|
|
Use the set logging session command to enable or disable the sending of system logging messages to the current login session.
set logging session {enable | disable}
enable | Keyword to enable the sending of system logging messages to the current login session. |
disable | Keyword to disable the sending of system logging messages to the current login session. |
The default is system message logging to the current login session is enabled.
Switch command.
Privileged.
This example shows how to prevent system logging messages from being sent to the current login session:
Console> (enable) set logging session disable System logging messages will not be sent to the current login session. Console> (enable)
This example shows how to cause system logging messages to be sent to the current login session:
Console> (enable) set logging session enable System logging messages will be sent to the current login session. Console> (enable)
set logging console
set logging level
show logging
show logging buffer
Use the set logout command to set the number of minutes until the system disconnects an idle session automatically.
set logout timeout
timeout | Number of minutes (0 to 10,000) until the system disconnects an idle session automatically. Setting the value to 0 disables the automatic disconnection of idle sessions. |
The default is 20 minutes.
Switch command.
Privileged.
This example shows how to set the number of minutes until the system disconnects an idle session automatically:
Console> (enable) set logout 20 Sessions will be automatically logged out after 20 minutes of idle time. Console> (enable)
This example shows how to disable the automatic disconnection of idle sessions:
Console> (enable) set logout 0 Sessions will not be automatically logged out. Console> (enable)
Use the set mls agingtime command to specify the MLS aging time of shortcuts to an MLS entry in the Catalyst 6000 family switches.
set mls agingtime [ip | ipx] [agingtime]
ip | (Optional) Keyword to specify IP MLS. |
ipx | (Optional) Keyword to specify IPX MLS. |
agingtime | (Optional) MLS aging time of shortcuts to an MLS entry. Valid values are multiples of 8 to any value in the range of 8 to 2032 seconds. |
fast | Keyword to specify the MLS aging time of shortcuts to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created. |
fastagingtime | (Optional) MLS aging time of shortcuts to an MLS entry. Valid values are multiples of 8 to any value in the range of 0 to 128 seconds. 0 disables fast aging. If a value is not specified, the default value is used. |
pkt_threshold | (Optional) Valid values are 0, 1, 3, 7, 15, 31, 63, and 127 packets. If a value is not specified, the default value is used. |
The default agingtime is 256 seconds. The default fastagingtime is 0, no fast aging. The default pkt_threshold is 0.
Switch command.
Privileged.
If you use the ip keyword, you are specifying a shortcut for IP MLS. If you use the ipx keyword, you are specifying a shortcut for IPX MLS.
If you enter any of the set mls commands on a Catalyst 6000 family switch without MLS, this warning message displays:
MLS not supported on feature card.agingtime can be configured as multiples of 8 in the range of 8 to 2024 seconds. The values are picked up in numerical order to achieve efficient aging. Any value for agingtime that is not a multiple of 8 seconds is adjusted to the closest one. For example, 65 is adjusted to 64, while 127 is adjusted to 128.
fastagingtime can be configured as multiples of 8 to any value in the range of 0 to 128 seconds.
The default pkt_threshold is 0. It can be configured as 0, 1, 3, 7, 15, 31, 63, or 127 (the values picked for efficient aging). If you do not configure fastagingtime exactly the same for these values, it adjusts to the closest value. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0 packet, respectively (it means no packet switched within 32 seconds after the entry was created).
Agingtime applies to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created. A typical example is the MLS entry destined to/sourced from a DNS or TFTP server. This entry may never be used again once it is created. For example, only one request goes to a server and one reply returns from the server, and then the connection is closed.
The agingtime fast option is used to purge entries associated with very short flows, such as DNS and TFTP.
Keep the number of MLS entries in the MLS cache below 32K. If the number of MLS entries exceed 32K, some flows (less than 1 percent) are sent to the router.
To keep the number of MLS cache entries below 32K, decrease the aging time up to 8 seconds. If your switch has a lot of short flows used by only a few packets, then you can use fast aging.
If cache entries continue to exceed 32K, decrease the normal aging time in 64-second increments from the 256-second default.
These examples show how to set the agingtime:
Console> (enable) set mls agingtime 512
IP Multilayer switching aging time set to 512 seconds.
Console> (enable)
Console> (enable) set mls agingtime ipx 512
IPX Multilayer switching aging time set to 512
Console> (enable)
This example shows how to set the fast agingtime:
Console> (enable) set mls agingtime fast 32 0 Multilayer switching fast aging time set to 32 seconds for entries with no more than 0 packet switched. Console> (enable)
Use the set mls exclude protocol command to add a protocol port to be excluded from being shortcut.
set mls exclude protocol {tcp | udp | both} {port_number}
tcp | Keyword to specify a TCP port. |
udp | Keyword to specify a UDP port. |
both | Keyword to specify that the port be applied to both TCP and UDP traffic. |
port_number | Number of the protocol port. |
This command has no default setting.
Switch command.
Privileged.
If you enter any of the set mls commands on a Catalyst 6000 family switch without MLS, this warning message displays:
MLS not supported on feature card.You can add a maximum of four protocol ports to the exclude table.
This example shows how to exclude TCP packets on protocol port 6017:
Console> (enable) set mls exclude protocol tcp 6017
TCP packets with protocol port 6017 will be switched by RP.
Console> (enable)
This example shows how to exclude UDP packets on protocol port 6017:
Console> (enable) set mls exclude protocol udp 6017 TCP and UDP packets with protocol port 6017 will be switched by RP. Console> (enable)
This example shows the output if you exceed the exclude table maximum:
Console> (enable) set mls exclude protocol tcp 6019 Failed to exclude protocol. Exclude table full. Use `clear mls exclude' command to remove an existing entry. Console> (enable)
Use the set mls multicast commands to enable or disable the IP multicast MLS feature.
set mls multicast enable
enable | Keyword to enable IP multicast MLS functions on the switch and allow new shortcut entries to be established. |
disable | Keyword to disable IP multicast MLS functions on the Catalyst 6000 family switches, delete any existing shortcut entries, and prevent new shortcut entries from being established. |
The default is the IP multicast MLS feature is disabled.
Switch command.
Privileged.
IPX MLS is disabled globally by default, but can be enabled and disabled on a specified interface. To enable or disable IPX MLS on a specified interface, refer to the Catalyst 6000 Family Multilayer Switch Feature Card and Policy Feature Card Configuration Guide.
Your system needs to be configured with an L3 switching engine-based system to enable MLS.
If you enter any set mls multicast commands on a Catalyst 6000 family switch without MLS, this warning message displays:
This feature is not supported on this device
If you enter any set mls multicast services on a Catalyst 6000 family switch and none of the multicast protocols (such as IGMP snooping, CGMP, and GMRP) are enabled, this warning message displays:
Enable IGMP Snooping/CGMP/GMRP to make this feature operational.
You can configure a maximum of two participating routers, but they must be internally or directly attached to a Catalyst 6000 family switch. Refer to the Catalyst 6000 Family Software Configuration Guide for router configuration information.
Use the set mls include command to specify routers for IP multicast MLS.
This example shows how to use the set mls multicast command to enable MLS for IP multicast traffic:
Console> (enable) set mls multicast enable
Multilayer switching for Multicast is enabled for this device.
Console> (enable)
This example shows how to use the set mls multicast command to disable MLS for IP multicast traffic:
Console> (enable) set mls multicast disable
Multilayer switching for Multicast is disabled for this device.
Console> (enable)
Use the set mls nde command set to configure the NDE feature in the Catalyst 6000 family switches to allow command-exporting statistics to be sent to the preconfigured collector.
set mls nde {enable | disable}
enable | Keyword to enable NDE. |
disable | Keyword to disable NDE. |
collector_ip | IP address of the collector if DNS is enabled. |
collector_name | Name of the collector if DNS is enabled. |
udp_port_num | Number of the UDP port to receive the exported statistics. |
version | Keyword to specify the version of the Netflow Data Export; valid versions are 1, 7, and 8. |
1 | 7 | 8 | Version of the NDE feature. |
flow | Keyword to add filtering to NDE. |
exclude | (Optional) Keyword to allow exporting of all flows except the flows matching the given filter. |
include | (Optional) Keyword to allow exporting of all flows matching the given filter. |
destination | (Optional) Keyword to specify the destination IP address. |
ip_addr_spec | (Optional) Full IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. |
source | (Optional) Keyword to specify the source IP address. |
protocol | (Optional) Keyword to specify the protocol type. |
protocol | (Optional) Protocol type; valid values can be 0, tcp, udp, icmp, or a decimal number for other protocol families. 0 indicates "do not care." |
src-port port_number | (Optional) Keyword and variable to specify the number of the TCP/UDP source port (decimal). Used with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care." |
dst-port port_number | (Optional) Keyword and variable to specify the number of the TCP/UDP destination port (decimal). Used with src-port to specify the port pair if the protocol is tcp or udp. 0 indicates "do not care." |
The defaults are Netflow Data Export version 7, and all expired flows are exported until the filter is specified explicitly.
Switch command.
Privileged.
If you enter any set mls nde commands on a Catalyst 6000 family switch without MLS, this warning message displays:
mls not supported on feature card.Before you use the set mls nde command for the first time, you must configure the host to collect MLS statistics. The host name and UDP port number are saved in NVRAM, so you do not need to specify them. If you specify a host name and UDP port, values in NVRAM overwrite the old values. Collector values in NVRAM do not clear when NDE is disabled, because this command configures the collector, but does not enable NDE automatically.
The set mls nde enable command enables NDE, exporting statistics to the preconfigured collector.
If the protocol is not tcp or udp, set the dst-port port_number and src-port port_number values to 0; otherwise, no flows are displayed.
If you try to enable NDE without first specifying a collector, you see this display:
Console> (enable) set mls nde enable Please set host name and UDP port number with `set mls nde <collector_name | collector_ip> <udp_port_number>'. Console> (enable)
The set mls nde flow command adds filtering to the NDE. Expired flows matching the specified criteria are exported. These values are stored in NVRAM and do not clear when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when NDE is disabled.
Only one filter can be active at a time. If you do not enter the exclude or include keyword, the filter is assumed to be an inclusion filter.
Use the following syntax to specify an IP subnet address:
When you use the set mls nde {collector_ip | collector_name} {udp_port_num} command, the host name and UDP port number are saved in NVRAM and need not be specified again. If you specify a host name and UDP port, the new values overwrite the values in NVRAM. Collector values in NVRAM do not clear when you disable NDE.
This example shows how to specify that only expired flows to a specific subnet are exported:
Console> (enable)set mls nde flow include destination 171.69.194.140/24NDE destination filter set to 171.69.194.0/24Console> (enable)
This example shows how to specify that only expired flows to a specific host are exported:
Console> (enable)set mls nde flow include destination 171.69.194.140NDE destination filter set to 171.69.194.140/32.Console> (enable)
This example shows how to specify that only expired flows from a specific subnet to a specific host are exported:
Console> (enable)set mls nde flow include destination 171.69.194.140/24 source 171.69.173.5/24NDE destination filter set to 171.69.194.0/24, source filter set to 171.69.173.0/24Console> (enable)
This example shows how to specify that only flows from a specific port are exported:
Console> (enable)set mls nde flow include dst_port 23NDE source port filter set to 23.Console> (enable)
This example shows how to specify that only expired flows from a specific host that are of a specified protocol are exported:
Console> (enable)set mls nde flow include source 171.69.194.140 protocol 51NDE destination filter set to 171.69.194.140/32, protocol set to 51.Console> (enable)
This example shows how to specify that only expired flows from a specific host to a specific destination port are exported:
Console> (enable)set mls nde flow include source 171.69.194.140 dst_port 23NDE destination filter set to 171.69.194.140/32, source port filter set to 23.Console> (enable)
This example shows how to specify that all expired flows except those from a specific host to a specific destination port are exported:
Console> (enable)set mls nde flow exclude source 171.69.194.140 dst_port 23NDE destination filter set to 171.69.194.140/32, source port filter set to 23.Flows matching the filter will be excluded.Console> (enable)
This example shows how to specify that all flows are exported:
Console> (enable)clear mls nde flow bothNDE filter cleared.Console> (enable)
Use the set mls statistics protocol command to add protocols to the protocols statistics list.
set mls statistics protocol protocol src_port
protocol | Name or number of the protocol; valid values are from 1 to 255, ip, ipinip, icmp, igmp, tcp, and udp. |
src_port | Number or type of the source port; valid values are from 1 to 65535, dns, ftp, smtp, telnet, x, and www. |
This command has no default setting.
Switch command.
Privileged.
If you enter any set mls commands on a Catalyst 6000 family switch without MLS, this warning message displays:
MLS not supported on feature card.You can configure a maximum of 64 ports using the set mls statistics protocol command.
This example shows how to set protocols for statistic collection:
Console> (enable) set mls statistics protocol 17 1934 Protocol 17 port 1934 is added to protocol statistics list. Console> (enable)
Use the set module command to enable or disable a module.
set module enable | disable mod_num
enable | Keyword to enable a module. |
disable | Keyword to disable a module. |
mod_num | Number of the module. |
The default is all modules are enabled.
Switch command.
Privileged.
Avoid disabling a module when you are connected via a Telnet session; if you disable your session, you will disconnect your Telnet session.
If there are no other network connections to a Catalyst 6000 family switch (for example, on another module), you have to reenable the module from the console.
You can specify a series of modules by entering a comma between each module number (for example, 2,3,5). You can specify a range of modules by entering a dash between module numbers (for example, 2-5).
The set module disable command does not cut off the power to a module, it only disables the module. To turn off power to a module, refer to the set module power command.
If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.
This example shows how to enable module 2:
Console> (enable) set module enable 2 Module 2 enabled. Console> (enable)
This example shows how to disable module 3 when connected via the console port:
Console> (enable) set module disable 3 Module 3 disabled. Console> (enable)
This example shows how to disable module 2 when connected via a Telnet session:
Console> (enable) set module disable 2 This command may disconnect your telnet session. Do you want to continue (y/n) [n]? y Module 2 disabled.
Use the set module name command to set the name for a module.
set module name mod_num [mod_name]
mod_num | Number of the module. |
mod_name | (Optional) Name created for the module. |
The default is no module names are configured for any modules.
Switch command.
Privileged.
If no module name is specified, any previously specified name is cleared.
This example shows how to set the name for module 1 to Supervisor:
Console> (enable) set module name 1 Supervisor Module name set. Console> (enable)
Use the set module power command to turn on or shut off the power to a module.
set module power up | down mod_num
up | Keyword to turn on the power to a module. |
down | Keyword to turn off the power to a module. |
mod_num | Number of the module. |
The default is power is on to a module.
Switch command.
Privileged.
The set module power up command allows you to check if adequate power is available in the system to turn the power on. If not enough power is available, the module status changes from power-down to power-deny, and this message displays:
Module 4 could not be powered up due to insufficient power.
This example shows how to power up module 4:
Console> (enable) set module power up 4 Module 4 powered up. Console> (enable)
This example shows how to power down module 4:
Console> (enable) set module power down 4 Module 4 powered down. Console> (enable)
Use the set msmautostate command to enable or disable the line protocol state determination of the MSMs due to port state changes.
set msmautostate {enable | disable}
enable | Keyword to activate the line protocol state determination. |
disable | Keyword to deactivate the line protocol state determination. |
The default configuration has line protocol state determination disabled.
Switch command.
Privileged.
This feature is useful for discontinuing the advertisement of routing paths when access to them is severed (either through fault or administrative disabling).
When you enable msmautostate, VLAN interfaces on the MSM are active only when there is at least one other active interface within the Catalyst 6000 family switch. This could be a physical end-user port, a trunk connection for which the VLAN is active, or even another MSM with an equivalent VLAN interface.
If you disable msmautostate, you might have to use the shutdown and no shutdown commands to disable and then restart the VLAN interface to bring the MSM back up.
This example shows how to enable the line protocol state determination of the MSM:
Console> (enable) set msmautostate enable Console> (enable)
This example shows how to disable the line protocol state determination of the MSM:
Console> (enable) set msmautostate disable Console> (enable)
Use the set multicast router command to configure a port manually as a multicast router port.
set multicast router mod_num/port_num
mod_num | Number of the module. |
port_num | Number of the port on the module. |
The default is no ports are configured as multicast router ports.
Switch command.
Privileged.
When you enable IGMP snooping, the ports to which a multicast-capable router is attached are identified automatically. The set multicast router command allows you to configure multicast router ports statically.
This example shows how to configure a multicast router port:
Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)
clear multicast router
set igmp
show multicast router
show multicast group count
Use the set ntp broadcastclient command to enable or disable NTP in broadcast-client mode.
set ntp broadcastclient {enable | disable}
enable | Keyword to enable NTP in broadcast-client mode. |
disable | Keyword to disable NTP in broadcast-client mode. |
The default is broadcast-client mode is disabled.
Switch command.
Privileged.
The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to a Catalyst 6000 family switch.
This example shows how to enable an NTP broadcast client:
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled. Console> (enable)
This example shows how to disable an NTP broadcast client:
Console> (enable) set ntp broadcastclient disable NTP Broadcast Client mode disabled. Console> (enable)
Use the set ntp broadcastdelay command to configure a time-adjustment factor so the Catalyst 6000 family switch can receive broadcast packets.
set ntp broadcastdelay microseconds
microseconds | Estimated round-trip time, in microseconds, for NTP broadcasts. Valid values are from 1 to 999999. |
The default is the NTP broadcast delay is set to 3000 ms.
Switch command.
Privileged.
This example shows how to set the NTP broadcast delay to 4000 ms:
Console> (enable) set ntp broadcastdelay 4000 NTP broadcast delay set to 4000 microseconds. Console> (enable)
Use the set ntp client command to enable or disable a Catalyst 6000 family switch as an NTP client.
set ntp client {enable | disable}
enable | Keyword to enable a Catalyst 6000 family switch as an NTP client. |
disable | Keyword to disable a Catalyst 6000 family switch as an NTP client. |
The default is NTP client mode is disabled.
Switch command.
Privileged.
You can configure NTP in either broadcast-client mode or client mode. The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to a Catalyst 6000 family switch. The client mode assumes that the client (a Catalyst 6000 family switch) regularly sends time-of-day requests to the NTP server.
This example shows how to enable NTP client mode:
Console> (enable) set ntp client enable NTP client mode enabled. Console> (enable)
Use the set ntp server command to configure the IP address of the NTP server.
set ntp server ip_addr
ip_addr | IP address of the NTP server providing the clock synchronization. |
This command has no default setting.
Switch command.
Privileged.
The client mode assumes that the client (a Catalyst 6000 family switch) sends time-of-day requests regularly to the NTP server. A maximum of ten servers per client is allowed.
This example shows how to configure an NTP server:
Console> (enable) set ntp server 172.20.22.191 NTP server 172.20.22.191 added. Console> (enable)
Use the set password command to change the login password on the CLI.
set passwordThis command has no arguments or keywords.
The default is no password is configured.
Switch command.
Privileged.
Passwords are case sensitive and may be from 0 to 30 characters in length, including spaces.
The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.
This example shows how to set an initial password:
Console> (enable) set password Enter old password: <old_password> Enter new password: <new_password> Retype new password: <new_password> Password changed. Console> (enable)
Posted: Fri Mar 3 07:10:04 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.