|
|
Use the set logging session command to enable or disable the sending of system logging messages to the current login session.
set logging session {enable | disable}
enable | Keyword to enable the sending of system logging messages to the current login session. |
disable | Keyword to disable the sending of system logging messages to the current login session. |
Default configuration is disabled for log session, "all" for facility and "0" for severity.
Switch command.
Privileged.
This example shows how to prevent system logging messages from being sent to the current login session:
Console> (enable) set logging session disable System logging messages will not be sent to the current login session. Console> (enable)
This example shows how to cause system logging messages to be sent to the current login session:
Console> (enable) set logging session enable System logging messages will be sent to the current login session. Console> (enable)
set logging buffer
set logging level
show logging
show logging buffer
Use the set logging timestamp command to enable or disable the timestamp display on system logging messages.
set logging timestamp {enable | disable}
enable | Keyword to enable the timestamp display. |
disable | Keyword to disable the timestamp display. |
By default, system message logging to the current login session is enabled.
Switch command.
Privileged.
This example shows how to enable the timestamp display:
Console> (enable) set logging timestamp enable System logging messages timestamp will be enabled. Console> (enable)
This example shows how to disable the timestamp display:
Console> (enable) set logging timestamp disable System logging messages timestamp will be disabled. Console> (enable)
Use the set logout command to set the number of minutes until the system disconnects an idle session automatically.
set logout timeout
timeout | Number of minutes (0 to 10,000) until the system disconnects an idle session automatically. Setting the value to 0 disables the automatic disconnection of idle sessions. |
The default value is 20 minutes.
Switch command.
Privileged.
This example shows how to set the number of minutes until the system disconnects an idle session automatically:
Console> (enable) set logout 20 Sessions will be automatically logged out after 20 minutes of idle time. Console> (enable)
This example shows how to disable the automatic disconnection of idle sessions:
Console> (enable) set logout 0 Sessions will not be automatically logged out. Console> (enable)
Use the set mls command set to configure the IP and IPX MLS features in the Catalyst 5000 and 2926G series switches.
set mls agingtime [ip | ipx] [agingtime]
agingtime | Keyword to specify the aging time (in seconds) for an MLS entry. |
ip | (Optional) Keyword to specify IP MLS. |
ipx | (Optional) Keyword to specify IPX MLS. |
agingtime | (Optional) MLS aging time of shortcuts to an MLS entry. |
disable | Keyword to disable IP and IPX shortcut functions on the Catalyst 5000 and 2926G series switches, disable any MLSP message processing, delete any existing shortcut entries, and prevent new shortcut entries from being established. |
enable | Keyword to enable IP shortcut functions on the switch, enable MLSP message processing, and allow new shortcut entries to be established. |
include | Keyword to include the specified routers to participate in MLS. |
ip_addr# | Router IP or IPX address or name of the router if DNS is enabled. |
statistics protocol | Keyword to set protocols for statistics collection. |
protocol | Number of protocol. |
port_num | Number of the port. |
The default agingtime is set to 256 seconds.
Switch command.
Privileged.
This command is not supported on the Catalyst 4000 and 2948G series switches.
When specifying the ip | ipx keyword, if you specify ip or do not enter a keyword, this means that the command is for IP MLS. If you specify ipx, this means the command is for IPX only.
When entering the IPX address syntax, use the following format:
If you are entering any of the set mls commands on a Catalyst 5000 or 2926G series switch without MLS, the following warning message is displayed:
MLS not supported on feature card.When you set the agingtime, it can be configured as multiples of 8 seconds in the range of 8 to 2024 seconds. The values are picked up in numerical order to achieve efficient aging. Any value for agingtime that is not a multiple of 8 seconds is adjusted to the closest one. For example, 65 is adjusted to 64, while 127 is adjusted to 128.
The set mls disable command disables IP shortcut functions on the Catalyst 5000 and 2926G series switches, does not process any NFCP messages, deletes any existing shortcut entries, and prevents new ones from being established.
The set mls enable command enables the IP shortcut function on this device, processes NFCP messages, and establishes shortcuts for IP data packets.
The Catalyst 5000 and 2926G series switches do not process NFCP messages from routers that are not configured to participate in MLS. You must use the set mls include command to configure a router to participate in MLS. You can specify multiple router entries on the same command line. The included router entries are saved in NVRAM and retained across a power cycle.
You must enable DNS to resolve the router's IP address.
You can configure only 64 ports using the set mls statistics protocol command.
These examples show how to use the set mls command set to configure MLS:
Console>(enable) set mls agingtime 512IP Multilayerswitching aging time set to 512 seconds. Console> (enable) Console> (enable) Console> (enable) set mls agingtime ipx 512 IPX Multilayer switching aging time set to 512 Console> (enable) Console> (enable) set mls disable ipxIPX Multilayer switching is disabled.Console> (enable) Console> (enable) set mls enableIP Multilayer switching is enabled for this device.Console> (enable) Console> (enable) set mls enable ipx IPX Multilayer switching is enabled Console> (enable) Console> (enable) set mls include 170.170.2.1IP Multilayerswitching is enabled for router 170.170.2.1 Console> (enable) Console> (enable) set mls include ipx 170.170.2.1 IPX Multilayer switching is enabled for router 170.170.2.1 Console> (enable) Console>(enable) set mls statistics protocol 17 1934 Protocol 17 port 1934 is added to protocol statistics list. Console> (enable)
set mls nde
clear mls
show mls
show mls statistics
Use the set mls agingtime fast command to specify the MLS aging time of shortcuts to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created.
set mls agingtime fast [fastagingtime] [pkt_threshold]
fastagingtime | (Optional) Valid values are multiples of 8 to any value in the range of 0 to 128 seconds. 0 disables fast aging. If a value is not specified, the default value is used. |
pkt_threshold | (Optional) Valid values are 0, 1, 3, 7, 15, 31, 63, and 127 packets. If a value is not specified, the default value is used. |
The default fastagingtime is 0, no fast aging. The default pkt_threshold is 0.
Switch command.
Privileged.
This command is not supported on the Catalyst 4000 and 2948G series switches.
This command is not available for IPX MLS.
If you enter any of the set mls agingtime fast commands on a Catalyst 5000 or 2926G series switch without MLS, the following warning message displays:
mls not supported on feature card.When you set the fastagingtime, it can be configured as multiples of 8 to any value in the range of 0 to 128 seconds.
The default pkt_threshold is 0. It can be configured as one of the 0, 1, 3, 7, 15, 31, 63, and 127 (the values picked for efficient aging). If fastagingtime is not configured exactly the same among these values, it is adjusted to the closest one. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0 packet, respectively (it means no packet switched within 32 seconds after the entry created).
Agingtime applies to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created. A typical example is the MLS entry destined to/sourced from a DNS or TFTP server. This entry may never be used again after it is created. For example, only one request goes to a server and one reply returns from the server, and then the connection is closed.
The agingtime fast option is used to purge entries associated with very short flows, such as DNS and TFTP.
We recommend that you keep the number of MLS entries in the MLS cache below 32K. If the number of MLS entries is more than 32K, some flows (less than 1 percent) are sent to the router.
To keep the number of MLS cache entries below 32K, decrease the aging time. Aging time can be decreased up to 8 seconds. If your switch has a lot of short flows that are used by only a few packets, then you can use fast aging.
If cache entries continue to exceed 32K, decrease the normal agingtime in 64-second increments from the 256-second default.
This example shows how to use the set mls agingtime fast command to set the agingtime:
Console>(enable) set mls agingtime fast 32 0 Multilayer switching fast aging time set to 32 seconds for entries with no more than 0 packet switched. Console> (enable)
set mls nde
clear mls
show mls
show mls statistics
Use the set mls flow command to specify the minimum flow mask used for MLS. This command is needed to collect statistics for the supervisor engine module.
set mls flow destination | destination-source | full | Caution Use this command carefully. This command purges all existing shortcuts and affects the number of active shortcuts. This command can increase the cache usage and increase the load on the router. |
| Caution Be extremely careful if you enter this command and the Catalyst 5000 or 2926G series switch already has a large number of (greater than 16K) shortcuts. |
| Caution Do not place this command in scripts that are frequently executed---this might purge all the MLS cache entries. |
destination | Keyword to set the flow mask to destination flow. |
destination-source | Keyword to set the flow mask to source flow. |
full | Keyword to set the flow mask to an extended access list. |
If there are no access lists on any MLS-RP, the flow mask is set to destination flow.
Switch command.
Privileged.
This command is not supported on the Catalyst 4000 and 2948G series switches.
This command is needed to collect statistics for the supervisor engine module. If the supervisor engine module changes the flow mask in the background frequently, all the shortcuts are purged every time.
Aging time may have to be decreased to reduce the increase in number of flows due to this command. This command is intended to be used for gathering very detailed statistics at the protocol port level; for example, when Netflow Data is exported to an RMON-II probe.
The flow mask is either destination-source or full flow even if no access lists are on MLS-RP.
These examples show how to specify that only expired flows to subnet 171.69.194.0 are exported:
Console> (enable) set mls flow destinationConfigured flow mask is set to destination flow.Console> (enable) Console> (enable) set mls flow destination-sourceConfigured flow mask is set to destination-source flow.Console> (enable) Console> (enable) set mls flow fullConfigured flow mask is set to full flow.Console> (enable)
Use the set mls command set to configure the IP multicast MLS feature in EARL3-based Catalyst 5000 series switches. Use the set mls include command to specify routers for IP multicast MLS.
set mls multicast enable
enable | Keyword to enable IP multicast MLS functions on the switch and allow new shortcut entries to be established. |
disable | Keyword to disable IP multicast MLS functions on the Catalyst 5000 series switches, delete any existing shortcut entries, and prevent new shortcut entries from being established. |
include | Keyword to specify a participating router. |
ip_addr | Router IP address. |
The default is the multicast MLS feature is disabled.
Switch command.
Privileged.
This command is not supported on the Catalyst 4000, 2948G, and 2926G series switches.
If you are entering any of the set mls multicast commands on a Catalyst 5000 series switch without MLS, the following warning message is displayed:
This feature is not supported on this device
If you are entering any of the set mls multicast services on a Catalyst 5000 series switch and none of the multicast protocols (such as IGMP Snooping, CGMP, and GMRP) are enabled, the following warning message is displayed:
Enable IGMP Snooping/CGMP/GMRP to make this feature operational.
The Catalyst 5000 series switches do not process MSCP messages from routers that are not configured to participate in IP multicast MLS. You must use the set mls include command to configure a router to participate in IP multicast MLS. You can specify only one router entry at a time. The included router entries are saved in NVRAM and retained across a power cycle.
You can configure a maximum of two participating routers, and they must be internal or directly attached. Refer to the Software Configuration Guide for your switch for router configuration information.
When entering the ip_addr, either the router's IP address or the router's DNS name can be specified. If the DNS name is used, you must ensure that it is mapping to the right IP address on the router. You must enable DNS to resolve the router's IP address.
These examples show how to use the set mls command set to configure MLS for IP multicast traffic:
Console> (enable) set mls multicast disableMultilayer switching for Multicast is disabled for this device.Console> (enable) Console> (enable) set mls multicast enableMultilayer switching for Multicast is enabled for this device.Console> (enable) Console> (enable) set mls multicast include 170.170.2.1Multilayer switchingenabled for router 170.170.2.1 Console> (enable)
show mls multicast
clear mls multicast
Use the set mls nde command set to configure the NDE feature in the Catalyst 5000 and 2926G series switches to allow command exporting statistics to be sent to the preconfigured collector.
set mls nde {disable | enable}
disable | Keyword to disable NDE. |
enable | Keyword to enable NDE. |
collector_ip | IP address of the collector if DNS is enabled. |
collector_name | Name of the collector if DNS is enabled. |
udp_port_num | Number of the UDP port to receive the exported statistics. |
flow | Keyword to add filtering to NDE. |
destination | (Optional) Keyword to specify the destination IP address. |
ip_addr_spec | (Optional) Full IP address or a subnet address in these formats: ip_subnet_addr, ip_addr/subnet_mask, or ip_addr/#subnet_mask_bits. |
source | (Optional) Keyword to specify the source IP address. |
protocol | (Optional) Keyword to specify the protocol type. |
protocol | (Optional) Protocol type; valid values can be 0, tcp, udp, icmp, or a decimal number for other protocol families. 0 indicates "do not care." If the protocol is not tcp or udp, we recommend that you set the dst-port port_number and src-port port_number values to 0; otherwise, no flows are displayed. |
src-port | (Optional) Keyword to specify the number of the source port. Used with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care." If the protocol is not tcp or udp, we recommend that you set the src-port value to 0; otherwise, no flows are displayed. |
port_number | Number of the TCP/UDP port (decimal). |
dst-port | (Optional) Keyword to specify the number of the destination port. Used with src-port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care." If the protocol is not tcp or udp, we recommend that you set the dst-port value to 0; otherwise, no flows are displayed. |
All expired flows are exported until the filter is specified explicitly.
Switch command.
Privileged.
This command is not supported on the Catalyst 4000 and 2948G series switches.
If you enter any of the set mls nde commands on a Catalyst 5000 or 2926G series switch without MLS, the following warning message displays:
mls not supported on feature card.Before you use the set mls nde command for the first time, you must configure the host to collect the MLS statistics. The host name and UDP port number are saved in NVRAM, and you do not need to specify them. If you specify a host name and UDP port, values in NVRAM overwrite the old values. Collector's values in NVRAM do not clear when NDE is disabled; this command configures the collector, but does not enable NDE automatically.
The set mls nde enable command enables NDE, exporting statistics to the preconfigured collector.
If you attempt to enable NDE without first specifying a collector, you see this display:
Console>(enable) set mls nde enable Please set host name and UDP port number with `set mls nde <collector_name | collector_ip> <udp_port_number>'. Console>(enable)
The set mls nde flow command adds filtering to the NDE. Expired flows matching the specified criteria are exported. These values are stored in NVRAM. They are not cleared when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when NDE is disabled.
Use the following syntax to specify an IP subnet address:
If the protocol value is not set to tcp or udp, we recommend you set the dst_port and src_port values to 0; otherwise, no flows will be displayed.
When you use the set mls nde {collector_ip | collector_name} {udp_port_num} command, the host name and UDP port number are saved in NVRAM and need not be specified again. If a host name and UDP port are specified, values in NVRAM are overwritten with the new values. Collector's values in NVRAM are not cleared when NDE is disabled.
These examples show how to use the set mls nde command set to configure NDE:
Console> (enable) set mls nde Stargate 120 Netflow data export not enabled. Netflow data export to port 120 on 172.20.15.1(Stargate) Console> (enable) Console>(enable) set mls nde enable Netflow data export enabled. Netflow data export to port 120 on 172.20.15.1 (Stargate) Console> (enable) Console> (enable) set mls nde disabled Netflow data export disabled. Console> (enable) Console> (enable) set mls nde flow destination 171.69.194.140/24 Netflow data export: destination filter set to 171.69.194.0/24 Console> (enable) Console> (enable) set mls nde flow destination 171.69.194.140 Netflow data export: destination filter set to 171.69.194.140/32 Console> (enable) Console>(enable) set mls nde flow destination 171.69.194.140/24 source 171.69.173.5/24 Netflow data export: destination filter set to 171.69.194.0/24 Netflow data export: source filter set to 171.69.173.0/24 Console>(enable) console> (enable) set mls nde flow source 171.69.194.140 protocol 51 Netflow data export: source filter set to 171.69.194.140/32 Netflow data export: protocol filter set to 51. Console> (enable) Console>(enable) set mls nde flow dst-port 23 Netflow data export: destination port filter set to 23. Console>(enable) Console>(enable) set mls nde flow source 171.69.194.140 dst-port 23 Netflow data export: destination port filter set to 23 Netflow data export: source filter set to 171.69.194.140/32 Console>(enable)
clear mls
show mls
show mls statistics
set mls
set mls agingtime fast
Use the set module disable command to disable a module.
set module disable mod_num
mod_num | Number of the module. You can specify a series of modules by entering a comma between each module number (for example, 2,3,5). You can specify a range of modules by entering a dash between module numbers (for example, 2-5). |
The default configuration has all modules enabled.
Switch command.
Privileged.
Avoid disabling a module when you are connected via a Telnet session; if you disable your session, you will disconnect your Telnet session.
If there are no other network connections to the Catalyst 5000, 4000, 2948G, or 2926G series switch (for example, on another module), you have to reenable the module from the console.
This example shows how to disable module 3 when connected via the console port:
Console> (enable) set module disable 3 Module 3 disabled. Console> (enable)
This example shows how to disable module 2 when connected via a Telnet session:
Console> (enable) set module disable 2 This command may disconnect your telnet session. Do you want to continue (y/n) [n]? y Module 2 disabled.
Use the set module enable command to enable a module.
set module enable mod_num
mod_num | Number of the module to enable. |
The default setting has all modules enabled.
Switch command.
Privileged.
If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.
This example shows how to enable module 2:
Console> (enable) set module enable 2 Module 2 enabled. Console> (enable)
Use the set module name command to set the name for a module.
set module name mod_num [mod_name]
mod_num | Number of the module. |
mod_name | (Optional) Name created for the module. |
The default configuration has no module names configured for any modules.
Switch command.
Privileged.
If the module name is not specified, any previously specified name is cleared.
Use the set module name command to set the module for the RSM. Additional set module commands are not supported by the RSM.
This example shows how to set the name for module 1 to Supervisor:
Console> (enable) set module name 1 Supervisor Module name set. Console> (enable)
Use the set multicast router command to manually configure a port as a multicast router port.
set multicast router mod_num/port _num
mod_num/port _num | Number of the module and the port. |
By default, no ports are configured as multicast router ports.
Switch command.
Privileged.
When you enable CGMP or IGMP snooping, the ports to which a multicast-capable router is attached are identified automatically. The set multicast router command allows you to configure multicast router ports statically.
IGMP is not supported on the Catalyst 4000 and 2948G series switches.
This example shows how to configure a multicast router port:
Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)
clear multicast router
set cgmp
set igmp
show multicast router
show multicast group count
Use the set ntp authentication command to enable or disable the NTP authentication feature.
set ntp authentication enable | disable
enable | Keyword to enable NTP authentication. |
disable | Keyword to disable NTP authentication. |
The default is authentication is disabled.
Switch command.
Privileged.
This example shows how to enable NTP authentication:
Console> (enable)set ntp authentication enableNTP authentication feature enabled.At least one trusted key must be set for NTP to work.Console> (enable)
This example shows how to disable NTP authentication:
Console> (enable)set ntp authentication disableNTP authentication feature disabled.Console> (enable)
Use the set ntp broadcastclient command to enable or disable NTP in broadcast-client mode.
set ntp broadcastclient {enable | disable}
enable | Keyword to enable NTP in broadcast-client mode. |
disable | Keyword to disable NTP in broadcast-client mode. |
The default setting for this command is disabled.
Switch command.
Privileged.
The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to the Catalyst 5000, 4000, 2948G, 2926G series switch.
This example shows how to enable an NTP broadcast client:
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled. Console> (enable)
This example shows how to disable an NTP broadcast client:
Console> (enable) set ntp broadcastclient disable NTP Broadcast Client mode disabled. Console> (enable)
Use the set ntp broadcastdelay command to configure a time-adjustment factor so the Catalyst 5000, 4000, 2948G, or 2926G series switch can receive broadcast packets.
set ntp broadcastdelay microseconds
microseconds | Estimated round-trip time, in microseconds, for NTP broadcasts. Allowable range is from 1 to 999999. |
By default, the NTP broadcast delay is set to 3000.
Switch command.
Privileged.
This example shows how to set the NTP broadcast delay to 4000 microseconds:
Console> (enable) set ntp broadcastdelay 4000 NTP broadcast delay set to 4000 microseconds. Console> (enable)
Use the set ntp client command to enable or disable the Catalyst 5000, 4000, 2948G, and 2926G series switches as an NTP client.
set ntp client {enable | disable}
enable | Keyword to enable the Catalyst 5000, 4000, 2948G, or 2926G series switch as an NTP client. |
disable | Keyword to disable the Catalyst 5000, 4000, 2948G, or 2926G series switch as an NTP client. |
By default, NTP client mode is disabled.
Switch command.
Privileged.
You can configure NTP in either broadcast-client mode or client mode. The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to the Catalyst 5000, 4000, 2948G, or 2926G series switch.
The client mode assumes that the client (the Catalyst 5000, 4000, 2948G, or 2926G series switch) regularly sends time-of-day requests to the NTP server.
This example shows how to enable NTP client mode:
Console> (enable) set ntp client enable NTP client mode enabled. Console> (enable)
Use the set ntp key command to define an NTP authentication key pair or to specify a key to be trusted or untrusted.
set ntp key public_keynum trusted | untrusted [md5 secret_keystring]
public_keynum | Number of the key pair; valid values are 1 to 4292945295. |
trusted | Keyword to specify the trusted key mode. |
untrusted | Keyword to specify the untrusted key mode. |
md5 | (Optional) Keyword to set the keystring of the key pair. |
secret_keystring | Key string; valid values are 1 to 32 printable characters. |
There is no default setting for this command.
Switch command.
Privileged.
If you enter the command set ntp key public_keynum trusted | untrusted without the md5 option, the trusted or untrusted mode of the key will change after it is entered into the key table. Enter the set ntp key public_keynum trusted | untrusted command with the md5 option to enter an authentication key pair into the system. you enter .
These examples show how to define an NTP authentication key:
Console> (enable)set ntp key 435 trusted md5 have_a_smurfy_dayNTP key 435 added.Console> (enable)Console> (enable)set ntp key 2345 trustedNTP key 2345 configured to be trusted.Console> (enable)Console> (enable)set ntp key 9999 untrustedNTP key 9999 configured not to be trusted.Console> (enable)
Use the set ntp server command to configure an authentication key to an NTP server.
set ntp server ip_addr [key public_keynum]
ip_addr | IP address of the NTP server. |
key | (Optional) Keyword to specify the key number. |
public_keynum | Number of the key pair; valid values are 1 to 4292945295. |
There is no default setting for this command.
Switch command.
Privileged.
If you enter the set ntp server command without the key argument, and the authentication feature is enabled, the following message appears:
A trusted key may be required to communicate with this server.
This example shows how to configure an NTP server with a key:
Console> (enable)set ntp server 111.222.111.222 key 879NTP server 111.222.111.222 with key 879 addedConsole> (enable)
This example shows how to assign a new key to an NTP server:
Console> (enable)set ntp server 111.222.111.222 key 4323423NTP server 111.222.111.222 has been updated with key 4323423Console> (enable)
Use the set password command to change the login password on the CLI.
set passwordThis command has no arguments or keywords.
The default configuration has no password configured.
Switch command.
Privileged.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.
This example shows how to set an initial password:
Console> (enable) set password Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed.
Console> (enable)
Posted: Mon Jul 19 13:16:54 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.