|
|
Use the set ntp key command to define an NTP authentication key pair or to specify a key to be trusted or untrusted.
set ntp key public_keynum {trusted | untrusted} [md5 secret_keystring]
public_keynum | Number of the key pair; valid values are 1 to 4292945295. |
trusted | Keyword that specifies the trusted key mode. |
untrusted | Keyword that specifies the untrusted key mode. |
md5 | (Optional) Keyword that sets the keystring of the key pair. |
secret_keystring | (Optional) Key string; valid values are 1 to 32 printable characters. |
There is no default setting for this command.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
If you enter the set ntp key command without the md5 keyword, the trusted or untrusted mode of the key will change after it is entered into the key table. Enter the set ntp key command with the md5 option to enter an authentication key pair into the system.
This example shows how to define an NTP authentication key:
Console> (enable)set ntp key 435 trusted md5 have_a_smurfy_dayNTP key 435 added.Console> (enable)
This example shows how to trust an NTP key:
Console> (enable)set ntp key 435 trustedNTP key 435 configured to be trusted.Console> (enable)
This example shows how to untrust an NTP key:
Console> (enable)set ntp key 9999 untrustedNTP key 9999 configured not to be trusted.Console> (enable)
Use the set ntp server command to specify the NTP server address and to configure an NTP server authentication key.
set ntp server ip_addr [key public_keynum]
ip_addr | IP address of the NTP server. |
key | (Optional) Keyword that specifies the key number. |
public_keynum | (Optional) Number of the key pair; valid values are 1 to 4292945295. |
There is no default setting for this command.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
If you enter the set ntp server command without the key argument, and the authentication feature is enabled, the following message appears:
A trusted key may be required to communicate with this server.
This example shows how to configure an NTP server:
Console> (enable) set ntp server 172.20.52.3 NTP server 172.20.52.3 added Console> (enable)
This example shows how to configure an NTP server with a key:
Console> (enable)set ntp server 111.222.111.222 key 879NTP server 111.222.111.222 with key 879 addedConsole> (enable)
This example shows how to assign a new key to an NTP server:
Console> (enable)set ntp server 111.222.111.222 key 4323423NTP server 111.222.111.222 has been updated with key 4323423Console> (enable)
Use the set password command to change the normal (login) mode password on the switch.
set passwordThis command has no arguments or keywords.
The default configuration has no password configured.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
Passwords are case sensitive and may be 0-30 characters in length, including spaces.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.
This example shows how to set the normal (login) mode password:
Console> (enable) set password Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed.
Console> (enable)
Use the set port broadcast command to set the broadcast/multicast suppression for one or more ports. The broadcast threshold limits the backplane traffic received from the module.
set port broadcast mod_num/port_num threshold[%]
mod _num | Number of the module. |
port_num | Number of the port. |
threshold | Number of packets-per-second of broadcast/multicast traffic allowed on the port or the percentage of total available bandwidth that can be used by broadcast/multicast traffic. Valid values are 0 to 150000 packets per second or 0.00 to 100.00 percent. 0 pps or 100% unlimits broadcast traffic. |
% | (Optional) Keyword used if threshold is expressed as a percentage of total available bandwidth that can be used by broadcast/multicast traffic. |
The default value for the threshold is 100 percent.
Catalyst 5000 family switches
Catalyst 2926G series switches
Switch command.
Privileged.
Use the show port capabilities command to determine whether your hardware supports broadcast/multicast suppression.
This example shows how to limit broadcast/multicast traffic on port 2/1 to 15.65%:
Console> (enable) set port broadcast 2/1 15.65% Port(s) 2/1 broadcast traffic limited to 15.65%. Console> (enable)
This example shows how to limit broadcast traffic to 500 packets per second on ports 2/1 through 2/24:
Console> (enable) set port broadcast 2/1-2/24 500 Ports 2/1-2/24 broadcast traffic limited to 500 packets. Console> (enable)
Use the set port channel command to define EtherChannel administrative groups, create EtherChannel port bundles, and specify the frame-distribution method for the switch.
set port channel port_list [admin_group]
port_list | List of ports to which the command applies. |
admin_group | (Optional) EtherChannel administrative group number. Valid values are 1 through 1024 inclusive. |
mode | Keyword used that specifies the EtherChannel mode. |
on | Keyword that forces the port to channel without negotiation. PAgP packets are not exchanged. The port is channeling regardless of how the peer port is configured. If the peer port is in on mode, a channel is formed. In any other mode, the peer port is placed in the errdisable state due to a channel misconfiguration. |
off | Keyword that prevents the port from channeling. PAgP packets are not exchanged. The port is not channeling regardless of how the peer port is configured. No channel is formed. |
desirable | Keyword that places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets. A channel is formed with another port group in either desirable or auto mode. |
auto | Keyword that places a port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not initiate PAgP packet negotiation. A channel is formed only with another port group in desirable mode. |
silent | (Optional) Keyword used when you are channeling to a "silent partner" (that is, a device that is not generating BPDUs or other traffic). An example of a silent partner is a traffic generator that is not transmitting packets. Use this keyword with the auto or desirable mode. If you do not specify silent or non-silent, silent is assumed. |
non-silent | (Optional) Keyword used when you are channeling to a device that will transmit BPDUs or other traffic. Use this keyword with the auto or desirable mode. |
The default system configuration is as follows:
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
Make sure that all ports you intend to channel are configured properly. For complete information on EtherChannel configuration restrictions, refer to the Software Configuration Guide for your switch.
Administrative groups specify which ports can form an EtherChannel together. An administrative group can contain a maximum of eight ports. However, administrative group membership is restricted by hardware capabilities. Use the show port capabilities command to determine which ports can form a channel together.
Hardware support for EtherChannel is as follows:
This example shows how to create an EtherChannel on ports 5-6 of module 7:
Console> (enable) set port channel 7/5-6 on Port(s) 7/5-6 are assigned to admin group 56. Port(s) 7/5-6 channel mode set to on. Console> (enable)
This example shows how to remove an EtherChannel on ports 5-6 of module 7:
Console> (enable) set port channel 7/5-6 mode auto Port(s) 7/5-6 channel mode set to auto. Console> (enable) show port channel
set channel cost
set channel vlancost
show channel
show channel group
show port channel
Use the set port disable command to disable a port or a range of ports.
set port disable mod_num/port_num
mod _num | Number of the module. |
port_num | Number of the port. |
The default system configuration has all ports enabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
This command is not supported by the RSM.
This example shows how to disable port 5/10:
Console> (enable) set port disable 5/10 Port 5/10 disabled. Console> (enable)
Use the set port duplex command to configure the duplex type of an Ethernet or Fast Ethernet port or range of ports.
set port duplex mod_num/port_num {full | half}
mod_num | Number of the module. |
port_num | Number of the port. |
full | Keyword that specifies full-duplex transmission. |
half | Keyword that specifies half-duplex transmission. |
The default configuration for 10-Mbps and 100-Mbps modules has all Ethernet ports set to half duplex.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex.
The set port duplex command is not valid on the 24- and 48-port group switching modules (WS-X5020 and WS-X5223) or the RSM.
The set port duplex command is not supported on Token Ring ports. Use the set tokenring portmode command instead.
You cannot configure the duplex mode on Gigabit Ethernet ports (they are always in full-duplex mode).
This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full Port 2/1 set to full-duplex. Console> (enable)
This example shows how to set port 1 on module 2 to half duplex:
Console> (enable) set port duplex 2/1 half Port 2/1 set to half-duplex. Console> (enable)
Use the set port enable command to enable a port or a range of ports.
set port enable mod_num/port_num
mod _num | Number of the module. |
port_num | Number of the port. |
The default system configuration has all ports enabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
This command is not supported on the RSM.
This example shows how to enable port 3 on module 2:
Console> (enable) set port enable 2/3 Port 2/3 enabled. Console> (enable)
Use the set port filter command to configure a MAC address filter or a protocol filter for ports on the Token Ring module.
set port filter mod_num/port_num {mac_addr | protocol_type} {permit | deny}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
mac_addr | MAC address contained in the packets to be filtered. You can enter this address in canonical format (00-11-33-44-55) or noncanonical format (00:11:22:33:44:55). |
protocol_type | Protocol type that you want to filter. For a list of the protocol types that you can filter, see Table 2-5 through Table 2-7. |
permit | Keyword that specifies the filter can permit packets with the specified MAC address or protocol type. |
deny | Keyword that specifies the filter can deny packets with the specified MAC address or protocol type. |
The command has no default setting.
Catalyst 5000 family switches
Switch command.
Privileged.
You can configure up to 16 MAC address filters or 16 protocol (eight SAPs and eight DSAPs) filters per port on the Token Ring module. See Table 2-5 through Table 2-7 for lists of SAPs and Ethertypes that you can use when defining protocol filters.
Table 2-5 and Table 2-6 list the SAPs that you can use to define protocol classes.
| Hexadecimal Value | Description |
|---|---|
X'02' | LLC Sublayer Management |
X'06' | DoD Internet |
X'x6' | National Standards Bodies |
X'0E' | Proway Network Management |
X'4E' | Manufacturing Message Service |
X'7E' | ISO 8208 |
X'8E' | Proway Active Station List Maintenance |
X'FE' | OSI Network Layer Protocols |
X'42' | Bridge Spanning-Tree Protocol |
| Hexadecimal Value | Description |
|---|---|
X'04' | SNA Path Control Individual |
X'F0' | NetBIOS |
X'F4' | LAN Management Individual |
X'F8' | IMPL |
X'FC' | Discovery |
X'DC' | Dynamic Address Resolution |
X'D4' | Resource Management |
Table 2-7 lists the possible Ethertypes that you can use to define protocol filters.
| Hexadecimal Value | Description |
|---|---|
X'0000' through X'05DC' | IEEE 802.3 |
X'0600' | Xerox XNS IDP |
X'0800' | DoD IP |
X'0801' | X.75 Internet |
X'0802' | NBS Internet |
X'0803' | ECMA Internet |
X'0804' | CHAOSnet |
X'0805' | X.25 Level 3 |
X'0806' | ARP (for IP and CHAOS) |
X'6001' | DEC MOP Dump/Load Assistance |
X'6002' | DEC MOP Remote Console |
X'6003' | DEC DECnet Phase IV |
X'6004' | DEC LAT |
X'6005' | DEC DECnet Diagnostics |
X'6010' through X'6014' | 3Com Corporation |
X'7000' through X'7002' | Ungermann-Bass download |
X'7030' | Proteon |
X'7034' | Cabletron |
X'8035' | Reverse ARP |
X'8046' through X'8047' | AT&T |
X'8088' through X'808A' | Xyplex |
X'809B' | Kinetics Ethertalk (Appletalk over Ethernet) |
X'80C0' through X'80C3' | Digital Communications Associates |
X'80D5' | IBM SNA Services over Ethernet |
X'80F2' | Retix |
X'80F3' through X'80F5' | Kinetics |
X'80F7' | Apollo Computer |
X'80FF' through X'8103' | Wellfleet Communications |
X'8137' through X'8138' | Novell |
This example shows how to configure a port filter on port 2 MAC address 00:40:0b:01:bc:65
of module 3 to permit packets from a specific MAC address:
Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 permit Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to permit. Console> (enable)
This example shows how to configure a port filter on port 2 MAC address 00:40:0b:01:bc:65
of module 3 to deny packets from a specific MAC address:
Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 deny Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to deny. Console> (enable)
clear port filter
show port filter
Use the set port flowcontrol command to configure a port to send or receive pause frames. Pause frames are special packets that signal a source to stop sending frames for a specific period of time because the buffers are full.
set port flowcontrol mod_num/port_num {receive | send} {off | on | desired}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
receive | Keyword that specifies if a port processes pause frames. |
send | Keyword that specifies if a port sends pause frames. |
off | Keyword that prevents a local port from receiving and processing pause frames from remote ports or from sending pause frames to remote ports. |
on | Keyword that enables a local port to receive and process pause frames from remote ports or send pause frames to remote ports. |
desired | Keyword that obtains predictable results whether a remote port is set to on, off, or desired. |
Flow control defaults vary depending upon port speed:
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
Table 2-8 describes guidelines for using different configurations of the send and receive keywords with the set port flowcontrol command.
| Configuration | Description |
|---|---|
send on | Enables a local port to send pause frames to remote ports. To obtain predictable results, use send on only when remote ports are set to receive on or receive desired. |
send off | Prevents a local port from sending pause frames to remote ports. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired. |
send desired | Obtains predictable results whether a remote port is set to receive on, receive off, or receive desired. |
receive on | Enables a local port to process pause frames that a remote port sends. To obtain predictable results, use receive on only when remote ports are set to send on or send desired. |
receive off | Prevents remote ports from sending pause frames to local port. To obtain predictable results, use send off only when remote ports are set to receive off or receive desired. |
receive desired | Obtains predictable results whether a remote port is set to send on, send off, or send desired. |
All Catalyst Gigabit Ethernet ports can receive and process pause frames from remote devices. However, not all Catalyst Gigabit Ethernet ports can send pause frames to remote devices.
Table 2-9 identifies the Catalyst Gigabit Ethernet switches, modules, and ports that can send pause frames to remote devices.
| Switch Type | Module | Ports | Send |
|---|---|---|---|
Catalyst 5000 | All modules except WS-X5410 | All ports except WS-X5410 | Yes |
Catalyst 5000 | WS-X5410 | Uplink ports | No |
Catalyst 5000 | WS-X5410 | Oversubscribed ports | Yes |
Catalyst 2926G | All modules | All ports | Yes |
Catalyst 4000 | All modules except WS-X4418-GB, WS-X4412-2GB-TX, and WS-X4416-2GB-TX) | All ports except for the oversubscibed ports listed below | No |
Catalyst 4000 | WS-X4418-GB | Uplink ports (1-2) | No |
Catalyst 4000 | WS-X4418-GB | Oversubscribed ports (3-18) | Yes |
Catalyst 4000 | WS-X4412-2GB-TX | Uplink ports (13-14) | No |
Catalyst 4000 | WS-X4412-2GB-TX | Oversubscribed ports (1-12) | Yes |
Catalyst 4000 | WS-X4416-2GB-TX | Uplink ports (17-18) | No |
Catalyst 2948G | All ports | All ports | No |
Catalyst 2980G | All modules | All ports | No |
This example shows how to configure port 1 of module 5 to receive and process pause frames:
Console> (enable) set port flowcontrol receive 5/1 on Port 5/1 flow control receive administration status set to on (port will require far end to send flowcontrol) Console> (enable)
This example shows how to configure port 1 of module 5 to receive and process pause frames if the remote port is configured to send pause frames:
Console> (enable) set port flowcontrol receive 5/1 desired Port 5/1 flow control receive administration status set to desired (port will allow far end to send flowcontrol if far end supports it) Console> (enable)
This example shows how to configure port 1 of module 5 to receive but not process pause frames on port 1 of module 5:
Console> (enable) set port flowcontrol receive 5/1 off Port 5/1 flow control receive administration status set to off (port will not allow far end to send flowcontrol) Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames:
Console> (enable) set port flowcontrol send 5/1 on Port 5/1 flow control send administration status set to on (port will send flowcontrol to far end) Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames and yield predictable reults even if the remote port is set to receive off:
Console> (enable) set port flowcontrol send 5/1 desired Port 5/1 flow control send administration status set to desired (port will send flowcontrol to far end if far end supports it) Console> (enable)
This example shows how to configure port 1 of module 5 to not send pause frames:
Console> (enable) set port flowcontrol send 5/1 off Port 5/1 flow control send administration status set to off (port will not send flowcontrol to far end) Console> (enable)
Use the set port gmrp command to enable or disable GMRP on the specified ports in all VLANs.
set port gmrp mod/ports... {enable | disable}
mod/ports... | Module number and port number list. |
enable | Keyword that specifies to enable GMRP on a specified port. |
disable | Keyword that specifies to disable GMRP on a specified port. |
The default is GMRP is disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
You can modify the per-port GMRP configuration, but you must enable GMRP globally using the set gmrp enable command before the per-port GMRP configuration takes effect.
This example shows how to enable GMRP on module 3, port 1:
Console> (enable) set port gmrp enable 3/1 GMRP enabled on port(s) 3/1. GMRP feature is currently disabled on the switch. Console> (enable)
This example shows how to disable GMRP on module 3, ports 1 through 5:
Console> (enable) set port gmrp disable 3/1-5 GMRP disabled on port(s) 3/1-5. Console> (enable)
Use the set port gvrp command to enable or disable GVRP on the specified ports in all VLANs.
set port gvrp mod/ports... {enable | disable}
mod/ports... | Module number and port number list. |
enable | Keyword that specifies to enable GVRP on the specified ports. |
disable | Keyword that specifies to disable GVRP on the specified ports. |
The default is GVRP is disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
GVRP can only be enabled on IEEE 802.1Q trunks.
When VTP pruning is enabled, VTP pruning runs on all GVRP-disabled trunks.
To run GVRP on a trunk, GVRP needs to be enabled both globally on the switch and enabled individually on the trunk.
You can configure GVRP on a port even when GVRP is globally disabled. However, the port will not become a GVRP participant until GVRP is also globally enabled.
This example shows how to enable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 enable GVRP enabled on 3/2. Console> (enable)
This example shows how to disable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 disable GVRP disabled on 3/2. Console> (enable)
This example shows what happens if you try to enable GVRP on a port that is not an 802.1Q trunk:
Console> (enable) set port gvrp 4/1 enable Failed to set port 4/1 to GVRP enable. Port not allow GVRP. Console> (enable)
This example shows what happens if you try to enable GVRP on a specific port when GVRP has not first been enabled using the set gvrp command:
Console> (enable) set port gvrp 5/1 enable GVRP enabled on 5/1. GVRP feature is currently disabled on the switch. Console> (enable)
show gvrp configuration
set gvrp
clear gvrp statistics
Use the set port host command to optimize the port configuration for a host connection.
set port host mod/ports...
mod/ports... | Module number and port number list. |
This command has no default setting.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
The set port host command sets channel mode to off, enables spanning-tree portfast, and sets trunk mode to off. Only an end station can accept this configuration.
Enable spanning-tree portfast start only on ports connected to a single host. Connecting hubs, concentrators, switches, and bridges to a fast start port can cause temporary spanning tree loops.
Enable the set port host command to decrease the time it takes to start up packet forwarding.
This example shows how to optimize the port configuration for end station/host connections on ports 2/1 and 3/1:
Console> (enable) set port host 2/1,3/1 Warning: Span tree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution. Spantree ports 2/1,3/1 fast start enabled. Port(s) 2/1,3/1 trunk mode set to off. Port(s) 2/1 channel mode set to off. Console> (enable)
Use the set port level command to set the priority level of a port or range of ports on the
switching bus.
mod_num | Number of the module. |
port_num | Number of the port on the module. |
normal | Keyword that specifies to set the port priority to normal. |
high | Keyword that specifies to set the port priority to high. |
The default configuration has all ports at normal priority level.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
Packets traveling through a port set at normal priority are served only after packets traveling through a port set at high priority are served.
This example shows how to set the priority level for port 2 on module 1 to high:
Console> (enable) set port level 1/2 high Port 1/2 port level set to high. Console> (enable)
This example shows how to set the priority level for port 2 on module 1 to normal:
Console> (enable) set port level 1/2 normal Port 1/2 level set to normal. Console> (enable)
set port disable
set port enable
set port name
set port speed
show port
Use the set port membership command to configure ports for dynamic or static VLAN membership.
set port membership mod_num/port_num {dynamic | static}
mod_num | Module number. |
port_num | Port number. |
dynamic | Keyword that specifies to configure the port for dynamic VLAN membership. |
static | Keyword that specifies to configure the port for static VLAN membership. |
Default port membership is static.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
This command is not supported on the following:
Ports configured for dynamic VLAN membership obtain their VLAN assignment through VMPS. Ports configured for static VLAN membership obtain their VLAN assignment through the set vlan command.
When a port is assigned a VLAN dynamically, the show port command output identifies the VLAN as dynamic. If the dynamic port is shut down by a VMPS, its status is shown as shutdown.
This example shows how to configure a port for dynamic VLAN membership:
Console> (enable) set port membership 3/1-3 dynamic Ports 3/1-3 vlan assignment set to dynamic. Spantree port fast start option enabled for ports 3/1-3. Console> (enable)
Use the set port name command to configure a name for a port.
set port name mod_num/port_num [port_name]
mod_num | Number of the module. |
port_num | Number of the port. |
port_name | (Optional) Name of the port. |
The default configuration has no port name configured for any port.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
If you do not specify the name string, the port name is cleared.
This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy Port 4/1 name set. Console> (enable)
Use the set port negotiation command to enable link negotiation on the port that you specify. Link negotiation autonegotiates flow control, duplex mode, and remote fault information.
set port negotiation mod_num/port_num [enable | disable]
mod_num | Number of the module. |
port_num | Number of the port. |
enable | (Optional) Keyword that specifies to enable the link negotiation protocol. |
disable | (Optional) Keyword that specifies to disable the link negotiation protocol. |
The default is link negotiation protocol enabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
If the port does not support this command, the following message appears:
Feature not supported on Port N/N.
N/N is the module and port number.
When you enable link negotiation with the set port negotiation command, the system autonegotiates flow control, duplex mode, and remote fault information.
You must either enable or disable link negotiation on both ends of the link. Both ends of the link must be set to the same value or the link cannot connect.
This example shows how to enable link negotiation on port 1, module 3:
Console> (enable) set port negotiation 3/1 enable Link negotiation protocol disabled on port 3/1. Console> (enable)
This example shows how to disable link negotiation on port 1, module 4:
Console> (enable) set port negotiation 4/1 disable Link negotiation protocol disabled on port 4/1. Console> (enable)
Use the set port protocol command to set the protocol filtering group membership of ports.
set port protocol mod_num/port_num {ip | ipx | group} {on | off | auto}
mod_num | Number of the module. |
port_num | Number of the port. |
ip | Keyword that specifies the IP protocol filtering group. |
ipx | Keyword that specifies the IPX protocol filtering group. |
group | Keyword that specifies the Group protocol filtering group. |
on | Keyword that specifies to indicate the port will receive all the flood traffic for that protocol. |
off | Keyword that specifies to indicate the port will not receive any flood traffic for that protocol. |
auto | Keyword that specifies to indicate the port will receive the flood traffic for that protocol only after transmitting packets of that specific protocol. |
By default, ports are configured to on for the IP protocol group and auto for the IPX and Group protocol groups.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
Protocol filtering is supported only on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. Trunking ports are always members of all the protocol groups.
You must enable protocol filtering globally on the switch using the set protocolfilter command.
If the configuration for one of the protocol groups is set to auto, the port initially does not receive any flood packets for that protocol. If the connected device transmits packets of that protocol, the port is added to the protocol group and flood traffic for that protocol is transmitted on that port.
Ports configured as auto are removed from the protocol group if the connected device does not transmit packets of that protocol within 60 minutes. They are also removed from the protocol group on detection of a link down.
On the Catalyst 5000 family and 2926G series switches, packets are classified into the following protocol groups:
On the Catalyst 4000 family and 2948G switches, packets are classified into the following protocol groups:
This example shows how to enable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx on IPX protocol disabled on port 2/1. Console> (enable)
This example shows how to disable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx off IPX protocol disabled on port 2/1. Console> (enable)
This example shows how to enable automatic IP membership of port 1 on module 5:
Console> (enable) set port protocol 5/1 ip auto IP protocol set to auto mode on module 5/1. Console> (enable)
This example shows how to disable group IP membership of port 1 on module 1:
Console> (enable) set port protocol 1/1 group off Group protocol disabled on port 1/1. Console> (enable)
set protocolfilter
show port protocol
Use the set port qos command to set the default value for all packets that have arrived through an untrusted port.
set port qos mod/ports... cos cos_value
mod/ports... | Number of the module and the ports. |
cos | Keyword that specifies CoS values. |
cos_value | CoS value; valid values are 0 through 7. |
Default is CoS 0; the default no CoS is enforced when QoS is disabled; and CoS is enforced when QoS is enabled.
Catalyst 5000 family switches
Switch command.
Privileged.
This command is not supported by the Network Analysis Module (NAM).
You can use the set port qos command on Supervisor Engines III and III F with NFFC II, or Supervisor Engines II G and III G.
This example shows how to set the default CoS value on a port:
Console> (enable)set port qos 2/1 cos 3Port 2/1 qos cos set to 3Console> (enable)
clear port qos cos
show qos info
Use the set port security command to configure port security on a port or range of ports.
set port security mod/ports... [enable | disable] [mac_addr] [age {age_time}] [maximum {num_of_mac}] [shutdown {shutdown_time}] [violation {shutdown | restrict}]
mod | Number of the module. |
ports... | Number of the ports. |
enable | (Optional) Keyword that specifies to enable port security. |
disable | (Optional) Keyword that specifies to disable port security. |
mac_addr | (Optional) Secure MAC address of the enabled port. |
age | (Optional) Keyword that specifies the duration for which addresses on the port will be secured. |
age_time | (Optional) Specifies the duration for which addresses on the port will be secured. Valid time in minutes is 10---1440. |
maximum num_of_mac | (Optional) Keyword that specifies the maximum number of MAC addresses to secure on the port. Valid values are 1---1025. |
shutdown | (Optional) Keyword that specifies the duration for which a port will remain disabled in case of a security violation. |
shutdown_time | (Optional) Duration for which a port will remain disabled. Valid values are 10---1440 minutes. |
violation | (Optional) Action to be taken in the event of a security violation. |
shutdown | (Optional) Keyword that specifies to shut down the port in the event of a security violation. |
restrict | (Optional) Keyword that specifies to restrict packets from unsecure hosts. |
The default port security configuration is as follows:
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
If you enter the set port security enable command but do not specify a MAC address, the first MAC address seen on the port becomes the secure MAC address.
You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this list of secure addresses. The maximum number 1024.
The set port security violation command allows you to specify whether you want the port to shut down or to restrict access only to insecure MAC addresses. The shutdown time allows you to specify the duration of shutdown in the event of a security violation.
This example shows how to set port security with a learned MAC address:
Console> (enable)set port security 3/1 enable Port 3/1 security enabled. Trunking disabled for Port 1/1 due to Security Mode.Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable)set port security 3/1 enable 01-02-03-04-05-06 Port 3/1 security enabled. Mac address 01-02-03-04-05-06 set for port 1/1.Console> (enable)
This example sets the shutdown time to 600 minutes on port 7/7:
Console> (enable) set port security 7/7 shutdown 600
Port 7/7 security shutdown time 600.
Console> (enable)
This example sets the port to drop all packets that are coming in on the port from insecure hosts:
Console> (enable) set port security 7/7 violation restrict Port 7/7 security violation mode restrict. Console> (enable)
show port security
clear port security
Use the set port speed command to configure transmission speed or autonegotiation. In the default mode, autonegotiation manages transmission speed, duplex mode, the master link, and the slave link.
set port speed mod_num/port_num {10 | 100 auto}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
10 | Keyword that specifies a transmission rate of 10-Mbps on 10/100 Fast Ethernet ports. |
100 | Keyword that specifies a transmission rate of 100-Mbps on 10/100 Fast Ethernet ports. |
auto | Keyword that specifies autonegotiation for transmission speed and duplex mode on 10/100 Fast Ethernet ports. On 1000BaseT Gigabit Ethernet ports, this keyword specifies that autonegotiation determines the master and slave links. |
4 | Keyword that specifies a transmission rate of 4-Mbps on Token Ring ports. |
16 | Keywords that specifies a transmission rate of 16-Mbps on Token Ring ports. |
auto | Keyword that specifies autonegotiation for transmission speed on Token Ring ports. |
The default configuration has all module ports set to auto.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
On 1000BaseT Gigabit Ethernet, autonegotiation determines which side of the link is master and which side is slave.
You can configure Ethernet interfaces on the 10/100-Mbps Ethernet switching modules to either 10 Mbps or 100 Mbps, or to autosensing mode, allowing them to sense and distinguish between 10-Mbps and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. If you set the interfaces to autosensing mode, they configure themselves automatically to operate at the proper speed and transmission type.
You can configure Token Ring interfaces on the Token Ring module to either 4 Mbps or 16 Mbps, or to autospeed detection mode, allowing them to sense and distinguish between 4-Mbps and 16-Mbps port transmission speed. If you set the interfaces to autospeed detection mode, they automatically configure themselves to operate at the proper speed.
If you change the transmission speed of a port that is open to 4 or 16 Mbps, the port will close and reopen at the new transmission speed. If a port closes and reopens on an existing ring using a transmission speed different from that which the ring is operating, the ring will beacon.
If you set the port speed to auto, duplex mode is automatically set to auto.
If the ports on the Token Ring module are configured to detect the speed of the ring automatically, the first port inserted on the ring does not set the speed because it is unable to detect the speed.
This example shows how to configure port 1 on module 2 to auto:
Console> (enable) set port speed 2/1 auto Port 2/1 speed set to auto-sensing mode. Console> (enable)
This example shows how to configure port 2 on module 2 port speed to 10 Mbps:
Console> (enable) set port speed 2/2 10 Port 2/2 speed set to 10 Mbps. Console> (enable)
This example shows how to configure port 4 on module 3 port speed to 16 Mbps:
Console> (enable) set port speed 3/4 16 Port(s) 3/4 speed set to 16Mbps. Console> (enable)
Use the set port trap command to enable or disable the operation of the standard SNMP link trap (up or down) for a port or range of ports.
set port trap mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port. |
enable | Keyword that specifies to activate the SNMP link trap. |
disable | Keyword that specifies to deactivate the SNMP link trap. |
The default configuration has all port traps disabled.
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Switch command.
Privileged.
This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable Port 1/2 up/down trap enabled. Console> (enable)
set port disable
set port duplex
set port enable
set port name
set port speed
show port
Posted: Tue Mar 21 09:06:43 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.