS configuration. | show ip dns [noalias] |
This example shows how to disable DNS on the switch:
Console> (enable) set ip dns disable DNS is disabled Console> (enable)
The system name on the switch is a user-configurable string used to identify the device. The default configuration has no system name configured.
If you do not manually configure a system name, the system name is obtained through DNS if you configure the switch as follows:
If the DNS lookup is successful, the DNS host name of the switch is configured as the system name of the switch and is saved in NVRAM (the domain name is removed).
If you have not configured a system prompt, the first 20 characters of the system name are used as the system prompt (a greater-than symbol [>] is appended). The prompt is updated whenever the system name changes, unless the prompt is manually configured using the set prompt command.
The switch performs a DNS lookup for the system name whenever one of the following occurs:
If the system name is user configured, no DNS lookup is performed.
These sections describe how to statically configure the system name and prompt:
To statically configure the system name, perform this task in privileged mode:
| Task | Command |
|---|---|
Statically set the system name. | set system name name_string |
This example shows how to set the system name on the switch:
Console> (enable) set system name Catalyst 5000 System name set. Catalyst 5000> (enable)
To statically configure the system prompt, perform this task in privileged mode:
| Task | Command |
|---|---|
Statically set the system prompt. | set prompt prompt_string |
This example shows how to statically configure the system prompt on the switch:
Console> (enable) set prompt Catalyst5500> Catalyst5500> (enable)
To clear the system name, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear the system name. | set system name |
This example shows how to clear the system name:
Console> (enable) set system name System name cleared. Console> (enable)
You can specify the system contact and location to help you with resource management tasks.
To specify the system contact and location, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the system contact. | set system contact [contact_string] |
Step 2 Set the system location. | set system location [location_string] |
Step 3 Verify the global system information. | show system |
This example shows how to specify the system contact and location and verify the configuration:
Catalyst 5000> (enable) set system contact sysadmin@corp.com System contact set. Catalyst 5000> (enable) set system location Sunnyvale CA System location set. Catalyst 5000> (enable) show system PS1-Status PS2-Status Fan-Status Temp-Alarm Sys-Status Uptime d,h:m:s Logout ---------- ---------- ---------- ---------- ---------- -------------- --------- ok none ok off ok 0,04:04:07 20 min PS1-Type PS2-Type Modem Baud Traffic Peak Peak-Time ---------- ---------- ------- ----- ------- ---- ------------------------- other none disable 9600 0% 0% Tue Jun 23 1998, 16:51:36 System Name System Location System Contact ------------------------ ------------------------ ------------------------ Catalyst 5000 Sunnyvale CA sysadmin@corp.com Catalyst 5000> (enable)
You can create a single or multiline message banner that appears on the screen when someone logs in to the switch. The first character following the motd keyword is used to delimit the beginning and end of the banner text. Characters following the ending delimiter are discarded. After entering the ending delimiter, press Return. The banner must be fewer than 255 characters.
To configure a login banner, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enter the message of the day. | set banner motd c message_of_the_day c |
Step 2 Display the login banner by logging out and logging back into the switch. |
|
This example shows how to set the login banner on the switch using the # symbol as the beginning and ending delimiter:
Console> (enable) set banner motd # Welcome to the Catalyst 5000 Switch! Unauthorized access prohibited. Contact sysadmin@corp.com for access. # MOTD banner set Console> (enable)
To clear the login banner, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear the message of the day. | set banner motd cc |
This example shows how to clear the login banner:
Console> (enable) set banner motd ## MOTD banner cleared Console> (enable)
To set the system clock, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the system clock. | set time [day_of_week] [mm/dd/yy] [hh:mm:ss] |
Step 2 Display the current date and time. | show time |
This example shows how to set the system clock and display the current date and time:
Console> (enable) set time Mon 06/15/98 12:30:00 Mon Jun 15 1998, 12:30:00 Console> (enable) show time Mon Jun 15 1998, 12:30:02 Console> (enable)
These sections describe how to use the Network Time Protocol (NTP):
NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization allows events to be correlated when system logs are created and other time-specific events occur.
An NTP server must be accessible by the client switch. NTP runs over UDP, which in turn runs over IP. NTP is documented in RFC 1305. All NTP communication uses Coordinated Universal Time (UTC), which is the same as Greenwich Mean Time. An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of one another.
NTP uses a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1 time server has a radio or atomic clock directly attached, a stratum 2 time server receives its time from a Stratum 1 time server, and so on. A machine running NTP automatically chooses as its time source the machine with the lowest stratum number that it is configured to communicate with through NTP. This strategy effectively builds a self-organizing tree of NTP speakers.
NTP has two ways to avoid synchronizing to a machine whose time might be ambiguous:
The communications between machines running NTP, known as associations, are usually statically configured; each machine is given the IP address of all machines with which it should form associations. Accurate timekeeping is possible by exchanging NTP messages between each pair of machines with an association. However, in a LAN environment, you can configure NTP to use IP broadcast messages. With this alternative, you can configure the machine to send or receive broadcast messages, but the accuracy of timekeeping is marginally reduced because the information flow is one-way only.
Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that you derive the time service for your network from the public NTP servers available in the IP Internet. If the network is isolated from the Internet, Cisco's NTP implementation allows a machine to be configured so that it acts as though it is synchronized using NTP, when in fact it has determined the time using other means. Other machines then synchronize to that machine using NTP.
A number of manufacturers include NTP software for their host systems, and a publicly available version for systems running UNIX and its various derivatives is also available. This software allows host systems to be time-synchronized as well.
Table 13-2 shows the default NTP configuration.
| Feature | Default Value |
|---|---|
Broadcast client mode | Disabled |
Client mode | Disabled |
Broadcast delay | 3000 microseconds |
Time zone | Not specified |
Offset from UTC | 0 hours |
Summertime adjustment | Disabled |
NTP server | None specified |
These sections describe how to configure NTP:
Configure the switch in NTP broadcast-client mode if an NTP broadcast server, such as a router, regularly broadcasts time-of-day information on the network. To compensate for any server-to-client packet latency, you can specify an NTP broadcast delay (a time adjustment factor for the receiving of broadcast packets by the switch).
To enable NTP broadcast-client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable NTP broadcast-client mode. | set ntp broadcastclient enable |
Step 2 (Optional) Set the estimated NTP broadcast packet delay. | set ntp broadcast delay microseconds |
Step 3 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to enable NTP broadcast-client mode on the switch, set a broadcast delay of 4000 microseconds, and verify the configuration:
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled Console> (enable) set ntp broadcastdelay 4000 NTP Broadcast delay set to 4000 microseconds Console> (enable) show ntp Current time: Tue Jun 23 1998, 20:25:43 Timezone: '', offset from UTC is 0 hours Summertime: '', disabled Last NTP update: Broadcast client mode: enabled Broadcast delay: 4000 microseconds Client mode: disabled NTP-Server ---------------------------------------- Console> (enable)
Configure the switch in NTP client mode if you want the client switch to regularly send time-of day requests to an NTP server. You can configure up to ten server addresses per client.
To configure the switch in NTP client mode, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the IP address of the NTP server. | set ntp server ip_addr |
Step 2 Enable NTP client mode. | set ntp client enable |
Step 3 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to configure the NTP server address, enable NTP client mode on the switch, and verify the configuration:
Console> (enable) set ntp server 172.20.52.65 NTP server 172.20.52.65 added. Console> (enable) set ntp client enable NTP Client mode enabled Console> (enable) show ntp Current time: Tue Jun 23 1998, 20:29:25 Timezone: '', offset from UTC is 0 hours Summertime: '', disabled Last NTP update: Tue Jun 23 1998, 20:29:07 Broadcast client mode: disabled Broadcast delay: 3000 microseconds Client mode: enabled NTP-Server ---------------------------------------- 172.16.52.65 Console> (enable)
You can specify a time zone for the switch to display the time in that time zone. You must enable NTP before you set the time zone. If NTP is not enabled, this command has no effect. If you enable NTP and do not specify a time zone, UTC is shown by default.
To set the time zone, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the time zone. | set timezone zone hours [minutes] |
Step 2 Verify the time zone configuration. | show timezone |
This example shows how to set the time zone on the switch:
Console> (enable) set timezone Pacific -8 Timezone set to 'Pacific', offset from UTC is -8 hours Console> (enable)
You can have the switch advance the clock one hour on the first Sunday in April at 2:00 a.m. and move back the clock one hour on the last Sunday in October at 2:00 a.m.
To enable the daylight saving time clock adjustment, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable the daylight saving time clock adjustment. | set summertime enable [zone_name] |
Step 2 Verify the configuration. | show summertime |
This example shows how to have the clock adjusted for daylight saving time:
Console> (enable) set summertime enable Pacific Summertime is enabled and set to 'Pacific' Console> (enable)
To disable the daylight saving time clock adjustment, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable the daylight saving time clock adjustment. | set summertime disable [zone_name] |
Step 2 Verify the configuration. | show summertime |
This example shows how to disable the daylight saving time adjustment:
Console> (enable) set summertime disable Arizona Summertime is disabled and set to 'Arizona' Console> (enable)
To clear the time zone settings and return the time zone to UTC, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear the time zone settings. | clear timezone |
This example shows how to clear the time zone settings:
Console> (enable) clear timezone Timezone name and offset cleared Console> (enable)
To remove an NTP server address from the NTP servers table on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the NTP server to remove. | clear ntp server [ip_addr | all] |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to remove an NTP server address from the NTP server table:
Console> (enable) clear ntp server 172.16.64.10 NTP server 172.16.64.10 removed. Console> (enable)
To disable NTP broadcast-client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
set ntp broadcastclient disable | |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to disable NTP client mode on the switch:
Console> (enable) set ntp broadcastclient disable NTP Broadcast Client mode disabled Console> (enable)
To disable NTP client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable NTP client mode. | set ntp client disable |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to disable NTP client mode on the switch:
Console> (enable) set ntp client disable NTP Client mode disabled Console> (enable)
|
|