|
|
Use the reset command to restart the system or an individual module.
reset {mod_num | system}
mod_num | Number of the module to be restarted. |
system | Keyword to reset the system to its default values. |
This command has no default setting.
Switch command.
Privileged.
If no module number or module number of the active supervisor engine is specified, the command resets the entire system.
You can use the reset mod_num command to switch to the standby supervisor engine, where mod_num is the slot number of the active supervisor.
Where mod_num is an MSM, both the MSM hardware and software are completely reset.
This example shows how to reset the supervisor engine on a Catalyst 6000 family switch with redundant supervisor engines:
Console> (enable) reset 1 This command will force a switch-over to the standby supervisor module and disconnect your telnet session. Do you want to continue (y/n) [n]? y Connection closed by foreign host. host%
This example shows how to reset module 4:
Console> (enable) reset 4 This command will reset module 4 and may disconnect your telnet session. Do you want to continue (y/n) [n]? y Resetting module 4... Console> (enable)
Use the rollback command to clear changes made to the ACL edit buffer since its last save. The ACL is rolled back to its state at the last commit command.
rollback qos acl acl_name
qos acl | Keyword to specify QoS ACEs. |
security acl | Keywords to specify security ACEs. |
acl_name | Name that identifies the VACL whose ACEs are to be affected. |
This command has no default setting.
Switch command.
Privileged.
This example shows how to clear the edit buffer of a specific QoS ACL.
Console (enable)rollback qos acl ip-8-1Rollback for QoS ACL ip-8-1 is successful.Console> (enable)
This example shows how to clear the edit buffer of a specific security ACL.
Console> (enable)rollback security acl IPACL1IPACL1 editbuffer modifications cleared.Console> (enable)
Use the session command to open a session with a module (for example, the MSM or ATM), allowing you to use the module-specific CLI.
session mod_num
mod_num | Number of the module. |
This command has no default setting.
Switch command.
Privileged.
After you enter this command, the system responds with the Enter Password: prompt, if one is configured on the module.
To end the session, enter the quit command.
Use the session command to toggle between router and switch sessions.
For information on ATM commands, refer to the ATM Configuration Guide for the Catalyst 6000 family switches.
This example shows how to open a session with an MSM (module 4):
Console> session 4Trying Router-4...Connected to Router-4.Escape character is \Q^]'.Router>
Use the set command to display all of the ROM monitor variable names with their values.
setThis command has no arguments or keywords.
This command has no default setting.
ROM monitor command.
Normal.
This example shows how to display all of the ROM monitor variable names with their values:
rommon 2 > set PS1=rommon ! > BOOT= ?=0
Use the set alias command to define aliases (shorthand versions) of commands.
set alias name command [parameter] [parameter]
name | Alias being created. |
command | Command for which the alias is being created. |
parameter | (Optional) Parameters that apply to the command for which an alias is being created. See the specific command for information about parameters that apply. |
The default is no aliases are configured.
Switch command.
Privileged.
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
This example shows how to set the alias for the clear arp command as arpdel:
Console> (enable) set alias arpdel clear arp Command alias added. Console> (enable)
Use the set arp command to add mapping entries to the ARP table and to set the ARP aging time for the table.
set arp ip_addr hw_addr [route_descr]
ip_addr | IP address or IP alias to map to the specified MAC address. |
hw_addr | MAC address to map to the specified IP address or IP alias. |
route_descr | (Optional) Route descriptor. The maximum number of route descriptors allowed in the route_descr parameter is 14. |
Keyword to set the period of time after which an ARP entry is removed from the ARP table. | |
agingtime | Number of seconds (from 1 to 1,000,000) that entries will remain in the ARP table before being deleted. Setting this value to 0 disables aging. |
The default is no ARP table entries exist; ARP aging is set to 1200 seconds.
Switch command.
Privileged.
This example shows how to map IP address 198.133.219.232 to MAC address 00-00-0c-40-0f-bc:
Console> (enable) set arp 198.133.219.232 00-00-0c-40-0f-bc ARP entry added. Console> (enable)
This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800 ARP aging time set to 1800 seconds. Console> (enable)
Use the set authentication enable commands to enable authentication using the TACACS+ or RADIUS server to determine if you have privileged access permission.
set authentication enable tacacs enable| disable [console | telnet | both] [primary]
set authentication enable radius enable | disable [console | telnet | both] [primary]
set authentication enable local enable | disable [console | telnet | both]
tacacs | Keyword to specify TACACS+ authentication for login. |
enable | Keyword to enable the specified authentication method for login. |
disable | Keyword to disable the specified authentication method for login. |
console | (Optional) Keyword to specify the authentication method applies to console sessions. |
telnet | (Optional) Keyword to specify the authentication method applies to Telnet sessions. |
both | (Optional) Keyword to specify the authentication method applies to both session types. |
primary | (Optional) Keyword to specify the specified authentication method be tried first. |
radius | Keyword to specify RADIUS authentication for login. |
local | Keyword to specify local authentication for login. |
The default is local authentication is enabled for both console and Telnet sessions. RADIUS and Tacacs+ are disabled for both console and Telnet sessions.
Switch command.
Privileged.
Authentication configuration applies to both console and Telnet connection attempts unless you use the console and telnet keywords to specify the authentication methods to use for each connection type individually.
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enable tacacs enable authentication set to enable for console and telnet session. Console> (enable)
This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enable local enable authentication set to enable for console and telnet session. Console> (enable)
This example shows how to use the RADIUS server to determine if a user has privileged access permission for both console and telnet sessions.
Console> (enable) set authentication enable radius enable both radius enable authentication set to enable for console and telnet sessions. Console> (enable)
This example shows how to set the TACACS+ servers to be used first:
Console> (enable) set authentication enable tacacs enable primary
tacacs enable authentication set to enable for console and telnet session as primary authentication method.
Console> (enable)
set authentication login
show authentication
Use the set authentication login command to enable TACACS+ or RADIUS as the primary authentication method for login.
set authentication login tacacs enable| disable [console | telnet | both] [primary]
set authentication login radius enable | disable [console | telnet | both] [primary]
set authentication login local enable | disable [console | telnet | both]
tacacs | Keyword to specify the use of the TACACS+ server password to determine if you have access permission to the switch. |
enable | Keyword to enable the specified authentication method for login. |
disable | Keyword to disable the specified authentication method for login. |
console | (Optional) Keyword to specify the authentication method applies to console sessions. |
telnet | (Optional) Keyword to specify the authentication method applies to Telnet sessions. |
both | (Optional) Keyword to specify the authentication method applies to both session types. |
primary | (Optional) Keyword to specify the specified authentication method be tried first. |
radius | Keyword to specify the use of the RADIUS server password to determine if you have access permission to the switch. |
local | Keyword to specify the use of the local password to determine if you have access permission to the switch. |
The default setting of this command is local authentication enabled and TACACS+ and RADIUS authentication disabled for console, Telnet, or both console and Telnet sessions.
Switch command.
Privileged.
You can specify TACACS+ or RADIUS as the primary authentication method for login and enable access by entering the primary keyword. If you enter the primary keyword, the specified authentication method will be tried first. If you do not specify a primary authentication, authentication will be tried in the order in which each was enabled.
You can specify that the authentication method applies to console, Telnet, or both console and Telnet sessions, by entering the the console, telnet, or both keywords. If you do not specify console, telnet, or both, the authentication method applies to both console and Telnet sessions.
These examples show how to use the set authentication login command to authenticate access permission to the switch:
Console> (enable) set authentication login tacacs disable telnet TACACS Login authentication set to disable for the telnet sessions. Console> (enable) Console> (enable) set authentication login radius disable console RADIUS Login authentication set to disable for the console sessions. Console> (enable) Console> (enable) set authentication login local disable telnet Local Login authentication set to disable for the telnet sessions. Console> (enable)
set authentication enable
show authentication
Use the set banner motd command to program an MOTD banner to appear before session login.
set banner motd c [text] c
c | Delimiting character used to begin and end the message. |
text | (Optional) Message of the day. |
This command has no default setting.
Switch command.
Privileged.
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd # ** System upgrade at 6:00am Tuesday. ** Please log out before leaving on Monday. # MOTD banner set. Console> (enable)
This example shows how to clear the message of the day:
Console> (enable) set banner motd ## MOTD banner cleared. Console> (enable)
Use the set boot config-register commands to set the boot configuration register value.
set boot config-register 0xvalue [mod_num]
0xvalue | (Optional) Keyword to set the 16-bit configuration register value. |
mod_num | (Optional) Module number of the supervisor engine containing the Flash device. |
baud | Keyword to set the console baud rate. |
1200 | 2400 | 4800 | 9600 | Keywords to specify baud rate. |
ignore-config | Keywords to set the ignore-config feature. |
enable | Keyword to enable the ignore-config feature. |
disable | Keyword to disable the ignore-config feature. |
boot | Keyword to specify the boot image to use on the next restart. |
rommon | Keyword to specify booting from the ROM monitor. |
bootflash | Keyword to specify booting from the bootflash. |
system | Keyword to specify booting from the system. |
The defaults are as follows:
Switch command.
Privileged.
We recommend that you use only the rommon and system options to the set boot config-register boot command.
Each time you enter one of the set boot config-register commands, the system displays all current configuration-register information (the equivalent of entering the show boot command).
The baud rate specified in the configuration register is used by the ROM monitor only and is different from the baud rate specified by the set system baud command.
When you enable the ignore-config feature, the system software ignores the configuration information stored in NVRAM the next time the switch is restarted.
 | Caution Enabling the ignore-config parameter is the same as entering the clear config all command; that is, it clears the entire configuration stored in NVRAM the next time the switch is restarted. |
This example shows how to specify booting from the ROM monitor:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
This example shows how to specify the default 16-bit configuration register value:
Console> (enable) set boot config-register 0x10f Configuration register is 0x10f break: disabled ignore-config: disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to change the ROM monitor baud rate to 4800:
Console> (enable) set boot config-register baud 4800 Configuration register is 0x90f ignore-config: disabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to enable the ignore-config option:
Console> (enable) set boot config-register ignore-config enable Configuration register is 0x94f ignore-config: enabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to specify rommon as the boot image to use on the next restart:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
Use the set boot system flash command to set the BOOT environment variable that specifies a list of images the switch loads at startup.
set boot system flash device:[filename] [prepend] [mod_num]
device: | Device where the Flash resides. |
filename | (Optional) Name of the configuration file. |
prepend | (Optional) Keyword to place the device first in the list of boot devices. |
mod_num | (Optional) Module number of the supervisor engine containing the Flash device. |
This command has no default setting.
Switch command.
Privileged.
A colon (:) is required after the specified device.
You can enter several boot system commands to provide a fail-safe method for booting the switch. The system stores and executes the boot system commands in the order in which you enter them. Remember to clear the old entry when building a new image with a different filename in order to use the new image.
If the file does not exist (for example, if you entered the wrong filename), then the filename is appended to the bootstring, and a message displays, "Warning: File not found but still added in the bootstring."
If the file does exist, but is not a supervisor engine image, the file is not added to the bootstring, and a message displays, "Warning: file found but it is not a valid boot image."
This example shows how to append the filename cat6000-sup.5.3.1.CSX.bin on device bootflash to the BOOT environment variable:
Console> (enable)set boot system flash bootflash:cat6000-sup.s.bin prependBOOT variable = bootflash:cat6000-sup.5.3.1.CSX.bin,1; bootflash:cat6000-sup.5.3.1.CSX.bin,1;Console> (enable)
This example shows how to prepend bootflash:c to the beginning of the boot string:
Console> (enable) set boot system flash bootflash:c prepend Console> (enable)
Use the set cam commands to add entries into the CAM table and set the aging time for the CAM table.
set cam {dynamic | static | permanent} {unicast_mac | route_descr} mod/port [vlan]
dynamic | Keyword to specify that entries are subject to aging. |
static | Keyword to specify that entries are not subject to aging. Static (nonpermanent) entries will remain in the table until the active supervisor engine is reset. |
permanent | Keyword to specify that permanent entries are stored in NVRAM until they are removed by the clear cam or clear config command. |
unicast_mac | MAC address of the destination host used for a unicast. |
route_descr | Route descriptor of the "next hop" relative to this switch. This variable is entered as two hexadecimal bytes in the following format: 004F. Do not use a "-" to separate the bytes. Valid values are 0 to 0xffff. |
mod/port | Number of the module and the port. |
vlan | (Optional) Number of the VLAN. This number is optional unless you are setting CAM entries to dynamic, static, or permanent for a trunk port, or if you are using the agingtime keyword. |
multicast_mac | MAC address of the destination host used for a multicast. |
mod/ports.. | Number of the module and the ports. |
agingtime | Keyword to set the period of time after which an entry is removed from the table. |
agingtime | Number of seconds (0 to 1,000,000) that dynamic entries remain in the table before being deleted. Setting the aging time to 0 disables aging. |
The default configuration has a local MAC address, spanning-tree address (01-80-c2-00-00-00), and CDP multicast address for destination port 1/3 (the NMP). The default aging time for all configured VLANs is 300 seconds.
Switch command.
Privileged.
If the given MAC address is a multicast address (the least significant bit of the most significant byte is set to 1) or broadcast address (ff-ff-ff-ff-ff-ff) and multiple ports are specified, the ports must all be in the same VLAN. If the given address is a unicast address and multiple ports are specified, the ports must be in different VLANs.
The set cam command does not support the MSM.
If you enter a route descriptor with no VLAN parameter specified, the default is the VLAN already associated with the port. If you enter a route descriptor, you may only use a single port number (of the associated port).
If port(s) are trunk ports, you must specify the VLAN.
This example shows how to set the CAM table aging time to 300 seconds:
Console> (enable) set cam agingtime 1 300 Vlan 1 CAM aging time set to 300 seconds. Console> (enable)
This example shows how to add a unicast entry to the table for module 2, port 9:
Console> (enable) set cam static 00-00-0c-a0-03-fa 2/9 Static unicast entry added to CAM table. Console> (enable)
This example shows how to add a permanent multicast entry to the table for module 1, port 1, and module 2, ports 1, 3, and 8 through 12:
Console> (enable) set cam permanent 01-40-0b-a0-03-fa 1/1,2/1,2/3,2/8-12 Permanent multicast entry added to CAM table. Console> (enable)
Use the set cdp commands to enable, disable, or configure CDP features globally on all ports or on specified ports.
set cdp {enable | disable} {mod/ports...}
enable | Keyword to enable the CDP feature. |
disable | Keyword to disable the CDP feature. |
mod/ports... | Number of the module and the port. |
interval | Keyword to specify the CDP message interval value. |
interval | Number of seconds (5 to 900) the system waits before sending a message; valid values are 5 to 900 seconds. |
holdtime | Keyword to specify the global Time-To-Live value. |
holdtime | Number of seconds for the global Time-To-Live value; valid values are 10 to 255 seconds. |
The default system configuration has CDP enabled; the message interval is set to 60 seconds for every port; the default Time-To-Live value has the message interval globally set to 180 seconds.
Switch command.
Privileged.
If you enter the global set cdp enable or disable command, CDP is globally configured. If CDP is globally disabled, CDP is automatically disabled on all interfaces, but the per-port enable (or disable) configuration is not changed. If CDP is globally enabled, whether CDP is running on an interface or not depends on its per-port configuration.
If you configure CDP on a per-port basis, the mod_num/port_num can be entered as a single module and port or a range of ports; for example, 2/1-12,3/5-12.
This example shows how to enable the CDP message display for port 1 on module 2:
Console> (enable) set cdp enable 2/1 CDP enabled on port 2/1. Console> (enable)
This example shows how to disable the CDP message display for port 1 on module 2:
Console> (enable) set cdp disable 2/1 CDP disabled on port 2/1. Console> (enable)
This example shows how to specify the CDP message interval value:
Console> (enable) set cdp interval 400 CDP interval set to 400 seconds. Console> (enable)
This example shows how to specify the global Time-To-Live value:
Console> (enable) set cdp holdtime 200 CDP holdtime set to 200 seconds. Console> (enable)
Use the set channel cost command to set the channel path cost and adjust the port costs of the ports in the channel automatically.
set channel cost channel_id | all [cost]
channel_id | Number of the channel identification. |
all | Keyword to configure all channels. |
cost | (Optional) Port costs of the ports in the channel. |
The default is the port cost is updated automatically based on the current port costs.
Switch command.
Privileged.
When you do not enter the cost, the cost is updated based on the current port costs of the channeling ports. If you change the channel cost, member ports in the channel might be modified and saved to NVRAM. If this is the case, a message appears to list the ports whose port path costs were updated due to the channel cost modification.
This example shows how to set the channel 768 path cost to 23:
Console> (enable) set channel cost 768 23 Port(s) 1/1-2,7/3,7/5 port path cost are updated to 60. Channel 768 cost is set to 23. Warning:channel cost may not be applicable if channel is broken. Console> (enable)
This example shows how to set all channel path costs to 15:
Console> (enable) set channel cost all 15 Port(s) 4/1-4 port path cost are updated to 39. Channel 768 cost is set to 15. Warning:channel cost may not be applicable if channel is broken.
Use the set channel vlancost command to set the channel VLAN cost and automatically adjust the port VLAN costs of the ports in the channel.
set channel vlancost channel_id cost
channel_id | Number of the channel identification. |
cost | (Optional) Port costs of the ports in the channel. |
The default is the VLAN cost is updated automatically based on the current port VLAN costs of the channeling ports.
Switch command.
Privileged.
When you do not enter the cost, the cost is updated based on the current port VLAN costs of the channeling ports.
You can configure only one channel at a time.
If you change the channel VLAN cost, member ports in the channel might be modified and saved to NVRAM. If this is the case, a message appears to list the ports whose port path costs were updated due to the channel cost modification.
This example shows how to set the channel 768 path cost to 10:
Console> (enable)set channel vlancost 768 10Port(s) 1/1-2 vlan cost are updated to 24.Channel 768 vlancost is set to 10.Console> (enable)
Use the set cops commands to configure COPS functionality.
set cops server ipaddress [port] [primary] [diff-serv | rsvp]
server | Keyword to set the name of the COPS server. |
ipaddress | IP address or IP alias of the server. |
port | (Optional) Number of the TCP port the switch connects to on the server. |
primary | (Optional) Keyword to specify the primary server. |
diff-serv | (Optional) Keyword to set the COPS server for differentiated services. |
rsvp | (Optional) Keyword to set the COPS server for RSVP+. |
domain-name domain_name | Keyword and variable to specify the domain name of the switch. |
retry-interval | Keyword to specify the retry interval in seconds. |
initial | Initial timeout value; valid values are 0 to 65535 seconds. |
incr | Incremental value; valid values are 0 to 65535 seconds. |
max | Maximum timeout value; valid values are 0 to 65535 seconds. |
The defaults are as follows:
Switch command.
Privileged.
You can configure the names or addresses of up to two PDP servers. One must be the primary, and the optional second server is a secondary, or backup, PDP server.
The COPS domain name can be set globally only; there is no option to set it for each COPS client.
Names such as the server, domain-name, and roles can contain a maximum of 31 characters; longer names are truncated to 31 characters. Valid letters are a-z, A-Z, 0-9, ., - and _. Names cannot start with an underscore (_). The names are not case-sensitive for matching, but are case-sensitive for display.
When specifying the retry-interval, the total of the initial timeout value and the incremental value (increment on each subsequent failure) may not exceed the maximum timeout value.
This example shows how to configure a server as a primary server:
Console> (enable) set cops server 171.21.34.56 primary
171.21.34.56 added to COPS server table as primary server.
Console> (enable)
This example shows how to configure a server as a primary RSVP+ server:
Console> (enable)set cops server 171.21.34.56 primary rsvp171.21.34.56 added to COPS server table as primary server for RSVP.Console> (enable)
This example shows how to configure a server as a secondary (or backup) server:
Console> (enable)set cops server my_server2my_server2 added to the COPS server table as backup server.Console> (enable)
This example shows how to set the domain name:
Console> (enable)set cops domain-name my_domainDomain name set to my_domain.Console> (enable)
This example shows how to set the retry interval:
Console> (enable)set cops retry-interval 15 1 30Connection retry intervals set.Console> (enable)
This example shows the display output if the total of the initial timeout value and the incremental value you entered exceeds the maximum timeout value:
Console> (enable)set cops retry-interval 15 1 10The initial timeout plus the increment value may not exceed the max value.Console> (enable)
Posted: Fri Dec 31 10:58:09 PST 1999
Copyright 1989-1999©Cisco Systems Inc.