|
|
Use the reset command to restart the system or an individual module, schedule a system reset, or cancel scheduled reset.
reset [mod_num | system | mindown]
mod_num | (Optional) Number of the module to be restarted. |
system | (Optional) Keyword to reset the system. |
mindown | (Optional) Keyword to perform a reset as part of a minimal downtime software upgrade in a system with a redundant supervisor engine. |
at | Keyword to schedule a system reset at a specific future time. |
hh:mm | Hour and minute of the scheduled reset. |
mm/dd | (Optional) Month and day of the scheduled reset. |
reason | (Optional) Reason for the reset. |
in | Keyword to schedule a system reset in a specific time. |
hh | (Optional) Number of hours into the future to reset the switch. |
mm | Number of minutes into the future to reset the switch. |
cancel | Keyword to cancel schedule reset. |
nam_mod | Number of the NAM. |
bootdevice | Boot device identification; for format guidelines, see the "Usage Guidelines" section. |
This command has no default setting.
Switch command.
Privileged.
If you do not specify a module number (either a switching module or the active supervisor engine module), the command resets the entire system.
You can use the reset mod_num command to switch to the standby supervisor engine, where mod_num is the module number of the active supervisor engine.
You can use the reset mindown command to reset the switch as part of a minimal downtime software upgrade in a system with redundant supervisor engine modules. For complete information on performing a minimal downtime software upgrade, refer to the Software Configuration Guide for your switch.
 | Caution If you make configuration changes after entering the reset mindown command but before the active supervisor engine resets, the changes are not saved. Input from the CLI is still accepted by the switch while the standby supervisor engine is reset, but any changes you make to the configuration between the time when you enter the reset mindown command and the time when the supervisor engine comes online running the new software image are not saved or synchronized with the standby supervisor engine. |
If you reset an intelligent module (such as the Catalyst 6000 family MSM or MSFC), both the module hardware and software are completely reset.
When entering the bootdevice, use the format device[:device-qualifier] where:
This example shows how to reset the supervisor engine module on a Catalyst 6000 family switch with redundant supervisor engines:
Console> (enable) reset 1 This command will force a switch-over to the standby supervisor module and disconnect your telnet session. Do you want to continue (y/n) [n]? y Connection closed by foreign host. host%
This example shows how to reset module 4:
Console> (enable) reset 4
This command will reset module 4 and may disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Resetting module 4...
Console> (enable)
This example shows how to schedule a system reset for a specific future time:
Console> (enable)reset at 20:00Reset scheduled at 20:00:00, Wed Aug 18 1999.Proceed with scheduled reset? (y/n) [n]?yReset scheduled for 20:00:00, Wed Aug 18 1999 (in 0 day 5 hours 40 minutes).Console> (enable)
This example shows how to schedule a reset for a specific future time and include a reason for the reset:
Console> (enable)reset at 23:00 8/18 Software upgrade to 5.3(1).Reset scheduled at 23:00:00, Wed Aug 18 1999.Reset reason: Software upgrade to 5.3(1).Proceed with scheduled reset? (y/n) [n]?yReset scheduled for 23:00:00, Wed Aug 18 1999 (in 0 day 8 hours 39 minutes).Console> (enable)
This example shows how to schedule a reset with minimum down time for a specific future time and include a reason for the reset:
Console> (enable)reset mindown at 23:00 8/18 Software upgrade to 5.3(1).Reset scheduled at 23:00:00, Wed Aug 18 1999.Reset reason: Software upgrade to 5.3(1).Proceed with scheduled reset? (y/n) [n]?yReset mindown scheduled for 23:00:00, Wed Aug 18 1999 (in 0 day 8 hours 39 minutes).Console> (enable)
This example shows how to schedule a reset after a specified time:
Console> (enable)reset in 5:20 Configuration updateReset scheduled in 5 hours 20 minutes.Reset reason: Configuration updateProceed with scheduled reset? (y/n) [n]?yReset scheduled for 19:56:01, Wed Aug 18 1999 (in 5 hours 20 minutes).Reset reason: Configuration updateConsole> (enable)
This example shows how to cancel a schedule reset:
Console> (enable) reset cancel
Reset cancelled.
Console> (enable)
Use the rollback command to clear changes made to the ACL edit buffer since its last save. The ACL is rolled back to its state at the last commit command.
rollback qos acl acl_name
qos acl | Keyword to specify QoS ACEs. |
security acl | Keywords to specify security ACEs. |
acl_name | Name that identifies the VACL whose ACEs are to be affected. |
This command has no default setting.
Switch command.
Privileged.
This example shows how to clear the edit buffer of a specific QoS ACL:
Console (enable)rollback qos acl ip-8-1Rollback for QoS ACL ip-8-1 is successful.Console> (enable)
This example shows how to clear the edit buffer of a specific security ACL:
Console> (enable)rollback security acl IPACL1IPACL1 editbuffer modifications cleared.Console> (enable)
Use the session command to open a session with a module (for example, the MSM or ATM), allowing you to use the module-specific CLI.
session mod_num
mod_num | Number of the module. |
This command has no default setting.
Switch command.
Privileged.
After you enter this command, the system responds with the Enter Password: prompt, if one is configured on the module.
To end the session, enter the quit command.
Use the session command to toggle between router and switch sessions.
For information on ATM commands, refer to the ATM Configuration Guide for the Catalyst 6000 family switches.
This example shows how to open a session with an MSM (module 4):
Console> session 4Trying Router-4...Connected to Router-4.Escape character is \Q^]'.Router>
Use the set command to display all of the ROM monitor variable names with their values.
setThis command has no arguments or keywords.
This command has no default setting.
ROM monitor command.
Normal.
This example shows how to display all of the ROM monitor variable names with their values:
rommon 2 > set PS1=rommon ! > BOOT= ?=0
Use the set accounting commands command to enable command event accounting on the switch.
set accounting commands enable {config | all} [stop-only] {tacacs+}
enable | Keyword to enable the specified accounting method for commands. |
config | Keyword to permit accounting for configuration commands only. |
all | Keyword to permit accounting for all commands. |
stop-only | (Optional) Keyword to apply the accounting method at the command end. |
tacacs+ | Keyword to specify TACACS+ accounting for commands. |
disable | Keyword to disable accounting for commands. |
The default is accounting is disabled.
Switch command.
Privileged.
You must configure the TACACS+ servers before you enable accounting.
This example shows how to send records at the end of the event only using a TACACS+ server:
Console> (enable)set accounting commands enable config stop-only tacacs+Accounting set to enable for commands-config events in stop-only mode.Console> (enable)
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set accounting update
set tacacs server
show accounting
Use the set accounting connect command to enable accounting of outbound connection events on the switch.
set accounting connect enable {start-stop | stop-only} {tacacs+ | radius}
enable | Keyword to enable the specified accounting method for connection events. |
start-stop | Keyword to specify the accounting method applies at the start and stop of the connection event. |
stop-only | Keyword to specify the accounting method applies at the end of the connection event. |
tacacs+ | Keyword to specify TACACS+ accounting for connection events. |
radius | Keyword to specify RADIUS accounting for connection events. |
disable | Keyword to disable accounting of connection events. |
The default is accounting is disabled.
Switch command.
Privileged.
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
This example shows how to enable accounting on Telnet and remote login sessions, generating records at stop only using a TACACS+ server:
Console> (enable) set accounting connect enable stop-only tacacs+ Accounting set to enable for connect events in stop-only mode.. Console> (enable)
set accounting commands
set accounting exec
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
Use the set accounting exec command to enable accounting of normal login sessions on the switch.
set accounting exec enable {start-stop | stop-only} {tacacs+ | radius}
enable | Keyword to enable the specified accounting method for normal login sessions. |
start-stop | Keyword to specify the accounting method applies at the start and stop of the normal login sessions. |
stop-only | Keyword to specify the accounting method applies at the end of the normal login sessions. |
tacacs+ | Keyword to specify TACACS+ accounting for normal login sessions. |
radius | Keyword to specify RADIUS accounting for normal login sessions. |
disable | Keyword to disable accounting for normal login sessions. |
The default is accounting is disabled.
Switch command.
Privileged.
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
This example shows how to enable accounting of normal login sessions, generating records at start and stop using a RADIUS server:
Console> (enable) set accounting exec enable start-stop radius Accounting set to enable for exec events in start-stop mode. Console> (enable)
This example shows how to enable accounting of normal login sessions, generating records at stop using a TACACS+ server:
Console> (enable) set accounting exec enable stop-only tacacs+ Accounting set to enable for exec events in stop-only mode. Console> (enable)
set accounting commands
set accounting connect
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
Use the set accounting suppress command to enable or disable suppression of accounting information for a user who has logged in without a username.
set accounting suppress null-username {enable | disable}
null-username | Keyword to specify users must have a userid. |
enable | Keyword to enable suppression for a specified user. |
disable | Keyword to disable suppression for a specified user. |
The default is accounting is disabled.
Switch command.
Privileged.
You must configure the TACACS+ servers before you enable accounting.
This example shows how to suppress accounting information for users without a username:
Console> (enable) set accounting suppress null-username enable Accounting will be suppressed for user with no username. Console> (enable)
This example shows how to include users without the usernames' accounting event information:
Console> (enable) set accounting suppress null-username disable Accounting will be not be suppressed for user with no username. Console> (enable)
set accounting commands
set accounting connect
set accounting exec
set accounting system
set accounting update
set tacacs server
show accounting
Use the set accounting system command to enable accounting of system events on the switch.
set accounting system enable {start-stop | stop-only} {tacacs+ | radius}
enable | Keyword to enable the specified accounting method for system events. |
start-stop | Keyword to specify the accounting method applies at the start and stop of the system event. |
stop-only | Keyword to specify the accounting method applies at the end of the system event. |
tacacs+ | Keyword to specify TACACS+ accounting for system events. |
radius | Keyword to specify RADIUS accounting for system events. |
disable | Keyword to disable accounting for system events. |
The default is accounting is disabled.
Switch command.
Privileged.
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
This example shows how to enable accounting for system events, sending records only at the end of the event using a RADIUS server:
Console> (enable) set accounting system enable stop-only radius Accounting set to enable for system events in start-stop mode.. Console> (enable)
This example shows how to enable accounting for system events, sending records only at the end of the event using a TACACS+ server:
Console> (enable) set accounting system enable stop-only tacacs+ Accounting set to enable for system events in start-stop mode.. Console> (enable)
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
Use the set accounting update command to configure the frequency of accounting updates.
set accounting update {new-info | {periodic [interval]}}
new-info | Keyword to specify update when new information in available. |
periodic | Keyword to update on a periodic basis. |
interval | (Optional) Periodic update interval time; valid values are from 1 to 71582 minutes. |
The default is accounting is disabled.
Switch command.
Privileged.
You must configure the TACACS+ servers before you enable accounting.
This example shows how to send accounting updates every 200 minutes:
Console> (enable) set accounting update periodic 200 Accounting updates will be periodic at 200 minute intervals. Console> (enable)
This example shows how to send accounting updates only when there is new information:
Console> (enable) set accounting update new-info Accounting updates will be sent on new information only. Console> (enable)
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set tacacs server
show accounting
Use the set alias command to define aliases (shorthand versions) of commands.
set alias name command [parameter] [parameter]
name | Alias being created. |
command | Command for which the alias is being created. |
parameter | (Optional) Parameters that apply to the command for which an alias is being created. |
The default is no aliases are configured.
Switch command.
Privileged.
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
For additional information about parameter, see the specific command for information about applicable parameters.
This example shows how to set the alias for the clear arp command as arpdel:
Console> (enable) set alias arpdel clear arp Command alias added. Console> (enable)
Use the set arp command to add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for the table.
set arp [dynamic | permanent | static] {ip_addr hw_addr}
dynamic | (Optional) Keyword to specify that entries are subject to ARP aging updates. |
static | (Optional) Keyword to specify that entries are not subject to ARP aging updates. |
permanent | (Optional) Keyword to specify that permanent entries are stored in NVRAM until they are removed by the clear arp or clear config command. |
ip_addr | IP address or IP alias to map to the specified MAC address. |
hw_addr | MAC address to map to the specified IP address or IP alias. |
Keyword to set the period of time after which an ARP entry is removed from the ARP table. | |
agingtime | Number of seconds (from 0 to 1,000,000) that entries will remain in the ARP table before being deleted. Setting this value to 0 disables aging. |
The default is no ARP table entries exist; ARP aging is set to 1200 seconds.
Switch command.
Privileged.
When entering the hw_addr, use a 6-hexbyte MAC address in canonical (00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format.
Static (nonpermanent) entries remain in the ARP table until you reset the active supervisor engine.
All manually created ARP entries go into the management vlan (sc0 vlan).
This example shows how to display the ARP information:
Console> (enable) show arp ARP Aging time = 1200 sec + - Permanent Arp Entries * - Static Arp Entries 172.20.52.1 at 00-60-5c-86-5b-28 port 5/9 on vlan 1 Console> (enable)
This example shows how to configure a dynamic ARP entry mapping that will age out after the configured ARP aging time:
Console> (enable) set arp dynamic 172.20.52.1 00-60-5c-86-5b-28 Dynamic ARP entry added as 172.20.52.1 on 00-60-5c-86-5b-28 on vlan 1 Console> (enable)
This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800 ARP aging time set to 1800 seconds. Console> (enable)
This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after a system reset:
Console> (enable) set arp permanent 172.20.52.1 00-60-5c-86-5b-28 Permanent ARP entry added as 172.20.52.1 on 00-60-5c-86-5b-28 on vlan 1 Console> (enable)
This example shows how to configure a static ARP entry, which will be removed from the ARP cache after a system reset:
Console> (enable)set arp static 172.20.52.1 00-60-5c-86-5b-28Static ARP entry added as172.20.52.1 on 00-60-5c-86-5b-28 on vlan 1Console> (enable)
Use the set authentication enable commands to enable authentication using the TACACS+, RADIUS, or Kerberos server to determine if you have privileged access permission.
set authentication enable {radius | tacacs | kerberos} {enable} [console | telnet | http | all]
radius | Keyword to specify RADIUS authentication for login. |
tacacs | Keyword to specify TACACS+ authentication for login. |
kerberos | Keyword to specify Kerberos authentication for login. |
enable | Keyword to enable the specified authentication method for login. |
console | (Optional) Keyword to specify the authentication method for console sessions. |
telnet | (Optional) Keyword to specify the authentication method for Telnet sessions. |
http | (Optional) Keyword to specify the specified authentication method HTTP sessions. |
all | (Optional) Keyword to apply the authentication method to all session types. |
primary | (Optional) Keyword to specify the specified authentication method be tried first. |
local | Keyword to specify local authentication for login. |
disable | Keyword to disable the specified authentication method for login. |
The default is local authentication is enabled for console and Telnet sessions. RADIUS, TACACS+, and Kerberos are disabled for all session types.
Switch command.
Privileged.
Authentication configuration for both console and Telnet connection attempts unless you use the console and telnet keywords to specify the authentication methods to use for each connection type individually.
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enable
tacacs enable authentication set to enable for console, telnet and http session.
Console> (enable)
This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enable
local enable authentication set to enable for console, telnet and http session.
Console> (enable)
This example shows how to use the RADIUS server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable radius enableradius enable authentication set to enable for console, telnet and http session.Console> (enable)
This example shows how to use the TACACS+ server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable tacacs enable consoletacacs enable authentication set to enable for console session.Console> (enable)
This example shows how to set the Kerberos server to be used first:
Console> (enable)set authentication enable kerberos enable primarykerberos enable authentication set to enable for console, telnet and http session as primary authentication method.Console> (enable)
set authentication login
show authentication
Use the set authentication login command to enable TACACS+, RADIUS or Kerberos as the authentication method for login.
set authentication login local {enable| disable} [all | console | telnet]
set authentication login tacacs {enable | disable} [all | console | telnet] [primary]
set authentication login radius {enable | disable} [all | console | telnet] [primary]
set authentication login kerberos {enable | disable} [all | console | telnet] [primary]
tacacs | Keyword to specify the use of the TACACS+ server password to determine if you have access permission to the switch. |
enable | Keyword to enable the specified authentication method for login. |
disable | Keyword to disable the specified authentication method for login. |
all | (Optional) Keyword to specify the authentication method for all session types. |
console | (Optional) Keyword to specify the authentication method for console sessions. |
telnet | (Optional) Keyword to specify the authentication method for Telnet sessions. |
local | Keyword to specify local password to determine if you have access permission to the switch. |
radius | Keyword to specify the use of the RADIUS server password to determine if you have access permission to the switch. |
kerberos | (Optional) Keyword to specify the Kerberos server password to determine if you have access permission to the switch. |
The default is local authentication is the primary authentication method for login.
Switch command.
Privileged.
This command allows you to choose the authentification method for the web interface. If you configure the authentification method for the HTTP session as RADIUS, then the username or password is validated using the RADIUS protocol and TACACS+ and Kerberos authentication is set to disable for the HTTP sessions. By default, the HTTP login is validated using the local login password.
You can specify that the authentication method for console, telnet, or all by entering the console, telnet, or all keywords. If you do not specify console, telnet, or all, the authentication method default is for all sessions.
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnet tacacs login authentication set to disable for the telnet sessions. Console> (enable)
This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable console radius login authentication set to disable for the console sessions. Console> (enable)
This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnet kerberos login authentication set to disable for the telnet sessions. Console> (enable)
set authentication enable
show authentication
Use the set authorizaton commands command to enable authorization of command events on the switch.
set authorization commands enable {config | all} {option} {fallbackoption} [console | telnet |
enable | Keyword to enable the specified authorization method for commands. |
config | Keyword to permit authorization for configuration commands only. |
all | Keyword to permit authorization for all commands. |
option | Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See the "Usage Guidelines" section for valid value definitions. |
fallbackoption | Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See the "Usage Guidelines" section for valid value definitions. |
console | (Optional) Keyword to specify the authorization method for console sessions. |
telnet | (Optional) Keyword to specify the authorization method for Telnet sessions. |
both | (Optional) Keyword to specify the authorization method for both console and Telnet sessions. |
disable | Keyword to disable authorization of command events. |
The default is authorization is disabled.
Switch command.
Privileged.
When you define the option and fallbackoption values:
This example shows how to enable authorization for all commands with the if-authenticated option and none fallbackoption:
Console> (enable) set authorization commands enable all if-authenticated none Successfully enabled commands authorization. Console> (enable)
This example shows how to disable command authorization:
Console> (enable) set authorization commands disable Successfully disabled commands authorization. Console> (enable)
set authorization enable
set authorization exec
show authorization
Use the set authorization enable command to enable authorization of privileged mode sessions on the switch.
set authorization enable enable {option} {fallbackoption} [console | telnet | both]
enable | Keyword to enable the specified authorization method. |
option | Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See the "Usage Guidelines" section for valid value definitions. |
fallbackoption | Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See the "Usage Guidelines" section for valid value definitions. |
console | (Optional) Keyword to specify the authorization method for console sessions. |
telnet | (Optional) Keyword to specify the authorization method for Telnet sessions. |
both | (Optional) Keyword to specify the authorization method for both console and Telnet sessions. |
disable | Keyword to disable the authorization method. |
The default is authorization is disabled.
Switch command.
Privileged.
When you define the option and fallbackoption values:
This example shows how to enable authorization of configuration commands in enable, privileged login mode, sessions:
Console> (enable) set authorization enable enable if-authenticated none Successfully enabled enable authorization. Console> (enable)
This example shows how to disable enable mode authorization:
Console> (enable) set authorization enable disable Successfully disabled enable authorization. Console> (enable)
set authorization commands
set authorization exec
show authorization
Use the set authorization exec command to enable authorization of exec, normal login mode, session events on the switch.
set authorization exec enable {option } {fallbackoption} [console | telnet | both]
enable | Keyword to enable the specified authorization method. |
option | Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See the "Usage Guidelines" section for valid value definitions. |
fallbackoption | Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See the "Usage Guidelines" section for valid value definitions. |
console | (Optional) Keyword to specify the authorization method for console sessions. |
telnet | (Optional) Keyword to specify the authorization method for Telnet sessions. |
both | (Optional) Keyword to specify the authorization method for both console and Telnet sessions. |
disable | Keyword to disable authorization method. |
The default is authorization is denied.
Switch command.
Privileged.
When you define the option and fallbackoption values:
This example shows how to enable authorization of configuration commands in exec, normal login mode, sessions:
Console> (enable) set authorization exec enable if-authenticated none Successfully enabled exec authorization. Console> (enable)
This example shows how to disable exec mode authorization:
Console> (enable) set authorization exec disable Successfully disabled exec authorization. Console> (enable)
set authorization commands
set authorization enable
show authorization
Use the set banner motd command to program an MOTD banner to appear before session login.
set banner motd c [text] c
c | Delimiting character used to begin and end the message. |
text | (Optional) Message of the day. |
This command has no default setting.
Switch command.
Privileged.
The banner may contain no more than 3,070 characters, including tabs. Tabs display as 8 characters but take only 1 character of memory.
You can use either the clear banner motd command or the set banner motd cc command to clear the message-of-the-day banner.
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd # ** System upgrade at 6:00am Tuesday. ** Please log out before leaving on Monday. # MOTD banner set. Console> (enable)
This example shows how to clear the message of the day:
Console> (enable) set banner motd ## MOTD banner cleared. Console> (enable)
Use the set boot auto-config command to specify one or more configuration files to use to configure the switch at bootup. The list of configuration files is stored in the CONFIG_FILE environment variable.
set boot auto-config device:filename [;<device:filename>...] [mod_num]
device: | Device where the startup configuration file resides. |
filename | Names of the startup configuration file. |
mod_num | (Optional) Module number of the supervisor engine containing the Flash device. |
The default CONFIG_FILE is slot0:switch.cfg.
Switch command.
Privileged.
The set boot auto-config command always overwrites the existing CONFIG_FILE environment variable settings (you cannot prepend or append a file to the variable contents).
If you specify multiple configuration files, you must separate the files with a semicolon (;).
To set the recurrence on other supervisor engines and switches, use the set boot config-register auto-config command.
This example shows how to specify a single configuration file environment variable:
Console> (enable) set boot auto-config slot0:cfgfile2
CONFIG_FILE variable = slot0:cfgfile2
WARNING: nvram configuration may be lost during next bootup,
and re-configured using the file(s) specified.
Console> (enable)
This example shows how to specify multiple configuration file environment variables:
Console> (enable) set boot auto-config slot0:cfgfile;slot0:cfgfile2
CONFIG_FILE variable = slot0:cfgfile1;slot0:cfgfile2
WARNING: nvram configuration may be lost during next bootup,
and re-configured using the file(s) specified.
Console> (enable)
set boot config-register
set boot system flash
show boot
Use the set boot config-register command set to set the boot configuration register value.
set boot config-register 0xvalue [mod_num]
0xvalue | (Optional) Keyword to set the 16-bit configuration register value. |
mod_num | (Optional) Module number of the supervisor engine containing the Flash device. |
baud 1200 | 2400 | 4800 | 9600 | Keywords to specify the console baud rate. |
ignore-config | Keywords to set the ignore-config feature. |
enable | Keyword to enable the specified feature. |
disable | Keyword to disable the specified feature. |
boot | Keyword to specify the boot image to use on the next restart. |
rommon | Keyword to specify booting from the ROM monitor. |
bootflash | Keyword to specify booting from the bootflash. |
system | Keyword to specify booting from the system. |
The defaults are as follows:
Switch command.
Privileged.
We recommend that you use only the rommon and system options to the set boot config-register boot command.
Each time you enter one of the set boot config-register commands, the system displays all current configuration-register information (the equivalent of entering the show boot command).
The baud rate specified in the configuration register is used by the ROM monitor only and is different from the baud rate specified by the set system baud command.
When you enable the ignore-config feature, the system software ignores the configuration.
Enabling the ignore-config parameter is the same as entering the clear config all command; that is, it clears the entire configuration stored in NVRAM the next time the switch is restarted.
This example shows how to specify booting from the ROM monitor:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
This example shows how to specify the default 16-bit configuration register value:
Console> (enable) set boot config-register 0x12f Configuration register is 0x12f break: disabled ignore-config: disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to change the ROM monitor baud rate to 4800:
Console> (enable) set boot config-register baud 4800 Configuration register is 0x90f ignore-config: disabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to ignore the configuration information stored in NVRAM the next time the switch is restarted:
Console> (enable) set boot config-register ignore-config enable Configuration register is 0x94f ignore-config: enabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to specify rommon as the boot image to use on the next restart:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
set config acl
set boot auto-config
set boot system flash
show boot
copy
show config
Use the set boot config-register auto-config command to configure auto-config file dispensation.
set boot config-register auto-config {recurring | non-recurring} [mod_num]
recurring | Keyword to set auto-config to recurring and specify the switch retains the contents of the CONFIG_FILE environment variable after the switch is reset or power cycled and configured. |
non-recurring | Keyword to set auto-config to non-recurring and cause the switch to clear the contents of the CONFIG_FILE environment variable after the switch is reset or power cycled and before the switch is configured. |
mod_num | (Optional) Module number of the supervisor engine containing the Flash device. |
overwrite | Keyword to cause the auto-config file to overwrite the NVRAM configuration. |
append | Keyword to cause the auto-config file to append to the file currently in the NVRAM configuration. |
sync enable | disable | Keywords to enable or disable synchronization of the auto-config file. |
The defaults are:
Switch command.
Privileged.
The auto-config overwrite command clears the NVRAM configuration before executing the Flash configuration file. The auto-config append command executes the Flash configuration file before clearing the NVRAM configuration.
If you delete the auto-config Flash file(s) on the supervisor engine, the files will also be deleted on the standby supervisor engine.
If synchronization is enabled, the CONFIG_FILE variable from the active file is made identical on the standby supervisor engine. Each auto-config file on the active supervisor engine is compared against each corresponding auto-config file on the standby supervisor engine. Two files are considered identical if the `CRC' is the same. If a file on the standby and active supervisor engine is not identical, a new file is generated on the standby supervisor engine. If a file already exists on the standby supervisor engine, it is overwritten with the file from the active supervisor engine.
If you use the set boot auto-config bootflash:switch.cfg with the overwrite option, you must use the copy config bootflash:switch.cfg command to save the switch configuration to the auto-config file.
If you use the set boot auto-config bootflash:switchapp.cfg with the append option, you can use the copy acl config bootflash:switchapp.cfg command to save the switch configuration to the auto-config file.
If the ACL configuration location is set to Flash memory, the following message is displayed after every commit operation for either security or QoS. Use the copy commands to save your ACL configuration to Flash memory. If you reset the system and you made one or more commits but did not copy commands to one of the files specified in the CONFIG_FILE variable, the following message displays:
Warning: System ACL configuration has been modified but not saved to Flash.
The files used with the recurring and non-recurring options are those specified by the CONFIG_FILE environment variable.
This example shows how to specify the ACL configuration Flash file at system startup:
Console> (enable) set boot auto-config bootflash:switchapp.cfg Console> (enable) set boot config-register auto-config recurring Console> (enable)
This example shows how to ignore the configuration information stored in NVRAM the next time the switch is restarted:
Console> (enable) set boot config-register auto-config non-recurring Configuration register is 0x2102 ignore-config: disabled auto-config: non-recurring, overwrite, auto-sync disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to append the auto-config file to the file currently in the NVRAM configuration:
Console> (enable) set boot config-register auto-config append Configuration register is 0x2102 ignore-config: disabled auto-config: non-recurring, append, auto-sync disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to use the auto-config overwrite option to save the ACL configuration to a bootflash file:
Console> (enable) copy config bootflash: seitch.cfg Console> (enable) set boot auto-config bootflash:switch.cfg Console> (enable) set boot config-register auto-config overwrite Console> (enable)
| Caution The following two examples assume that you have saved the ACL configuration to the bootflash:switchapp.cfg file. |
This example shows how to enable synchronization of the auto-config file:
Console> (enable) set boot config-register auto-config sync enable Configuration register is 0x2102 ignore-config: disabled auto-config: non-recurring, append, auto-sync enabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to disable synchronization of the auto-config file:
Console> (enable) set boot config-register auto-config sync disable Configuration register is 0x2102 ignore-config: disabled auto-config: non-recurring, append, auto-sync disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
set boot auto-config
set boot system flash
show boot
Use the set boot system flash command to set the BOOT environment variable that specifies a list of images the switch loads at startup.
set boot system flash device:[filename] [prepend] [mod_num]
device: | Device where the Flash resides. |
filename | (Optional) Name of the configuration file. |
prepend | (Optional) Keyword to place the device first in the list of boot devices. |
mod_num | (Optional) Module number of the supervisor engine containing the Flash device. |
This command has no default setting.
Switch command.
Privileged.
A colon (:) is required after the specified device.
You can enter several boot system commands to provide a fail-safe method for booting the switch. The system stores and executes the boot system commands in the order in which you enter them. Remember to clear the old entry when building a new image with a different filename in order to use the new image.
If the file does not exist (for example, if you entered the wrong filename), then the filename is appended to the bootstring, and a message displays, "Warning: File not found but still added in the bootstring."
If the file does exist, but is not a supervisor engine image, the file is not added to the bootstring, and a message displays, "Warning: file found but it is not a valid boot image."
This example shows how to append the filename cat6000-sup.5.4.0.52.bin on device bootflash to the BOOT environment variable:
Console> (enable)set boot system flash bootflash:cat6000-sup.s.bin prependBOOT variable = bootflash:cat6000-sup.5.4.0.52.bin,1; bootflash:cat6000-sup.5.4.0.52.bin,1;Console> (enable)
This example shows how to prepend bootflash:c to the beginning of the boot string:
Console> (enable) set boot system flash bootflash:c prepend Console> (enable)
Use the set cam command set to add entries into the CAM table and set the aging time for the CAM table.
set cam {dynamic | static | permanent} {unicast_mac | route_descr} mod/port [vlan]
dynamic | Keyword to specify that entries are subject to aging. |
static | Keyword to specify that entries are not subject to aging. Static (nonpermanent) entries will remain in the table until the active supervisor engine is reset. |
permanent | Keyword to specify that permanent entries are stored in NVRAM until they are removed by the clear cam or clear config command. |
unicast_mac | MAC address of the destination host used for a unicast. |
route_descr | Route descriptor of the "next hop" relative to this switch. This variable is entered as two hexadecimal bytes in the following format: 004F. Do not use a "-" to separate the bytes. Valid values are 0 to 0xffff. |
mod/port | Number of the module and the port. |
vlan | (Optional) Number of the VLAN. This number is optional unless you are setting CAM entries to dynamic, static, or permanent for a trunk port, or if you are using the agingtime keyword. |
multicast_mac | MAC address of the destination host used for a multicast. |
mod/ports.. | Number of the module and the ports. |
agingtime | Keyword to set the period of time after which an entry is removed from the table. |
agingtime | Number of seconds (0 to 1,000,000) that dynamic entries remain in the table before being deleted. Setting the aging time to 0 disables aging. |
The default configuration has a local MAC address, spanning tree address (01-80-c2-00-00-00), and CDP multicast address for destination port 1/3 (the NMP). The default aging time for all configured VLANs is 300 seconds.
Switch command.
Privileged.
If the given MAC address is a multicast address (the least significant bit of the most significant byte is set to 1) or broadcast address (ff-ff-ff-ff-ff-ff) and multiple ports are specified, the ports must all be in the same VLAN. If the given address is a unicast address and multiple ports are specified, the ports must be in different VLANs.
The set cam command does not support the MSM.
If you enter a route descriptor with no VLAN parameter specified, the default is the VLAN already associated with the port. If you enter a route descriptor, you may only use a single port number (of the associated port).
If port(s) are trunk ports, you must specify the VLAN.
This example shows how to set the CAM table aging time to 300 seconds:
Console> (enable) set cam agingtime 1 300 Vlan 1 CAM aging time set to 300 seconds. Console> (enable)
This example shows how to add a unicast entry to the table for module 2, port 9:
Console> (enable) set cam static 00-00-0c-a0-03-fa 2/9 Static unicast entry added to CAM table. Console> (enable)
This example shows how to add a permanent multicast entry to the table for module 1, port 1, and module 2, ports 1, 3, and 8 through 12:
Console> (enable) set cam permanent 01-40-0b-a0-03-fa 1/1,2/1,2/3,2/8-12 Permanent multicast entry added to CAM table. Console> (enable)
Use the set cdp commands to enable, disable, or configure CDP features globally on all ports or on specified ports.
set cdp {enable | disable} {mod/ports...}
enable | Keyword to enable the CDP feature. |
disable | Keyword to disable the CDP feature. |
mod/ports... | Number of the module and the port. |
interval | Keyword to specify the CDP message interval value. |
interval | Number of seconds (5 to 900) the system waits before sending a message; valid values are 5 to 900 seconds. |
holdtime | Keyword to specify the global Time-To-Live value. |
holdtime | Number of seconds for the global Time-To-Live value; valid values are 10 to 255 seconds. |
version | Keywords to specify the CDP version number. |
The default system configuration has CDP enabled. The message interval is set to 60 seconds for every port; the default Time-To-Live value has the message interval globally set to 180 seconds. The default CDP version is version 2.
Switch command.
Privileged.
The set cdp version command allows you to globally set the highest version number of CDP packets to send.
If you enter the global set cdp enable or disable command, CDP is globally configured. If CDP is globally disabled, CDP is automatically disabled on all interfaces, but the per-port enable (or disable) configuration is not changed. If CDP is globally enabled, whether CDP is running on an interface or not depends on its per-port configuration.
If you configure CDP on a per-port basis, you can enter the mod_num/port_num as a single module and port or a range of ports; for example, 2/1-12,3/5-12.
This example shows how to enable the CDP message display for port 1 on module 2:
Console> (enable) set cdp enable 2/1 CDP enabled on port 2/1. Console> (enable)
This example shows how to disable the CDP message display for port 1 on module 2:
Console> (enable) set cdp disable 2/1 CDP disabled on port 2/1. Console> (enable)
This example shows how to specify the CDP message interval value:
Console> (enable) set cdp interval 400 CDP interval set to 400 seconds. Console> (enable)
This example shows how to specify the global Time-To-Live value:
Console> (enable) set cdp holdtime 200 CDP holdtime set to 200 seconds. Console> (enable)
Use the set channel cost command to set the channel path cost and adjust the port costs of the ports in the channel automatically.
set channel cost channel_id | all [cost]
channel_id | Number of the channel identification. |
all | Keyword to configure all channels. |
cost | (Optional) Port costs of the ports in the channel. |
The default is the port cost is updated automatically based on the current port costs.
Switch command.
Privileged.
When you do not enter the cost, the cost is updated based on the current port costs of the channeling ports. If you change the channel cost, member ports in the channel might be modified and saved to NVRAM. If this is the case, a message appears to list the ports whose port path costs were updated due to the channel cost modification.
This example shows how to set the channel 768 path cost to 23:
Console> (enable) set channel cost 768 23 Port(s) 1/1-2,7/3,7/5 port path cost are updated to 60. Channel 768 cost is set to 23. Warning:channel cost may not be applicable if channel is broken. Console> (enable)
This example shows how to set all channel path costs to 15:
Console> (enable) set channel cost all 15 Port(s) 4/1-4 port path cost are updated to 39. Channel 768 cost is set to 15. Warning:channel cost may not be applicable if channel is broken.
Use the set channel vlancost command to set the channel VLAN cost and automatically adjust the port VLAN costs of the ports in the channel.
set channel vlancost channel_id cost
channel_id | Number of the channel identification. |
cost | (Optional) Port costs of the ports in the channel. |
The default is the VLAN cost is updated automatically based on the current port VLAN costs of the channeling ports.
Switch command.
Privileged.
When you do not enter the cost, the cost is updated based on the current port VLAN costs of the channeling ports.
You can configure only one channel at a time.
If you change the channel VLAN cost, member ports in the channel might be modified and saved to NVRAM. If this is the case, a message appears to list the ports whose port path costs were updated due to the channel cost modification.
This example shows how to set the channel 768 path cost to 10:
Console> (enable)set channel vlancost 768 10Port(s) 1/1-2 vlan cost are updated to 24.Channel 768 vlancost is set to 10.Console> (enable)
Use the set config acl command to delete the ACL configuration from the NVRAM configuration and save the ACL to a specified file.
set config acl {nvram}
nvram | Keyword to copy the ACL configuration to NVRAM. |
The default is NVRAM.
Switch command.
Privileged.
Once the configuration is moved to a Flash file, you must set up the auto-config feature by using the overwrite and append options from the set boot config-register auto-config command. You can also set the recurrence on other supervisor engines and switches by using this command.
If you specify multiple configuration files, you must separate the files with a semicolon (;).
If the ACL configuration location is set to flash, the following message displays after every commit operation for either Security or Qos:
Warning: Use the copy commands to save your ACL configuration to Flash.
If you reset the system and there were one or more commits done but no copy commands to one of the files specified in the CONFIG_FILE variable, the following message displays:
Warning: System ACL configuration has been modified but not saved to Flash.
This example shows how to copy the ACL configuration to the bootflash file:
Console> (enable) set config acl flash switchapp.cfg Upload ACL configuration to bootflash:switchapp.cfg 2843644 bytes available on device bootflash, proceed (y/n) [n]? y Configuration has been copied successfully. WARNING: Use the `set boot config-register auto-config' commands to configure the auto-config feature. Console> (enable)
This example shows how to copy the ACL configuration to NVRAM:
Console> (enable) set config acl nvram ACL configuration copied to NVRAM. WARNING: Use the `set boot config-register auto-config' commands to disable the auto-config feature. Console> (enable)
set boot config-register
set boot system flash
show boot
copy
clear config
Use the set cops commands to configure COPS functionality.
set cops server ipaddress [port] [primary] [diff-serv | rsvp]
server | Keyword to set the name of the COPS server. |
ipaddress | IP address or IP alias of the server. |
port | (Optional) Number of the TCP port the switch connects to on the server. |
primary | (Optional) Keyword to specify the primary server. |
diff-serv | (Optional) Keyword to set the COPS server for differentiated services. |
rsvp | (Optional) Keyword to set the COPS server for RSVP+. |
domain-name domain_name | Keyword and variable to specify the domain name of the switch. |
retry-interval | Keyword to specify the retry interval in seconds. |
initial | Initial timeout value; valid values are 0 to 65535 seconds. |
incr | Incremental value; valid values are 0 to 65535 seconds. |
max | Maximum timeout value; valid values are 0 to 65535 seconds. |
The defaults are as follows:
Switch command.
Privileged.
You can configure the names or addresses of up to two PDP servers. One must be the primary, and the optional second server is a secondary, or backup, PDP server.
The COPS domain name can be set globally only; there is no option to set it for each COPS client.
Names such as the server, domain-name, and roles can contain a maximum of 31 characters; longer names are truncated to 31 characters. Valid letters are a-z, A-Z, 0-9, ., - and _. Names cannot start with an underscore (_). The names are not case sensitive for matching, but are case sensitive for display.
When specifying the retry-interval, the total of the initial timeout value and the incremental value (increment on each subsequent failure) may not exceed the maximum timeout value.
This example shows how to configure a server as a primary server:
Console> (enable) set cops server 171.21.34.56 primary
171.21.34.56 added to COPS server table as primary server.
Console> (enable)
This example shows how to configure a server as a primary RSVP+ server:
Console> (enable)set cops server 171.21.34.56 primary rsvp171.21.34.56 added to COPS server table as primary server for RSVP.Console> (enable)
This example shows how to configure a server as a secondary (or backup) server:
Console> (enable)set cops server my_server2my_server2 added to the COPS server table as backup server.Console> (enable)
This example shows how to set the domain name:
Console> (enable)set cops domain-name my_domainDomain name set to my_domain.Console> (enable)
This example shows how to set the retry interval:
Console> (enable)set cops retry-interval 15 1 30Connection retry intervals set.Console> (enable)
This example shows the display output if the total of the initial timeout value and the incremental value you entered exceeds the maximum timeout value:
Console> (enable)set cops retry-interval 15 1 10The initial timeout plus the increment value may not exceed the max value.Console> (enable)
Use the set default portstatus command to set the default port status.
set default portstatus {enable | disable}
enable | Keyword to activate default port status. |
disable | Keyword to deactivate default port status. |
This command has no default setting.
Switch command.
Privileged.
When you enter the clear config all command or in the event of a configuration loss, all ports collapse into VLAN 1, which might cause a security and network instability problem. Entering the set default portstatus command puts all ports into a disable state and blocks the traffic flowing through the ports during a configuration loss. You can then manually configure the ports back to the enable state.
After you enter the set default portstatus command, you must reset the system so the new configuration setup can take effect.
This command is not saved in the configuration file.
Once you set the default port status, the setup does not clear when you enter the clear config all command.
This example shows how to disable the default port status:
Console> (enable) set default portstatus disable Default port status set to disable. WARNING: Please reset the system to have new setup in effect. Console> (enable)
Posted: Fri Mar 3 07:09:41 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.