|
|
Use the set port channel commands to configure EtherChannel on Ethernet module ports.
set port channel mod/ports... [admin_group]
mod/ports... | Number of module and ports. |
admin_group | (Optional) Number of administrative group; valid values are from 1 to 1024. |
mod_num/port_num | Number of module and ports. |
mode | Keyword to specify the EtherChannel mode. |
on | (Optional) Keyword to enable and force specified ports to channel without PAgP. |
off | (Optional) Keyword to prevent ports from channeling. |
desirable | (Optional) Keyword to set a PAgP mode that places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets. |
auto | (Optional) Keyword to set a PAgP mode that places a port into a passive negotiating state, in which the port responds to PAgP packets it receives, but does not initiate PAgP packet negotiation. |
silent | (Optional) Keyword to use with auto or desirable when no traffic is expected from the other device to prevent the link from being reported to STP as down. |
non-silent | (Optional) Keyword to use with auto or desirable when traffic is expected from the other device. |
all distribution | Keyword to apply frame distribution to all ports in the switch. |
ip | Keyword to specify the frame distribution method using IP address values. |
mac | Keyword to specify the frame distribution method using MAC address values. |
source | (Optional) Keyword to specify the frame distribution method using source address values. |
destination | (Optional) Keyword to specify the frame distribution method using destination address values. |
both | (Optional) Keyword to specify the frame distribution method using source and destination address values. |
The default is EtherChannel is set to auto and silent on all module ports. The defaults for frame distribution are ip and both.
Switch command.
Privileged.
Make sure that all ports in the channel are configured with the same port speed, duplex mode, and so forth. For more information on EtherChannel, refer to the Catalyt 6000 Family Software Configuration Guide.
With the on mode, a usable EtherChannel exists only when a port group in on mode is connected to another port group in on mode.
If you are running QoS, make sure that bundled ports are all of the same trust types and have similar queueing and drop capabilities.
Disable the port security feature on the channeled ports (see the set port security command). If you enable port security for a channeled port, the port shuts down when it receives packets with source addresses that do not match the secure address of the port.
You can configure up to eight ports on the same switch in each administrative group.
When you assign ports to an existing admin group, the original ports associated with the admin group will move to an automatically picked new admin group. You cannot add ports to the same admin group.
If you do not enter an admin_group, it means that you want to create a new administrative group with admin_group selected automatically. The next available admin_group is automatically selected.
If you do not enter the channel mode, the channel mode of the ports addressed are not modified.
The silent | non-silent parameters only apply if desirable or auto modes are entered.
If you do not specify silent or non-silent, the current setting is not affected.
This example shows how to set the channel mode to desirable:
Console> (enable) set port channel 2/2-8 mode desirable Ports 2/2-8 channel mode set to desirable.
This example shows how to set the channel mode to auto:
Console> (enable) set port channel 2/7-8,3/1 mode auto Ports 2/7-8,3/1 channel mode set to auto. Console> (enable)
This example shows how to group ports 4/1 through 4 in an admin group:
Console> (enable) set port channel 4/1-4 96
Port(s) 4/1-4 are assigned to admin group 96.
Console> (enable)
This example shows the display when the port list is exceeded:
Console> (enable) set port channel 2/1-9 1 No more than 8 ports can be assigned to an admin group. Console> (enable)
This example shows how to disable EtherChannel on module 4, ports 4 through 6:
Console> (enable)set port channel 4/4-6 mode offPort(s) 4/4-6 channel mode set to off.Console> (enable)
This example shows the display output when you assign ports to an existing admin group. This example moves ports in admin group 96 to another admin group and assigns ports 4/4 through 6 to admin group 96:
Console> (enable)set port channel 4/4-6 96Port(s) 4/1-3 are moved to admin group 97.Port(s) 4/4-6 are assigned to admin group 96.Console> (enable)
This example shows how to set the channel mode to off for ports 4/4 through 6 and assign ports 4/4 through 6 to an automatically selected admin group:
Console> (enable)set port channel 4/4-6 offPort(s) 4/4-6 channel mode set to off.Port(s) 4/4-6 are assigned to admin group 23.Console> (enable)
This example shows how to configure the EtherChannel load-balancing feature:
Console> (enable)set port channel all distribution ip destChannel distribution is set to ip destination.Console> (enable)
show port channel
show channel
show channel group
Use the set port cops command to create port roles.
set port cops mod/port roles role1 [role2]...
mod/port | Number of the module and the port. |
roles role# | Keyword and variable to specify the roles. |
The default is all ports have a default role of null string, for example, the string of length 0.
Switch command.
Privileged.
A port may have multiple roles. A maximum of 64 total roles may be configured per switch. Multiple roles can be specified in a single command.
This example shows how to create roles on a port:
Console> (enable)set port cops 3/1 roles backbone_port main_portNew role `backbone_port' created.New role `main_port' created.Roles added for port 3/1-4.Console> (enable)
This example shows the display if you attempt to create a roll and exceed the maximum allowable number of roles:
Console> (enable)set port cops 3/1 roles access_portUnable to add new role. Maximum number of roles is 64.Console> (enable)
Use the set port disable command to disable a port or a range of ports.
set port disable mod_num/port_num
mod _num | Number of the module. |
port_num | Number of the port. |
The default system configuration has all ports enabled.
Switch command.
Privileged.
This example shows how to disable a port using the set port disable command:
Console> (enable) set port disable 5/10 Port 5/10 disabled. Console> (enable)
Use the set port duplex command to configure the duplex type of an Ethernet port or a range of ports.
set port duplex mod_num/port_num {full | half | auto}
mod_num | Number of the module. |
port_num | Number of the port. |
full | Keyword to specify full-duplex transmission. |
half | Keyword to specify half-duplex transmission. |
auto | Keyword to specify auto transmission. |
The default is that the duplex type is set to auto.
Switch command.
Privileged.
When a port is in autosensing mode, both its speed and duplex are determined by autosensing. An error message like the following is generated if you attempt to set the transmission type of autosensing Ethernet ports to half- or full-duplex mode:
Console> (enable) set port duplex 2/1 full (1 port - failed)
Port 2/1 is in auto-sensing mode. Console> (enable)
Gigabit ports only support full-duplex mode.
This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full Port 2/1 set to full-duplex. Console> (enable)
Use the set port enable command to enable a port or a range of ports.
set port enable mod_num/port_num
mod _num | Number of the module. |
port_num | Number of the port. |
The default is all ports are enabled.
Switch command.
Privileged.
This example shows how to enable port 3 on module 2:
Console> (enable) set port enable 2/3 Port 2/3 enabled. Console> (enable)
Use the set port flowcontrol command to set the receive flow-control value for a particular EtherChannel switching module port.
set port flowcontrol {mod_num/port_num} {receive | send} {off | on | desired}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
receive | Keyword to indicate whether the port can receive administrative status from a remote device. |
send | Keyword to indicate whether the local port can send administrative status to a remote device. |
off | Keyword, when used with receive, turns off an attached device's ability to send flow-control packets to a local port. When used with send, turns off the local port's ability to send administrative status to a remote device. |
on | Keyword, when used with receive, requires that a local port receive administrative status from a remote device. When used with send, the local port sends administrative status to a remote device. |
desired | Keyword, when used with receive, allows a local port to operate with an attached device that is required to send flow-control packets, or with an attached device that is not required to but may send flow-control packets. When used with send, the local port sends administrative status to a remote device if the remote device supports it. |
The default is off for receive and desired for send except for the 24-port 100BaseFX and 48-port 10/100 BaseTX RJ-45 modules; the default is off for receive and off for send.
Switch command.
Privileged.
When you configure the the 24-port 100BaseFX and 48-port 10/100 BaseTX RJ-45 modules, you can set the receive flow control to on or off and the send flow control to off.
These examples show how to use the set port flowcontrol commands:
Console> (enable) set port flowcontrol 5/1 receive on Port 5/1 flow control receive administration status set to on (port will require far end to send flowcontrol) Console> (enable) Console> (enable) set port flowcontrol 5/1 receive desired Port 5/1 flow control receive administration status set to desired (port will allow far end to send flowcontrol if far end supports it) Console> (enable) Console> (enable) set port flowcontrol 5/1 receive off Port 5/1 flow control receive administration status set to off (port will not allow far end to send flowcontrol) Console> (enable) Console> (enable) set port flowcontrol 5/1 send on Port 5/1 flow control send administration status set to on (port will send flowcontrol to far end) Console> (enable) Console> (enable) set port flowcontrol 5/1 send desired Port 5/1 flow control send administration status set to desired (port will send flowcontrol to far end if far end supports it) Console> (enable) Console> (enable) set port flowcontrol 5/1 send off Port 5/1 flow control send administration status set to off (port will not send flowcontrol to far end) Console> (enable)
Use the set port gmrp command to enable or disable GMRP on the specified ports in all VLANs.
set port gmrp {mod/ports...} {enable | disable}
mod/ports... | Module number and port number list. |
enable | Keyword to enable GVRP on a specified port. |
disable | Keyword to disable GVRP on a specified port. |
The default is GMRP is disabled.
Switch command.
Privileged.
You can enter this command even when GMRP is not enabled, but the values come into effect only when GMRP is enabled using the set gmrp enable command.
This example shows how to enable GMRP on module 3, port 1:
Console> (enable) set port gmrp 3/1 enable GMRP enabled on port(s) 3/1. GMRP feature is currently disabled on the switch. Console> (enable)
This example shows how to disable GMRP on module 3, ports 1 through 5:
Console> (enable) set port gmrp 3/1-5 disable GMRP disabled on port(s) 3/1-5. Console> (enable)
Use the set port gvrp command to enable or disable GVRP on the specified ports in all VLANs.
set port gvrp {mod/ports...} {enable | disable}
mod/ports... | Module number and port number list. |
enable | Keyword to enable GVRP on a specified port. |
disable | Keyword to disable GVRP on a specified port. |
The default is GVRP is disabled.
Switch command.
Privileged.
When VTP pruning is enabled, VTP pruning runs on all the GVRP-disabled trunks.
To run GVRP on a trunk, GVRP needs to be enabled both globally on the switch and enabled individually on the trunk.
You can configure GVRP on a port even when GVRP is globally disabled. However, the port will not become a GVRP participant until GVRP is also globally enabled.
GVRP can be enabled only on an 802.1Q trunk.
If you enter the command without specifying the port number, GVRP is affected globally in the switch.
This example shows how to enable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 enable GVRP enabled on 3/2. Console> (enable)
This example shows how to disable GVRP on module 3, port 2:
Console> (enable) set port gvrp 3/2 disable GVRP disabled on 3/2. Console> (enable)
This example shows what happens if you try to enable GVRP on a port that is not an 802.1Q trunk:
Console> (enable) set port gvrp 4/1 enable Failed to set port 4/1 to GVRP enable. Port not allow GVRP. Console> (enable)
This example shows what happens if you try to enable GVRP on a specific port when GVRP has not first been enabled using the set gvrp command:
Console> (enable) set port gvrp 5/1 enableGVRP enabled on port(s) 5/1.GVRP feature is currently disabled on the switch.Console> (enable)
show gvrp configuration
set gvrp
clear gvrp statistics
Use the set port jumbo command to enable or disable the jumbo frame feature on a per-port basis.
set port jumbo {mod/port} {enable | disable}
mod/port | Number of module and port. |
enable | Keyword to enable jumbo frames on a specified port. |
disable | Keyword to disable jumbo frames on a specified port. |
If the jumbo frame feature is enabled, the MTU size for packet acceptance is 9216 bytes for nontrunking ports.
Switch command.
Privileged.
The jumbo frame feature can be used when transferring large frames or jumbo frames through Catalyst 6000 family switches to optimize server-to-server performance.
The jumbo frames feature is only supported on Layer 2-switched frames.
The MSFC and MSM do not support the routing of jumbo frames; if jumbo frames are sent to these routers, router performance is significantly degraded.
The GSR does support jumbo frames.
To enable the jumbo frame feature on a port, the port must meet the following conditions:
For information on how to set the jumbo frame MTU size, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com.
This example shows how to enable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 enable
Jumbo frames enabled on port 5/3.
Console> (enable)
This example shows how to disable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 disable
Jumbo frames disabled on port 3/2.
Console> (enable)
This example shows what happens if you try to enable the jumbo frames feature on a port that is not a Gigabit Ethernet port:
Console> (enable)set port jumbo 3/1 enableFeature not supported on port 3/1.Console> (enable)
This example shows what happens if you try to enable the jumbo frames feature on a port that does not have the trunking mode set to OFF:
Console> (enable)set port jumbo 6/1 enableFailed to enable the port jumbo frame feature on port 6/1.The trunking mode for jumbo enabled ports must be set to off.Console> (enable)
This example shows what happens if you try to enable the jumbo frames feature on a port that does not have the channeling mode set to OFF:
Console> (enable)set port jumbo 6/2 enableFailed to enable the port jumbo frame feature on port 6/2.The channelling mode for jumbo enabled ports must be set to off.Console> (enable)
set port channel
set trunk
show port jumbo
Use the set port name command to configure a name for a port.
set port name mod_num/port_num [port_name]
mod_num | Number of the module. |
port_num | Number of the port. |
port_name | (Optional) Name of the port. |
The default configuration has no port name configured for any port.
Switch command.
Privileged.
If you do not specify the name string, the port name is cleared.
This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy Port 4/1 name set. Console> (enable)
Use the set port negotiation command to enable or disable the link negotiation protocol on the specified port.
set port negotiation mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port. |
enable | Keyword to enable the link negotiation protocol. |
disable | Keyword to disable the link negotiation protocol. |
The default is link negotiation protocol is enabled.
Switch command.
Privileged.
This command only applies to ports on the Gigabit Ethernet switching module.
This example shows how to disable link negotiation protocol on port 1, module 4:
Console> (enable) set port negotiation 4/1 disable Link negotiation protocol disabled on port 4/1. Console> (enable)
Use the set port protocol command to enable or disable protocol membership of ports.
set port protocol mod_num/port_num {ip | ipx | group} {on | off | auto}
mod_num | Number of the module. |
port_num | Number of the port. |
ip | Keyword to specify IP. |
ipx | Keyword to specify IPX. |
group | Keyword to specify VINES, AppleTalk, and DECnet protocols. |
on | Keyword to indicate the port will receive all the flood traffic for that protocol. |
off | Keyword to indicate the port will not receive any flood traffic for that protocol. |
auto | Keyword to indicate the port will not receive any flood traffic for that protocol. |
The default is that the ports are configured to on for the IP protocol groups and auto for IPX and group protocols.
Switch command.
Privileged.
Protocol filtering is supported only on nontrunking EtherChannel ports. Trunking ports are always members of all the protocol groups.
If the port configuration is set to auto, the port initially does not receive any flood packets for that protocol. When the corresponding protocol packets are received on that port, the supervisor engine detects this and adds the port to the protocol group.
Ports configured as auto are removed from the protocol group if no packets are received for that protocol within a certain period of time. This aging time is set to 60 minutes. They are also removed from the protocol group on detection of a link down.
This example shows how to disable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx off IPX protocol disabled on port 2/1. Console> (enable)
This example shows how to enable automatic IP membership of port 1 on module 5:
Console> (enable) set port protocol 5/1 ip auto IP protocol set to auto mode on module 5/1. Console> (enable)
Use the set port qos command to specify whether an interface should be interpreted as a physical port or as a VLAN.
set port qos mod/port... port-based | vlan-based
mod/port... | Number of the module and the ports. |
port-based | Keyword to interpret the interface as a physical port. |
vlan-based | Keyword to interpret the interface as part of a VLAN. |
The default is ports are port-based.
Switch command.
Privileged.
Changing a port from port-based to VLAN-based QoS detaches all ACLs from the port. Any ACLs attached to the VLAN apply to the port immediately.
This example shows how to specify an interface as a physical port:
Console> (enable)set port qos 1/1-2 port-basedHardware programming in progress...QoS interface is set to port-based for ports 1/1-2.Console> (enable)
This example shows how to specify an interface as a VLAN:
Console> (enable)set port qos 2/1-2 vlan-basedHardware programming in progress...QoS interface is set to VLAN-based for ports 2/1-2.Console> (enable)
Use the set port qos cos command to set the default value for all packets that have arrived through an untrusted port.
set port qos mod/ports.. cos cos_value
mod/ports.. | Number of the module and the ports. |
cos-value | CoS value; valid values are from 0 through 7. |
Default is CoS 0; the default no CoS is enforced when QoS is disabled; and CoS is enforced when QoS is enabled.
Switch command.
Privileged.
This example shows how to set the default value on a port:
Console> (enable)set port qos 2/1 cos 3Port 2/1 qos cos set to 3Console> (enable)
clear port qos cos
show qos info
Use the set port rsvp dsbm-election command to specify whether or not the switch participates in the DSBM election on that particular segment.
set port rsvp mod/port dsbm-election enable | disable [dsbm_priority]
mod/port | Number of the module and the port. |
enable | Keyword to enable participation in the DSBM election. |
disable | Keywords to disable participation in the DSBM election. |
dsbm_priority | (Optional) DSBM priority; valid values are from 128 to 255. |
The default is DSBM is disabled. the default dsbm_priority is 128.
Switch command.
Privileged.
This example shows how to enable participation in the DSBM election:
Console> (enable) set port rsvp 2/1,3/2 dsbm-election enable 232
DSBM election enabled for ports 2/1,3/2.
DSBM priority set to 232 for ports 2/1,3/2.
This DSBM priority will be used during the next election process.
Console> (enable)
This example shows how to disable participation in the DSBM election:
Console> (enable) set port rsvp 2/1 dsbm-election disable
DSBM election disabled for ports(s) 2/1.
Console> (enable)
This example shows the output when you enable participation in the DSBM election on a port that is not forwarding:
Console> (enable)set port rsvp 2/1,3/2 dsbm-election enable 232DSBM enabled and priority set to 232 for ports 2/1,3/2.Warning: Port 2/1 not forwarding. DSBM negotiation will start after port starts forwarding on the native vlan.Console> (enable)
Use the set port qos trust command to set the trusted state of a port; for example, whether the packets arriving at a port are trusted to carry the correct classification.
set port qos mod/ports.. trust {untrusted | trust-cos | trust-ipprec | trust-dscp}
mod/ports.. | Number of the module and the ports. |
untrusted | Keyword to specify that packets need to be reclassified from the matching ACE. |
trust-cos | Keyword to specify that although the CoS bits in the incoming packets are trusted, the ToS is invalid and a valid value needs to be derived from the CoS bits. |
trust-ipprec | Keyword to specify that although the ToS/CoS bits in the incoming packets are trusted, the ToS is invalid and the ToS is set as IP Precedence. |
trust-dscp | Keyword to specify that the ToS/CoS bits in the incoming packets can be accepted as is with no change. |
The default configuration when QoS is enabled is untrusted. When QoS is disabled, the default is trust-cos on L2 Switching Engine-based systems and trust-dscp on L3 Switching Engine-based systems.
Switch command.
Privileged.
On 10/100 ports, you can use only the set port qos trust command to activate the receive drop thresholds. To configure trust, you have to convert the port to port-based QoS, define an ACL that defines all (or the desired subset) of ACEs to be trusted, and attach the ACL to that port.
This example shows how to set the trusted state of a module:
Console> (enable)set port qos 3/7 trust trust-cosPort 3/7 qos set to trust-cosConsole> (enable)
Use the set port security command to configure port security on a port or range of ports.
set port security mod_num/port_num {enable | disable} [mac_addr]
mod_num | Number of the module. |
port_num | Number of the port. |
enable | Keyword to enable port security. |
disable | Keyword to disable port security. |
mac_addr | (Optional) Secure MAC address of the enabled port. |
The default configuration has port security disabled.
Switch command.
Privileged.
If the MAC address is not given, the command turns on learning mode so that the first MAC address seen on the port becomes the secure MAC address.
This command is supported on all Ethernet modules.
This example shows how to set port security with a learned MAC address:
Console> (enable)set port security 3/1 enablePort 3/1 port security enabled with the learned mac address.Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable)set port security 3/1 enable 01-02-03-04-05-06Port 3/1 port security enabled with 01-02-03-04-05-06 as the secure mac address.Console> (enable)
Use the set port speed command to configure the speed of a port interface. You can configure the speed of a Fast Ethernet interface.
set port speed mod_num/port_num {10 | 100 | auto}
mod_num | Number of the module. |
port_num | Number of the port on the module. |
10 | 100 | auto | Keyword to set a port speed to 10 Mbps, 100 Mbps, or autospeed detection mode. |
The default is all module ports are set to auto.
Switch command.
Privileged.
You can configure Fast Ethernet interfaces on the 10/100-Mbps Fast Ethernet switching module to either 10 Mbps or 100 Mbps, or set to autosensing mode, allowing them to sense and distinguish between 10-Mbps and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. If you set the interfaces to autosensing, they configure themselves automatically to operate at the proper speed and transmission type.
This command is not supported by the Gigabit Ethernet switching module.
This example shows how to configure port 1 on module 2 to auto:
Console> (enable) set port speed 2/1 auto Port 2/1 speed set to auto-sensing mode. Console> (enable)
This example shows how to configure port 2 on module 2 port speed to 10 Mbps:
Console> (enable) set port speed 2/2 10 Port 2/2 speed set to 10 Mbps. Console> (enable)
Use the set port trap command to enable or disable the operation of the standard SNMP link trap (up or down) for a port or range of ports.
set port trap mod_num/port_num {enable | disable}
mod_num | Number of the module. |
port_num | Number of the port. |
enable | Keyword to activate the SNMP link trap. |
disable | Keyword to deactivate the SNMP link trap. |
The default is all port traps are disabled.
Switch command.
Privileged.
This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable Port 1/2 up/down trap enabled. Console> (enable)
set port disable
set port duplex
set port enable
set port speed
show port
Use the set power redundancy command to turn redundancy between the power supplies on or off.
set power redundancy enable | disable
enable | Keyword to activate redundancy between the power supplies. |
disable | Keyword to deactivate redundancy between the power supplies. |
The default is power redundancy is enabled.
Switch command.
Privileged.
In a system with dual power supplies, this command turns redundancy between the power supplies on or off. In a redundant configuration, the power available to the system is the maximum power capability of the weakest supply.
In a nonredundant configuration, the power available to the system is the sum of the power capability of both supplies.
This example shows how to activate redundancy between power supplies:
Console> (enable) set power redundancy enable Power supply redundancy enabled.
This example shows how to deactivate redundancy between power supplies:
Console> (enable) set power redundancy disable Power supply redundancy disabled. Console> (enable)
Use the set prompt command to change the prompt for the CLI.
set prompt prompt_string
prompt_string | String to use as the command prompt. |
The default is the prompt is set to Console>.
Switch command.
Privileged.
If you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. However, if you specify a different prompt string using the set prompt command, that string is used for the prompt.
This example shows how to set the prompt to system100>:
Console> (enable) set prompt system100> system100> (enable)
Use the set protocolfilter command to activate or deactivate protocol filtering on Ethernet VLANs and on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports.
set protocolfilter {enable | disable}
enable | Keyword to activate protocol filtering. |
disable | Keyword to deactivate protocol filtering. |
The default is protocol filtering is disabled.
Switch command.
Privileged.
Protocol filtering is supported only on Ethernet VLANs and on nontrunking EtherChannel ports.
This example shows how to activate protocol filtering:
Console> (enable) set protocolfilter enable Protocol filtering enabled on this switch. Console> (enable)
This example shows how to deactivate protocol filtering:
Console> (enable) set protocolfilter disable Protocol filtering disabled on this switch. Console> (enable)
Use the set qos command to turn on or turn off QoS functionality on the switch.
set qos enable | disable
enable | Keyword to activate QoS functionality. |
disable | Keyword to deactivate QoS functionality. |
The default is QoS functionality is disabled.
Switch command.
Privileged.
Refer to the Catalyst 6000 Family Software Configuration Guide for information on how to change the QoS default configurations.
When you enable and disable QoS in quick succession, a bus timeout might occur.
If you enable or disable QoS on channel ports with different port types, channels may break or form.
This example shows how to enable QoS:
Console> (enable)set qos enable<...trunking reset messages deleted ...>QoS is enabled.Console> (enable)
This example shows how to disable QoS:
Console> (enable)set qos disable<...trunking reset messages deleted ...>QoS is disabled.Console> (enable)
Use the set qos acl default-action command to set the ACL default actions.
set qos acl default-action ip {dscp {dscp} | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name]
ip | Keyword to specify the IP ACL default actions. |
dscp dscp | Keyword and variable to set the DSCP to be associated with packets matching this stream. |
trust-cos | Keyword to specify that the DSCP is derived from the packet CoS. |
trust-ipprec | Keyword to specify that the DSCP is derived from the packet's IP Prec. |
trust-dscp | Keyword to specify that the DSCP is what is contained in the packet already. |
microflow microflow_name | (Optional) Keyword and variable to specify the name of the microflow policing rule to be applied to packets matching the ACE. |
aggregate aggregate_name | (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. |
ipx | Keyword to specify the IPX ACL default actions. |
mac | Keyword to specify the MAC ACL default actions. |
The default is no ACL is set up. When QoS is enabled, the default-action is to classify everything to best effort and to do no policing. When QoS is disabled, the default-action will be to trust-dscp on all packets and do no policing.
Switch command.
Privileged.
Configurations you make by entering this command are saved to NVRAM and the switch and do not require that you enter the commit command.
When QoS is enabled, the default-action is to classify everything to best effort and there will be no policing. When QoS is disabled, the default-action will be to trust-dscp on all packets and do no policing.
This example shows how to set up the IP ACL default actions:
Console> (enable) set qos acl default-action ip dscp 5 microflow micro aggregate agg
QoS default-action for IP ACL is set successfully.
Console> (enable)
This example shows how to set up the IPX ACL default actions:
Console> (enable) set qos acl default-action ipx dscp 5 microflow micro aggregate agg
QoS default-action for IPX ACL is set successfully.
Console> (enable)
This example shows how to set up the MAC ACL default actions:
Console> (enable) set qos acl default-action mac dscp 5 microflow micro aggregate agg
QoS default-action for MAC ACL is set successfully.
Console> (enable)
show qos acl info
clear qos acl
Use the set qos acl ip commands to create IP access lists.
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}
acl_name | Unique name that identifies the list to which the entry belongs. |
dscp dscp | Keyword and variable to set CoS and DSCP from configured DSCP values. |
trust-cos | Keyword to specify that the DSCP is derived from the packet CoS. |
trust-ipprec | Keyword to specify that the DSCP is derived from the packet's IP Prec. |
trust-dscp | Keyword to specify that the DSCP is what is contained in the packet already. |
microflow microflow_name | (Optional) Keyword and variable to specify the name of the microflow policing rule to be applied to packets matching the ACE. |
aggregate aggregate_name | (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. |
src_ip_spec | Source IP address and the source mask. Refer to the "Usage Guidelines" section for the format. |
before editbuffer_index | (Optional) Keyword and variable to insert the new ACE in front of another ACE. |
modify editbuffer_index | (Optional) Keyword and variable to replace an ACE with the new ACE. |
protocol | Keyword or number of an IP protocol; valid numbers are from 0 to 255 representing an IP protocol number. Refer to the "Usage Guidelines" section for the list of valid keywords and corresponding numbers. |
dest_ip_spec | Destination IP address and the destination mask. Refer to the "Usage Guidelines" section for the format. |
precedence precedence | (Optional) Keyword and variable to specify the precedence level to compare with in incoming packet; valid values are from 0 to 7 or by name. Refer to the "Usage Guidelines" section for a list of valid names. |
dscp-field dscp | (Optional) Keyword and variable to specify the DSCP field level to compare with in incoming packet; valid values are from 0 to 7 or by name; valid values are from 0 to 7; valid names are critical, flash, flash-override, immediate, internet, network, priority, and routine). |
icmp | Keyword to specify ICMP. |
icmp-type | (Optional) ICMP message type; valid values are from 0 to 255. |
icmp-code | (Optional) ICMP message code; valid values are from 0 to 255. |
icmp-message | (Optional) ICMP message type name or ICMP message type and code name. Refer to the "Usage Guidelines" section for a list of valid names. |
igmp | Keyword to specify IGMP. |
igmp-type | (Optional) IGMP message type or message name; valid message type numbers are from 0 to 15. Refer to the "Usage Guidelines" section for a list of valid names and numbers. |
tcp | Keyword to specify TCP. |
operator | (Optional) Operands; valid values include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range). |
port | (Optional) TCP or UDP port number or name; valid port numbers are from 0 to 65535. Refer to the "Usage Guidelines" section for a list of valid names. |
established | (Optional) For TCP protocol only: Keyword to specify an established connection. |
udp | Keyword to specify UDP. |
The default is there are no ACLs.
Switch command.
Privileged.
Configurations you make by entering any of these command are saved to NVRAM and the switch only after you enter the commit command. Enter ACEs in batches and then enter the commit command to save them in NVRAM and the switch.
Use the show qos acl info command to view the edit buffer.
When you enter the ACL name, follow these naming conventions:
When you specify the source IP address and the source mask, use the form source_ip_address source_mask and follow these guidelines:
When you enter a destination IP address and the destination mask, use the form destination_ip_address destination_mask. The destination mask is required.
Valid names for precedence are critical, flash, flash-override, immediate, internet, network, priority and routine.
Valid names for tos are max-reliability, max-throughput, min-delay, min-monetary-cost, and normal.
Valid protocol keywords include: icmp (1), igmp (2), ip (0), ipinip (4), tcp (6), udp (17), igrp (9), eigrp (88), gre (47), nos (94), ospf (89), ahp (51), esp (50), pcp (108), and pim (103). The IP protocol number is displayed in parentheses. Use the keyword ip to match any Internet protocol.
ICMP packets that are matched by ICMP message type can also be matched by the ICMP message code.
Valid names for icmp_type and icmp_code are administratively-prohibited, alternate-address, conversion-error, dod-host-prohibited, dod-net-prohibited, echo, echo-reply, general-parameter-problem, host-isolated, host-precedence-unreachable, host-redirect, host-tos-redirect, host-tos-unreachable, host-unknown, host-unreachable, information-reply, information-request, mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect, net-tos-unreachable, net-unreachable, network-unknown, no-room-for-option, option-missing, packet-too-big, parameter-problem, port-unreachable, precedence-unreachable, protocol-unreachable, reassembly-timeout, redirect, router-advertisement, router-solicitation, source-quench, source-route-failed, time-exceeded, timestamp-reply, timestamp-request, traceroute, ttl-exceeded, and unreachable.
Valid names and corresponding numbers for igmp_message are dvmrp (3), host-query (1), host-report (2), pim (4), and trace (5).
If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number only.
TCP port names can be used only when filtering TCP. Valid names for TCP ports are bgp, chargen, daytime, discard, domain, echo, finger, ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp, pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www.
UDP port names can be used only when filtering UDP. Valid names for UDP ports are biff, bootpc, bootps, discard, dns, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs-ds, talk, tftp, time, who, and xdmcp.
If no layer protocol number is entered, the following syntax can be used:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}If a layer 4 protocol is specified, the following syntax can be used:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}If ICMP is used, you can use the following syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}If IGMP is used, you can use the following syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}If TCP is used, you can use the following syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}If UDP is used, you can use the following syntax:
set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp}This example shows how to define a TCP access list:
Console> (enable)set qos acl ip my_acl trust-dscp microflow my-micro tcp 1.2.3.4255.0.0.0 eq port 21 172.20.20.1 255.255.255.0my_acl editbuffer modified. Use `commit' command to apply changes.Console> (enable)
This example shows how to define an ICMP access list:
Console> (enable)set qos acl ip icmp_acl trust-dscp microflow my-micro icmp 1.2.3.4255.255.0.0 172.20.20.1 255.255.255.0 precedence 3my_acl editbuffer modified. Use `commit' command to apply changes.Console> (enable)
show qos acl info
clear qos acl
rollback
commit
Use the set qos acl ipx commands to define IPX access lists.
set qos acl ipx {acl_name} {dscp dscp | trust-cos} [microflow microflow_name]
acl_name | Unique name that identifies the list to which the entry belongs. |
dscp dscp | Keyword and variable to set CoS and DSCP from configured DSCP values. |
trust-cos | Keyword to specify that the DSCP is derived from the packet CoS. |
microflow microflow_name | (Optional) Keyword and variable to specify the name of the microflow policing rule to be applied to packets matching the ACE. |
aggregate aggregate_name | (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. |
protocol | Keyword or number of an IPX protocol; valid values are from 0 to 255 representing an IPX protocol number. Refer to the "Usage Guidelines" section for a list of valid keywords and corresponding numbers. |
src_net | Number of the network from which the packet is being sent. Refer to the "Usage Guidelines" section for format guidelines. |
dest_net. | (Optional) Mask to be applied to destination-node. Refer to the "Usage Guidelines" section for format guidelines. |
.dest_node | (Optional) Node on destination-network of the packet being sent. |
dest_net_mask. | (Optional) Mask to be applied to the the destination network. Refer to the "Usage Guidelines" section for format guidelines. |
dest_node_mask | (Optional) Mask to be applied to destination-node. Refer to the "Usage Guidelines" section for format guidelines. |
before editbuffer_index | (Optional) Keyword and variable to insert the new ACE in front of another ACE. |
modify editbuffer_index | (Optional) Keyword and variable to replace an ACE with the new ACE. |
There are no default ACLs mappings.
Switch command.
Privileged.
When you enter the ACL name, follow these naming conventions:
Valid protocol keywords include: ncp (17), rip (1), sap (4), and spx (5). The IP network number is listed in parentheses.
The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network cable segments. When you specify the src_net or dest_net, use the following guidelines:
The .dest_node is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx).
The destination_mask is of the form N.H.H.H or H.H.H where N is the destination network mask and H is the node mask. It can be specified only when the destination node is also specified for the destination address.
The dest_net_mask is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must be immediately followed by a period, which must in turn be immediately followed by destination-node-mask. You can enter this value only when dest_node is specified.
The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when dest_node is specified.
The dest_net_mask is an eight-digit hexadecimal number that uniquely identifies network cable segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA. Following are dest_net_mask examples:
Use the show security acl command to display the list.
This example shows how to create an IPX ACE:
Console> (enable)set qos acl ip my_IPXacl trust-cos microflow my-micro aggregate my-agg -1my_IPXacl editbuffer modified. Use \Qcommit' command to apply changes.Console> (enable)
show qos acl info
clear qos acl
rollback
commit
Use the set qos acl mac commands to define MAC access lists.
set qos acl mac {acl_name} {dscp dscp | trust-cos} [aggregate aggregate_name]
acl_name | Unique name that identifies the list to which the entry belongs. |
dscp dscp | Keyword and variable to set CoS and DSCP from configured DSCP values. |
trust-cos | Keyword to specify that the DSCP is derived from the packet CoS. |
aggregate aggregate_name | (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. |
src_mac_addr_spec | Number of the source MAC address in the form source_mac_address source_mac_address_mask. |
dest_mac_addr_spec | (Optional) Number of the destination MAC address. |
ether-type | (Optional) Name or number that matches the ethertype for Ethernet-encapsulated packets. Refer to the "Usage Guidelines" section for a list of valid names and numbers. |
before editbuffer_index | (Optional) Keyword and variable to insert the new ACE in front of another ACE. |
modify editbuffer_index | (Optional) Keyword and variable to replace an ACE with the new ACE. |
There are no default ACLs mappings.
Switch command.
Privileged.
When you enter the ACL name, follow these naming conventions:
The src_mac_addr_spec is a 48-bit source MAC address and mask and entered in the form of source_mac_address source_mac_address_mask (for example, 08-11-22-33-44-55 ff-ff-ff-ff-ff-ff). Place ones in the bit positions you want to mask. When you specify the src_mac_addr_spec, follow these guidelines:
The dest_mac_spec is a 48-bit destination MAC address and mask and entered in the form of dest_mac_address dest_mac_address_mask (for example, 08-00-00-00-02-00/ff-ff-ff-00-00-00). Place ones in the bit positions you want to mask. The destination mask is mandatory. When you specify the dest_mac_spec, use the following guidelines:
Valid names for Ethertypes (and corresponding numbers) are Ethertalk (0x809B), AARP (0x8053), dec-mop-dump (0x6001), dec-mop-remote-console (0x6002), dec-phase-iv (0x6003), dec-lat (0x6004), dec-diagnostic-protocol (0x6005), dec-lavc-sca (0x6007), dec-amber (0x6008), dec-mumps (0x6009), dec-lanbridge (0x8038), dec-dsm (0x8039), dec-netbios (0x8040), dec-msdos (0x8041), banyan-vines-echo (0x0baf), xerox-ns-idp (0x0600), and xerox-address-translation (0x0601).
The ether-type is a 16-bit hexadecimal number written with a leading 0x.
Use the show security acl command to display the list.
This example shows how to create an Ethernet ACE:
Console> (enable)set qos acl ip my_MACacl trust-cos microflow my-micro aggregate my-agg any anymy_IPXacl editbuffer modified. Use \Qcommit' command to apply changes.Console> (enable)
show qos acl info
clear qos acl
rollback
commit
Use the set qos acl map command to attach an ACL to a specified port or VLAN.
set qos acl map acl_name mod_num/port_num | vlan
acl_name | Name of the list to which the entry belongs. |
mod _num/port_num | Number of the module and the port. |
vlan | Number of the VLAN. |
There are no default ACL mappings.
Switch command.
Privileged.
This example shows how to attach an ACL to a port:
Console> (enable) set qos acl map my_acl 2/1 ACL my_acl is attached to port 2/1.
This example shows how to attach an ACL to a VLAN:
Console> (enable)set qos acl map ftp_acl 4ACL ftp_acl is attached to vlan 4.Console> (enable)
This example shows what happens if you try to attach an ACL that has not been committed:
Console> (enable)set qos acl map new_acl 4Commit ACL new_acl before mapping.Console> (enable)
show qos acl map
clear qos acl
rollback
commit
Use the set qos bridged-microflow-policing command to enable or disable microflow policing of bridged packets on a per-VLAN basis.
set qos bridged-microflow-policing {enable | disable} vlanlist
enable | Keyword to activate microflow policing functionality. |
disable | Keyword to deactivate microflow policing functionality. |
vlanlist | List of VLANs; valid values are from 1 to 1000. |
The default is intraVLAN QoS is disabled.
Switch command.
Privileged.
L3 Switching Engine-based systems can be configured to not create NetFlow entries for bridged packets. Without a NetFlow entry, these packets cannot be policed at the microflow level. You must enter the set qos bridged-microflow-policing enable command if you want the bridged packets to be microflow policed.
This command is supported with an L3 Switching Engine only.
This example shows how to enable microflow policing:
Console> (enable) set qos bridged-microflow-policing enable 1-1000 QoS microflow policing is enabled for bridged packets on vlans 1-1000. Console> (enable)
This example shows how to disable microflow policing:
Console> (enable) set qos bridged-microflow-policing disable 10 QoS microflow policing is disabled for bridged packets on VLAN 10. Console> (enable)
show qos bridged-packet-policing
Use the set qos cos-dscp map command to set the CoS-to-DSCP mapping.
set qos cos-dscp-map dscp1 dscp2... dscp8
dscp# | Number of the DSCP; valid values are from 0 to 63. |
The default CoS-to-DSCP configuration is listed in Table 2-8.
CoS | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
DSCP | 0 | 8 | 16 | 24 | 32 | 40 | 48 | 56 |
Switch command.
Privileged.
The CoS-to-DSCP map is used to map the CoS of packets arriving on trusted ports (or flows) to a DSCP where the trust type is trust-cos. This map is a table of eight CoS values (0 through 7) and their corresponding DSCP values. The switch has one map.
This command is supported with an L3 Switching Engine only.
This example shows how to set the CoS-to-DSCP mapping:
Console> (enable) set qos cos-dscp-map 20 30 1 43 63 12 13 8 QoS cos-dscp-map set successfully. Console> (enable)
clear qos cos-dscp-map
show qos maps
Use the set qos drop-threshold command to program the transmit and receive drop thresholds on all ports in the system.
set qos drop-threshold 2q2t tx queue q# thr1 thr2
2q2t tx | Keywords to specify the transmit drop threshold. |
1q4t | 1p1q4t rx | Keywords to specify the receive drop threshold. |
queue q# | Keyword and variable to specify the queue; valid values are 1 and 2. |
thr1, thr2, thr3, thr4 | Threshold percentage; valid values are from 1 to 100. |
If QoS is enabled, the following defaults apply:
If QoS is disabled, the following defaults apply:
Switch command.
Privileged.
The number preceding the t letter in the port_type (2q2t, 1q4t, or 1p1q4t) determines the number of threshold values the hardware supports. For example, with 2q2t, the number of thresholds specified is two; with 1q4t and 1p1q4t, the number of thresholds specified is four. Due to the granularity of programming the hardware, the values set in hardware will be close approximations of the values provided.
The number preceding the q letter in the port_type determines the number of the queues that the hardware supports. For example, with 2q2t, the number of queues specified is two; with 1q4t and 1p1q4t, the number of queues specified is four. The system defaults for the transmit queues attempt to keep the maximum latency through a port at a maximum of 10 msec.
The number preceding the p letter in the 1p1q4t port types determines the threshold in the priority queue.
When you configure the drop threshold for 1q1q4t, the drop threshold for second queue is 100% and is not configurable.
The thresholds are all specified as percentages; 10 indicates a threshold when the buffer is 10 percent full.
The single-port ATM OC-12 module does not support transmit queue drop thresholds.
This example shows how to assign the transmit drop threshold:
Console> (enable) set qos drop-threshold 2q2t tx queue 1 40 80 Transmit drop thresholds for queue 1 set at 40% and 80% Console> (enable)
These examples show how to assign the receive drop threshold:
Console> (enable)set qos drop-threshold 1q4t rx queue 1 40 50 60 100Receive drop thresholds for queue 1 set at 40% 50% 60% 100%Console> (enable)Console> (enable)set qos drop-threshold 1p1q4t rx queue 1 40 50 60 100Receive drop thresholds for queue 1 set at 40% 50% 60% 100%Console> (enable)
Use the set qos dscp-cos-map command to set the DSCP-to-CoS mapping.
set qos dscp-cos-map dscp_list:cos_value ...
dscp_list | Number of the DSCP; valid values are from 0 to 63. |
cos_value... | Number of the CoS; valid values are from 0 to 7. |
The default DSCP-to-CoS configuration is listed in Table 2-9.
| DSCP | 0 - 7 | 8 - 15 | 16 - 23 | 24 - 31 | 32 - 39 | 40 - 47 | 48 - 55 | 56 - 63 |
|---|---|---|---|---|---|---|---|---|
CoS | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
Switch command.
Privileged.
The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map determines the output queue and threshold to which the packet is assigned. The CoS map is written into the ISL header or 802.1Q tag of the transmitted packet on trunk ports and contains a table of 64 DSCP values and their corresponding CoS values. The switch has one map.
This command is supported with an L3 Switching Engine only.
This example shows how to set the DSCP-to-CoS mapping:
Console> (enable)set qos dscp-cos-map 20-25:7 33-38:3QoS dscp-cos-map set successfully.Console> (enable)
Use the set qos ipprec-dscp-map command to set the IP precedence-to-DSCP map. This command applies to all packets and all ports.
set qos ipprec-dscp-map dscp1 ... dscp8
dscp1# | Number of the IP precedence value; up to eight values can be specified. |
The default ipprec-to-DSCP configuration is listed in Table 2-10.
| IPPREC | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
|---|---|---|---|---|---|---|---|---|
DSCP | 0 | 8 | 16 | 24 | 32 | 40 | 48 | 56 |
Switch command.
Privileged.
Use this command to map the IP precedence of IP packets arriving on trusted ports (or flows) to a DSCP when the trust type is trust-ipprec. This map is a table of eight precedence values (0 through 7) and their corresponding DSCP values. The switch has one map. The IP precedence values are as follows:
This command is supported with an L3 Switching Engine only.
This example shows how to assign IP precedence-to-DSCP mapping and return to the default:
Console> (enable)set qos ipprec-dscp-map 20 30 1 43 63 12 13 8QoS ipprec-dscp-map set successfully.Console> (enable)
show qos maps
clear qos ipprec-dscp-map
Use the set qos mac-cos command to set the CoS value to the MAC address and VLAN pair.
set qos mac-cos dest_mac vlan cos
dest_mac | MAC address of the destination host. |
vlan | Number of the VLAN; valid values are from 1 to 1001. |
cos | CoS value; valid values are from 0 to 7, higher numbers represent higher priority. |
This command has no default setting.
Switch command.
Privileged.
This command has no effect on a switch configured with a PFC since the L3 switching engine's result always overrides the L2 result.
The set qos mac-cos command creates a permanent CAM entry in the CAM table until the active supervisor engine is reset.
The port associated with the MAC address is learned when the first packet with this source MAC address is received. These entries do not age out.
The CoS for a packet going to the specified MAC address is overwritten even if it is coming from a trusted port.
If you enter the show cam command, entries made with the set qos mac-cos command display as dynamic because QoS considers them to be dynamic, but they do not age out.
This example shows how to assign the CoS value 3 to VLAN 2:
Console> (enable)set qos mac-cos 0f-ab-12-12-00-13 2 3CoS 3 is assigned to 0f-ab-12-12-00-13 vlan 2.Console> (enable)
clear qos mac-cos
show qos mac-cos
Use the set qos map command to map a specific CoS value to one of the transmit or receive priority queues and one of the thresholds per available priority queue for all ports.
set qos map port_type tx | rx q# thr# cos coslist
port_type | Port type; valid values are 2q2t and 1p2q2t for transmit and 1p1q4t receive. The same mapping is used for both the receive and transmit directions. |
tx | Keyword to specify the transmit queue. |
rx | Keyword to specify the receive queue. |
q# | Value determined by the number of priority queues provided at the transmit or receive end; valid values are 1 and 2, with the higher value indicating a higher priority queue. |
thr# | Value determined by the number of drop thresholds available at a port; valid values are 1 and 2, with the higher value indicating lower chances of being dropped. |
cos coslist | Keyword and variable to specify CoS values; valid values are from 0 through 7, with the higher numbers representing a higher priority. |
The default mappings for all ports are shown in Table 2-4 and Table 2-5.
Switch command.
Privileged.
You can enter the cos_list variable as a single CoS value, multiple noncontiguous CoS values, a range of CoS values, or a mix of values. For example, you can enter any of the following: 0, or 0,2,3, or 0-3,7.
When specifying the priority queue for the 1p2q2t port_type, the third queue is the priority queue, and must be entered as 1.
The receive and transmit drop thresholds have this relationship:
This example shows how to assign the CoS values 1, 2, and 5 to the first queue and the first drop threshold in that queue:
Console> (enable) set qos map 2q2t 1 1 cos 1,2,5
Qos tx priority queue and threshold mapped to cos successfully.
Console> (enable)
This example shows how to assign the CoS values to queue 1 and threshold 2 in that queue:
Console> (enable) set qos map 2q2t 1 2 cos 3-4,7
Qos tx priority queue and threshold mapped to cos successfully.
Console> (enable)
This example shows how to assign the CoS values 1, 2, and 5 to the first queue and the first drop threshold in that queue:
Console> (enable) set qos map 1p2q2t 1 1 cos 1,2,5
Qos tx priority queue and threshold mapped to cos successfully.
Console> (enable)
Use the set qos policed-dscp-map command to set the mapping of policed in-profile DSCPs.
set qos policed-dscp-map in_profile_dscp:policed_dscp...
in_profile_dscp | Number of the in-profile DSCP; valid values are from 0 through 63. |
policed_dscp | Number of the policed DSCP; valid values are 0 through 63. |
The default map is no markdown.
Switch command.
Privileged.
You can enter in_profile_dscp as a single DSCP, multiple DSCPs, or a range of DSCPs (for example, 1 or 1,2,3 or 1-3,7).
This command is supported with an L3 Switching Engine only.
This example shows how to set the mapping of policed in-profile DSCPs:
Console> (enable)set qos policed-dscp-map 60-63:60 20-40:5QoS policed-dscp-map set successfully.Console> (enable)
clear qos policed-dscp-map
show qos policer
show qos maps
Use the set qos policer command to create a policing rule for ACL.
set qos policer microflow microflow_name rate rate burst burst drop | policed-dscp
microflow microflow_name | Keyword and variable to specify the name of the microflow policing rule. |
rate rate | Keyword and variable to specify the average rate; valid values are from 0 and 32 Kbps to 8 Gbps. |
burst burst | Keyword and variable to specify the burst size; valid values are from from 1 Kb to 32 Mb. |
drop | Keyword to specify drop traffic. |
policed-dscp | Keyword to specify policed DSCP. |
aggregate aggregate_name | Keyword and variable to specify the name of the aggregate policing rule. |
The default is no policing rules or aggregates are configured.
Switch command.
Privileged.
Before microflow policing can occur, you must define a microflow policing rule. Policing is the process by which the switch limits the bandwidth consumed by a flow of traffic.
The Catalyst 6000 family switch supports up to 63 microflow policing rules. When a microflow policer is used in any ACL that is attached to any port or VLAN, the NetFlow flowmask is bumped up to full flow.
Before aggregate policing can occur, you must create an aggregate and a policing rule for that aggregate. The Catalyst 6000 family switch supports up to 1023 aggregates and 1023 policing rules.
The set qos policer aggregate command allows you to configure an aggregate flow and a policing rule for that aggregate. When you enter the microflow microflow_name rate rate burst burst, the range for the average rate is 32 Kbps to 8 Gbps and the range for the burst size is 1 Kb
(entered as 1) to 32 Mb (entered as 32000), and the burst can be set lower, higher, or equal to the rate. Modifying an existing aggregate rate limit entry causes that entry to be modified in NVRAM and in the switch if that entry is currently being used.
Modifying an existing microflow or aggregate rate limit modifies that entry in NVRAM as well as in the switch if it is currently being used.
When you enter the policing name, follow these naming conventions:
This example shows how to create a microflow policing rule for ACL:
Console> (enable)set qos policer microflow my-micro rate 1000 burst 10000 policed-dscpQoS policer for microflow my-micro set successfully.Console> (enable)
This example shows how to create an aggregate policing rule for ACL:
Console> (enable)set qos policer aggregate my-agg rate 1000 burst 2000 dropQoS policer for aggregate my-aggset successfully.Console> (enable)
clear qos policer
show qos policer
Use the set qos policy-source command to set the QoS policy source.
set qos policy-source local | cops
local | Keyword to set the policy source to local NVRAM configuration. |
cops | Keyword to set the policy source to COPS configuration. |
The default is all ports are set to local.
Switch command.
Privileged.
When you set the policy source to local, the QoS policy is taken from local configuration stored in NVRAM. If you set the policy source to local after it was set to COPS, the QoS policy reverts back to the local configuration stored in NVRAM.
When you set the policy source to COPS, all configuration that is global to the device, such as the DSCP to marked-down DSCP, is taken from policy downloaded to the PEP by the PDP. Configuration of each physical port, however, is taken from COPS only if the policy source for that port has been set to COPS.
This example shows how to set the policy source to COPS:
Console> (enable)set qos policy-source copsQoS policy source for the switch set to COPS.Console> (enable)
This example shows how to set the policy source to local NVRAM:
Console> (enable)set qos policy-source localQoS policy source for the switch set to local.Console> (enable)
This example shows the output if you attempt to set the policy source to COPS and no COPS servers are available:
Console> (enable)set qos policy-source copsQoS policy source for the switch set to COPS.Warning: No COPS servers configured. Use the `set cops server' commandto configure COPS servers.Console> (enable)
Use the set qos rsvp commands to turn on or turn off the RSVP+ feature on the switch, set the time in minutes after which the RSVP+ databases get flushed (when the policy server dies) and set the local policy.
set qos rsvp enable | disable
enable | Keyword to activate the RSVP+ feature. |
disable | Keyword to deactivate the RSVP+ feature. |
policy-timeout timeout | Keyword and variable to specify the time in minutes after which the RSVP+ databases get flushed; valid values are from 1 to 65535 minutes. |
local-policy forward | reject | Keywords to specify the policy configuration local to the network device to either accept existing flows and forward them or not accept new flows. |
The default is the RSVP+ feature is disabled, policy-timeout is 30 minutes, and local-policy is forward.
Switch command.
Privileged.
The local-policy you configure is considered on flows when there is no connection with the policy server. This also applies to new flows that come up after connection with the policy server has been lost and apply to old flows after the PDP policy times out.
This example shows how to enable RSVP+:
Console> (enable) set qos rsvp enableRSVP enabled. Only RSVP qualitative service supported.QoS must be enabled for RSVP.Console> (enable)
This example shows how to disable RSVP+:
Console> (enable) set qos rsvp disable
RSVP disabled on the switch.
Console> (enable)
This example shows how to set the policy-timeout interval:
Console> (enable)set qos rsvp policy-timeout 45RSVP database policy timeout set to 45 minutes.Console> (enable)
This example shows how to set the policy-timeout interval:
Console> (enable)set qos rsvp local-policy forwardRSVP local policy set to forward.Console> (enable)
Use the set qos txq-ratio command to set the amount of packet buffer memory allocated to high-priority traffic and low-priority traffic.
set qos txq-ratio port_type queue1_val queue2_val... queueN_val
port_type | Port type; valid values are 2q2t and 1p2q2t. |
queue1_val | Percentage of low-priority traffic; valid values are from 1 to 99 and must total 100 with the queue2_val value. |
queue2_val | Percentage of high-priority traffic; valid values are from 1 to 99 and must total 100 with the queue1_val value. |
queueN_val | Percentage of strict-priority traffic; valid values are from 1 to 99 and must total 100. |
The default for 2q2t is 80:20 if QoS is enabled; 100:0 if QoS is disabled; for 1p2q2t is 70:15:15.
Switch command.
Privileged.
Use caution when using this command. When entering the set qos txq-ratio command, all ports go through a link up and down condition.
The values set in hardware will be close approximations of the values provided. For example, even if you specify 0 percent, the actual value programmed will not necessarily be 0.
The txq ratio is determined by the traffic mix in the network. Since high-priority traffic is typically a smaller fraction of the traffic and since the high-priority queue gets more service, you should set the high-priority queue lower than the low-priority queue.
The strict priority queue requires no configuration.
This example shows how to set the transmit queue size ratio:
Console> (enable) set qos txq-ratio 2q2t 75 25
QoS txq-ratio is set successfully.
Console> (enable)
Use the set qos wred-threshold command to configure the WRED threshold parameters for the specified port type.
set qos wred-threshold 1p2q2t tx queue q# thr1 thr2
1p2q2t | Keyword to specify the port type; only valid value is 1p2q2t. |
tx | Keyword to specify the parameters are for output queuing; only valid value is tx. |
queue q# | Keyword and variable to specify the queue to which the arguments apply. |
thr1 thr2 | Percentage of the buffer size. |
The defaults are queue type is tx, threshold 1 is 80 percent, threshold 2 is 100 percent, and the low threshold is picked automatically by the system.
Switch command.
Privileged.
The queue number is 1 for the low-priority standard transmit queue and 2 for the high-priority standard transmit queue. The strict priority queue is not configurable: it uses threshold 2 as specified for queue 2.
The thresholds are all specified as percentages, ranging from 1 to 100. A value of 10 indicates a threshold when the buffer is 10 percent full.
This example shows how to configure the low-priority transmit queue drop thresholds:
Console> (enable) set qos wred 1p2q2t tx queue 1 50 60 WRED thresholds for queue 1 set to 50%,60% on all WRED-capable 1p2q2t ports. Console> (enable)
Use the set qos wrr command to specify the weights that determine how many packets will transmit out of one queue before switching to the other queue.
set qos wrr port_type queue1_val queue2_val
port_type | Port type; valid values are 2q2t and 1p2q2t. |
queue1_val | Number of weights for queues 1 and 2; valid values are from 1 to 255. |
The default WRR is 4:255.
Switch command.
Privileged.
The WRR weights are used to partition the bandwidth between the queues in the event all queues are not empty. For example, weights of 1:3 mean that one queue gets 25 percent of the bandwidth and the other gets 75 percent as long as both queues have data.
Weights of 1:3 do not necessarily lead to the same results as when the weights are 10:30. In the latter case, more data is serviced from each queue and the latency of packets serviced from the other queue goes up. For best results, set the weights so that at least one packet (maximum size) can be serviced from the lower priority queue at a time. For the higher priority queue, set the weights so that multiple packets are serviced at any one time.
The values set in hardware will be close approximations of the values provided. For example, even if you specify 0 percent, the actual value programmed will not necessarily be 0. Whatever weights you choose, make sure that the resulting byte values programmed (refer to the show qos info command with the runtime keyword) are at least equal to the MTU size.
In software release 5.3, the ratio achieved is only an approximation of what you specify since the cutoff is on a packet and midway through a packet. For example, if you specify that the ratio services 1000 bytes out of the low-priority queue, and there is a 1500-byte packet in the low-priority queue, the entire 1500-byte packet is transmitted because the hardware services an entire packet.
For 1p2q2t, only two queues can be set; the third queue is strict priority.
This example shows how to specify the weights for queue 1 and queue 2 to 30 and 70:
Console> (enable) set qos wrr 2q2t 30 70
QoS wrr ratio is set successfully.
Console> (enable)
show qos info
show qos statistics
Use the set radius deadtime command to set the time to skip RADIUS servers that do not reply to an authentication request.
set radius deadtime minutes
minutes | Length of time a RADIUS server does not respond to an authentication request; valid values are from 0 to 1440 minutes. |
The default is 0 minutes.
Switch command.
Privileged.
If only one RADIUS server is configured or if all the configured servers are marked dead, deadtime will be ignored since no alternate servers are available. By default, the deadtime is 0 minutes; the RADIUS servers are not marked dead if they do not respond.
This example shows how to set the RADIUS deadtime to 10 minutes:
Console> (enable) set radius deadtime 10 Radius deadtime set to 10 minutes. Console> (enable)
Use the set radius key command to set the encryption and authentication for all communication between the RADIUS client and the server.
set radius key key
key | Key to authenticate the transactions between the RADIUS client and the server. |
The default of the key is set to null.
Switch command.
Privileged.
The key you set must be the same one as configured in the RADIUS server. All leading spaces are ignored; spaces within and at the end of the key are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key. The length of the key is limited to 65 characters; it can include any printable ASCII characters except tabs.
If you configure a RADIUS key on the switch, make sure you configure an identical key on the RADIUS server.
This example shows how to set the RADIUS encryption and authentication key to Make my day:
Console> (enable)set radius key Make my dayRadius key set to Make my day.Console> (enable)
Use the set radius retransmit command to specify the number of times the RADIUS servers are tried before giving up on the server.
set radius retransmit count
count | Number of times the RADIUS servers are tried before giving up on the server; valid values are from 1 to 100. |
The default is two times (three attempts).
Switch command.
Privileged.
This example shows how to set the retransmit attempts to 3:
Console> (enable) set radius retransmit 3 Radius retransmit count set to 3. Console> (enable)
Use the set radius server command to set up the RADIUS server.
set radius server ipaddr [auth-port port] [primary]
ipaddr | Number of the IP address or IP alias. |
auth-port port | (Optional) Keyword and variable to specify a destination UDP port for RADIUS messages. |
primary | (Optional) Keyword to specify that this server be contacted first. |
The default auth-port is 1812.
Switch command.
Privileged.
If you configure a RADIUS key on the switch, make sure you configure an identical key on the RADIUS server.
You must specify a RADIUS server before enabling RADIUS on the switch.
If you configure multiple RADIUS servers, the first server configured is the primary. Authentication requests are sent to this server first. You can specify a particular server as primary by using the primary keyword. You can add up to three RADIUS servers.
The ipaddr value can be entered as an IP alias or an IP address in dot notation a.b.c.d.
The RADIUS server will not be used for authentication if you set the port number to 0.
This example shows how to add a primary server using an IP alias:
Console> (enable) set radius server tampa.users.com tampa.users.com added to RADIUS server table as primary server. Console> (enable)
Use the set radius timeout command to set the time between retransmissions to the RADIUS server.
set radius timeout seconds
seconds | Number of seconds to wait for a reply; valid values are from 1 to 1000 seconds. |
The default timeout is 5 seconds.
Switch command.
Privileged.
This example shows how to set the time between retransmissions to 7 seconds:
Console> (enable) set radius timeout 7 Radius timeout set to 7 seconds. Console> (enable)
Posted: Mon Sep 18 16:49:25 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.