|
|
Use the set fddi cutoff command to specify the LER-cutoff value for an FDDI port. The LER-cutoff value determines the LER at which a connection is flagged as faulty. The LER-cutoff value affects the results of the LER threshold test.
set fddi cutoff mod_num/port_num value
mod_num | Number of the module. |
port_num | Number of the port. |
value | Exponential value for the LER-cutoff parameter (that is, 10-value link errors per second). Valid values are between 7 and 15. |
The default LER-cutoff value is 7 milliseconds (10-7 seconds).
Catalyst 5000 family switches
Switch command.
Privileged.
This example shows how to change the LER-cutoff value to 10¯10 seconds for port 1 on module 4:
Console> (enable) set fddi cutoff 4/1 10 Port 4/1 cutoff value set to 10. Console> (enable)
set fddi alarm
set fddi tlmin
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi tlmin command to change the TL_MIN value for an FDDI port.
set fddi tlmin mod_num/port_num microseconds
mod_num | Number of the module. |
port_num | Number of the port. |
microseconds | Number of microseconds for the TL_MIN parameter. |
The default value for TL_MIN is 40 microseconds.
Catalyst 5000 family switches
Switch command.
Privileged.
The TL_MIN value specifies the minimum time to transmit a PHY line state before advancing to the next PCM state. This setting affects the station and switch interoperability and might affect the implementation of FDDI repeaters.
This example shows how to change the TL_MIN value to 80 microseconds for port 1 on module 4:
Console> (enable) set fddi tlmin 4/1 80 Port 4/1 tlmin set to 80 usec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tnotify
set fddi treq
set fddi userdata
show fddi
Use the set fddi tnotify command to change the TNotify timer value for an FDDI module.
set fddi tnotify mod_num time
mod_num | Number of the module. |
time | Number of seconds for the TNotify timer. Valid times are from 2 to 30 seconds. |
The default value for the TNotify timer is 30 seconds.
Catalyst 5000 family switches
Switch command.
Privileged.
The TNotify parameter sets the interval (in seconds) between neighbor notification frames. These frames advertise FDDI module MAC addresses to neighboring devices. Usually, the default setting is sufficient.
This example shows how to change the TNotify timer value to 16 seconds for module 4:
Console> (enable) set fddi tnotify 4 16 Module 4 SMT T-Notify set to 16 sec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi treq
set fddi userdata
show fddi
Use the set fddi treq command to change the TRequest value for an FDDI module.
set fddi treq mod_num time
mod_num | Number of the module. |
time | Number of microseconds for the TRequest value. Valid times are from 2502 to 165,000 microseconds. |
The default value for the TRequest is 165,000 microseconds.
Catalyst 5000 family switches
Switch command.
Privileged.
The TRequest parameter specifies the default TRT value for the FDDI module. This value is used when negotiating the TRT with other stations. The TRT is used to control ring scheduling during normal operation and to detect and recover from serious ring error situations. Whenever the TRT expires, the station uses the TRequest value to negotiate with other stations for the lowest value. The default setting of 165,000 microseconds is sufficient for most networks.
This example shows how to change the TRequest value to 3500 microseconds for module 4:
Console> (enable) set fddi treq 4 3500 Mac 4/1 T-request set to 3500 usec. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi userdata
show fddi
Use the set fddi userdata command to configure the user-data string in the SMT MIB of an FDDI module.
set fddi userdata mod_num [userdata_string]
mod_num | Number of the module. |
userdata_string | (Optional) Unique character string that identifies the node. |
The default value for the FDDI user-data string is "Catalyst 5000."
Catalyst 5000 family switches
Switch command.
Privileged.
The user-data string identifies the FDDI module or the Catalyst 5000 family or 2926G series switch when you use a management tool to configure and maintain an internetwork or when you access the FDDI module remotely. The userdata_string might be a term identifying the network node or the users connected to the network node.
This example shows how to change the user-data string to Engineering for module 4:
Console> (enable) set fddi userdata 4 Engineering Module 4 SMT User Data set to Engineering. Console> (enable)
set fddi alarm
set fddi cutoff
set fddi tlmin
set fddi tnotify
set fddi treq
show fddi
Use the set garp timer command to adjust the values of the join, leave, and leaveall timers.
set garp timer timer_type timer_value
timer_type | Type of timer; valid values are join, leave, and leaveall. |
timer_value | Timer values in milliseconds; valid values are 1 to 2147483647 milliseconds. |
The join timer default is 200 ms; the leave timer default is 600 ms; the leaveall timer default is
10000 ms.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You must maintain the following unital relationship for the various timer values:
This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:
Console> (enable) set garp timer join 100 GMRP/GARP Join timer value is set to 100 milliseconds. Console> (enable)
This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:
Console> (enable) set garp timer leave 300 GMRP/GARP Leave timer value is set to 300 milliseconds. Console> (enable)
This example shows how to set the leaveall timer value to 20000 ms for all the ports on all the VLANs:
Console> (enable) set garp timer leaveall 20000 GMRP/GARP LeaveAll timer value is set to 20000 milliseconds. Console> (enable) Related Coin
set gmrp timer
set gvrp timer
show gmrp configuration
show gvrp configuration
Use the set gmrp command to enable or disable GMRP on the switch in all VLANs on all ports.
set gmrp {enable | disable}
enable | Keyword to enable GMRP on the switch. |
disable | Keyword to disable GMRP on the switch. |
The default is GMRP is disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You cannot enable GMRP if IGMP snooping or CGMP is already enabled.
This example shows how to enable GMRP on the switch:
Console> (enable) set gmrp enable GMRP is enabled. Console> (enable)
This example shows how to disable GMRP on the switch:
Console> (enable) set gmrp disable GMRP is disabled. Console> (enable)
This example shows the display if you try to enable GMRP on the switch with IGMP enabled:
Console> (enable) set gmrp enable Disable IGMP to enable GMRP snooping feature. Console> (enable)
Use the set gmrp fwdall command to enable or disable the Forward All option on a specified port or module and port list.
set gmrp fwdall {enable | disable} mod/port...
enable | Keyword to enable GMRP Forward All on a specified port. |
disable | Keyword to disable GMRP Forward All on a specified port. |
mod/port... | Module number and port number list. |
The default is the Forward All option is disabled for all ports.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
When you enable the Forward All option on a port, that port receives all traffic for all multicast groups on the switch.
If you enable the Forward All option on a trunk port, the option is applied to all VLANs carried on that trunk port.
If the port is trunking, then this feature is applied to all the VLANs on that port.
This example shows how to enable GMRP Forward All on module 5, port 5:
Console> (enable) set gmrp fwdall enable 5/5 GMRP Forward All groups option enabled on port(s) 5/5. Console> (enable)
This example shows how to disable the GMRP Forward All on module 3, port 2:
Console> (enable) set gmrp service fwdall disable 3/2 GMRP Forward All groups option disabled on port(s) 3/2. Console> (enable)
Use the set gmrp registration command to specify the GMRP registration type.
set gmrp registration registration-type mod/port...
registration-type | Type of registration; valid values are normal, fixed, or forbidden. |
mod/port... | Module number and port number list. |
The default is normal registration.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
If you enter a registration-type of normal, which is the default, dynamic creation, registration, and deregistration of VLANs is supported.
If you enter a registration-type of fixed, manual VLAN creation and registration, prevention of VLAN deregistration, and registration of all VLANs known to other ports when the set gvrp registration fixed command is issued is supported.
If you enter a registration-type of forbidden, deregistration of all VLANs (except VLAN 1) and prevention of any further VLAN creation or registration is supported.
GMRP supports 100 multicast addresses per VLAN and a total of 3072 for the whole switch.
This example shows how to set the registration type to fixed on module 3, port 3:
Console> (enable) set gmrp registration fixed 3/3 GMRP Registration is set to Fixed for port(s) 3/3. Console> (enable)
This example shows how to set the registration type to forbidden on module 1, port 1:
Console> (enable) set gmrp registration forbidden 1/1 GMRP Registration is set to Forbidden for port(s) 1/1. Console> (enable)
Use the set gmrp timer command to adjust the values of the join, leave, and leaveall timers.
set gmrp timer timer-type timer-value
timer-type | Type of timer; valid values are join, leave, and leaveall. |
timer_value | Timer values in milliseconds; valid values are 1 to 2,147,483,647 milliseconds. |
The join timer is 200 ms; the leave timer is 600 ms; the leaveall timer is 10,000 ms.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You must maintain the following unital relationship for the various timer values:
This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:
Console> (enable) set gmrp timer join 100 GARP Join timer value is set to 100 milliseconds. Console> (enable)
This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:
Console> (enable) set gmrp timer leave 300 GARP Leave timer value is set to 300 milliseconds. Console> (enable)
This example shows how to set the leaveall timer value to 20,000 ms for all the ports on all the VLANs:
Console> (enable) set gmrp timer leaveall 20000 GARP LeaveAll timer value is set to 20000 milliseconds. Console> (enable)
show gmrp timer
set gvrp timer
set garp timer
Use the set gvrp command to enable or disable GVRP globally on the switch.
set gvrp {enable | disable}
enable | Keyword to enable GVRP on the switch. |
disable | Keyword to disable GVRP on the switch. |
The default is GVRP is disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
To run GVRP on a trunk, enable GVRP globally on the switch and individually on the trunk.
When VTP pruning is enabled, VTP pruning runs on all the GVRP-disabled trunks.
This example shows how to enable GVRP globally on the switch:
Console> (enable) set gvrp enable GVRP enabled. Console> (enable)
This example shows how to disable GVRP:
Console> (enable) set gvrp disable GVRP disabled. Console> (enable)
This example shows how to enable GVRP on module 2, port 1:
Console> (enable) set gvrp enable 2/1 GVRP enabled on port 2/1. Console> (enable)
show gmrp timer
show gmrp statistics
set gvrp timer
set garp timer
Use the set gvrp applicant command to specify whether or not a VLAN is declared out of blocking ports.
set gvrp applicant normal | active mod/port...
normal | Keyword to disallow the declaration of any VLAN out of blocking ports. |
active | Keyword to allow the declaration of active VLANs out of blocking ports. |
mod/port... | Module number and port number list. |
The default is GVRP applicant set to normal.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switches
Switch command.
Privileged.
To run GVRP on a trunk, GVRP needs to be enabled both globally on the switch and enabled individually on the trunk.
To prevent undesirable STP topology reconfiguration on a port connected to a device that does not support the per-VLAN mode of STP, configure the GVRP applicant state to active on the port. Ports in the GVRP active applicant state send GVRP VLAN declarations when they are in the STP blocking state, which prevents the STP BPDUs from being pruned from the other port.
This example shows how to enforce the declaration of all active VLANs out of specified blocking ports:
Console> (enable) set gvrp applicant active 4/2-3,4/9-10,4/12-24 Applicant was set to active on port(s) 4/2-3,4/9-10,4/12-24. Console> (enable)
This example shows how to disallow the declaration of any VLAN out of specified blocking ports:
Console> (enable) set gvrp applicant normal 4/2-3,4/9-10,4/12-24 Applicant was set to normal on port(s) 4/2-3,4/9-10,4/12-24. Console> (enable)
Use the set gvrp dynamic-vlan-creation command to enable or disable GVRP dynamic VLAN creation.
set gvrp dynamic-vlan-creation {enable | disable}
enable | Keyword to enable dynamic VLAN creation. |
disable | Keyword to disable dynamic VLAN creation. |
The default is dynamic VLAN creation is disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You can enable dynamic VLAN creation only when VTP is in transparent mode and no ISL trunks exist in the switch.
You cannot use this command when there are any 802.1q trunks that are not configured with GVRP.
This example shows how to enable dynamic VLAN creation:
Console> (enable) set gvrp dynamic-vlan-creation enable Dynamic VLAN creation enabled. Console> (enable)
This example shows what happens if you try to enable dynamic VLAN creation and VTP is not in transparent mode:
Console> (enable) set gvrp dynamic-vlan-creation enable VTP has to be in TRANSPARENT mode to enable this feature. Console> (enable)
This example shows how to disable dynamic VLAN creation:
Console> (enable) set gvrp dynamic-vlan-creation disable Dynamic VLAN creation disabled. Console> (enable)
set vtp
show gvrp configuration
Use the set gvrp registration command to set the administrative control of an outbound port. GVRP registration commands are entered on a per-port basis and applies to all VLANs on the trunk.
set gvrp registration {normal | fixed | forbidden} mod/port...
normal | (Optional) Keyword to allow dynamic registering and deregistering each VLAN (except VLAN 1) on the port. |
fixed | (Optional) Keyword to support manual VLAN creation and registration, prevent VLAN deregistration, and register all VLANs known to other ports. |
forbidden | (Optional) Keyword to specify that all the VLANs (except VLAN 1) are statically deregistered from the port. |
mod/port... | Module number and port number list. |
The default is administrative control is normal.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
When you set VLAN registration, you are indicating to the switch that the VLAN is interested in the users connecting to this port and the VLAN's broadcast and multicast traffic is allowed to send to the port.
For static VLAN configuration, you should set the mod/port... control to fixed or forbidden if the mod/port... will not receive or process any GVRP message.
For each dynamically configured VLAN on a port, you should set the mod/port... control to normal (default), except for VLAN 1; VLAN 1 should be set to fixed.
When GVRP is running, you can create a VLAN through a GVRP trunk port only if you enter the set gvrp dynamic-vlan-creation enable and the set gvrp registration normal commands.
This example shows how to set the administrative control to normal on module 3, port 7:
Console> (enable) set gvrp registration normal 3/7 Registrar Administrative Control set to normal on port3/7. Console> (enable)
This example shows how to set the administrative control to fixed on module 5, port 10:
Console> (enable) set gvrp registration fixed 5/10 Registrar Administrative Control set to fixed on Port 5/10. Console> (enable)
This example shows how to set the administrative control to forbidden on module5, port 2:
Console> (enable) set gvrp registration forbidden 5/2 Registrar Administrative Control set to forbidden on port 5/2. Console> (enable)
Use the set gvrp timer command to adjust the values of the join, leave, and leaveall timers.
set gvrp timer {timer-type} {timer-value}
timer-type | Type of timer; valid values are join, leave, and leaveall. |
timer_value | Timer values in milliseconds; valid values are 1 to 2,147,483,647 milliseconds. |
The default is the join timer is 200 ms; the leave timer is 600 ms; and the leaveall timer is 10,000 ms.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
This command is equivalent to the set garp timer command.
You must maintain the following relationship for the various timer values:
This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:
Console> (enable) set gvrp timer join 100 GVRP/GARP Join timer value is set to 100 milliseconds. Console> (enable)
This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:
Console> (enable) set gvrp timer leave 300 GVRP/GARP Leave timer value is set to 300 milliseconds. Console> (enable)
This example shows how to set the leaveall timer value to 20,000 ms for all the ports on all the VLANs:
Console> (enable) set gvrp timer leaveall 20000 GVRP/GARP LeaveAll timer value is set to 20000 milliseconds. Console> (enable)
set garp timer
show gvrp configuration
Use the set igmp command to enable or disable IGMP snooping on the switch.
set igmp {enable | disable}
enable | Keyword to enable IGMP snooping on the switch. |
disable | Keyword to disable IGMP snooping on the switch. |
IGMP snooping is disabled.
Catalyst 5000 family switches
Catalyst 2926G series switches
Switch command.
Privileged.
IGMP snooping requires supervisor engine software release 4.1 or later, a Catalyst 5000 family Supervisor Engine III or III F with a NFFC or NFFC II, or Supervisor Engine II G or III G, and a network connection from the switch to a router running IGMP. IGMP snooping is also supported on the Catalyst 2926G series switches.
Before enabling IGMP snooping, you must disable CGMP and CGMP leave processing (by using the set cgmp and set cgmp leave commands).
This example shows how to enable IGMP snooping on the switch:
Console> (enable) set igmp enable IGMP Snooping is enabled. CGMP is disabled. Console> (enable)
This example shows what happens if you try to enable IGMP if CGMP is already enabled:
Console> (enable) set igmp enable Disable CGMP to enable IGMP Snooping feature. Console> (enable)
clear igmp statistics
show igmp statistics
Use the set igmp fastleave command to enable or disable IGMP fastleave processing.
set igmp fastleave {enable | disable}
enable | Keyword to enable IGMP fastleave processing. |
disable | Keyword to disable IGMP fastleave processing. |
By default, IGMP fastleave processing is disabled.
Catalyst 5000 family switches
Catalyst 2926G series switches
Switch command.
Privileged.
This example shows how to enable IGMP fastleave processing:
Console> (enable) set igmp fastleave enable
IGMP support for fastleave processing enabled.
Console> (enable)
This example shows how to disable IGMP fastleave processing:
Console> (enable)set igmp fastleave disableIGMP support for fastleave processing disabled.Console> (enable)
clear igmp statistics
set igmp
show igmp statistics
Use the set interface command to set the network interface configuration and enable or disable standard SNMP trap operation.
set interface {sc0 | me1 | sl0} {up | down}
sc0 | Keyword to specify the in-band management interface. |
me1 | Keyword to specify the out-of-band management Ethernet interface. |
sl0 | Keyword to specify the SLIP interface. |
up | Keyword to bring the interface into operation. |
down | Keyword to bring the interface out of operation. |
vlan | (Optional) Number of the VLAN to be assigned to the interface. |
ip_addr | (Optional) IP address to assign to the interface. |
netmask | (Optional) Subnet mask or mask bits to assign to the interface. |
broadcast | (Optional) Broadcast address to assign to the interface. |
slip_addr | SLIP source address of the console port. |
dest_addr | SLIP destination address of the host to which the console port will be connected. |
dhcp | Keyword to perform DHCP operations on the sc0 interface. |
renew | Keyword used to renew the lease on a DHCP-learned IP address. |
release | Keyword used to release a DHCP-learned IP address back to the DHCP IP address pool. |
The default configuration has the IP address, subnet mask, and broadcast address of the in-band management interface (sc0) and out-of-band management Ethernet interface (me1) set to 0.0.0.0, with the sc0 interface in VLAN 1. The default configuration for the SLIP interface (sl0) is that the SLIP source and destination addresses are set to 0.0.0.0.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
 | Caution On the Catalyst 4000 family and 2948G switches, when entering the set interface me1 or set interface trap {sc0 | sl0 | me1} command, sc0 and me1 cannot be configured as up when both are in the same subnet or overlapping subnets. If you specify an IP address and subnet for the sc0 or me1 interface that causes an overlap, the me1 interface is kept up or brought up, and the sc0 interface is brought down. The only exception is when both the me1 and sc0 interfaces have IP address 0.0.0.0. In this case, the me1 interface is brought down and the sc0 interface is brought up to allow the DHCP and RARP to run on the sc0 interface. |
The Catalyst 5000 family and 2926G series switches support two IP management interfaces, the in-band management interface (sc0) and the SLIP interface (sl0). The sc0 interface is attached to the switching fabric of the switch. The slip interface is an out-of-band management port because it is not attached to the switching fabric and no traffic is switched over it.
The Catalyst 4000 family switches and the 2948G switches support three IP management interfaces: sc0, sl0, and an out-of-band management Ethernet interface (me1). The me1 interface is not attached to the switching fabric. If both the sc0 and me1 interfaces are configured, the supervisor engine software determines which interface to use when performing standard transmission and reception of IP packets based on the local routing table. Operations that use this functionality include TFTP, ping, Telnet, and SNMP.
You can enter the netmask value in dotted decimal format or you can specify the number of bits in the netmask (for example, 204.20.22.7/24).
This example shows how to use set interface sc0 and set interface sl0 from the console port. It also shows how to bring down interface sc0 using a terminal connected to the console port:
Console> (enable) set interface sc0 192.200.11.44 255.255.255.0 Interface sc0 IP address and netmask set. Console> (enable) set interface sl0 192.200.10.45 192.200.10.103 Interface sl0 SLIP and destination address set. Console> (enable) set interface sc0 down Interface sc0 administratively down. Console> (enable)
This example shows how to set the IP address for sc0. If you do not specify a subnet mask, the default mask for that IP address class is used (for example, 255.255.0.0 for a classB address):
Console> (enable) set interface sc0 172.20.52.123 Interface sc0 IP address and netmask set. Console> (enable)
This example shows how to set the VLAN, IP address, and subnet mask bits for the sc0 interface:
Console> (enable) set interface sc0 5 172.20.52.123/28 Interface sc0 vlan set, IP address and netmask set. Console> (enable)
This example shows how to change the VLAN membership of the sc0 interface:
Console> (enable) set interface sc0 2 Interface sc0 vlan set. Console> (enable)
This example shows how to take the sc0 interface down:
Console> (enable) set interface sc0 down Interface sc0 administratively down. Console> (enable)
This example shows how to bring the sc0 interface up:
Console> (enable) set interface sc0 up Interface sc0 administratively up. Console> (enable)
This example shows how to set the IP address and netmask for me1:
Console> (enable) set interface me1 10.10.10.20/24 Interface me1 IP address and netmask set. Console> (enable)
This example shows how to set the SLIP source and destination addresses for the console port on the sl0 interface:
Console> (enable) set interface sl0 10.1.1.1 10.1.1.2 Interface sl0 slip and destination address set. Console> (enable)
This example shows how to release a DHCP IP address assigned to the sc0 interface:
Console> (enable) set interface sc0 dhcp release Console> (enable)
This example shows how to renew the lease on a DHCP IP address assigned to the sc0 interface:
Console> (enable) set interface sc0 dhcp release Console> (enable)
This example shows how to release a DHCP IP address assigned to the sc0 interface and obtain a new IP address from the DHCP server:
Console> (enable) set interface sc0 dhcp release Console> (enable)
This example shows how to renew the lease on a DHCP-assigned IP address:
Console> (enable) set interface sc0 dhcp renew Renewing IP address... Console> (enable) Sending DHCP packet with address:00:90:0c:5a:8f:ff dhcpoffer Sending DHCP packet with address:00:90:0c:5a:8f:ff Timezone set to '', offset from UTC is 7 hours 58 minutes Timezone set to '', offset from UTC is 7 hours 58 minutes 172.16.30.32 added to DNS server table as primary server. 172.16.31.32 added to DNS server table as backup server. 172.16.32.32 added to DNS server table as backup server. NTP server 172.16.25.253 added NTP server 172.16.25.252 added %MGMT-5-DHCP_S:Assigned IP address 172.20.25.244 from DHCP Server 172.20.25.254 Console> (enable)
This example shows how to release the lease on a DHCP-assigned IP address:
Console> (enable) set interface sc0 dhcp release Releasing IP address... Console> (enable) Sending DHCP packet with address:00:90:0c:5a:8f:ff Done Console> (enable)
set interface trap
show interface
slip
Use the set interface trap command to enable or disable SNMP link up/down traps on the switch interfaces.
set interface trap {sc0 | me1 | sl0} {enable | disable}
sc0 | Keyword to specify the in-band management interface. |
me1 | Keyword to specify the out-of-band management Ethernet interface. |
sl0 | Keyword to specify the SLIP interface. |
enable | Keyword to enable the SNMP link up/down traps on the specified interface. |
disable | Keyword to disable the SNMP link up/down traps on the specified interface. |
The default configuration has SNMP link up/down traps disabled on all interfaces.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
This example shows how to enable SNMP link up/down traps on the sc0 interface:
Console> (enable) set interface trap sc0 enable Interface sc0 up/down trap enabled. Console> (enable)
This example shows how to enable SNMP link up/down traps on the sc0 interface:
Console> (enable) set interface trap sc0 disable Interface sc0 up/down trap disabled. Console> (enable)
set interface
show interface
slip
Use the set ip alias command to add aliases of IP addresses.
set ip alias name ip_addr
name | Name of the alias being defined. |
ip_addr | IP address of the alias being defined. |
The default configuration has one IP alias, "default", mapped to the IP address 0.0.0.0.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
IP aliases take precedence over DNS hostnames.
This example shows how to define an IP alias of mercury for IP address 192.168.255.255:
Console> (enable) set ip alias mercury 192.168.255.255 IP alias added. Console> (enable)
Use the set ip dns command to enable or disable DNS.
set ip dns {enable | disable}
enable | Keyword to enable DNS. |
disable | Keyword to disable DNS. |
DNS is disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
If DNS is disabled, you must use the IP address with all commands that require explicit IP addresses or manually define an alias for that address. The alias has priority over DNS.
This example shows how to enable DNS:
Console> (enable) set ip dns enable DNS is enabled. Console> (enable)
This example shows how to disable DNS:
Console> (enable) set ip dns disable DNS is disabled. Console> (enable)
Use the set ip dns domain command to set the default DNS domain name.
set ip dns domain name
name | Default DNS domain name. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
If you specify a domain name on the command line, the system attempts to resolve the host name as entered. If the system cannot resolve the host name as entered, it appends the default DNS domain name as defined with the set ip dns domain command. If you specify a domain name with a trailing dot, the program considers this an absolute domain name.
This example shows how to set the default DNS domain name:
Console> (enable) set ip dns domain yow.com Default DNS domain name set to yow.com. Console> (enable)
clear ip dns domain
show ip dns
Use the set ip dns server command to set the IP address of a DNS server.
set ip dns server ip_addr [primary]
ip_addr | IP address of the DNS server. |
primary | (Optional) Keyword to configure a DNS server as the primary server. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You can configure up to three DNS name servers as backup. You can also configure any DNS server as the primary server. The primary server is queried first. If the primary server fails, the backup servers are queried.
These examples show how to set the IP address of a DNS server:
Console> (enable) set ip dns server 198.92.30.32 198.92.30.32 added to DNS server table as primary server. Console> (enable) Console> (enable) set ip dns server 171.69.2.132 primary 171.69.2.132 added to DNS server table as primary server. Console> (enable) Console> (enable) set ip dns server 171.69.2.143 primary 171.69.2.143 added to DNS server table as primary server. Console> (enable)
This example shows what happens if you enter more than three DNS name servers as backup:
Console> (enable) set ip dns server 161.44.128.70 DNS server table is full. 161.44.128.70 not added to DNS server table. Console> (enable)
clear ip dns server
show ip dns
Use the set ip fragmentation command to enable or disable the fragmentation of IP packets bridged between FDDI and Ethernet networks. Note that FDDI and Ethernet networks have different MTUs.
set ip fragmentation {enable | disable}
enable | Keyword to permit fragmentation for IP packets bridged between FDDI and Ethernet networks. |
disable | Keyword to disable fragmentation for IP packets bridged between FDDI and Ethernet networks. |
The default value is IP fragmentation enabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
If IP fragmentation is disabled, FDDI packets that exceed the Ethernet MTU are dropped if they are being bridged to Ethernet on the switch.
This example shows how to disable IP fragmentation:
Console> (enable) set ip fragmentation disable Bridge IP fragmentation disabled. Console> (enable)
Use the set ip permit command to enable or disable the IP permit list and to specify IP addresses to be added to the IP permit list.
set ip permit {enable | disable}
enable | Keyword to enable the IP permit list. |
disable | Keyword to disable the IP permit list. |
ip_addr | IP address to be added to the IP permit list. An IP alias or host name that can be resolved through DNS can also be used. |
mask | (Optional) Subnet mask of the specified IP address. |
The IP permit list is disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You can configure up to ten entries in the permit list. If the IP permit list is enabled, but the permit list has no entries configured, a caution displays on the screen.
Make sure you enter the entire disable keyword when entering the set ip permit disable command. If you abbreviate the keyword, the abbreviation is interpreted as a host name to add to the IP permit list.
You enter the mask in dotted decimal format, for example, 255.255.0.0.
This example shows how to enable the IP permit list:
Console> (enable) set ip permit enable IP permit list enabled. WARNING!! IP permit list has no entries. Console> (enable)
This example shows how to add an IP address to the IP permit list:
Console> (enable) set ip permit 192.168.255.255 192.168.255.255 added to IP permit list. Console> (enable)
This example shows how to add an IP address using an IP alias or host name to the IP permit list:
Console> (enable) set ip permit batboy batboy added to IP permit list. Console> (enable)
This example shows how to add a subnet mask of the IP address to the IP permit list:
Console> (enable) set ip permit 192.168.255.255 255.255.192.0 192.168.255.255 with mask 255.255.192.0 added to IP permit list. Console> (enable)
This example shows how to disable the IP permit list:
Console> (enable) set ip permit disable IP permit list disabled. Console> (enable)
clear ip permit
set ip permit
show ip permit
Use the set ip redirect command to enable or disable ICMP redirect messages.
set ip redirect {enable | disable}
enable | Keyword to permit ICMP redirect messages to be returned to the source host. |
disable | Keyword to prevent ICMP redirect messages from being returned to the source host. |
The default configuration has ICMP redirect enabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
This example shows how to deactivate ICMP redirect messages:
Console> (enable) set ip redirect disable ICMP redirect messages disabled. Console> (enable)
Use the set ip route command to add IP addresses or aliases to the IP routing table.
set ip route default gateway [metric] [primary]
default | Keyword to specify the entry as a default route. |
gateway | IP address or IP alias of the router. |
metric | (Optional) Value used to indicate the number of hops between the switch and the gateway. |
primary | (Optional) Keyword to specify the primary default route. |
destination | IP address or IP alias of the network, or IP address, DNS hostname, or IP alias of a specific host to be added. |
netmask | (Optional) Subnet mask or mask bits to assign to the interface. |
The default configuration routes the local network through the sc0 interface with metric 0 as soon as sc0 is configured.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You can configure up to three default gateways. You can specify a primary default gateway using the primary keyword. If a primary is not designated, the first default gateway you configure is the primary.
The switch forwards all off-network IP traffic generated by the switch itself to the primary default gateway unless the primary is unavailable. The entries in the IP routing table are only used for IP traffic generated by the switch itself (for example, Telnet, ping, or TFTP sessions from the switch CLI), not for IP data travelling through the switch.
On the Catalyst 4000 family and 2948G switches, the supervisor engine software automatically determines whether a default gateway is reached through the sc0 interface or the me1 interface.
You can enter the destination and gateway as either an IP alias or IP address in dotted format (for example, 172.20.52.7). You can enter the destination network mask in dotted decimal format or you can specify the number of bits in the netmask (for example, 204.20.22.7/24). CIDR IP address and subnet mask values are accepted for the destination network address.
This example shows how to add three default routes to the IP routing table:
Console> (enable) set ip route default 172.20.52.35 Route added. Console> (enable) set ip route default 172.20.52.40 Route added. Console> (enable) set ip route default 172.20.52.45 Route added. Console> (enable)
This example shows how to add a route to network 10.10.0.0/16 through gateway 172.20.52.33:
Console> (enable) set ip route 10.10.0.0/16 172.20.52.33 Route added. Console> (enable)
This example shows how to add a route to a specific host:
Console> (enable) set ip route 172.20.50.2/32 172.20.52.41 Route added. Console> (enable)
Use the set ip unreachable command to enable or disable ICMP unreachable messages on the switch.
set ip unreachable {enable | disable}
enable | Keyword to allow IP unreachable messages to be returned to the source host. |
disable | Keyword to prevent IP unreachable messages from being returned to the source host. |
The default has ICMP unreachable messages enabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
When you enable ICMP unreachable messages, the switch returns an ICMP unreachable message to the source host whenever it receives an IP datagram that it cannot deliver. When you disable ICMP unreachable messages, the switch does not notify the source host when it receives an IP datagram that it cannot deliver.
For example, a switch has the ICMP unreachable message function enabled and IP fragmentation disabled. If an FDDI frame is received and needs to transmit to an Ethernet port, the switch cannot fragment the packet. The switch drops the packet and returns an IP unreachable message to the Internet source host.
This example shows how to disable ICMP unreachable messages:
Console> (enable) set ip unreachable disable ICMP Unreachable message disabled. Console> (enable)
Use the set kerberos clients mandatory command to make Kerberos authentication mandatory for authenticating to services on the network.
set kerberos clients mandatoryThis command has no arguments or keywords.
Kerberos clients are not set to mandatory.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
As an added layer of security, you can optionally configure the switch so that after users authenticate to it, they can authenticate to other services on the network only with Kerberos clients. If you do not make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using the default method of authentication for that network service. For example, Telnet prompts for a password.
This example shows how to make Kerberos authentication mandatory:
Console> (enable) set kerberos clients mandatory Kerberos clients set to mandatory Console> (enable)
set kerberos credentials forward
clear kerberos clients mandatory
Use the set kerberos credentials forward command to configure clients to forward users' credentials as they connect to other hosts in the Kerberos realm.
set kerberos credentials forwardThis command has no arguments or keywords.
Forwarding is disabled by default.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
A user authenticated to a Kerberized switch has a ticket granting ticket (TGT) and can use it to authenticate to a host on the network. However, if forwarding is not enabled and a user tries to list credentials after authenticating to a host, the output will show no Kerberos credentials present.
You can optionally configure the switch to forward users' TGTs with them as they authenticate from the switch to Kerberized remote hosts on the network when using Kerberized Telnet.
This example shows how to enable Kerberos credentials forwarding:
kerberos> (enable) set kerberos credentials forward Kerberos credentials forwarding enabled kerberos> (enable)
set kerberos credentials forward
set kerberos clients mandatory
Use the set kerberos local-realm command to configure a switch to authenticate users defined in the Kerberos database.
set kerberos local-realm kerberos-realm
kerberos-realm | IP address or name (in uppercase characters) of the Kerberos realm. |
Default value is a NULL string.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
For a switch to authenticate a user defined in the Kerberos database, the switch must know the host name or IP address of the host running the Key Distribution Center (KDC) and the name of the Kerberos realm. Optionally, the switch should be able to map the host name or Domain Naming System (DNS) domain to the Kerberos realm.
This example shows how to set a default Kerberos local realm for the switch:
kerberos> (enable) set kerberos local-realm CISCO.COM Kerberos local realm for this switch set to CISCO.COM. aspen-kerberos> (enable)
set kerberos realm
clear kerberos realm
Use the set kerberos realm command to map the name of a Kerberos realm to a DNS domain name or a host name.
set kerberos realm dns-domain | host kerberos-realm
dns-domain | DNS domain name to map to Kerberos realm. |
host | IP address or name to map to Kerberos realm. |
kerberos-realm | IP address or name of Kerberos realm. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
The name of the Kerberos realm can be mapped to a DNS domain name or a host name. This can be done by the set kerberos realm command, which is an optional command. The information entered with this command is stored in a table with one entry for each Kerberos realm. The maximum number of entries in the table is 100.
This example shows how to map the Kerberos realm to a domain name:
Console> (enable) set kerberos realm CISCO CISCO.COM Kerberos DnsDomain-Realm entry set to CISCO - CISCO.COM Console> (enable)
set kerberos local-realm
clear kerberos realm
Use the set kerberos realm command to specify which KDC to use on the switch.
set kerberos server kerberos-realm hostname | ip-address [port-number]
kerberos-realm | Keyword specifying Kerberos realm. |
hostname | Name of host running the KDC. |
ip-address | IP address of host running the KDC. |
port-number | Number of the port. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You can specify to the switch which key distribution center (KDC) to use in a Kerberos realm. Optionally, you can also specify the port number which the KDC is monitoring. The Kerberos server information you enter is maintained in a table with one entry for each Kerberos realm. The maximum number of entries in the table is 100.
This example shows how to specify the Kerberos server:
kerberos> (enable) set kerberos server CISCO.COM 187.0.2.1 750 Kerberos Realm-Server-Port entry set to:CISCO.COM - 187.0.2.1 - 750 kerberos> (enable)
Use the set kerberos srvtab entry command to enter the SRVTAB file directly into the switch from the command line.
set kerberos srvtab entry kerberos-principal principal-type timestamp key-version number key-type key-length encrypted-keytab
kerberos-principal | Service on the switch. |
principal-type | Version of the Kerberos SRVTAB. |
timestamp | Number representing the date and time the SRVTAB entry was created. |
key-version- | Version of the encrypted key format. |
key-type | Type of encryption used. |
key-length | Length, in bytes, of the encryption key. |
encrypted-keytab | Secret key the switch shares with the KDC. This key is encrypted with the private DES key when you copy the configuration to a file or enter the show config command. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
When you enter the SRVTAB directly into the switch, create an entry for each Kerberos principal (service) on the switch. The entries are maintained in the SRVTAB table. The maximum size of the table is 20 entries.
This example shows how to enter a SRVTAB file directly into the switch:
kerberos> (enable) set kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 932423923 1 1 8 03;;5>00>50;0=0=0 Kerberos SRVTAB entry set to Principal:host/niners.cisco.com@CISCO.COM Principal Type:0 Timestamp:932423923 Key version number:1 Key type:1 Key length:8 Encrypted key tab:03;;5>00>50;0=0=0
set kerberos srvtab remote
clear kerberos srvtab entry
Use the set kerberos srvtab remote command to provide the switch with a copy of the SRVTAB file from the KDC that contains the secret key.
set kerberos srvtab remote {hostname | ip-address} filename
hostname | Name of host running the KDC. |
ip-address | IP address of host running the KDC |
filename | Name of the SRVTAB file. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
To make it possible for remote users to authenticate to the switch using Kerberos credentials, the switch must share a secret key with the KDC. To do this, you must give the switch a copy of the file that is stored in the KDC, which contains the secret key. These files are called SRVTAB files.
The most secure method to copy SRVTAB files to the hosts in your Kerberos realm is to copy them onto physical media and go to each host in turn and manually copy the files onto the system. To copy SRVTAB files to the switch, which does not have a physical media drive, you must transfer them through the network using the Trivial File Transfer Protocol (TFTP).
This example shows how to remotely copy SRVTAB files to the switch from the KDC:
kerberos> (enable) set kerberos srvtab remote 187.20.32.10 /users/jdoe/krb5/ninerskeytab
kerberos> (enable)
Use the set key config-key command to define a private DES key for the switch.
set key config-key string
string | DES key for switch. Should be no longer than eight bytes. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
You can define a private DES key for the switch. The private DES key can be used to encrypt the secret key that the switch shares with the KDC. If the DES key is set, the secret key is not displayed in clear text when the show kerberos command is executed. The key length should be eight characters or less.
This example shows how to define a DES key:
kerberos> (enable) set key config-key abcd Kerberos config key set to abcd kerberos> (enable)
Use the set length command to configure the number of lines in the terminal display screen.
set length number [default]
number | Number of lines to display on the screen; valid values are 0 and 5 to 512. 0 turns off the scrolling feature. |
default | (Optional) Keyword to set the number of lines in the terminal display screen for the current administration session and all other sessions. This keyword is only available in normal mode. |
The default screen length is 24 lines.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
Output from a single command that overflows a single display screen is followed by the --More-- prompt. At the --More-- prompt, you can press Ctrl-C, q, or Q to interrupt the output and return to the prompt, press the Spacebar to display an additional screen of output, or press Return to display one more line of output.
Setting the screen length to 0 turns off the scrolling feature and causes the entire output to display at once. Unless the default keyword is used, a change to the terminal length value applies only to the current session.
This example shows how to set the screen length to 60 lines:
Console> (enable) set length 60 Screen length for this session set to 60. Console> (enable)
This example shows how to set the default screen length to 40 lines:
Console> (enable) set length 40 default Screen length set to 40. Console> (enable)
Use the set logging buffer command to limit the number of system logging messages buffered.
set logging buffer buffer_size
buffer_size | Number of system logging messages to store in the buffer; valid values are 1 to 500. |
The default value is 500.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
This example shows how to limit the syslog message buffer to 400 messages:
Console> (enable) set logging buffer 400
System logging buffer size set to <400>.
Console> (enable)
set logging timestamp
show logging buffer
clear logging buffer
Use the set logging console command to enable and disable the sending of system logging messages to the console.
set logging console {enable | disable}
enable | Keyword to enable system message logging to the console. |
disable | Keyword to disable system message logging to the console. |
By default, system message logging to the console is enabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Switch command.
Privileged.
This example shows how to enable system message logging to the console:
Console> (enable) set logging console enable
System logging messages will be sent to the console.
Console> (enable)
This example shows how to disable system message logging to the console:
Console> (enable) set logging console disable
System logging messages will not be sent to the console.
set logging level
set logging session
show logging
show logging buffer
Posted: Tue Oct 5 10:55:24 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.